Internet restriction policy need not be entirely new
Internet restriction policy need not be entirely new
By Douglas M. Nabhan
Williams Mullen Christian & Dobbins
Richmond, VA
Many major hospitals have taken the on-ramp to the information superhighway. While the Internet and electronic mail systems offer a universe of information, they also present a dilemma: Employers have gone to great expense to allow employees to take advantage of the information and resources now available to them on the Internet and through networked systems, but hospitals must ensure that employees use this powerful new tool in a manner that will not harm the image of the hospital or run afoul of existing law.
Hospitals have a variety of valid concerns about their employees’ use of the Internet and networked systems. First, any personal e-mail or other information sent from the address of the hospital will likely bear the hospital’s name, or at least be traceable to the hospital. Hospitals are rightfully concerned that unofficial information in these communications will be imputed to the hospital. Under the principles of agency law, the corporation is responsible for all acts employees take that are within the scope of their authority. When a hospital provides access to the Internet, questions arise about what use of the Internet is within the scope of an employee’s authority and what a hospital can do to minimize any liability from the employee’s Internet use.
A second concern for hospitals is that an employee’s personal use of the Internet may lead to the negligent divulgence of either private corporate information or, worse yet, confidential patient information. An employee’s knowledge is considered an asset of the corporation. By divulging information over the Internet even in an innocent "chat room" conversation an employee may be breaching a nondisclosure agreement or exporting confidential medical information to the detriment of the very corporation that has paid for the gathering of that information.
A final concern is that employees may use hospital-provided access to download offensive material from, or upload offensive material to, the Internet. If discovered, use of hospital equipment to download or upload such material could damage the reputation of the hospital. Also, such actions by employees could violate Title VII laws, which deal with management’s responsibility to provide a workplace that is free of hostility based on sex, race, or national origin. Offensive mate-rials, including explicit videos, jokes, and many other materials, are easily available. Thus, employers have valid concerns regarding their employees’ use of the Internet and how such use may negatively impact the hospital.
The employer’s most appropriate response to these concerns is to effectively enforce its basic rules of conduct. The concerns expressed about the Internet are no different than those expressed about misuse of more traditional media of communication, such as hospital letterhead, telephone, fax, or mail. With these media, the most effective controls have been to introduce a corporate code of conduct or users’ policy. Conduct codes and users’ policies merely put the traditional notions of right and wrong into the context of the hospital. Use of the Internet easily could be treated with the same codes and policies that are applied to the more traditional forms of communication. Just as opening another’s mail is wrong, so is browsing another’s e-mail or discussing a patient on the Internet, even if that patient’s name is not used. Similarly, where it is a breach of hospital rules of conduct to receive offensive material in the office mail, so it is a breach to download such material from the Internet.
Policy statements and users’ policies can easily be extended to cover the emerging technologies of the Internet. Since there is no legal right to privacy in the workplace, employees should be advised that their use of the Internet, e-mail, and other forms of communication can and will be monitored by the hospital. Also, most hospitals conduct seminars to teach employees which behaviors violate the proscriptions of Title VII’s sex, race, and national origin protections. These seminars could easily incorporate a session on how an employee’s use of the Internet could violate Title VII.
However, hospitals should be careful not to guarantee that no offensive materials will leak into the workplace. Some have gone beyond placing the burden on the individual employee to monitor his or her own behavior. Instead, these employers are assuming the responsibility by installing Internet access blocks. These blocks are intended to prevent the employee from accessing certain areas of the Internet and downloading offensive material.
This approach can create as many problems as possible solutions for employers. Foremost, they are taking a step that they are not legally obligated to take. By taking the unnecessary step of instituting a block on the Internet, they are assuming a number of legal duties and risks, the legal liability for which is currently unknown.
These blocking devices may place upon the hospital the duty to provide an Internet work environment free of offensive material. Once a duty is voluntarily accepted, the law generally requires that it be handled responsibly. However, just as with computer-based functions, there can be defects with these blocking mechanisms. Attempting to block access to certain areas of the Internet can only be accomplished by restricting the use of certain words on the Internet. The effectiveness of this approach is suspect. It would not take an ingenious computer operator to find word combinations to circumvent the block and access restricted areas.
The ease with which these blocks can be circumvented could open the hospital to unknown liability. This potential liability begs the questions, "Why accept a duty you cannot possibly meet?" and "Why transfer personal responsibility to the hospital when the responsibility should belong to the individual employee?"
These blocking devices require management to make subjective judgments as to what constitutes offensive material, and they subject the corporation to increased liability. Given the relative ineffectiveness of these blocks, the increased risk is unjustified. Conversely, articulating and enforcing a users’ policy does not give rise to any legal duties and is unbiased in nature and impartial in application.
As health care providers provide employees with access to the Internet, they will have to adopt policies to regulate the use of the Internet. How-ever, the policies they should adopt most likely are longstanding corporate policies that govern the use of more traditional media of communication. I suggest the hospital merely include the use of the Internet in existing policies that prohibit bringing any offensive materials into the workplace. Most risk managers will agree that the last thing most employers need is more liability for employee actions and more policies to enforce in the workplace. Common sense solutions to most human resource issues generally provide your workforce and management with the tools to conform their behavior to new technologies and laws.
[For more information, contact William Nabhan at Williams Mullen Christian & Dobbins, II James Center, 16th Floor, 1021 East Cary St., P.O. Box 1320, Richmond, VA 23219. Telephone: (804) 643-1991. Fax: (804) 783-6507. E-mail: http://www.wmcd.com.]
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.