cyberbullying in the healthcare field · cyberbullying in the healthcare field by joshua i....

RMS NRMS NEWSLETTEEWSLETTERR AALL LL RR IGHTS IGHTS RRESERVED ESERVED ©© 20112011 PPAGE AGE 1

This publication is not intended to be and should not be used as a substitute for specific legal or risk management advice. Readers should obtain specific legal or risk

management advice in addressing issues discussed in this newsletter

NNEWSLETTEREWSLETTER Volume Seven - Number Seven July 2011

Cyberbullying in the Healthcare Field

by Joshua I. Rozovsky, MS

and Fay A. Rozovsky, JD, MPH

A disgruntled former employee under a pseudonym rants on his blog against former supervisors and “stupid” patients, promising to “expose” malpractice. A patientʼs daughter criticizes her motherʼs care on a forum for cancer patients and families. An unknown complainant reposts compromising images of the fatherʼs doctor, taken when he was a medical student. A patient uploads cellphone photos of nurses, CNAs, and other patients in a series of racist and sexist posts that are soon reposted by like-minded followers to Twitter and Facebook. A jilted “ex” threatens to post personal sexual photographs on a physicianʼs public Facebook wall… and soon follows by creating explicit and potentially-embarrassing “personal” ads under the same physicianʼs name. These are but a few of the scenarios that may constitute cyberbullying and cyber-harassment involving healthcare workers and organizations. In some cases, the actions of a jilted former love interest, disgruntled employee, patient or family members may seem little different than the “web page defacements” that have plagued organizations, including healthcare organizations, for years. In other cases, the harassment may not legally satisfy State definitions for bullying or “cyber” offenses because the target was never intended to see the criticism, because the actions occurred only once, or because of variations in what technologies were used. Cyberbullying and cyber-harassment go beyond angry “graffiti” on a website or libel. While definitions do vary by jurisdiction, cyber-harassment tends to target

POWERED BY ONEBEACON PROFESSIONAL INSURANCE

RMS NRMS NEWSLETTEREWSLETTER AALL LL RR IGHTS IGHTS RRESERVED ESERVED ©© 20201111 PPAGE AGE 2



individuals with the sole purpose of tormenting them1. Cyberbullying tends to occur within an academic context, such as a high school – and is often defined as involving minors.2 In general parlance, it is often used to describe older students or situations similar to that suffered by bullied children, whether graduate students, medical residents, or others. In all cases, the medium is the Internet – whether through a blog, online videos, forums, instant messaging, or email. Not included in this definition, but also of concern are harassing voicemails and cellphone video or photography, including “sexting” of explicit images to third parties. One well-known and tragic cyberbullying incident that made many stop and reflect was the tragic case of a young college student in New Jersey. Having learned that his intimate relationship with another man had been videotaped, streamed online, and “advertised” on a social media site led the young man to commit suicide. Another sad event involved a teenage girl in the Midwest who was “rejected” and then berated by her cyber boyfriend. Like the young man in New Jersey, the teenage girl in the Midwest took her life. Only later was it learned that the mother of an acquaintance of the teenage girl had played the role of the imposter to “get back” at the young victim. The situation resulted in criminal charges against the adult. As many observers have come to realize, social media can be a wonderful resource to help vulnerable individuals. It can also be a conduit for cyberbullying that leads to tragic consequences. But what about cyberbullying in the healthcare field? Can it happen, or are the examples earlier purely hypothetical? Can patients indeed use social media tools to bully or intimidate care providers? Can care providers turn to cyberbullying to taunt, berate, and isolate colleagues? Is such behavior acceptable? Can cyberbullying constitute disruptive behavior? Can a healthcare organization do anything to curb such practices? A case example from Texas3 helps highlight some of the concerns about cyberbullying in the healthcare field. The case helps to set the stage for practical strategies to address cyberbullying in the healthcare field.





