Social Networking. Management Guide. Compliance and Legal Services

Similar documents
St Philip Neri RC Primary School. Employee Social Media Policy

Information for registrants. Guidance on social media

Policy for Use of Social Media

HIPAA PRIVACY RULE IMPLEMENTATION WHAT S UP AFTER 4/14/03?

National Volunteer Workforce Solutions Social Media Handbook Part 1: Introduction and Social Media Policies

Social Media Guidelines

Welcome to Northside Hospital s Annual / New Hire Compliance Training. 1 of 35

Social Media Policy. To provide guidance for staff, volunteers and contractors on the appropriate use of social media. Purpose.

Just cause terminations cannot be actioned unless due process is confirmed by the Deputy Minister, BC Public Service Agency.

Social Networking Policy

Social Media Policy POLICY TITLE: UPDATED ON: 1 st July 2015 APPROVED BY BOARD ON:

Global Privacy Policy

Social Media. Guide for employees

ICHWC Code of Ethics (Updated February 1, 2017)

Policy 2 Workforce Security Policy and Procedure

Top Social Media Policy Tips

Social Media Policy. Reference: HR th December Induction CD/ Sharepoint/ EDRMS HR Site/ Website

guide to using social media for NHS Staff in Blackburn with Darwen

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

Social Media Guidelines

3.1. Breach Use of social media which contravenes Ermha s Social Media Policy, any other Ermha Policy, or the law.

CHILD AND YOUTH RISK MANAGEMENT STRATEGY

Information Governance Clauses Clinical and Non Clinical Contracts

Your Guide to the Compliance Process

Lawnswood Campus. Social Media Policy

Terms of Engagement SW London Collaborative Staff Bank

Guidelines and Best Practices for Managing Social Media Tools, Both Personal and on Behalf of Barrier Islands Free Medical Clinic

Conflict of Interest. Purpose. Policy Statement. Applicability. Responsibility. Principles

Living Our Purpose and Core Values CODE. Code of Business Ethics and Conduct for Vendors

Hennepin County Sheriff s Office Policy Manual

Celgene General Privacy Policy

SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN

Code of Conduct Policy

Data Protection Policy

SSAB s Recruitment privacy statement

GUIDELINES. Corporate Compliance. Kenneth D. Gibbs President & Chief Executive. Martin A. Cammer Senior Vice President & Corporate Compliance Officer

Social Media Policy. Planning for Success

Information Sharing Policy

Developmental Delay Rehabilitation Services Inc.

Code of Conduct. V November 2017

DATA PROTECTION POLICY

Auckland Council Social Media Policy. Part two: policy for using social media

GIRL GUIDES AUSTRALIA (GGA) SOCIAL MEDIA POLICY

Quick reference guide to problem solving at work discipline, grievance and appeals

Part of the Workplace Violence Prevention Program. Promoting an Atmosphere of Respect, Cooperation and Professionalism

Coca-Cola Amatil SOCIAL MEDIA POLICY

Triple C Housing, Inc. Compliance Plan

CODE OF ETHICS AND CONDUCT

Compliance Code Conduct

Human Resources Policy No. HR65

Corporate Code of Business Conduct and Ethics

Sample Cell Phone/Social Media Policy

DATA PROTECTION POLICY 2016

The Art of Positive Termination

Speak Up & Reporting Policy of AMG ADVANCED METALLURGICAL GROUP N.V. Strawinskylaan XX Amsterdam The Netherlands

Director s Draft Report

Government Auditing Standards

PROFESSIONAL BOUNDARIES POLICY AND GOOD PRACTICE GUIDELINES

Hollyfield Primary School Social Media Policy

Data protection (GDPR) policy

Introduction DO NOT E-SAFETY

C. MCCMH Hardware and Systems: MCCMH owned or leased equipment, facilities, internet addresses or domain names registered to MCCMH.

INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN

AMA SKILLS TRAINING. PRIVACY Policy & Procedure

DATA PROTECTION POLICY

The Role of HIPAA in Your Social Media Guidelines

ACCOUNTABILITY FRAMEWORK FOR HUMAN RESOURCE MANAGEMENT

SERBA DINAMIK GROUP BERHAD INTERNAL AUDIT CHARTER

Kentucky State University Office of Internal Audit

CORPORATE COMPLIANCE PROGRAM CODE OF CONDUCT PLEDGE OF PRINCIPLES

E. FOCUS: The electronic medical record system and billing platform utilized by MCCMH.

Developing and Managing an Effective Compliance Program

CORPORATE GOVERNANCE POLICY

a physicians guide to security risk assessment

Letter From Crown s President

1.4. Ermha adheres to a progressive discipline approach as a means of ensuring a method which is fair and responsive.

Contents. NRTT Proprietary and Confidential - Reproduction and distribution without prior consent is prohibited. 2

Internal Audit Policy and Procedures Internal Audit Charter

Compliance with Laws, Rules and Regulations

Privacy Incident Response & Reporting: Pre and Post HITECH

Institutional Compliance Awareness. Updated 2/23/18

ETHICS: WHERE DOES YOUR RESPONSIBILITY END?

MODA HEALTH CODE OF CONDUCT

ABSENCE MANAGEMENT POLICY

SOCIAL MEDIA AND THE WORKPLACE

Death in Service Policy & Procedure

What is GDPR and Should You Care?

Social Media Policy. Reader Panel (as described within this document) and Document Review Group

I. Mission. II. Scope of the Work

SECTION: Human Resources - General. SUBJECT: Respectful Workplace Policy. Issue / Revise Date: Sept. 10, 2007 Effective Date: January 1, 2008

Code of Ethics for Financial Advisers

DISCLOSING A CONFLICT OF INTEREST. Employee Guideline & Disclosure Form

NORTON SHORES POLICE DEPARTMENT Standard Operating Procedure

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

A new era of transparency

Will Your Company Pass a Privacy Audit?

Date of review: Policy Category:

Broad Classification:

THE INDEPENDENT PHARMACIST S GUIDE TO THE ON-SITE AUDIT Amanda C. Fields, General Counsel for American Pharmacies (APRx) American Pharmacies 2011

Accessibility for Ontarians with Disabilities Act: Multi-Year Accessibility Plan

Transcription:

Social Networking Management Guide Compliance and Legal Services

Table of Contents IU Health Policies... 3 ADM 1.13 Standards of Conduct for Business Practices ADM 1.98 Information Security Incident Response & Security Breach Notification ADM 2.05 Internet Social Networking ADM 2.07 Photography and Recordings HIPAA 2.01 Reasonable Safeguards for Privacy and Confidentiality of Protected Health Information HR 105 Corrective Action Consistently Manage Social Network Violations... 4 Initiate Documentation Template Obtain Screenshots Notification Interview Social Network Participants Consult Subject Matter Experts at IU Health Social Networking Investigation Documentation Tool... 6 Employee Education / Training... 8 New Employee Orientation Annual Mandatory HIPAA Privacy and Security Awareness Web Based Training In services Resources 9 Frequently Asked Questions 10 Contacts at IU Health. 13 2

IU Health Policies IU Health recognizes Internet social networking is a common way for people to interact socially and professionally. Participation on social networking sites carries the potential for breach of information. Workforce members have an ongoing obligation to protect the privacy and confidentiality of IU Health families and patients even when not at work. IU Health Policies and Procedures provide guidance and expectations for appropriate use of Internet social networking sites. The following policies are available to guide IU Health workforce members to appropriately engage in Internet social networking: ADM 1.13 Standards of Conduct for Business Practices.pdf ADM 1.98 Information Security Incident Response & Security Breach Notification.pdf ADM 2.05 Internet Social Networking.pdf ADM 2.07 Photography and Recordings.pdf HIPAA 2.01 Reasonable Safeguards for Privacy and Confidentiality of Protected Health Information.pdf HR 105 Corrective Action.pdf 3

