To make things easier, we'll be using Royal Brisbane and Women’s Hospital (RBWH) as this week's example. Located at Herston within the Metro North Health Service District, RBWH is a key provider of health care services for Queensland Health. Ever since it was established, RBWH has been providing state-of-the-art medical care and the best possible outcomes to all their patients over a comprehensive range of specialities.
With hundreds of patients and a good number of staff, this 929-bed public hospital has a good chance of exposure to legal risks caused by social media. Possible legal risks that organisations face for implementing Enterprise 2.0 includes:
- Trademark infringement
- Copyright breaches
- Privacy breaches
- Conduct of employees that an employer may be liable for
As for an organisation like RBWH who is in the healthcare industry, the most common and relevant legal risks would be:
- Loss and disclosure of confidential information - With many doctors each dealing with at least 100 a year, this risk becomes particularly relevant to RBWH. Suppose a doctor befriends all his patients through social media sites like Facebook, Twitter and LinkedIn and one day, he decides to leave the hospital to open his own clinic. He could then easily contact his "followers" and "friends" to invite them to go to him instead. This would be classified as a breach of information as the customer database belongs to RBWH and not the doctor.
- Reputation Risks - These days, social media accounts are all inter-connected with each other. It also shows others where we work, where we stay, and what we like. If one is not careful while posting something on these websites, the public may assume that these individuals are posting on behalf of their organization. For example if a doctor posts "Enjoying a break from work with my cigarette" and his "Followers" know that he is working at RBWH, this could damage RBWH's reputation as a clean and healthy environment for patients.
- Discrimination claims - The hospital is where we can find different people from different background with different personalities. Hence, the chance of discrimination claims are fairly high here. According to Dundas Lawyers, adding clients and co-workers on social media sites but not adding certain ones can be argued for as discrimination. So if a doctor "follows" someone on Twitter but does not "follow" another, or if they "unfollow" someone, the doctor and RBWH may be called to court for "discrimination.
To prevent these risks from causing damage, an organisation can implement several safeguards by creating a Social Media Policy. These policies should clearly address the following areas:
- Access – The policy should define who can access social media in the workplace, when they can do so, and what can they do on these sites. This is to ensure use of social media does not affect job performance and protect the organisation from unneccesary risks.
- Management – Who is responsible for the implementation and management of social media in the organisation has to be determined. Someone should be in charge of keeping updated on what others are saying about the organisations in social media sites.
- Privacy issues – Specify how individuals working in the organisation should protect confidential company, employer, employee and patient information. This is to ensure they do not post statements that reveal private information that can cause trouble.
- Monitoring – Notify those in the organisation why you are monitoring their social media usage, how you are going to do it, and when will monitoring take place.
- Violation consequences – Clearly state the consequence of violating company policies in different scenarios. This is to ensure those working in the organisation are aware and will adhere to the new social media policy.
- Integration – The company should determine how this new policy should be intergrated with other existing policies within the organisation. This is to help employees understand how all the policies fit together.
Sutter Health's Social Media Policy Overview