Social Media: Practical Guidance

An Attorney Explains Why a Workplace Ban Won't Work
Social Media: Practical Guidance
Editor's Note: This piece was prepared for our sister site, HealthcareInfoSecurity, but the advice about social media policies is relevant to organizations in all sectors.

When it comes to banning the use of social media in the workplace, Jenny Corotis Barnes, assistant general counsel at The Ohio State University Medical Center, has a strong opinion: Forget about it.

Barnes, who participated in developing the center's comprehensive social media policies, says restricting access to social media in the workplace - a common practice - is short-sighted and won't help improve privacy.

"Think about where the future is going with social media and with being connected electronically," the attorney advises. "Hospitals should realize that shutting down access isn't going to work in the long-run." Barnes points out that even if an organization prohibits most of its employees from using its computers to access social media, employees "will use their smart phones and get to social media anyway."

She advises leaders to carefully consider whether they want "an educated workforce that knows about social media and will know how to use it and the risks that come with it and the value of it. If so, you need to get over the initial fear of somebody saying something bad about the organization on the Internet. That's going to happen no matter what. It's better to have an educated workforce and work through the risks ... and have the policies and the procedures and the environment that embraces all aspects of social media."

Recruiting Top Talent

Allowing the use of social media in the workplace helps the center attract highly qualified workers, Barnes contends. "The workforce is getting younger and younger, and this is how they communicate," she notes. "One of our goals as an organization is the dissemination of knowledge. How can we cut off social media, one of the greatest opportunities to disseminate knowledge?"

The center, however, has very detailed social media policies and guidelines in place. These are designed, in part, to guard against violations of the HIPAA privacy rule, which can lead to significant damage to the organization's reputation, Barnes says.

Security, Privacy Provisions

Here are some examples of the center's social media guidelines:

  • A HIPAA compliance policy makes it clear that staff cannot discuss patients over the Internet, which would be a reportable breach under the HITECH Act breach notification rule
  • .
  • The organization makes it clear that employees are free to use social media for personal purposes during non-work time, such as lunch breaks, as approved by their supervisor.
  • The center does not monitor employees' use of social media. Instead, it closely monitors the use of its name on social media sites using a number of web monitoring tools.
  • Staff members receive annual training on social media policies as part of their HIPAA compliance education. In addition, a social media manager offers one-on-one training in certain circumstances.
  • The social media policy spells out that an employee can receive sanctions, up to firing, for violations. But in the two years the policy has been in place, no one has been sanctioned for violations.

The center has created a series of online documents about social media. Links to many of these can be found on Barnes' Twitter site.

21st Century Communication

The Ohio State University Medical Center makes extensive use of social media as a new way of communicating with patients. In addition to heavy use by the communications and marketing department, senior executives, including the CEO, use social media to reach out to the community.

The CEO frequently tweets about a variety of issues, including a local bike marathon fundraiser for cancer treatment. "So we have senior-level leadership on this issue," Barnes says. "It makes all the difference in the world."

In another creative example of using social media to communicate with the public, a doctor observing a new robotic surgical procedure for partial knee replacement provided real-time tweets about the surgery to offer practical education on how it worked

And in certain rare cases, social media can even help instantly improve customer service. When recently using a web monitoring tool, the medical center's social media program manager noticed that a patient in a waiting room was using social media to complain about a long delay in seeing a clinician. The manager was able to reach out to the patient and immediately offer assistance, Barnes explains.

Doug Flowers, director of public affairs and media relations, describes the center's approach to social media in this way: "We try not to simply use social media as a way to push information out to people. That's not where you get the full benefit. It's around sharing a perspective on something or commenting on a healthcare issue or sharing an interesting article that someone has read ... It's around continuing to interact with people in a different way and creating an additional point of access to our organization."


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.