Consistently Manage Social Network Violations IU Health maintains open communication to encourage personnel and others to report and/or seek guidance regarding potential or actual misconduct related to social networking. Department Management, Legal Services, Compliance Services, Information Services and Employee Relations will investigate each report of possible information breach using social networking sites. Tools and resources are available to consistently capture and document information. Corrective action will be consistently and fairly applied when applicable. Personnel may contact any member of the Management team, Compliance Services, Legal Services, Information Services, Safety and Security, etc. to report a possible social networking violation. The Management team of the involved personnel, with support of Compliance Services, Legal Services and Employee Relations, is responsible to: Initiate the Social Networking Investigation Documentation tool Obtain screenshots of the users profile from the social network site, the initial post in question and any subsequent comments o Information Services may be able to assist in the recovery of these documents depending on the user s security settings Immediately contact the Department Director, Employee Relations, Compliance Services and/or Legal Services o Management and/or Employee Relations may recommend suspension during investigation o Compliance Services and/or Legal Services will determine whether there is a potential breach and whether the incident is reportable to a government agency and/or law enforcement Interview each workforce member who participated in the posts o Personnel should be interviewed individually and systematically as soon as possible after the concern is identified Initiate the interview with an attempt to understand what the employee knows about the policies surrounding social networking and HIPAA 4

Determine whether the employee completed the annual mandatory HIPAA Privacy and Security Awareness training through elms o Request personnel remove the posts from their social networking sites Following personnel interviews, consult with Employee Relations to ensure the proper level of discipline for each person is given o Discipline may not be the same for all involved depending on the complexity of their involvement Determine the need for focused training in the department 5

Social Networking Investigation Documentation Tool Reported by: Contact #: Responsible Management: Contact #: Circumstances of the Social Networking concern: Type and Scope of Confidential Information on the Social Networking site: DATE DONE TASK RESPONSIBLE PARTY / CONTACT # Screenshots obtained of: the users profile from the social network site, Initial post in question Subsequent comments Department Director notified Employee Relations notified Compliance Services and/or Legal Services notified Others notified / reason: Notes 6

DATE DONE TASK RESPONSIBLE PARTY / CONTACT # Workforce members identified Workforce members removed posts from their social network site Workforce members interviewed Investigation notes reviewed by Management, Employee Relations, Compliance Services and/or Legal Services Corrective action types per employee established (list corrective action type(s)) Education needs established Training completed; if applicable Personnel records updated per HR policies Notes Note: Compliance Services and/or Legal Services will ensure government and law enforcement agencies are notified, when required, under Attorney Client Privilege. 7

Employee Education / Training IU Health workforce members receive HIPAA Privacy and Security training upon initial employment, volunteer work, student orientation, or third party contract; and annually thereafter or upon material changes to any corporate or department policies and procedures that regard the privacy, security, and confidentiality of individual health information. Specialized training / in service(s) to address specific concerns is available by request made to the Compliance Services Department. Documentation regarding training for the entity s workforce shall be retained for a period of at least six years from the date of its creation or the date when it was last in effect, whichever is later. The documentation shall be retained by Department Management. Documentation related to online training courses and the databases of employees completing the online courses shall be maintained by the Learning Solutions Department. 8

Resources IU Health maintains a comprehensive, formal program of general compliance and HIPAA training to ensure that IU Health personnel are aware of their legal, moral and ethical responsibilities. Personnel have access to IU Health policies located on PULSE, the intranet site for IU Health. It is expected that IU Health personnel will abide by the ethical standards of the professions to which they belong. Additional resources: Social Networking: Frequently Asked Questions (attached) Contacts at IU Health (attached) Annual mandatory web based training through elms In services upon request 9

