Compliance Perspective: Keeping Employee from Damaging Your Lab on Social Media

In the cyber age, protecting your lab from the potential threat posed by employee blogging, tweeting, Instagramming and other social networking is a business imperative. But how? To find out, keep reading. . .

It Is Your Business

The starting point is recognizing that social networking by employees is not purely a private matter. Over the past decades, courts and arbitrators have consistently recognized an employer’s right to intervene to prevent activity that harms or has the potential to harm the organization’s business or reputation, including:

1. Productivity Losses

Anyone who has at least dabbled in it understands how addictive social networking can be and how easily it can suck up your time. What may be intended as a simple exchange can turn into a day-long interaction. And, of course, many employees choose to do their social networking at work. According to one recent study, the average employee spends 2.35 hours on social media during every work day(!), resulting in productivity losses of 13%.

2. Threats to Business Confidentiality

One of the things people like to talk about is their jobs. And in a social context, they tend to speak candidly. Such conversations can be kept private when they occur face-to-face or on the phone. But keeping such interactions private is more problematic when they occur online, especially within an external social network that anybody with internet access can join like Facebook or LinkedIn. The result: damaging leaks, whether deliberate or inadvertent. Example: An employee tells her Facebook chum that your lab is in secret merger talks with a local hospital and expresses concerns about her job.

3. Undermining of Management

Complaining to friends about work, bosses and colleagues is a venerable and largely harmless social tradition. But when it happens online, it’s not so harmless, even if the whole conversation takes place while the employee is off duty and at home. In a cyber world, gripes get expressed in the form of inappropriate postings, pictures and jokes about doctors, patients and colleagues online where anybody can see them. In addition to harming morale, such communications can expose the lab to risk of liability for harassment, discrimination and other violations.

4. Harm to Reputation

The unflattering things or inappropriate materials say or post online on their networking page about your lab, its staff and the doctors or patients it serves may harm your reputation and standing in the community.

Example: In her blog, a hospital RN referred to the nurse who supervised her as “Nurse Ratched”—the nurse from hell in One Flew Over the Cuckoo’s Nest. Although the employee didn’t use her name in the blog, she didn’t bother to hide the fact that she worked as a nurse for a hospital in a particular county that had only one hospital. So, it was pretty easy to figure out who “Nurse Ratched” was. An arbitrator found the blog grounds for termination.

5. Violations of Patient Privacy

Employees may reveal patient records and other PHI that violate HIPAA and undermine your relationship with referring physicians, not to mention the physician-patient relationship.

6. Discrimination & Harassment of Other Employees

Online comments about co-workers may constitute harassment or discrimination and expose your lab to liability. Employees may also download, view or transmit pornographic, racist and other offensive material from the internet at work in violation of your harassment or discrimination policies.

7. Liability for Illegal Activities

Employees may conduct illegal activity on the internet at work, such as distributing child pornography or downloading material in violation of copyright law. There’s no shortage of legal theories that can be used to hold your lab vicariously liable for such activities especially when employees use your computer and network to conduct them.

8. Harm to IT Infrastructure

Employees who use the internet for unauthorized purposes may introduce viruses, worms, Trojan horses and the like into your lab’s information network, causing serious problems for the IT infrastructure. Use of the lab network for personal business, e.g., downloading large files, can also slow down the system and make it harder for other employees to use the network to do their jobs.

3 Ways to Prevent Social Networking Abuses

Implement clear and specific policies to establish your right to discipline employees for social network abuses or, better yet, deter them from committing them in the first place. Three strategies that have proven effective:

1. Address Social Networking in Confidentiality Agreements

Like many labs, you may ask employees to sign confidentiality agreements banning them from disclosing confidential information. Add language to the agreement requiring employees to abide by their confidentiality obligations while engaging in social networking and other forms of online activity. Spell out that revealing sensitive organization information on an online social network at home is just as unacceptable as doing it in a business communication during work.

2. Address Social Networking in Codes of Conduct

Most labs have HR policies or standards of conduct banning unacceptable behavior like harassment, bullying and bad-mouthing bosses, clients and the organization. Indicate that these forms of misconduct are equally unacceptable and subject to discipline on a social network or other online activity, whether conducted on- or off-duty.

3. Set Specific Policy on Employee Social Networking

The centerpiece of your effort to curb social networking and blogging abuses is to establish and consistently enforce a Social Networking Policy that addresses these activities. Make sure your policy is realistic. Simply banning employees from using social networking sites or blogging altogether is impossible to enforce, especially to the extent it applies to what employees do off-duty. Although each practice must tailor its policy to its own, the Model Policy is a pretty good template. Like the Model, your social networking policy should spell out that:

• All lab computers, IT equipment and internet access is intended for business use only and may not be used for non-work-related purposes;
• Employees are expected to work while on duty;
• Employees may not post or say anything on a social networking site that harms the lab’s reputation and good standing in the community;
• Employees may not insult, offend or demean the labs or its staff, clients or patients or divulge confidential information about them online; and
• The content of any employee postings must comply with all lab policies, including its code of conduct and discrimination and harassment policies.