Our Outlook

Filter Posts

Clear Filters
« Return to List

Posted on 02.21.2014

Treat the Cause, Not the Symptoms

With technological advances come new perils for the workplace that have both operational and brand protection implications.

  • A physician office manager posts a comment on social media inquiring about a patient's specific medical condition, resulting in a HIPAA violation.
  • An unencrypted flash drive with protected health information (PHI) is stolen from the vehicle of a physician practice employee, costing the practice fines of $150,000.
  • A health plan's photocopiers are returned to a leasing agent still containing PHI stored on their hard drives, resulting in a $1.2 million settlement.

Incidents like these examples result in ramifications from negative publicity to hefty fines and other enforcement every day.

So what's an organization to do?

Unfortunately, some organizations approach the issue by treating the symptoms instead of the cause, banning social media in the workplace altogether (good luck with that in the era of the smartphone, by the way) or locking USB ports to prevent users from plugging in removable flash drives. (The latter in no way prevents an unscrupulous employee from simply uploading data to the cloud or emailing it, of course.)

You wouldn't ban office supplies because you had an employee who was stealing them, or rid the office of computers because of an employee who prefers video games to work. You'd warn, discipline or dismiss the employee. New-age disciplinary problems need to be treated similarly by addressing the problem employee behavior, not the digital platform via which it occurred.

While there's no easy fix to certain high-stakes risks, smart organizational leaders ensure they have proper policies, procedures and plans in place, that employees receive proper training and periodic re-training, and take the appropriate disciplinary actions against employees who violate policies.

How many of these policies and plans does your organization have in place to help protect itself from reputational harm?

  1. A clear, strong social media policy, updated regularly as the world of social media evolves. If large, publicly held companies like Coca-Cola can have both a social media policy and a robust social engagement strategy, your organization can, too.

  2. Healthcare providers and other "covered entities" as defined by HIPAA will find a social media policy is just as important as its other HIPAA-related policies and procedures. These policies are essential to ensure the organization is doing everything it should to safeguard protected health information (PHI).

  3. Beyond PHI, data breach is a constant concern for organizations from national retailers to local school systems that hold personally identifiable information (PII). Along with adequate data protection protocols, any organization with records that contain PII should establish a clear data breach response plan to ensure a prompt response and mitigate negative consequences in the event of a breach.

  4. Speaking of responding promptly and mitigating consequences, does your organization have a crisis response plan? "Unimaginable" crises can range from a shooter in the workplace to major fire or flood damage to allegations of criminal activity or the unexpected death of a high-profile company executive. Smart organizations don't leave such things to chance; they have a thorough plan for how their team will react in a time of crisis to minimize impacts to customers, employees and reputation.

If you have all the applicable policies, procedures and plans in place, congratulations. You're on the right track. But don't forget, without the proper employee training and retraining to go with them, they're just taking up space on your bookshelf…or your server. Do your policies - and the way you use them - need a check-up?  


Dana Coleman is a Vice President at Lovell Communications. You can view more of Dana’s blogs here. Connect with Dana at Dana@lovell.com or @lovelldc

Latest Blog Post

Nonprofit health systems: What does your 990 say about you?

What does your Form 990 say about your nonprofit hospital? Read more for communications guidance on what to say — and what to do when there’s not enough spa...

Read More

News Update

Lovell Senior Account Supervisor Kristy Lucero featured in PR News’ Young Voices Series

Kristy Lucero offers advice on how to excel in a public relations career and the lessons she’s learned as a health care communicator working through COVID-19...

Read More