The Texas Federal Case. Born and raised in India, Dr. A.G. came to the United States and became licensed to practice medicine in Texas. Dr. A. G. obtained staff privileges at a community hospital as a cardiologist. Dr. A.G. was one of several physicians of Indian origin to obtain cardiac privileges at the facility.4 The Indian physicians noticed a change in the hospital climate beginning in 2007. The hospital entered into contracts with other cardiology groups, none of whom included physicians of Indian origin. One of the Indian physicians was allegedly removed from the peer review committee for missing too many meetings. However, the doctor claimed that with the exception of the chairman, he had attended more peer review committee meetings than other physicians.5 The physician also claimed that the hospital revised a protocol that directed personnel not to contact the Indian cardiologists when their patients went to the hospitalʼs chest pain unit for care.6 In a letter written to Dr. A.G. and colleagues, an attorney representing the hospital indicated that the facility board had passed a resolution barring them from practicing at the hospital. Included with the letter was an unsigned and undated resolution from the board that stated in part that:

"'[o]nly those physicians who are contractually committed to the Hospital to participate in the Hospital's on-call emergency room coverage program shall be permitted to exercise clinical privileges in the cardiology department or as part of the Hospital's heart program.”7

The suggestion was that the board resolution was the product of “operational problems.”8 Dr. A.G. and colleagues filed claims against the hospital and various individuals in the U.S. District Court for the Southern District of Texas. Among the allegations were violations of both substantive and procedural due process, violations of equally protection rights on the basis of race, tortious interference with contractual relations and defamation.9 The case became rife with procedural maneuvers and motions. One defense motion was to dismiss the case as being time barred. The court rejected this motion. Another motion was for summary judgment.10





As the court noted,

“Summary judgment is not appropriate unless, viewing the evidence in the light most favorable to the non-moving party, no reasonable jury could return a verdict for that party.”11

Of particular import on the allegation of racial discrimination, the court referenced what was described as “evidence in the record establishing direct evidence of racial discrimination in this case,”12 that barred granting the defense request for summary judgment. First was a memo in March 2007 from the administrator of the facility that stated:

“I feel a sense of disgust but am more concerned with what this means to the future of the hospital as more of our middle Eastern born physicians demand leadership roles and demand influence over situations that are hospital issues . . . . [This] will change the entire complexion of the hospital and create a level of fear among our employees.”13

As the court indicated,

“When the …administrator displays such overt racial animus towards Plaintiffs, this racial animus necessarily permeates throughout the rest of the hospital, and is strong evidence of discrimination...The [Administratorʼs] statements could, for example, indicate to…employees that such attitudes were tolerated or even encouraged, and do not foster the type of non-discriminatory environment that is envisioned by the equal protection clause.”14

The court then took note of e-mail transmissions that were characterized as evidence of racism and derogatory comments by other employees of the hospital. In one e-mail message, a nurse in a managerial role wrote:

"[w]e should celebrate when all this is over . . . then work on getting the Indians off the reservation." (emphasis added).15

The email generated responses from two physicians who stated:

"I love that turn of phrase -- off the reservation since they the Indians





went off the reservation on how to treat patients and colleagues."16 In another instance, a person who was not associated with the healthcare facility emailed the hospital administrator stating, "I noticed that [P.H.] Holm has some suspicious damage to his car. In fact there were several rocks stuck in the grill." The administrator then forwarded the email to P.H. stating, "What's this about? Is Ted thinking about my Indian troubles, Are you making a connection?"17 The Administrator acknowledged that the descriptive phrase, “Indian troubles” was a direct reference to Dr. A.G. and the other plaintiffs. 18 In other correspondence among officials of the facility the term “Indians” was used in a derogatory way. Furthermore, in depositions there was evidence in depositions of racial tensions involving the “Indians.”19 The court therefore ruled that the case could proceed on the claim for denial of equal protection. Observations on the Texas Case. The ruling described above is one of several in the case.20 Another involved allegations of spoliation of evidence when the defense could not provide the plaintiff with requested email information. The plaintiff was not successful on this assertion.21 In a related case before the U.S. Court of Appeal, the appellate court reversing an order from the U.S. District Court enjoining the hospital from barring the cardiologists from exercising their clinical privileges.22 Unless the parties come to a settlement, the Texas case is a long way from resolution. However, even at this stage it provides a useful context for a discussion of cyberbullying. If the facts are proven as alleged, the Texas case involves racial prejudice that is pervasive in the healthcare entity. The administrator acknowledged that he had made derogatory remarks. But was it just a matter of derogatory statements, or was it a larger issue that reflects that racial discrimination can impact the delivery of safe, quality patient care? The remarks emailed back and forth may be a reflection of a racially insensitive culture in the organization. When others in a healthcare facility are exposed to such terminology as “Indian troubles,” and the “Indians went off the reservation,”





