Category: Social Media

Health Care Entities Using Social Media: Guidance from the Division of Quality Assurance

Recently posted in the National Law Review an article by Diane M. Welsh and Linda C. Emery of von Briesen & Roper, S.C. regarding  the use of social media and web-based email services:

Many articles have been written about the legal and business risks associated with the use of social media and web-based email services. However, the risk of using social media is heightened in the health care industry in light of a health care entity’s legal and regulatory obligations to protect the privacy and security of health care information. Health care entities need to be particularly familiar with the risks of using social media in the health care industry and methods for reducing those risks.

The DQA October 24, 2011 Memorandum

On October 24, 2011, the Wisconsin Division of Quality Assurance (“DQA”) issued numbered memorandum 11-026 entitled, “Using Social Media Platforms, such as Twitter, Facebook, MySpace and LinkedIn”. The Memo is available at www.dhs.wisconsin.gov/rl_DSL/Publications/11-026.htm.

The DQA definition of “Social Media” includes what one would normally consider social media, as well as “free and unencrypted web-based email services” such as Yahoo and Gmail, and web-based calendars. The purpose of the Memo is to “provide guidance to providers on the fast-changing landscape of the internet and the impact of using social networking and social media as a communications tool”.

DQA released the Memo to address concerns raised about (1) health care entities and their staff using web-based email accounts (e.g., Gmail) or web-based calendars (e.g., Yahoo Calendars) to convey patient or resident care information; and (2) health care entity staff members sharing protected health information on FaceBook.

The DQA notes that inappropriate use of Social Media or use of Social Media without adequate security protections may violate a patient’s or resident’s privacy rights. Moreover, DQA emphasizes that Social Media sites are now major targets of the hacker underground, creating further risk of a network security breach. DQA also warns health care entities of the potential for criminal and civil risks of using Social Media, (including criminal prosecution or civil actions under HIPAA) because it is the United States Department of Health and Human Services Office of Civil Rights—and not the Division of Quality Assurance—which has jurisdiction over such violations.

Risk Management Considerations With Regard to Entity Use of Social Media

DQA includes a number of recommendations for reducing the risks associated with the use of social media by health care entities.

First, the DQA recommends that each health care entity conduct a risk assessment to determine whether the entity or its staff members are utilizing Social Media in a manner that may violate patient or resident rights.

DQA also recommends that providers and staff members should be fully aware of the broad definition of “protected health information.” If a health care entity chooses to utilize a Social Media tool, it should insure that the information it discloses is “de-identified under HIPAA.” DQA points out that no health care provider should ever post any protected health information on-line without the appropriate written patient authorization. Merely omitting a patient’s name from a post does not make it a permissible disclosure. Posts that discuss the patient’s condition—even without disclosing the patient’s name—contain protected health information.

DQA emphasizes that “a covered entity should consider the need for a business associate agreement with a social media site, if the entity is uploading protected health information to the site. HIPAA makes it mandatory for all covered entities along with their business associates to ensure complete protection of patient health information, which they store, process and exchange between themselves.”

Finally, DQA recommends that health care entities should develop a social media policy that guides employees on the appropriate use of social media, and includes specific guidance (e.g., “Refrain from discussing patients, even in general terms.”). The organization should also provide staff with ongoing training on resident rights, privacy and security.

Marketing Uses of Social Media

DQA does not directly address the use by healthcare entities of social networking sites like FaceBook, Twitter or YouTube, or even the providers’ own websites, to promote their services or discuss advances they have made in healthcare. Many health care entities use videos, photos, and patient interviews to promote their services. If a health care entity posts a video, photograph, or patient interview of actual patients, that provider would be disclosing protected health information.

Any health care provider using protected health information in this manner should only do so with the express written authorization of the patient. Even with such authorization, the provider must be sure that the patient understands that when posting information online, the provider and the patient lose much control of the information. Although the provider could remove the materials if a patient withdraws authorization, the patient and the provider cannot get back any material that may have been downloaded by others.

Although not referenced in the Memo, health care providers should institute a social media policy which identifies who is permitted to use social media for the business purposes of the organization and what information may be posted on the company’s website or a social media web page.

