What Keeps You Up at Night? Issues of Fraud and Abuse Compliance - - PowerPoint PPT Presentation

37 Offices in 18 Countries

What Keeps You Up at Night?

Issues of Fraud and Abuse Compliance Series How to Handle the Bad Email or Social Media Post

How to Handle the Bad Email or Social Media Post

How to Handle the Bad Email or Social Media Post

• A survey reported in January 2012, Modern

Healthcare found

• Nearly 60% of hospital compliance officials wake up in

the middle of the night from job related stress

• Nearly 60% of hospital compliance officers have

considered quitting within the past year

NAGGING NURSE My hospital is the WORST! They bully employees and

• ne of my fellow colleagues

even killed himself because they are so bad! Our CEO uses unfair labor practices!

Today’s Host

David W. Grauer Chair, Squire Sanders Healthcare Practice T +1 614 365 2786 david.grauer@squiresanders.com

Today’s Speakers

Thomas E. Zeno T +1 513 361 1202 thomas.zeno@squiresanders.com Traci L. Martinez T +1 614 365 2807 traci.martinez@squiresanders.com Elizabeth E. Trende T +1 614 365 2728 elizabeth.trende@squiresanders.com

Topic Areas

• How online communications are stored in

cyberspace

• What kinds of issues have surfaced as a result of

a bad email or social media post

• Steps organizations can take to protect

themselves

• Expected future developments and challenges

Other Social Media Icons = Flickr = RSS Feeder = Blogger = Instagram

Some Healthcare Stats

12

Client Service and Feedback Value-based Pricing Process and Resource Optimization Training and Development Project and Knowledge Management

How Online Communications Are Stored

Staffing Models

How Online Communications Are Stored

• Familiar Technologies:
• Email
• Instant Messaging (IM)
• Text Messaging

How Online Communications Are Stored

• Newer Technologies:
• Social Networking
• Blogging
• Microblogging
• Websites qualify as social media sites when the

majority of content is user-contributed

15

Client Service and Feedback Value-based Pricing Process and Resource Optimization Training and Development Project and Knowledge Management

How Online Communications Are Stored

• Social Networking
• Facebook, Twitter,

LinkedIn, MySpace, YouTube

• Profiles and user

information are stored

• n the servers of the
• nline entity hosting the

social network

Staffing Models

How Online Communications Are Stored

• Social Networking
• Ability of users to delete information once posted varies

based on the social network’s policies

– Facebook policy: even after users deactivate their

account, information remains on the server for a “reasonable period of time” but is generally not available to

• ther users

How Online Communications Are Stored

• Blogging
• Over 400 million English blogs in existence
• Most accessible to anyone with Internet access; free;

searchable

• Quickly becoming a mainstream communication vehicle
• Blog is hosted and data stored on Internet servers
• Deleted entries may be retrievable depending on the

archiving policies of the hosting service

How Online Communications Are Stored

• Microblogging
• Social messaging service; combination text message

and social network (Twitter or status updates on Facebook)

• Updates posted to the website can be read by anyone

who “follows” (Twitter) or “friends” (Facebook) the user

• Depending on privacy settings, updates can be publicly

available or locked down

How Online Communications Are Stored

• Microblogging (cont’d)
• Like blogging, data is stored on the website’s servers,

but may be available in many places

– A large number of applications integrate Twitter with other

applications, so tweets can be anywhere

• Data can also multiply and be difficult to delete

– A friend “sharing” a status message on Facebook posts it

to their profile as well or “retweeting” on Twitter copies an update to another set of followers

Issue #1: Facebook Privacy and HIPAA Concerns

• Mortally wounded 60-year-old patient arrived in

the St. Mary Medical Center emergency room

• Nurses and staff members did not rush to his aid
• Rushed to cell phones to take photos to post on

Facebook and send via IM

• Photos were on Facebook two days before HR

became aware of them http://articles.latimes.com/2010/aug/08/local/la- me-facebook-20100809

Issue #1: Facebook Privacy and HIPAA Concerns

• The organization can be in trouble when it does

not find out

• Invasion of a patient’s privacy
• Four staff members fired; three disciplined
• Be proactive
• Know what is being said about your organization

and leaders

• Webcrawlers

– Google Alerts: http://www.google.com/alerts – Spokeo: http://www.spokeo.com

Issue #2: The Bad Email

Issue #2: The Bad Email

• Compliance Response:
• Investigate
• Provide explanation if possible
• If warranted, discipline must be imposed
• Keep a record of the response and the discipline

Issue #2: The Bad Email Possible Solution

Issue #2: The Bad Email

Issue #2: The Bad Email

• Compliance Response:
• Investigate
• If warranted, discipline must be imposed
• Keep a record of the investigation and the discipline

NAGGING NURSE My hospital is the WORST! They fired my fellow colleague and he killed himself! Our CEO uses unfair labor practices!