and there is an inference that the “Indians” damaged a personʼs vehicle, it emboldens others to emulate what is considered acceptable behavior. The use of email to foment such racially charged statements is concerning. Might some come to believe it is acceptable to target the “Indian” doctors? To not only make life difficult for them in terms of practicing cardiology in the community, but to follow others and refer patients to “non-Indian” cardiologists? If the type of email traffic described earlier was disseminated into the community, what could be the outcome? Could the seeming acceptance of using such derogatory terms among healthcare leaders provide a basis for patients and others to take matters into their own hands and use physical violence or threats to drive the “Indians” out of town? Admittedly, the situation described here is a rather different view of Internet or cyberbullying. It is not simply the basis for litigation involving civil rights, defamation or tortious interference with contractual relationships. Rather, if the plaintiffs prove their case it will in part demonstrate the power of social media, or other communications tools such email, to bully or to compel others to drive care providers from a healthcare institution. Think of it as economic or racial bullying facilitated by the use of cyber exchanges. The Texas case is a far cry from the likes of the college student who was the victim of very personal cyberbullying involving his identity as a gay man. The racial discrimination allegations in Texas are quite different from the cyberbullying that led the young Midwest teenager to hang herself. But all three cases have a common thread: the use of “cyber” or electronic social media exchange in such a way to cause personal havoc, widespread notoriety, and bad outcomes. It is at its core an unacceptable use of social media and social networking. Identifying Potential Forms of Cyberbullying and Harassment. Cyberbullying or harassment can occur not just between staff members, but involve third parties with only tenuous links to the organization. Consider the following situations, in which the terms families and friends are used interchangeably:

1. Staff members vs. Staff Members. Disruptive behavior can “spill” over onto digital media, as described in the Texas case. This can involve





breach as well as defamation and workplace discrimination if confidential personnel details are published also.

2. Staff Members vs. Patients and Families. Beyond breach of patient confidentiality, inappropriate use of social media by staff members can lead to claims of harassment, defamation, or bullying if posts are made about patients or families.

3. Patients vs. Staff. Angry or disgruntled patients can take to any number of online forums or social media to register their complaints. Their vitriol may be contained only within emails and posts distributed amongst their friends and families, or may go “viral” across Facebook, Twitter, and be referenced in videos across thousands of websites. Angry comments may be left on the providersʼ of facilities own webpages or “walls” on social media sites such as Facebook. Directed communications to a specific provider, whether by email or by social media may also be used to criticize, complain, harass, or threaten. Rating and review sites are a popular place to bemoan what is believed to be substandard care.

4. Families and Friends vs. Staff. Patients may not be the ones leaving falsehoods or defamatory comments on public review sites, leaving threatening emails and voicemails, or creating phony websites purporting to be from the organization in an effort to harass a provider or harm the organization. Friends or families of the patient may be the one “fired up” over a perceived slight or quality of care issue. Recognize that a legitimate complaint by a patient may “go viral” among family and friends, and spread to those with little interest in the actual case.

5. Third Parties vs. Staff. As with “families and friends vs. staff” recognize that sometimes the perpetrators of harassment and cyberbullying have little connection to the organization. Rather, the organization or its staff may be a symbolic target. A rumor online may be interpreted as fact and “cyber vigilantes” may respond. Whether it is a rumor of “patient killings” or animal experimentation or efforts to target abortion providers, the organization should recognize that there may be little actual connection to the organization or the victim – and that such cyber-harassers or bullies may be operating from the other side of the world, driven only by Internet rumor.

6. Third Parties vs. Patients or Families. Families or patients may be the victim of cyber-harassment. This may occur as a result of a patient blog describing an end-of-life decision or a controversial medical procedure. Anonymous readers anywhere in the world may take offense and target the patient, their family, provider, or the organization for what they regard as an “immoral” action. Recognize too, that those who “defend” the





organization or a provider online may find themselves also the victim of online harassment.

7. Patients vs. Patients and Families vs. Families. Many patients and families struggling with illness have created blogs for families and friends, others in similar situations, or simply to vent. Blogs, video blogs (vlogs), and feeds detailing the latest saga often provide people with a much needed outlet. However, disagreements over a personʼs treatment choices or public disclosures can become nasty – often from fellow patients or family members. The online critic need not be a patient in the same hospital or even continent. The harasser or bully may feel the patient or family is “giving up too soon” or “wasting life” or should perhaps “stop wasting dollars” and commit suicide. Healthcare organizations should consider informing patients of such risks online and recognize that online harassment through patient blogs can be a risk factor for depression or suicide.

