Protect Your Pharmacy from Social Media Landmines

sr-img-ftr-socialmedia

Put social media policies in place before employees — or you — make a costly mistake

As pharmacy owners, you know that social media provides exciting new opportunities for community pharmacies to build your brand and connect with customers. But you may not realize that even simple, well-intentioned posts to sites like Facebook by you and your staff can potentially expose your pharmacy to unknown and unexpected legal risks.

The good news is there are simple steps you can take that don’t take a great deal of time and effort, and can significantly reduce your risks.

Potential Risks

Even if your pharmacy doesn’t have a social media account or use social media, you can still be at risk. Setting clear policies that specify what employees can and can’t do online will help benefit and protect you, your staff and your patients. Otherwise, you may leave the door open to a wide range of legal issues under both employment and healthcare law.

Social media activities and poorly written (or unwritten) policies can expose your pharmacy to risks and cause a tangle of issues in just about every area of your pharmacy business, including:

  • Hiring
  • Disciplining or terminating employees
  • Paying wages
  • Safeguarding patient information
  • Protecting your brand

Even glancing at a job candidate’s public social media posts on sites such as Facebook and LinkedIn can raise legal issues. Those public posts can reveal information about a person’s age, race, disability and other characteristics that are protected from discrimination. For example, candidates might claim that you didn’t hire them because you discovered their race through photos on their Facebook pages. States also are passing new laws that bar employers from requiring job candidates to reveal the passwords to their social media accounts.[1]

Getting Started

Start by thinking through your pharmacy’s use of social media, including what your goals for social media are, who will be authorized to post on behalf of your business, and what issues may arise as a result of social media, advises Brian Balow, a partner in the Troy, Michigan, office of Dickinson Wright PLLC, who focuses on healthcare technology law.

Defining who should post what and when on behalf of your business is also important. Here’s one reason why: under the federal Fair Labor Standards Act (FLSA) and state wage laws, you might need to pay employees who post social media updates about your business outside of the pharmacy and their scheduled work hours. The U.S. Labor Department says that under the FLSA, “Work not requested but suffered or permitted to be performed is work time that must be paid for by the employer.” [2] 

Protect Patient Information

Proving that you are safeguarding patient information protected under the Health Insurance Portability and Accountability Act is particularly important since the U.S. Health and Human Services Department issued its final omnibus rule on Jan. 25, 2013. Compliance to the new rule is generally read to be satisfied by Sept. 23, 2013.

“The penalties are pretty stiff, and [the Office for Civil Rights] is out actively enforcing” patient privacy provisions, Balow said. The maximum penalty for being negligent in complying with the healthcare privacy provision is now $1.5 million per violation.[3]

You or your employees can run afoul of the law by mentioning enough information to identify a customer, even if the person isn’t mentioned by name. Because social media posts reveal the date and time they were made, it can be possible (sometimes even easy) to identify a person, particularly in a small community, from that information, and inadvertently reveal protected health information.[4]

What Employees Can/Can’t Say Online

Although you’d like to stop employees from saying anything negative about your pharmacy online, under the National Labor Relations Act employees have a right to communicate with each other in an effort to improve their wages, benefits and working conditions. This Act protects employees from employers’ punishing them for such communications by threatening, terminating, laying off or assigning the employees more difficult tasks. That doesn’t mean employees have carte blanche to complain, though.

Recent National Labor Relations Board rulings say:

  • Communications by employees on social media sites are protected just like other conversations that employees have around the water cooler if the communications deal with working conditions. The NLRB said an employer violated the NLRA when it fired employees for “bullying and harassing” a co-worker with posts on Facebook. The co-worker had complained that others weren’t working hard enough, and the posts others made in response addressed workloads and staffing issues. The Board considered those posts protected communications since they could be viewed as the first steps toward group action to improve working conditions.[5]
  • However, employers can fire employees who post comments online that are simply offensive or griping about their work, and are not part of an effort to improve working conditions.[6]
  • Overly broad policies, such as ones that bar employees from making “inappropriate” remarks online or from revealing “confidential” information without defining what these terms mean, can be illegal. Even a policy discouraging employees from “friending” co-workers might be too broad. [7]

The NLRB, however, has said that it is perfectly acceptable for a company to have a policy stating that “any harassment, bullying, discrimination or retaliation that would not be permissible in the workplace is also not permissible between co-workers online, even if it is done after hours, from home, and on personal computers.”

Show What You Mean through Training

Don’t rely on written policies alone to protect your business. Train your employees:

  • Define what is — and isn’t — acceptable on social media, during new employee orientation and other training sessions. “Training is absolutely essential under HIPAA, and you don’t just do it once,” Balow said.
  • Explain the reasons behind your policies, such as the applicable laws, and provide examples of acceptable and unacceptable posts.
  • Discuss how to project a professional and ethical image online. Comments that are legal still can damage your pharmacy’s reputation and employees’ careers.

If your employees use accounts for both business and personal posts, spell out specifically who owns a particular account and be clear about who will keep an account if the employee leaves.[8]

Document your training and any disciplinary actions you take, to prove that you are serious about issues such as preventing discrimination and protecting patient privacy.

The Bottom Line

Social media activities can affect your pharmacy business in many ways, and the laws regarding it are still evolving. Take a close look at the potential impact on your business, consult with a knowledgeable attorney about the issues involved, and review your policies frequently to ensure they are up to date with the latest legal requirements.

[1] Richard D. Alaniz, “Minimizing the Risk of Background Checks,” Accounting WEB, April 5, 2013, www.accountingweb.com/article/minimizing-risk-background-checks/221522
[2] U.S. Department of Labor, Wage and Hour Division, “Fact Sheet #22: Hours Worked Under the Fair Labor Standards Act (FLSA),” July 2008, www.dol.gov/whd/regs/compliance/whdfs22.pdf
[3] U.S. Department of Health and Human Services, “New Rule Protects Patient Privacy, Secures Health Information,” Jan. 17, 2013, https://archive-it.org/collections/3926?fc=meta_Date:2013
[4] Eric Schwartzman and Dan Goldman, “HIPAA Social Media Guidelines,” On the Record… Online Podcast, March 11, 2013, http://ontherecordpodcast.com/pr/otro/hipaa-social-media-guidelines.aspx
[5] Catherine Foti, “Will The NLRB’s Protection Of Water Cooler Conversations Trump A Company’s Right To Keep Its Investigations Confidential?” Forbes, Jan. 9, 2013, www.forbes.com/sites/insider/2013/01/09/will-the-nlrbs-protection-of-water-cooler-conversations-trump-a-companys-right-to-keep-its-investigations-confidential/
[6] Steven Greenhouse, “Even if It Enrages Your Boss, Social Net Speech Is Protected,” The New York Times, Jan. 21, 2013, www.nytimes.com/2013/01/22/technology/employers-social-media-policies-come-under-regulatory-scrutiny.html
[7] Bob Feldman, “The Government is Watching Social Media Policies – Part II,” PRWeek, April 5, 2013, www.prweekus.com/the-government-is-watching-social-media-policies–part-ii/article/287236/
[8] Ann Morgan, “Mandatory Social Media Training Considerations,” Inside Tucson Business, March 22, 2013, www.insidetucsonbusiness.com/media_technology/inside_media/mandatory-social-media-training-considerations/article_3ca0a118-9252-11e2-97d4-0019bb2963f4.html
Note: This article discusses some potential legal risks related to social media and ways to mitigate these risks, but does not provide legal advice. You are the independent owner of your business and are solely responsible and you should consult with an attorney to craft social media policies specific to your pharmacy.