Social media in the workplace

Do you have any clue as to how many of your employees “tweet”? Do you know how many employees have a Facebook page? Who among your employees is on LinkedIn? Plaxo? MySpace? Classmates? Or, active on any of the other new instant messaging social media sites that are popping up almost every other week? Do you have any idea how often your employees visit these sites while at work? How many of your workers have a blog? Do you have any appreciation of the extent to which your employees tweet or post about their job and their work? Have you ever “posted on a wall” or visited one of your employee’s walls? Should you visit these sites to learn more about your employees? What should you do if you visit an employee’s social media site and learn more than you should or information that should lead to termination?

Many of you will answer that you have not visited a new media site, and some of you may even ask “Why should I care?” Unfortunately, the emergence of social media as a widely used communication tool is fostering unintended consequences in the workplace which employers can no longer afford to ignore. Long-term care (LTC) employers are far from immune to these consequences and, in many respects, are more vulnerable to the negative impact of social media because of the nature of our core business-providing healthcare-related services to the infirm and elderly in a highly regulated environment.

Social media at work

Facebook has graduated from its college roots and is now accessed by more than 500 million users. LinkedIn was originally intended to connect employers and job seekers, but has, intentionally or unintentionally, broadened its scope and now has more than 75 million “members.” Everybody that’s anybody tweets on Twitter. It’s the in thing to do. A recent Cisco study revealed that that more than 25% of employees admit to having changed the settings on their workplace computers to circumvent employer communication policies. According to Cisco, one of the leading U.S. network providers, almost one-half of all employees age 30 and under have visited social media sites on employer time, some for more than an hour per day on meaningless interactive digital games. Surprisingly, almost one-third of them claimed that they were permitted to do so. Perhaps most strikingly from the information compiled by Cisco, is the fact that, in the face of all of this data, only about 1 in 5 employers have a policy governing social media access and usage. Suffice it to say that access to social media by employees is not going to wane anytime soon and that, much to the contrary, new media use is going to increase beyond any reasonable expectations.

As an employer, why worry? Aside from the obvious productivity, efficiency, and attention issues posed by access to these new media while at work, there are several important human resource and legal concerns that must be considered. From a human resource and employee relations perspective, employers must decide where to strike the balance between a congenial workplace that permits access to social media collaboration sites and one that protects confidentiality, security, and employer legal interests.

The legal concerns cover as broad a range as one can imagine. They span from the ability of an adverse party in a lawsuit to “discover” and use your employees’ personal social media postings to what you, as an employer, can do with information you learn about a candidate or an employee from a social media posting to the extent to which you, as an employer, can be held “liable” for certain employee postings whether authorized or not. Significant legal issues arise potentially under antidiscrimination statutes, GINA, the Fair Credit Reporting Act, the Federal Computer Fraud and Abuse Act, the Stored Communications Act, The Computer Related Offenses Act, HIPAA, and Federal Trade Commission (FTC) regulations. LTC employers are all well aware of the constraints of HIPAA, but many LTC employers have not focused on the potential HIPAA violations which can arise on the now casual social media. They can stem from as simple a scenario as an employee complaining about his/her workday and the conditions of the patients/residents cared for during the course of his/her shift and possibly even directly or indirectly, the identity of those residents. It simply doesn’t take much for there to be an inappropriate disclosure of PHI (protected health information) that runs afoul of HIPAA.

Much less appreciated are the restraints and penalties of FTC regulations as they apply to “new media,” “endorsements,” and comments about a related party’s “product.” The FTC’s regulations on testimonials and endorsements in advertising in “new media” make not only the “endorser,” but the employer liable for failing to disclose “material connections” between and among “endorsers” and the products and companies about which they comment. The liability attaches to the employer regardless of whether the “endorsement” was authorized or known beforehand. The FTC is particularly vigilant with respect to false and unsubstantiated “endorsements.” The FTC regulations also impose an affirmative obligation on companies to “maintain internal procedures” that will prevent violations of the regulations.

The FTC regulations should not be taken lightly and the penalties are stiff. The fact that we are primarily in a service business is of no consequence to the FTC. A policy governing use of social media while at work and restraining employees from work-related communications on social media sites at all times is a must. LTC employers should expect that “customers” and “prospective customers” will search the Internet for information and feedback, including your employees’ social media postings. The policy needs to maintain the potential benefits of social networking, but, at the same time, minimize the risks and the “threats” of social media use and abuse. At a minimum, compliance with FTC guidelines requires that you “maintain internal procedures” addressing limits and controlling “new media” endorsements. HIPAA adds yet another dimension and, while most long-term care employees are adequately schooled in the limitations imposed by HIPAA, it is unlikely that this training created an adequate awareness of how the “casual” communications about work on a social media site can step over the line. While a social media policy should be specific to your facility and to your culture, there are several elements which should be common to any and every policy on this subject.

Develop social media policy

First and, perhaps, foremost, the facility policy should make clear to employees that it retains the right to monitor all use of its technology and any communications made or received on employer equipment, from office-based hardware to employer-provided cell phones, BlackBerrys, and other devices. Act affirmatively and clearly to remove any expectation of privacy and, unless you are a government-run entity, you have every right to do so. Next, according to a fairly recent decision of the National Labor Relations Board, you have the ability to, if you so choose, impose a complete ban on employee use of employer technology for personal or non-business communications, provided the ban is not enforced discriminatorily. It’s up to you to decide how restrictive your policy will be in this regard, but even if you choose less than a complete ban, as many will, you must be mindful of the FTC guidelines and of HIPAA and build them specifically into your social media policy. Furthermore, both the FTC and HIPAA require that your policy reach beyond the confines of your workplace and address use of personal equipment, personal media sites, on personal time for any communication related to work or work-related matters, particularly anything having to do with residents or the provision of resident care. You must require employees to obtain approval for any postings that in any way involve your facility, your services, or your residents. Shift liability to employees for postings on their sites that are not at management’s request. Make sure that employees understand that they are prohibited from disclosing any and all proprietary, confidential, and “intellectual property” information. Absolutely ensure that employees disclose their relationship to you if they post information which promotes, endorses, or dishes your “products” and services in any way, directly or indirectly; their employee status must be definitively disclosed. Make sure that employees understand that they will be held accountable for any social media behavior that steps over the line in terms of laws, rules, and regulations, particularly those of the FTC. Employees must also understand that “anonymous” postings will not escape FTC scrutiny.

Deceptive, misleading, and false postings must also be prohibited. Finally, and specifically, the policy must prohibit disclosure of any and all confidential, financial, sensitive, trade secret, resident, employee, or corporate information.

Summary

There are many advantages and benefits from today’s new social media, but there are many pitfalls as well, particularly for LTC facilities when they are “wearing their employer hat.” A well-articulated and widely communicated social media policy is a must and employers would be wise to designate an individual within the organization to not only “police” social media usage, but to be available and responsive to employees when social media issues arise.

John E. Lyncheski is a Director/Shareholder in the Pittsburgh-based firm of Cohen & Grigsby P.C. He chairs the firm’s healthcare group and the firm’s Florida labor and employment practice. Mr. Lyncheski is a Fellow in the American College of Healthcare Administrators (ACHCA), is on the Board of Directors of the American Health Lawyers Association, the Florida Assisted Living Association, and the Florida Chapter of the ACHCA, among others. Contact him at

jlyncheski@cohenlaw.com. Long-Term Living 2010 October;59(10):32-35