Considerations for Staff Member’s Personal Use

One of the greatest risks of social media sites is that a health entity staff member may post protected information on the staff member’s social media page. The internet is filled with stories of hospital employees being fired for providing their opinions about a patient on a Facebook account, albeit without identifying the patient’s name. Given that any information disclosed about a patient or resident would likely constitute a breach of protected health information, it is imperative that providers inform staff that they are not to share any confidential information whether at work, or outside of work—including on their FaceBook pages or through Twitter (or in actual conversation with their family or friends). Staff should understand that they are not to share any patient information online—even if they are not naming the individual patient.

Additional Resources

Additional information on this issue is available through the HIPAA Collaborative of Wisconsin website, at www.hipaacow.org.

©2011 von Briesen & Roper, s.c

New Facebook Cases – No Protected Concerted Activity, But Is It Surveillance??

Posted in the National Law Review an article by Adam L. Bartrom and Gerald F. Lutkus of Barnes & Thornburg LLP regarding Facebook cases continue to be examined by the NLRB

Facebook cases continue to be examined by the NLRB as a new technology cloaked in traditional case law.  The NLRB’s General Counsel has recently decided to dismiss three complaints brought by terminated employees who were fired for their Facebook posts.  In all three cases, the GC found the conduct not to be protected concerted activity under Section 7 of the NLRA.  That approach is consistent with the GC’s memo earlier this year which emphasized that content and context were key in analyzing whether disciplinary action brought as a result of social media chatter violated the NLRA.  A recent blog post on the topic appears here. To access the GC’s office memoranda on these cases, click here.  All three continue to show the NLRB’s focus on whether the Facebook chatter is merely an expression of individual gripes or is the chatter an effort to initiate group dialogue or group action.  Employers must continue to evaluate decisions to discipline for social media postings within that context.

 However, buried in one of the opinions, Intermountain Specialized Abuse Treatment Center, is a provocative and concerning analysis by the GC’s office regarding union surveillance.  The Advice Memorandum concludes that it agrees with the Regional Director that the Employer did not unlawfully create the impression that it was engaged in surveillance of protected union activity by having knowledge of the Facebook post.  What??  The memorandum states that employer surveillance or creation of an impression of surveillance constitutes unlawful interference with Section 7 rights.  Here, there was no such impression of surveillance because the employer received the Facebook information from another employee and the conduct at issue turned out not to be protected activity.  However, the memorandum certainly raises the question of whether an employer practice to examine Facebook posts on a regular or even on an as needed basis would violate Section 7 rights.  The jury is still out on that issue.  Stay tuned.

© 2011 BARNES & THORNBURG LLP

Surprise! You Just Starred In Our Movie

Recently posted in the National Law Review an article by Matthew J. Kreutzer of Armstrong Teasdale regarding a lawsuit by actor Jesse Eisenberg’s small role in a movie although the DVD cover has his face prominently featured:

One of my all-time favorite comedies is the movie Bowfinger, in which a down-and-out movie producer named Bobby Bowfinger (played by Steve Martin) makes a movie starring a well-known A-list actor named Kit Ramsey (played by Eddie Murphy) without Ramsey’s knowing participation.  Some of the best scenes in the movie occur when Bowfinger and his “crew” create situations around the increasingly-unhinged Ramsey, secretly filming his hilarious reactions to the ridiculous set-ups.  Apparently, life has (sort of) imitated art: in a recently-filed $3 million lawsuit, actor Jesse Eisenberg (star of The Social Network and Zombieland) claims that he was exploited in a similar manner by the producers of the direct-to-DVD movie, Camp Hell.

According to the lawsuit, in 2007 Eisenberg agreed to appear in Camp Hell as a favor to his friends.  He was on set for only one day of filming, and logged only a few minutes of total screen time.  Because he was only minimally involved in the movie, he was surprised to see that his face was prominently featured on the cover of the DVD, implying that he starred in the film.  His lawsuit asserts various California law causes of action, including claims for unfair business practices and publicity rights.  But, according to Hollywood law blogger Eriq Gardner, the lawsuit reads more like “a consumer class action, saying that the producers are ‘continuing to perpetrate a fraud on the public.’”

Camp-Hell-Poster
Overselling a famous actor’s involvement in a film is a common practice in the industry, although the Camp Hell example may be one of the worst offenders.  But, while there are agreements and rules among various creative unions in Hollywood relating to attribution and credit, there apparently aren’t any that specifically state the number of minutes of screen time that are necessary in a movie before an actor can be marketed as a film’s “star.”

