For its first stab at a social media policy, Aurora Health Care added several pages to its electronic usage policy, which covers electronic records, telephones and computers. “But it didn’t work, and a year later, we asked why it didn’t work,” said Andrea McElroy, one of the compliance officers for the Milwaukee-based health system. She discovered that employees sometimes had a hard time finding the social-media guidance on Aurora’s Intranet because it was tucked into the electronic-usage policy. “We needed to hit the reset button and start over,” she said.

Now Aurora Health Care has a separate social media and digital technology policy that covers personal and professional use of this rapidly changing world, although the policy is fluid, like the topic it covers. “The ink is barely dry before we ask, ‘does this still fit our workforce and [operations]?” says McElroy, who joked that the social media policy workgroup may never disband. “We revisit this more than other policies.”

Social media has both pros and cons, and addressing its personal and professional use has been daunting. “In this world, right and wrong take on a whole new meaning,” she said. “Technology is here to stay and we won’t change patterns of use, but we can educate and examine what is good and not good and meet more on the good side. We want to be a rapid adopter of technology but also safeguard patient privacy and welfare,” protect the medical license of providers and minimize the organization’s liability.

Sometimes the benefits are dramatic. For example, one Aurora hospital broadcast an epileptic patient’s brain surgery with the patient’s consent and authorization. Because the patient was awake during surgery, viewers — mostly people with the same diagnosis — asked questions through a Twitter account, such as what the surgery felt like. The patient tweeted back while surgeons were inside his brain. “Tons of people with the same diagnosis were no longer frightened of having the same procedure,” McElroy said.

Aurora has active Facebook and Twitter accounts, McElroy said during a speech at a recent Health Care Compliance Association conference. “They are great forums for news and information on services, new staff, ability to accept new patients — and good advertising,” she said. For example, there is a separate, targeted Aurora women’s health Facebook page. It’s a place where women can learn, share and discuss health care issues, as well as access credible advice from Aurora professionals and interact with caregivers in an ongoing conversation, McElroy said. Also, two Aurora sites have formed “mommy groups” on Facebook for new moms reaching out for support on breastfeeding, infant health and OB/GYN topics after delivery. The groups began as weekly offline meet-ups at certain Aurora medical centers, but some moms felt isolated from their support network between meetings, she said. To extend the meeting experience and strengthen the feeling of community, group leaders — including RNs, lactation consultants, health educators and dietitians — created private, invitation-only Facebook forums. “Group leaders are entrusted to moderate these groups and engage with the appropriate health care professionals when qualified medical advice is needed,” said Michail Takach, manager of social media for Aurora Health Care. “They demonstrate how social media can enhance not only interpersonal and brand relationships, but also how it can influence health care choices and behaviors.”

Social Media Has Its Minefields

McElroy also described some of the minefields of social media and digital technology. A biggie is the way that personal and professional lives may blur and compromise a provider’s relationship with a patient. “Caregivers need to understand there is a professional side and you are free to have a personal side, but they should not comingle,” McElroy said. For example, after a caregiver discharged a teenager from a community-ordered program, the provider perused his Facebook page. The teenager revealed he was going to become part of a flash mob. The provider contacted his former client to discourage him from getting into trouble and the teenager rethought his decision. It worked out OK, McElroy said, “but we don’t want it to even get to that.”

There’s also the risk that physicians’ comments or testimonials on the Internet could be perceived as an endorsement of a medical device or procedure. A physician may say something nice online about a particular implant, and as a result, a person may insist on having that device used because the posting physician has sterling credentials. The magnitude of this risk has grown because social media is a more popular tool for health information. The National Research Corp. found that 41% of 23,000 people surveyed use social media to research health care decisions, McElroy said, with Facebook the primary source for 95% of them. Then there are 8,000 health and medical apps available. That’s why physicians who comment online must “make it clear you have not done a medical assessment and it is information only and [patients] must rely on the advice of their own provider,” she said.

Privacy and confidentiality issues come up all over the place. For example, while texting is great because information is sent and received immediately, it’s usually not secure and the margin of error is too great, she said. One Aurora physician who runs from the hospital to clinics wanted to text his notes to his nurse from a company-issued device. The nurse planned to upload the physician’s texts into Word documents and then copy and paste them into the medical records. “I said, ‘cease and desist with that idea,’” McElroy said. “You’re open to misinterpretation and it’s inefficient.” Also, some patients prefer communicating through text messages because they are hard of hearing. So the health system considered an amendment to its authorization for patients who choose text. The plan considered was to validate the patient’s texting number, but acknowledge that Aurora is not responsible for misdirected texts if it’s not informed when the patients change their numbers, McElroy says. Until texting can become more secure, Aurora has not adopted that practice.