Issue #3: The Bad Social Posts

Issue #3: Disciplining Employees for Bad Social Posts

Hospital Response: This nurse must be

• discharged. He has been causing trouble
• n Facebook for months and this is a

public display of disparaging remarks defaming the hospital’s reputation. Is this permissible?

• Hospital wanted to discharge
• Here, not permissible, BUT
• Case-by-case analysis

Other Organization Concerns Pre-Employment “Screening”

• Many organizations use social media sites as

part of their employment screening process

• Some view this as a violation of privacy
• Organizations may use these social media cites

to confirm information on a resume; get more insight into a potential employee

Voting Poll

• Will private employers be permitted to force their employees

to give passwords to private social media sites?

• Yes
• No

Other Organization Concerns CAUTION: Pre-Employment “Screening”

• Don’t ask employees for private passwords
• Be aware of people with the same name
• False profiles are prevalent and easy to create
• Unintended biases
• Could provide you with information you do not want

to have (e.g., candidate has a disability, is pregnant, etc.)

Steps Organizations Can Take to Protect Themselves

Steps Organizations Can Take

• Implement a social media policy
• Implement an Internet use policy
• Update disciplinary policy

Steps Organizations Can Take

• Issue clear, written policies on computer use to

employees and update such policies annually

• Remind employees:
• ALL communications equipment is the employer’s

property (hardware, software, email, voicemail, mobile devices)

• They should have NO expectation of privacy in any

communications prepared on company equipment, even if deleted (e.g., personal email accounts, tweets, Facebook status updates)

• Messages sent from school email accounts may be

subject to disclosure as a public record

• Recommended to remind employees with every

login

Steps Organizations Can Take

• Consider blocking network access if abused
• Assign an employee to regularly monitor social

networking sites (via Google and/or Spokeo) for references to the organization

• Train employees on organization policies, social

networking best practices and obligations under severance agreements

• Ensure network security is sufficient for the new

technologies employees are using

• Do not take disciplinary actions that are not

clearly authorized by policies/Collective Bargaining Agreements

To Monitor and Discipline

• r

Not to Monitor and Discipline

Expected Future Developments and Challenges

During a recent Secret Service investigation, it was learned that one agent posted the following while on detail with Sarah Palin in 2008:

Expected Future Developments and Challenges It’s a Fine Line …

• Organizations are permitted to monitor what

employees do on their computers while at work under acceptable use policy

• Organizations can monitor social networks to

determine if their “sick” employees are really unable to work

• Organizations may monitor after-hours

behaviors that may affect the employer’s reputation or which may place patients’ privacy in jeopardy

Expected Future Developments and Challenges It’s a Fine Line …

• Organizations are not permitted to discipline if

the post or email is about employees’ terms and conditions of employment

• When in doubt – seek legal advice

Compliance Requires Action

What do you do when you find the bad email?

• You keep it and ACT
• The government will not accept inaction for bad

email on company equipment

• Failure to discipline will be held against the

company undergoing audit or qui tam suit

• The government may not accept inaction about

private media sites that are known to the company

Questions?

Thank You for Joining Our Webinar

Join Us for Future Calls in This Series …

• Attorney-Client Privilege: Keeping It and Using It

Wisely

• Use of Outside Counsel: When Inside Counsel

Is Not Enough

• Proper Recordkeeping in a Heightened

Enforcement Environment

Thank You for Joining Our Webinar

Contact us with other topics, questions or issues:

• Tom Zeno: thomas.zeno@squiresanders.com
• Traci Martinez: traci.martinez@squiresanders.com
• Emy Trende: elizabeth.trende@squiresanders.com

37 Offices in 18 Countries

What Keeps You Up at Night?

Issues of Fraud and Abuse Compliance Series