Fortunately, the franchising world has more explicit rules regarding how a franchise can be marketed and sold to potential franchisees.  Generally, the FTC Franchise Rule and a number of state laws require a franchise company to provide to a prospect certain types of disclosures regarding the business being marketed.  Through a legally compliant Franchise Disclosure Document, a possible franchise buyer will obtain a great deal of information about the franchise being sold, which information should support the marketing claims the franchisor makes generally.  Further, several states have specific restrictions on the types of statements that franchisors can make in advertising pieces, which restrictions are further designed to protect against misinformation to franchise buyers.  These laws work together to attempt to ensure that members of the public are not lured into buying a franchise based on puffery or overblown claims of success.

It will be interesting to see how the Court handles Mr. Eisenberg’s lawsuit.  I wonder if the movie industry will, in the face of the Camp Hell situation, consider adopting more stringent rules about marketing actors?

I would love to hear from you — have you ever watched a movie based on the claim that a movie was “starring” a certain actor, only to find out that the actor’s involvement was minimal?

© Copyright 2011 Armstrong Teasdale LLP. All rights reserved

Creating a Social Media Policy

Posted on October 18, 2011 in the National Law Review an article by Brian J. Moore of Dinsmore & Shohl LLP regarding the importance of employers having a social media policy:

It is essential for employers to develop a social networking policy, especially in light of the many legal issues that may arise. Employers must consider the many goals that the policy intends to cover, such as:

  • Protecting the company’s trade secrets, confidential, proprietary and/or privileged information;
  • Protecting the company’s reputation;
  • Protecting the privacy of employees; and
  • Establishing guidelines for whether use of social networking sites during working hours is permitted, and if so, under what circumstances.

Employers must also consider the parameters in developing a new policy, such as:

  • Urging employees to go to human resources with work-related issues and complaints before blogging about them;
  • Setting forth the potential for discipline, up to and including termination, if an employee misuses social networking sites relating to employment;
  • Establishing a reporting procedure for suspected violations of the policy;
  • Enforcing the policy consistently and with regard to all employees;
  • Reiterating that company policies, including harassment and discrimination policies, apply with equal force to employees’ communications on social networking sites;
  • Reminding employees that the computers and email system are company property intended for business use only, and that the company may monitor computer and email usage; and
  • Arranging for employees to sign a written acknowledgment that they have read, understand and will abide by the policy.

As seen is the October 14th issue of Business Lexington

© 2011 Dinsmore & Shohl LLP. All rights reserved.

Shooting Canons out of your Cannon

Recently published in the National Law Review an article by Kendall M. Gray of Andrews Kurth LLP regarding press coverage of the case after giving media interviews and posting comments on Facebook

Hat tip to the ABA Blog for another tale of woe about attorneys who worsened their fate with bad spelling.

A New York judge was concerned that defense counsel lacked the necessary “game” to handle the high profile murder case before the court.

Among the reasons? Facebook comments and bad spelling. According to the ABA Blog:

Firetog scolded the lawyers for complaining about press coverage of the case after giving media interviews and posting comments on Facebook. He even chastised the lawyers for misspelling “canon” in a reference to ethics, the Times says. “Two N’s means a cannon that shoots at something,” he said.

So remember, campers, an ethical canon is what attorneys must obey. An ethical cannon is an artillery piece that obeys the rules of engagement.

The career you save could be your own.

© 2011 Andrews Kurth LLP

Facebook & Extramarital Affairs: Beware!

Posted on Wednesday, August 3, 2011 in the National Law Review an  article by Rebecca L. Palmer  Timothy C. Haughee of Lowndes, Drosdick, Doster, Kantor & Reed, P.A. regarding a growing number of married people are using Facebook to reunite with old flames or to connect with those with whom they seek a romantic relationship.

With the advent of social networking sites such as Facebook, people are now able to reconnect with long-lost friends with just the click of a mouse. While many take advantage of Facebook’s added convenience to make innocent connections with others, a growing number of people are using Facebook to reunite with old flames or to connect with those with whom they seek a romantic relationship. For a married person, this can be a real marriage disaster.