Cell phone cameras also invite risk. Some Aurora home health nurses provide complex wound care and wanted to send pictures of wounds back to the physician specialists for a consult (e.g., change in technique). The idea was nixed, McElroy said. “When you look at a wound, you see three dimensions, but the picture is two dimensional.”

While social media are very popular with patients, they have their down side. Patients increasingly ask to take a picture with a beloved nurse that they plan to post on Facebook. Aurora leaves it to the nurses’ discretion, as long as there is no medical information revealed in the picture. The problem is, when pictures are blown up, PHI may be visible (e.g., the IV medication). To avoid problems without offending patients, caregivers can tell patients “I appreciate it, but unless it goes through the communications department, I can’t permit it.” She says “It helps them get out of uncomfortable situations.”

Patients Can Get the Wrong Idea

Patients may also get the wrong idea about the health care system’s use of social media. “We were allowing a culture of self-governance and permitting people to check their [professional] social media site, and we didn’t anticipate the feedback managers got,” she says. Patients noticed, and assumed it was a personal use when it was actually work related, McElroy says. Meanwhile, patients might feel ignored because they believe they were waiting to be seen for 20 minutes while the receptionist or nurse was on Facebook. “So patient-satisfaction feedback began to reflect that. It was pretty benign, but it affects the perception of the patient so it is something to consider,” McElroy says.

There are employment-related risks for organizations as well. McElroy reviewed a reported case of a manager friending all but one of her supervisees on Facebook, which prompted a complaint from the rejected employee. “We had to change our policy to recommend that managers don’t friend their direct reports,” McElroy said. Employees, however, generally have leeway to criticize their employers, according to recent rulings from the National Labor Relations Board (NLRB). For example, in one recent case that didn’t involve Aurora, an employee disparaged her supervisor and the hospital wing where she worked on her own Facebook page. The hospital warned her to stop because it gave patients the wrong impression of the hospital. “It was reported that the employee was terminated for a variety of reasons,” McElroy said. The employee took her case to the NLRB, arguing her termination resulted from her attempts to improve the conditions at her hospital — and won.

Pointers for Employees and Patients

On the personal side, here are things to consider telling employees when developing guidance for their personal use of social media, according to McElroy:

u Disassociate comments from your connection to the entity. It isn’t relevant whether comments are posted during work or after hours.

• Use a personal email address, not a company one.

• Avoid posting confidential or proprietary information or materials or using the company logo.

• To protect their privacy, don’t “friend” patients on Facebook.

• Think carefully before revealing your name.

• Don’t mix professional and personal activities.

• Ensure information is clear to minimize the chance of misinterpretation.

• Clarify that you are commenting on your own behalf, not the employer’s behalf, if the employer’s name is implicitly or explicitly noted.

Aurora also gives employees suggestions on the professional use of social media, including:

• When using social media, note your name and role at the entity.

• Some posts require approval of a manager. “How much approval is necessary? We are still working through this,” McElroy says. “Do we need to read every post? Probably not.”

• It’s important to clearly distinguish between medical advice and information. “Make sure there is no room for misinterpretation on the receiving party’s end,” according to McElroy.

• Staff is legally responsible for their postings. “That usually clears up the need to get approval,” she said. Staff should limit their comments to areas of expertise, abide by copyright laws, and reveal conflicts of interest.

McElroy also gave examples of language that employees can use with patients to prevent problems with social media, perhaps including it in “welcome” paperwork or telling them. Here are a few examples:

• “Adding patients as friends can compromise your confidentiality, may blur boundaries and affect our respective privacy.”

• “Do not use text or social media sites to send messages. These sites are not secure and messages may not be read in a timely fashion.”

• “Upon establishment of a treatment relationship, do not use wall postings to engage publicly online. Exchanges may be required to be added to your legal health record.”

• “Should you elect to post on a provider review site, you are responsible for any disclosure or interpretation of care you may have received by others. As your provider, I may never see your posting. Concerns must be communicated directly, verbally in writing left at the office.”

© 2012 by Atlantic Information Services, Inc. All Rights Reserved.

Get instant compliance news! Follow AISCompliance on Twitter or “Like” AISHealth on Facebook.