Risk Management Strategies to Curb Cyberbullying and Harassment in Healthcare. It is not a far cry to recognize the damage to an organization or a providerʼs reputation if unflattering pictures or allegations are posted to a blog or third-party social media site by a current or former patient, colleague, patient family member, competitor, or romantic interest. Organizations also need to recognize the limits of their technical and administrative authority to intervene in suspected cases of cyberbullying or harassment and recognize what steps should be taken to educate staff, patients, families and other visitors. Risk management strategies to consider include the following:

1. Define Cyberbullying.

Do not assume that cases of staff-on-staff or staff-patient cyberbullying or cyber-harassment will be covered by the organizationʼs sexual harassment, workplace discrimination, or professional misconduct policies. Make certain that the definitions make clear what constitutes cyberbullying or cyber-harassment.

2. Recognize the Need for Investigative Authority and Training. Creating profiles on social media sites, or using false names or avatars to harass, intimidate, or tarnish another personʼs reputation is unfortunately a





common symptom of the Internetʼs perceived anonymity. Ensure that assumptions are not made regarding the actual perpetrator of cyberbullying or harassment, and that those responsible for enforcement of the organizationʼs policies do not assume that a particular person is guilty of harassment or other online violations. Recognize that “false flags” are a common occurrence in online communications, and that actual violators may also attempt to deny culpability using such an argument. Support specialist investigative training for IT and physical security personnel so they have the tools to identify and mitigate cyberbullying and harassment occurring on organizational systems or involving staff or agency personnel.

3. Create a Framework for Identifying Cyberbullying or Harassment. Create an organizational “hotline” to address cyberbullying concerns or reports of stolen identities (“false flag”) being used to perpetrate cyberbullying or harassment. Ensure that instances involving threats are quickly identified as possibly requiring law enforcement or security service intervention or notification. Take a pro-active approach in identifying suspected cases, including through the use of email filters, and moderation tools on organization “walls” or sites, and sites and forums where the organization maintains a presence. Consider establishing organizational accounts on forums and sites used by patients, families, medical residents, and specialty staff in order to identify cases of improper use early in the violation. Ensure that the creation and maintenance of such accounts comply with the acceptable use agreement or terms of use of the site, which in some cases prohibit users from notifying employers or monitoring the sites to address workplace conduct. Ensure that whistleblower protections are not violated by the policies or procedures established.

4. Establish Criteria for Law Enforcement Notification and Assistance. Cyberbullying and harassment, regardless of the parties involved, can often devolve from name-calling and libel to veiled (or actual) threats of violence, suicide, or threats to release personal information of the victim or their associates. Take such threats seriously and do not assume that you know the perpetratorʼs identity. Do not confront the individual suspected of such intimidation or violent threats. Procedures should be established to allow rapid notification to law enforcement by personnel – an immediate threat should not be “waited upon” for legal counsel or supervisory input.





5. Establish a Culture of Zero Tolerance for Cyberbullying and Cyber-

Harassment. Ensure that all staff are warned of the consequences of such misuse of organizational or third-party social media, email, voicemail or other communication platforms. Do no limit the prohibitions to a particular site or medium. Ensure that the organizationʼs commitment to investigation of allegations of cyber bullying or harassment, and willingness to involve law enforcement, is communicated to staff and patients. Emphasize that copying and pasting or further distributing otherʼs acts of harassment, bullying, or breaches of protected health of personnel information also constitutes a violation of the policy. The only exception should be to notify the organization or law enforcement of the violation (for example, sending a copy of the harasserʼs email or status update to the IT security office). Consider how cyberbullying and harassment by staff members or agency personnel may constitute disruptive behavior under medical staff bylaws, agency contracts, and employee or collective agreements.

6. Know the Limits of Organizational Authority and Develop Policies and Procedures Reflective of these Limits. Ensure that the definitions, investigation and resolution of harassment and cyberbullying comply with established regulations, case law, and jurisdictional technical limitations. Some recent cases (CITE) indicate that what some organizations may describe as online defamation or harassment by employees may be protected speech under collective bargaining agreements. Be aware also that an overly-broad definition of cyber-harassment or bullying, or overly broad limitations on social media use outside of work may run foul of free speech protections. Recognize that some sites and ISPs may not cooperate with organizational or law enforcement inquiries, requests or subpoenas, and that some sites or users may even “retaliate” with additional allegations, harassment, Denial of Service attacks, or attempts to attack the organization with malware or harass related organizations, users, or patients.

7. Ensure That “Silos” Do Not Exist Between Breach and Cyberbullying / Harassment Investigations. Recognize that cyberbullying and harassment often involves the unwanted release of personal photographs or information. If this involves PHI or protected personnel information, a breach as well as harassment may have occurred, or is ongoing. It may be difficult to stop the release of





additional information until the perpetrator is apprehended. Recognize that such cases may also need to involve law enforcement.

