What Keeps You Up at Night? Issues of Fraud and Abuse Compliance Series How to Handle the Bad Email or Social Media Post 37 Offices in 18 Countries
How to Handle the Bad Email or Social Media Post
How to Handle the Bad Email or Social Media Post • A survey reported in January 2012, Modern Healthcare found Nearly 60% of hospital compliance officials wake up in the middle of the night from job related stress Nearly 60% of hospital compliance officers have considered quitting within the past year
NAGGING NURSE My hospital is the WORST! They bully employees and one of my fellow colleagues even killed himself because they are so bad! Our CEO uses unfair labor practices!
Today’s Host David W. Grauer Chair, Squire Sanders Healthcare Practice T +1 614 365 2786 david.grauer@squiresanders.com
Today’s Speakers Thomas E. Zeno T +1 513 361 1202 thomas.zeno@squiresanders.com Traci L. Martinez T +1 614 365 2807 traci.martinez@squiresanders.com Elizabeth E. Trende T +1 614 365 2728 elizabeth.trende@squiresanders.com
Topic Areas • How online communications are stored in cyberspace • What kinds of issues have surfaced as a result of a bad email or social media post • Steps organizations can take to protect themselves • Expected future developments and challenges
Other Social Media Icons = Flickr = RSS Feeder = Blogger = Instagram
Some Healthcare Stats
How Online Communications Are Stored Client Service and Feedback Process and Resource Value-based Optimization Pricing Training and Staffing Development Models Project and Knowledge Management 12
How Online Communications Are Stored • Familiar Technologies: Email Instant Messaging (IM) Text Messaging
How Online Communications Are Stored • Newer Technologies: Social Networking Blogging Microblogging • Websites qualify as social media sites when the majority of content is user-contributed
How Online Communications Are Stored • Social Networking Facebook, Twitter, LinkedIn, MySpace, YouTube Client Service and Feedback Profiles and user information are stored Process and Resource Value-based on the servers of the Optimization Pricing online entity hosting the social network Training and Staffing Development Models Project and Knowledge Management 15
How Online Communications Are Stored • Social Networking Ability of users to delete information once posted varies based on the social network’s policies – Facebook policy: even after users deactivate their account, information remains on the server for a “reasonable period of time” but is generally not available to other users
How Online Communications Are Stored • Blogging Over 400 million English blogs in existence Most accessible to anyone with Internet access; free; searchable Quickly becoming a mainstream communication vehicle Blog is hosted and data stored on Internet servers Deleted entries may be retrievable depending on the archiving policies of the hosting service
How Online Communications Are Stored • Microblogging Social messaging service; combination text message and social network (Twitter or status updates on Facebook) Updates posted to the website can be read by anyone who “follows” (Twitter) or “friends” (Facebook) the user Depending on privacy settings, updates can be publicly available or locked down
How Online Communications Are Stored • Microblogging (cont’d) Like blogging, data is stored on the website’s servers, but may be available in many places – A large number of applications integrate Twitter with other applications, so tweets can be anywhere Data can also multiply and be difficult to delete – A friend “sharing” a status message on Facebook posts it to their profile as well or “retweeting” on Twitter copies an update to another set of followers
Issue #1: Facebook Privacy and HIPAA Concerns • Mortally wounded 60-year-old patient arrived in the St. Mary Medical Center emergency room • Nurses and staff members did not rush to his aid • Rushed to cell phones to take photos to post on Facebook and send via IM • Photos were on Facebook two days before HR became aware of them http://articles.latimes.com/2010/aug/08/local/la- me-facebook-20100809
Issue #1: Facebook Privacy and HIPAA Concerns • The organization can be in trouble when it does not find out Invasion of a patient’s privacy Four staff members fired; three disciplined • Be proactive • Know what is being said about your organization and leaders Webcrawlers – Google Alerts: http://www.google.com/alerts – Spokeo: http://www.spokeo.com
Issue #2: The Bad Email
Issue #2: The Bad Email • Compliance Response: Investigate Provide explanation if possible If warranted, discipline must be imposed Keep a record of the response and the discipline
Issue #2: The Bad Email Possible Solution
Issue #2: The Bad Email
Issue #2: The Bad Email • Compliance Response: Investigate If warranted, discipline must be imposed Keep a record of the investigation and the discipline
Issue #3: The Bad Social Posts NAGGING NURSE My hospital is the WORST! They fired my fellow colleague and he killed himself! Our CEO uses unfair labor practices!
Issue #3: Disciplining Employees for Bad Social Posts Hospital Response: This nurse must be discharged. He has been causing trouble on Facebook for months and this is a public display of disparaging remarks defaming the hospital’s reputation. Is this permissible? Hospital wanted to discharge Here, not permissible, BUT Case-by-case analysis
Other Organization Concerns Pre-Employment “Screening” • Many organizations use social media sites as part of their employment screening process Some view this as a violation of privacy • Organizations may use these social media cites to confirm information on a resume; get more insight into a potential employee
Voting Poll • Will private employers be permitted to force their employees to give passwords to private social media sites? Yes No
Other Organization Concerns CAUTION: Pre-Employment “Screening” • Don’t ask employees for private passwords • Be aware of people with the same name • False profiles are prevalent and easy to create • Unintended biases • Could provide you with information you do not want to have (e.g., candidate has a disability, is pregnant, etc.)
Steps Organizations Can Take to Protect Themselves
Steps Organizations Can Take • Implement a social media policy • Implement an Internet use policy • Update disciplinary policy
Steps Organizations Can Take • Issue clear, written policies on computer use to employees and update such policies annually • Remind employees: ALL communications equipment is the employer’s property (hardware, software, email, voicemail, mobile devices) They should have NO expectation of privacy in any communications prepared on company equipment, even if deleted (e.g., personal email accounts, tweets, Facebook status updates) Messages sent from school email accounts may be subject to disclosure as a public record • Recommended to remind employees with every login
Steps Organizations Can Take • Consider blocking network access if abused • Assign an employee to regularly monitor social networking sites (via Google and/or Spokeo) for references to the organization • Train employees on organization policies, social networking best practices and obligations under severance agreements • Ensure network security is sufficient for the new technologies employees are using • Do not take disciplinary actions that are not clearly authorized by policies/Collective Bargaining Agreements
To Monitor and Discipline or Not to Monitor and Discipline
Expected Future Developments and Challenges During a recent Secret Service investigation, it was learned that one agent posted the following while on detail with Sarah Palin in 2008:
Expected Future Developments and Challenges It’s a Fine Line … • Organizations are permitted to monitor what employees do on their computers while at work under acceptable use policy • Organizations can monitor social networks to determine if their “sick” employees are really unable to work • Organizations may monitor after-hours behaviors that may affect the employer’s reputation or which may place patients’ privacy in jeopardy
Expected Future Developments and Challenges It’s a Fine Line … • Organizations are not permitted to discipline if the post or email is about employees’ terms and conditions of employment • When in doubt – seek legal advice
Compliance Requires Action What do you do when you find the bad email? • You keep it and ACT • The government will not accept inaction for bad email on company equipment • Failure to discipline will be held against the company undergoing audit or qui tam suit • The government may not accept inaction about private media sites that are known to the company
Questions?
Recommend
More recommend