The most award winning
healthcare information source.
TRUSTED FOR FOUR DECADES.
It’s common knowledge that use of the Internet has experienced inordinate growth over the past several years, not just in the home but in the workplace as well. And with more people working — and working longer hours — it’s not surprising to find that the lines between our personal and professional lives sometimes become a bit blurred. Who hasn’t received or made a personal call from the office? With the Internet, the same can be said for the occasional personal e-mail.
Now with HIPAA (Health Insurance Portability and Accountability Act) rules, health care agency workers must be especially careful with Internet usage because of the risk of having a patient’s confidential records intercepted. But are they treating the Internet carefully?
A 1999 survey by Forrester Research in Cambridge, MA, found that 17% of all holiday shopping was done from the office. Meanwhile, A BizRate.com Flash survey conducted in 2000 found that 70% of respondents shopped on-line while at work. (Mondays and Tuesdays, for some reason, were the peak shopping days.) Apparently, shopping on-line isn’t the only pastime to cast its allure over the American public. A recent survey by SurfControl, a California-based provider of Internet filtering technology and products, found that 52% of survey respondents openly admitted to using the Internet for personal reasons while at work — 20% of this traffic was attributed to football-related Web sites.
Further, a second SurfControl survey found that 30% to 40% of worker productivity was lost due to personal use of the Internet, and nearly 75% of those employees with Internet access noted that their personal use slows the company network down.
Now that you know this, where do you stand with your company’s Internet usage? Do all employees have access? Should they? And if so, should you monitor their usage?
Greg Solecki, vice president of Henry Ford Home Health in Detroit, explains that his home care agency has taken an as-needed approach to Internet access. "We have limited access to the Internet [relative] to job responsibilities. Some people, because of their jobs, need to get on the Web and find information for us," he explains. "Not everyone needs access. Some people might say that’s not a fair approach and that everyone should have it. Our philosophy is, if your job requires gathering information, you’ll have access, but if you don’t need it in any job-related capacity, why give it?"
Solecki says that limiting employees’ Internet access is "not a matter of distrust, but an economic one. We don’t want it from both a cost and productivity perspective. We also don’t want employees tying up our networks — that obviously has productivity implications as well as disk space and memory implications. We try to govern fair use of networks. . . . Again, it’s company property and should be administered judiciously."
Still, controlling who has access to the Internet doesn’t mean you are controlling the time people are spending on it for nonwork-related visits. Doing that means having a policy, and that means sitting down and thinking through what you do and don’t want employees doing.
For instance, says Solecki, Henry Ford tries "to take, like with phone calls, a very fair approach to Internet usage. I know people have to make work calls from home sometimes so if they get a personal call at work, I don’t get bent out of shape. And that’s the approach we take with the Internet. When I will get upset is when productivity suffers because of it."
When devising any office policy, there are a few basic ground rules to which it’s suggested a manager adhere. Make sure policies are clear, concise, and easily accessible. In other words, everyone knows them, understands them, and knows who to ask if they have questions.
Elizabeth Hogue, a Burtonsville, MD-based attorney, contends that every agency, no matter its size, should have a policy in place regarding Internet and e-mail usage. She agrees with Solecki that "the Internet should not be for personal [use] and because of this, the matters of tying up the network and using business time for personal reasons should be the beginning of every policy. Managers should make this their policy’s first tenet."
What’s more, keeping personal things personal and work things professional might save a company a lot of legal headaches down the road. "A lot of these jokes circulating on the Internet could be regarded as sexual discrimination, and that will really get an agency in hot water if someone is using material that’s sexually explicit or could be determined to be discriminatory in any way," Hogue explains. "Agencies should be very careful to ensure that any policy they draft says you won’t circulate material that has any relationship to discrimination based on race, sex, or age."
Hogue suggests that home care agencies look to colleagues for what they might have included in their Internet policies. "In drawing up a policy, there’s no point in reinventing the wheel; get ideas from other people. I hope that agencies are working together more than ever these days, and this is a prime example of an instance where they can pool resources and share ideas."
In devising its Internet usage policy, Henry Ford Home Health fell back on something tried and true: its overall corporate policies. "With the Internet, in many ways as with the intranet, our policies reflect the more salient points of our overall policies," notes Solecki. "We have organizational policies that govern confidentiality, security, legal rights, fair use of networks, and personnel protection from things such as abuse and sexual harassment so when developing our Net policy, we just borrow the pertinent points from existing policies."
Lest an employee be found abusing the system, Solecki says it would be dealt with as all other problems are. "If an employee was using it inappropriately, whether to harass someone or for personal gain or to download inappropriate information, we would take it up with human resources — that the employee was wasting time on the job, holding back productivity."
Hogue says that much of the problem surrounding Internet use — and e-mail usage, especially — stems from how people view the technology. "I see the main problem as being that for some reason people forget when they’re using e-mail how very public it really is. If anything, the recent Microsoft trial reminded us of that. Bill Gates’ own e-mails got him into trouble. They were deleted but still retrievable," she points out. "People treat it like verbal communication, but it’s not. There’s a permanent record, and this should be reflected in any policy that is written.
"People just are not thinking carefully about how to appropriately use e-mail," she continues. In Hogue’s opinion, it’s not out of the question to imagine a "situation where people have been e-mailing back and forth about an adverse relationship with a patient, and the e-mail not be protected by state law. The e-mails could be completely discoverable, and all of that material would then be available to a patient’s attorney who wanted it."