Social Networking Frequently Asked Questions Question: Is it okay to say where I work on my Facebook status? Answer: Once you post your place of employment and your role, it can be construed by some that you are always on duty. This opens the door for unsolicited requests for healthcare guidance. Posting your place of employment also allows viewers to identify persons or circumstances associated with your posts through association. If you post your place of employment on your profile, it is important to maintain constant awareness of your personal and professional boundaries. Posts that may be associated with your work should include a disclaimer that the post is your personal opinion and does not represent the opinion of IU Health. Question: Families sometimes ask me to be their friends on Facebook. I know we are strongly urged not to. How do I answer them without sounding rude? Answer: Let the requestor know you are honored that you were asked to befriend them, however professionally and ethically you may not accept their request. Question: My neighbor was my friend long before being a patient at IU Health. Is it okay to remain friends online? Answer: Yes. It is important to always remain conscious of your professional and ethical duty to maintain patient confidentiality regardless of personal relationships. It would be appropriate to advise friends that you will not comment on health related matters through a public site. Social networks are all public sites regardless of their privacy settings. Also be mindful of photos or recordings that associate a nurse/patient relationship. 10

Question: How do I know what kind of information is okay to post and not to post? Answer: It is never permissible to post any photographs, recordings or other information about a patient on a personal social networking site. Information posted for educational purposes on sites such as those created by IU Health or YouTube are done after a detailed consent is signed by the patient and permission granted from IU Health Corporate Communications. Use good judgment; if you are not certain about the appropriateness of posting, then do not post. See below for guidance related to professional networking sites. Question: Is it permissible to post a picture taken at a picnic where both employees and patients were present? My colleagues and I are the only people who know who the patients are in the photos. Answer: No, it is generally not appropriate to use photographs taken during IU Health related functions without obtaining the written permission of those in the photograph. You can never be certain that you and your colleagues are the only people who know the connection of those in the photographs. Question: My security settings are set so that only my family and friends can see what I post. How would my information be released to the general public? Answer: Even disclosures to friends and family are considered public. You are not allowed to share confidential patient information with friends and families, whether at home or through Internet postings. Also, remember that a family or friend can copy the content of your Internet site to share through their sites with people that you do not know. It is possible to see postings through friends of friends who are not as careful as you when setting security parameters and posting comments on a public forum. Question: What if someone tags me in a picture and it shows up on my personal network site? Answer: If it is a photograph that you believe to be inappropriate, ask the person who tagged you to remove you from the tag and remove the picture from 11

your site (and the other individual s site as well, if you believe it to be an inappropriate posting, such as a breach of privacy). Question: Is it okay to put a link to IU Health sites, such as for fundraising, on my personal network site? Answer: Yes, if the purpose is to guide individuals to a trusted site for information. Question: What about CaringBridge and similar sites? Answer: Pages on CaringBridge and other similar sites are typically set up by patients, guardians or significant others who share confidential information about themselves or their loved ones. Although healthcare personnel did not disclose confidential information, the healthcare personnel must continue to maintain their professional and ethical duties not to participate in healthcare related discussions on sites like CaringBridge. For example, it would be appropriate to post a caring note for the family or patient, but it would not be appropriate to post clinical information about the patient or that you know the patient because you are caring for the patient. Question: As a professional, is it ever appropriate to participate in social networking? Answer: Yes. Social networking sites and blogs are an excellent resource to learn about different treatment modalities, connect with other professionals and follow healthcare trends. Refer to IU Health ADM Policy 2.05, Appendix B: Internet Social Networking Guidelines for guidance. Also see IU Health ADM Policy 1.13 Standards of Conduct for Business Practices. 12

Contacts at IU Health for Privacy and Security Matters Name Department Phone Number Valita Fredland Privacy Officer / Legal Services 317.962.3455 Rasma Kancs Director Compliance Services / HIPAA 317.962.1732 Roxanne Binford Program Manager / HIPAA 317.962.6057 Brian Quick Security Officer / Information Services 317.962.9190 13

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback