Social media nightmare for health IT

Our columnist would hate to have to issue a concrete definition – acceptable to folks in hospital legal departments – of 'sensitivity'

Analysis

Few healthcare IT policies these days are as delicate, sensitive and potentially emotionally explosive as efforts to restrict or regulate employee social media activity. And yet hospital hierarchies are routinely stepping on these political minefields as providers try to protect their reputations.

Consider a recent incident at the 2,478-bed New York Presbyterian Hospital.

An ER nurse posted a photograph of a trauma room – no staff or patients were in the picture – after caring for a man who had been hit by a subway train. The caption: "Man vs. 6 train." The image simply showed a room that had seen a lot of action moments before. The veteran nurse was fired after the incident, according to an ABC News report, not because she had breached hospital policy or violated HIPAA, but, as she put it: "I was told I was being fired for being insensitive."

This legitimately raises key issues around what a hospital's social media policy should be. This specific incident, though, appears to be an impressively poor choice for the hospital to have selected to make its stand. First, there really was no privacy issue at play. The photo shows nothing more than a slightly messy trauma room. The caption is vague and is hardly worse than a police officer posting a car accident image, with a note warning people against drinking/texting while driving. (To be precise, the injured car would be recognizable to the patient along with friends and family, especially if a license plate were visible, whereas a generic trauma room photo isn't.)

[See also: Social media taking hold in healthcare.]

An even bigger problem with using this incident is that the nurse, Katie Duke, didn't even take that photograph. It was taken by a staff doctor and the doctor had posted it on the doctor's Instagram page. Nurse Duke had merely reposted it. The consistency killer? The doctor "was not reprimanded," ABCNews reported. To be fair, it's not clear whether the doctor's post included the "Man vs. 6 train" comment. Given that it appears that the comment – as opposed to the image – is the trigger here, the hospital's disciplinary process may or may not have been inconsistent.

Let's get back to the social media policy issues. I would hate to have to issue a concrete definition – acceptable to our friends in Legal – of "sensitivity." What if there had been no image and the nurse had simply said something like "A grim reminder at the ER today about how dangerous and deadly subways can be. Don't take any chances – ever." Is that insensitive? And if not, how is it meaningfully different than what Duke reposted? She specified the subway line, which, by itself, isn't insensitive nor especially revealing. And she used an image of the trauma center, which showed nothing. Would it have made any difference had she posted a generic trauma center image from Google Images?

If no patient or hospital privacy has been violated, what is the issue? The issue is that she was accused of violating hospital policy. We've now gone full circle. What is reasonable to ban, as long as no one's privacy nor hospital confidentiality is violated? (Classic hospital confidentiality: "Wow, my hospital is getting away with amazing markups. We just charged a patient $XXX for something, and I saw the paperwork that we only paid $X for it." The employee would be using information that she/he could only know because she worked there. That's a fine violation.)

Can a hospital ban employees from saying anything hospital-related on their social media posts? What if it's entirely positive, as in "Our surgical team is brilliant. We saved patients today that most surgeons would have lost"?

[See also: Connecting to Health via Social Media.]

Here's the IT nightmare. What if the hospital says, "We're going to decide this on a case-by-base basis"? Danger, Will Robinson! Danger! Then things fall to IT to become the social media police. Are you to then track every social media feed of every employee and to then – gulp – review every posting for appropriateness? And somehow management thinks that this action will avoid lawsuits?

The simple fact is that a social media policy that covers what an employee does in his or her personal time is highly problematic. On the other hand, there certainly is social conduct that has to be dealt with. What if a doctor set up a site that identified herself as working at this identified hospital and then said how her team tries to inflict as much pain as possible and that they then place bets on when different patients will scream or pass out?

The easiest route from an administrative perspective – but certainly not from a legal perspective – is to adopt something akin to the Pentagon's infamous Don't Ask Don't Tell. That would be a program where there was zero effort to uncover such naughty social posts (as IT breathes a major sigh of relief) but a strict policy for punishing employees and contractors who engaged in bad behavior that the hospital happened to learn of.

The problem is that it leads to inconsistent punishment – with most people never getting caught – and to even vindictive behavior, with employees reviewing the social posts of a rival, looking for anything that might get them into trouble.

That policy might simply prohibit posts that reflect poorly on the hospital, which is vague enough to allow senior management to make customized decisions. As long as healthcare doesn't decide that it needs to proactively check on all posts – a thankless task that would almost certainly fall to IT, which would try to automate much of that assignment from Hell – any concrete policy is better than none.