For this reason, she says, "a home care agency’s policy should also include a requirement that people not share confidential patient information over e-mail, especially if there’s been a problem with care that resulted in an accident report. The mere fact that an agency has a policy will help them in the case of a lawsuit because it shows that the agency made reasonable efforts to prevent violations of policy."
To really add teeth to the policy, she cautions that it must mention that employees who violate it will be subject to disciplinary actions in accordance with the agency’s progressive disciplinary program.
Fortunately, Henry Ford Home Health hasn’t experienced a case of abuse yet, Solecki says, perhaps because employees are aware that they might be monitored.
"We’ve long had an electronic medical record system," he explains. "Staff who are able to access the network and to get into clinical applications know that that access is recorded, and even if they go into a restricted file with permission, it will be recorded who is accessing what files. . . . We can find out who’s been anywhere. They are aware of it from a business perspective, so that does make people a little more cautious. We tell our employees: Don’t think your electronic correspondence will never be monitored.’ Fair, I understand, has a broad definition, but we know what we know and . . . most people know what is and isn’t fair, and I think our staff understand that."
Companies’ Internet usage policies can be as varied as the types of Web sites currently found on the Internet, but all share at least one thing in common: their need to protect the company from liability. In doing so, Internet usage policies fall into three broad groups, explains Jim Masur, chair of the labor and employment practices group at Locke Reynolds, an Indianapolis-based law firm.
As Masur points out, an agency’s primary concern, especially in the age of HIPAA, is "to preclude dissemination of the employer’s proprietary information. You don’t want patients’ health records being freely bandied about on the Internet, and as a result, employers need to propound a policy that says as much to its employees, as well as informs them that there are disciplinary consequences for failing to adhere to the policy."
A second concern, according to Masur, is one involving libel and defamation. "The last thing an agency wants is to have an employee go off on a half-cocked Dennis Miller-like rant against General Motors, the new World Order, or whatever it might be that’s annoying the employee." Masur’s advice is that agencies incorporate into their Internet usage policies sections that preclude this kind of behavior. Masur says having a clause that addresses these types of situations will help an employer if "an employee goes off on his or her own and does these kinds of things."
Lastly, but certainly not least in importance, are matters relating to internal communications, such as downloading pornography and distributing it to co-workers. "This could subject an employer to liability for sex harassment," notes Masur, "so in that context, you want to make sure policies prohibit that activity and that disciplinary actions follow for those who engage in it. As part and parcel, many employers are adopting Internet and e-mail access policies because federal statutes include language that talks about intercepting such communications.
"In order to make sure policies on those three areas are followed, employers need to monitor voice mail and e-mail and similar kinds of communications. To do so, it’s important to create at the outset of the employment relationship an impression with employees that there is no reasonable expectation of privacy around Internet use or phone," Masur continues.
A 1999 survey by the American Management Association found that 27% of employers surveyed both store and review their employees’ e-mail messages. The previous year, only 20.2% reported monitoring employee e-mails. Interest-ingly, while the number of employers who monitored their employees grew over that year, the number who reported this information to their employees dropped by 8.3%. Masur says that’s the wrong approach.
"You want them to be thinking any time we dial up, this call may be monitored.’ . . . It’s important that employers tell employees in a written policy that all electronic communications are the property of the employer and should not be considered private even with passwords . . . — and that the employer reserves the right to monitor all those communications — so that the employee doesn’t have any expectation of privacy. Many, many employers are going the additional step of having employees acknowledge receipt of that kind of policy by signing a disclaimer or waiver to make it of record that the employees know they shouldn’t consider those communications private."
Henry Ford for all its success hasn’t been without its troubles, however. As Solecki explains, years ago the agency gave long-distance calling cards to its field staff. "When we looked at the detailed itemizations, we found that people were making a significant number of calls after hours. In some cases, they were even calling foreign countries and talking for significant periods of time. It was a real eye-opener. It was a real learning experience for us, and after that, we imposed some restrictions on all our long-distance credit card usage.
"Because we have hundreds of field staff, reviewing monthly detailed itemization records was difficult, so we built in some restraints and began to examine calls over 20 minutes, calls after a certain time at night, and those kind of things. Most patient interactions won’t take 20 minutes, so if someone is over the 20-minute limit discussion or outside any of the parameters, then we’ll talk to you. We communicated fair parameters and communicated them to staff and the same approach can be taken from [the] Internet perspective. If someone is downloading information at inappropriate times or for odd lengths of time and at some odd sites, you might want to talk to them."
The bottom line, he says, is that "you are using corporate instruments, and the fact you’re able to engage in personal correspondence is a perk and something that one should be grateful for — not take advantage of."
[For more information, contact:
• Elizabeth E. Hogue, Esq., 15118 Liberty Grove Drive, Burtonsville, Maryland 20866. Telephone: (301) 421-0143.
• Jim Masur, Chair, Labor and Employment Practices Group, Locke Reynolds LLP, 1000 Capital Center S., 201 N. Illinois St., Indianapolis, IN 46204. Telephone: (317) 237-3892.
• Gregory P. Solecki, Vice President, Henry Ford Home Health Care, 1 Ford Place, 4C, Detroit, MI 48202. Telephone: (313) 874-6500.]