We are starting to see an increase in the number of news articles reporting on health care facilities terminating employees for violating patient privacy on their facebook pages or other social media.
Last December, one such incident made a fair number of headlines when a Mississippi hospital worker responded to a tweet from the Governor of Mississippi, Haley Barbour, regarding the state’s “dire fiscal situation” and soliciting ideas to trim expenses. The employee responded with a tweet that said the Governor should “schedule regular medical exams like everyone else instead of paying UMC employees over time to do it when clinics are usually closed.” The hospital terminated the employee on the ground that her tweet violated HIPAA because it disclosed that the Governor had been a patient at the hospital.
More recent reports suggest that health care employers have become even more aggressive in terminating employees who have compromised patient privacy on their social media pages. For instance, in June, it was reported that a hospital in Oceanside, California had terminated five employees and disciplined a sixth for using social media to discuss hospital patients. The hospital’s CEO is quoted as saying that its investigation had not yet uncovered any evidence that patient names, photographs, or similar identifying information was posted by these employees, but the investigation had yielded sufficient information to warrant disciplinary action.
Now, in August, we have seen two more news reports of similar firings. First, in Michigan, a hospital employee was fired after reportedly stating on her facebook page that she had come face to face with a cop killer and that she hoped he rotted in hell. Apparently, the post contained no other identifying information, though presumably one could piece together the patient’s identity from other recent local news reports. In addition, having a hospital worker stating publicly that she hoped that a patient rotted in hell does not exactly portray the hospital in the best light. Finally, another news account states that staffers at a Long Beach, California hospital posted at least one picture of a stabbing victim on the Internet. According to the report, four staff members were fired and three disciplined in connection with the incident.
Though employers are generally becoming aware of the need to implement social media policies, these incidents underscore that health care providers and facilities particularly need to educate their workforce regarding such policies to ensure that they fulfill their obligations towards patient privacy.