Protecting confidentiality in the
health care setting: The menace of
Social media has connected the world and provided us with instant access to information in a way that no other innovation has. Most enlightened employers, recognizing the benefits of social media (and that it is not going away), now endorse the responsible use of social media as a means of connecting with their stakeholders and managing their brand. However, we all know there is dark side to social media use by employees whether on the job or off duty. Social media use during work time may cause a drain on productivity. It may also lead to an increase in viruses introduced into a company’s computer systems, as social media provides a platform to commit fraud and launch spam. Misuse of social media may cause damage to an employer’s reputation.
Finally, and most importantly perhaps in a health care setting, social media use increases the likelihood and ease with which confidential information can be improperly used or disclosed. Many health care workers have access to a wide variety of confidential information, from sensitive personal health information of patients, to confidential organizational information, in some cases. The protection of that information becomes even more critical, and more complex, in the social media age.
The case of Chatham-Kent and CAW, Local 127 (Clark grievance) highlights why employers in the health care sector need to be vigilant in monitoring their employee’s social media use and enforcing their social media policies. While this is one of the earliest cases in which an employee was dismissed for misusing social media, and many more have followed, it highlights the confidentiality concern that is unique to the health care sector.
The grievor was a personal caregiver in a home for the aged. Her employment was terminated for comments she posted on her personal blog. In particular, the griever complained about management, and characterized her workplace as a “hole”, while referring to it by name. She also identified residents and complained about them, posted a picture of a resident, and discussed some resident’s medical conditions on her blog. At arbitration, the grievor’s termination was upheld. The arbitrator determined that she had breached confidentiality, made public insubordinate remarks, and that her comments demonstrated a disregard for residents’ needs.
The arbitrator also concluded that the grievor had failed to exercise due care in when utilizing her privacy settings, making the blog accessible to the public.
More recently, a hospital employee was terminated for cause as a result of posting confidential patient information on his Facebook page, in Credit Valley Hospital v. CUPE, Local 3252. The underlying facts of that case are tragic and highlight the sensitive nature of the confidential information available to hospital employees. In that case, an adolescent outpatient who attended the hospital for an appointment with a mental health physician jumped to his death from the Hospital’s parking garage. The grievor, a part-time Environmental Services Representative, was assigned to assist with the cleanup of the scene after the body had been removed. While there, the griever took two pictures of the scene with his cell phone, and then, during his break posted them on his Facebook page, with a caption under each picture. The captions did not identify the patient by name, but indicated his age and the location of the incident. At the urging of a colleague, the grievor removed the pictures from his Facebook page the following day. Following an investigation, during which the grievor was less than forthright, the hospital concluded that he had engaged in culpable conduct, and terminated his employment for cause on the grounds that he had breached the Code of Conduct, and patient confidentiality, and his obligation not to disclose employee and corporate information.
The arbitrator concluded that the greivor had engaged in culpable misconduct and that discharge was the appropriate response in the circumstances. In making this finding, the arbitrator concluded that the “[b]y his actions of taking the pictures and posting them on his Facebook page with comments that others viewed, [the greivor] without any justification … put his own self-interest and feelings ahead of the well-known, the well-understood and all-encompassing fundamental obligation on employees to maintain the confidentiality of patient information.” This obligation, the arbitrator found was clearly set out in the hospital’s Confidentiality Policy and Code of Conduct.
While these types of cases are relatively rare, the results in both Chatham-Kent and Credit Valley Hospital underscore that decision-makers will be willing to protect the sanctity of confidential patient information, and will sanction the indiscriminate use of social media in this context. Employers are wise to monitor social media use and clearly communicate that confidentiality obligations apply to their employees who use social media, whether on or off duty.