According to a 2008 report by the Pew Internet and American Life Project, one in five adults, many of whom are married, use Facebook for flirting. A British divorce website, Divorce-Online, recently reported that the term “Facebook” appeared in nearly 20% of the petitions it was handling last year, out of a case load of 7,000. Indeed, in one recent survey conducted by the American Academy of Matrimonial Lawyers, two-thirds of lawyers said Facebook was the “primary source” of evidence in divorce proceedings.

So, does Facebook cause extramarital affairs? While the statistics referenced above may lead one to conclude that Facebook can cause extramarital affairs, there has yet to be evidence of such a causal link. In fact, the divorce rate has generally been stable during the last decade, and infidelity’s role as the primary cause of around 25% of divorces has also remained stable, despite advances in the digital age. However, while there may not be a direct causal link between Facebook and extramarital affairs, it is abundantly clear that Facebook enables married individuals to cheat on their spouses in a manner that is easier than previous methods. No longer do you have to write a letter to your old flame, or obtain their phone number and place a call, hoping that an irritated spouse does not answer. Instead, an online Facebook account allows easy connectivity, fast replies, mail accounts that can be easily deleted, advanced privacy settings, and the seamless sharing of pictures and other information, at any hour of the day or night. Simply stated, Facebook can tempt a married individual to pursue an extramarital relationship that they otherwise would not have pursued. If that temptation is acted upon, the married individual can maintain the extramarital relationship online and delete the evidence at their convenience, all without the knowledge of their spouse.

Facebook’s prevalence in extramarital affairs has, in turn, also led it to become a favorite evidence tool for divorce attorneys. The American Academy of Matrimonial Lawyers recently reported that 81% of its members have used or faced evidence taken from Facebook or other social networking sites over the last five years. Such evidence can have dramatic consequences for a party in a divorce case. For instance, a mother’s alienation of affliction claim may be bolstered by evidence of the father forcing the couple’s son to “de-friend” his mother on Facebook. A parent going through a divorce may have their request for additional timesharing with their child denied if the court is presented with pictures from Facebook depicting the parent drinking or doing drugs when the child is in their care. A divorcing spouse seeking alimony based on a lack of earning capacity may have their request denied by the court if the requesting spouse’s Facebook account is littered with pictures of the spouse spending their free time and money at restaurants and bars.

The law is currently unsettled regarding the use of information obtained from Facebook during a family law proceeding. However, recent case law should leave Facebook users, and their family law attorneys, wary. For instance, a judge in Pennsylvania recently found that the husband in a divorce case had to provide his wife’s attorneys with his Facebook username and password, despite the husband’s objection that his Facebook information was private and thus deserving of an evidentiary privilege. The judge rejected the husband’s arguments, noting that the husband had no expectation of privacy because Facebook’s End User License Agreement (“EULA”) notes that all user accounts are subject to, and are at any time accessible by, third party administrators. Since the husband accepted Facebook’s EULA when he signed up for Facebook, the court found an implicit waiver of confidentiality regarding the information contained on his Facebook page. While the Pennsylvania decision is not binding on Florida courts, it is most assuredly instructive.

Accordingly, a person should be extremely cautious with their Facebook account when going through a divorce. Among other things, a divorcing individual should refrain from denigrating their spouse on Facebook, and should generally avoid posting comments on their Facebook accounts that they would not want a judge to read in open court. Additionally, a divorcing spouse should abstain from posting pictures or videos that may be damaging to their divorce case, including pictures or videos that are sexually explicit or show the divorcing spouse binge drinking or doing drugs and exposing their children to the same. Similarly, a divorcing spouse should take note of the information posted by their Facebook “friends,” such as pictures or videos that “tag” the divorcing spouse, and should ask such “friends” to remove the damaging information from their Facebook page. Finally, a divorcing spouse should consider changing their Facebook privacy settings so that they can limit the information that they share, and if that is not enough, a divorcing spouse should consider deleting their Facebook account during their family law case.

We continue to find technology changing human relationships. From readily accessible pornography to explicit social networking websites (including at least one aimed at assisting married individuals to enter into extramarital affairs) to Facebook, family life is no longer made up of the innocence of Ward and June Cleaver. Consequently, using good judgment and carefully monitoring your Facebook account during a family law proceeding can have a significant impact on your case.

© Lowndes, Drosdick, Doster, Kantor & Reed, PA, 2011. All rights reserved.