You’ve undoubtedly heard the national news stories of hospital employees posting photographs of anesthetized celebrities to their own personal Facebook pages. Or, the surgeon who enjoyed taking photographs of patients’ genitalia in the O.R., and sending them to staff.  This takes the concept of “sharing is caring” a bit too far.

Common sense and decency lead most people not to behave this way. But alas, your practice must prepare for employees who have all kinds of backgrounds and  predilections. Which is why it’s important that every practice have an up to date, written, social media policy for employees.

Here are the must-have components to include:

1. Extent of policy.

This clause lets employees know that you are not trying to apply the long arm of the law to their personal lives. It explains that the policy only covers social media and Internet activities that are associated with the practice; not activities that are purely personal in nature. Like posts of the employee hiking the Continental Divide with a friend. Or giving the dog a bubble bath.

2. Covered technology.

Given that technology is constantly changing, it’s tough to create a policy that names every technology, or platforms that don’t even exist yet. (The latter is particularly challenging.) Instead, explain that the policy applies to a list of common sites and list them, as well as other platforms that include social networking sites and sites with user generated content.

The examples you might list in the policy could include: 1) Twitter 2) Facebook 3) YouTube 4) Yelp.com 5) RateMDs.com.

3. Professional and personal behavior.

This is the meat and potatoes of the policy. Here’s where you spell out what you expect. For instance, the policy should say that employees are prohibited from posting any patient’s PHI or image on a social media site. Or, that they are not allowed to provide medical advice or medical commentary that in any way references their employment with your practice. Or that they cannot impersonate someone else – for example, they can’t answer patient medical questions as if they were a physician. 

4. Violation of laws.

Simply put, this clause explains that if an employee violates any local, state, or international law or regulation by uploading, posting, e-mailing or otherwise putting content online that is unlawful, threatening, profane, racist, etc. – the employee is violating the law and the practice is not responsible.

5. Violation of the social media policy.

Makes employees aware that violations will have consequences, and defines the scope of those consequences. This section should also include language that indemnifies the practice against liabilities for actions in violation of the policy. It should explain that violation of any portion of the social media policy may result in disciplinary action up to and including termination of employment. As well as what employees should do if they notice that someone has violated the policy.

6. Claim disputes.

Explain that any disputes relating to the employees inappropriate or illegal posting of content on a social media platform or blog will be addressed in accordance with the laws of the State. The employee must agree to be bound and subject to the exclusive jurisdiction of a local, State or Federal Courts.

7. Date and Signature.

Execute the policy for each employee, asking him or her to date and sign it. Put in the employee’s personnel file.

A good policy also typically includes an indemnification clause, statements about amendments to the policy, and the term of the policy. With regard to term, the signed policy should be effective immediately and in force up until date of termination or the employee’s last day, if leaving voluntarily.