Healthcare providers are accustomed to dealing with privacy issues regarding medical information. And because they have the dual role of provider and employer, they often implement policies prohibiting disclosures by members of their workforce. Policies, indeed, that frequently show up in employee handbooks.
Healthcare employers’ concerns about employee disclosure of private information are well founded — perhaps never more so than in today’s world with its social media prevalence.
But many healthcare institutions may be surprised to learn that the National Labor Relations Board (NLRB), an independent federal agency charged with safeguarding employees' rights to organize and to remedy unfair labor practices, has issued decisions and guidance that appear to render employers’ social media policies unlawful.
How does an entity overseeing union organizing become involved in the social media policies of even non-unionized workforces? The answer lies in the National Labor Relations Act (NLRA), a federal statute that the NLRB is charged with enforcing.
Section 7 of the NLRA prohibits the right of employees to “engage in … concerted activities for the purpose of … mutual aid or protection.” Employees who believe that their employer has interfered with the right to engage in protected concerted activities can file a charge with the NLRB, which in turn will investigate and adjudicate the complaint, often subjecting the employer to a mandate about how to handle related employee issues. Employees have the right to file a charge even if they are not union members, or even if there is no active organizing effort. In the heyday of union organizing efforts, the NLRB was not likely to dedicate resources to charges that did not directly involve organizing efforts. With the relative decline of unionized workforces over the past decades, however, the NLRB claims to be keeping its jurisprudence “up to date” with an evolving workplace. Another interpretation is that the Board is pushing the envelope of its authority in an effort to remain relevant in an increasingly non-unionized environment.
Regardless: Policies that were previously considered uncontroversial are now in doubt.
The NLRB Acting General Counsel has issued three memos evaluating employers’ social media policies. Copies of those can be found under the “reports & guidance” tab at www.nlrb.gov<http://www.nlrb.gov>. Importantly, the Acting General Counsel evaluated social media policies from his position as a prosecutor, rather than as an employer, much less as an employer in the healthcare sector. As a result, healthcare employers may find some of the conclusions in these memos disturbing. One describes that a rule prohibiting the “release” of “confidential guest, team member or company information” would violate the NLRA, for example. The Acting General Counsel noted that a reasonable employee would interpret the rule as prohibiting discussion of the terms and conditions of their employment.
[See also: Medical Practice Inisder's top 5 social networks for doctors.]
Another rule found unlawful actually prohibited an employee from sharing “confidential information with another team member unless they have a need to know the information to do their job.” Similarly, the memos disapprove of a rule prohibiting employees “from posting information … that could be deemed material non-public information or any information that is considered confidential or proprietary.” And perhaps most disturbingly the General Counsel found that social media policies could not be cured by disclaimers such as “[t]his policy will not be construed or applied in a manner that improperly interferes with employees’ rights under the NLRA.”
In other words: An employer could not clarify that the policy was not intended and would not be used to interfere with federal rights in order to create a compliant policy.
On May 30, 2012, the NLRB Acting General Counsel issued a memo that contains a “model policy” that the NLRB would find lawful. A copy of that policy may be found at: www.nlrb.gov/news-outreach/news-story/acting-general-counsel-releases-re...
Although this policy provides insight into what the NLRB would find acceptable, it does not provide healthcare employers with a social media policy that, if implemented and enforced, would satisfy all their legal obligations, including the statutory mandates of HIPAA — which requires that all protected health information be protected, exercises fines ranging up from $10,000, and creates civil liability.
Editor’s note: Future articles will evaluate the model policy against HIPAA requirements and identify the ways in which wholesale adoption of the NLRB “model” social media policy can create, not resolve, problems for healthcare employers and share strategies for reducing, if not resolving, tensions between the NLRB’s attack on social media policies and HIPAA mandates.
See it on Scoop.it, via Social Media and Healthcare