A hospital was recently found not liable for Facebook group posts placed by two employees about a patient's diagnosis. It comes down to an ex-boyfriend talking the two hospital employees into posting a screen shot of his ex-girlfriend's medical record; which included the sensitive diagnosis of maternal syphilis. The patient sued the hospital, former boyfriend and the financial services employee, who was fired as a result of her accessing the patient’s medical record. A second, un-named employee suspected to be a nurse, was also involved.
The judge who heard the case found that the employee did not act within the scope of her employment and violated the hospital’s policy. She determined the hospital would not be held liable for damages associated with the claims of invasion of privacy, emotional distress, malice and negligence.
This decision reinforces the importance of all healthcare providers and organizations having a policy which is comprehensive and provides specific guidance to employees on what they can and can not post. I've been addressing the risk of not having a policy in my writings and presentations over the last several years. Below is a graphic I've used in past presentations that can guide policy writers in ensuring privacy and security without creating National Labor Relations Board (NLRB) issues.
For those you need more help, I'm available to review and provide feedback or even work with you to develop a stronger policy that helps you managed all of the risks of new media.