8. Ensure that e-Discovery Policies and Procedures Are followed. Make certain original posts and all associated metadata is retained as it may be subject to a legal hold. It may be tempting to simply block users suspected of harassment or delete their posts containing private information (on those sites where the organization has moderator controls), but do so with a view to protecting evidence. Perpetrators may attempt to deny that they were responsible and blame a “hacker.” Evidentiary collection of metadata including IP addresses is also critical to protecting against counter-claims of improper dismissal, harm to reputation, or improper prosecution.

9. Educate All Users of the Risks of Cyberbullying and Harassment. Educate all staff and visitors or what constitutes acceptable and unacceptable use of organizational IT resources. Give specific warnings to patients and families about the risks of harassment, bullying, and fraud in maintaining a blog or feed about the patientʼs care on third party or personal websites. Consider giving specific examples about what cannot be shared – including photographs of other patients and families or staff members. Many users may not realize the dangers of posting these personal aspects of their lives online for the whole world to see. Many users who create a blog for family may fail to recognize that such as “personal” blog in actuality is a blog visible to everyone on the Internet. Provide all personnel and patients and their families with resources to contact should they suspect they are the victim of a cyberbully or harassment online. Ensure that they are directed to law enforcement if a threat is believed to be severe or imminent. Advise providers that for some patients a blog or profile on a social media site is their only social circle and that “shutting it off” may deny the patient any social interaction and lead to increased feelings of depression or isolation. Take full advantage of reputable resources to reinforce the message including those designed to assist teacher, administrators, parents, and students facing cyberbullying and online harassment.23

10. Determine Cyberliability Coverage Limitations. Cyberliability policies may not cover instances of cyber bullying or costs associated with defending the organization from accusations of cracking otherʼs sites or conducting improper investigations. Coverage may not also





include costs of defending providersʼ reputations or websites against defacement.

Conclusion. Social media is here to stay. Email, once considered another “fad” has become a mainstay of personal and business communications. Like telephone harassment and in-person bullying, antisocial behavior has continued into these media. Recent suicides and cases of disruptive provider behavior online have brought attention to the issue of cyberbullying and harassment. Unlike older forms of bullying and harassment, perpetrators online may perceive that they are anonymous, hiding behind usernames or avatars. Some users may choose to imitate other users as part of their campaigns. That harassment may turn “viral” and embolden others to target the victim is yet another challenge. Simply disconnecting form all forms of social media and electronic communication is not an option for organizations, patients, families or providers. Organizations rely on these communications tools for everything from outreach to internal communications to marketing. For many families and patients, these tools are their only communications – or for some patients – their only friends at all. Healthcare organization must develop policies that define inappropriate use of social media and other electronic communications tools used to harass, threaten, defame, or bully others and establish procedures and resources to enforce prohibitions on such conduct emanating from staff on or off the job. In doing so, speech and collective bargaining rights must be protected. Organizations must be prepared to defend their reputation online and offline, particularly against accusations made by a cyber-harasser, or accusations that a staff member is responsible for inappropriate conduct online. Digital communications can bring the world closer together and improve quality of care, but it can also be a potent weapon for those with mal-intent. Better educated and prepared staff, patients, and families can help blunt the effects of the cyber-harassers and bullies online, and reduce the probability of resulting tragedy and litigation.





If you would like assistance with an cyberbullying and cyber-harassment risk

management plan or education, please contact us at (860) 242-1302.





1 State Cyberstalking, Cyberharassment, and Cyberbullying Laws. Last updated January 26, 2011. Accessed at http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/CyberstalkingLaws/tabid/13495/Default.aspx 2 Id. 3 A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 135395 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 December 22, 2010). 4 Id. 5 Id. 6 Id. 7 Id. at p. 6. 8 Id. 9 Id. at p. 9. 10 Id. at pp. 15-16. 11 Id. at p. 14. 12 Id. at p. 30. 13 Id. 14 Id. at 31. 15 Id. 16 Id. 17 Id. at pp. 31-32. 18 Id. at p. 32. 19 Id. at p. 33. 20 See, e.g. A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 133721 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 December 17, 2010); A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 52082 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 May 22, 2011); A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 386 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 Jan 4, 2011); A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 57317 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 May 27, 2011); A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 65147 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 June 30, 2010); A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 135395 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 June 22, 2010); and A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 133714 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 December 17, 2010). See also, A.G. v. C.M.C. 2011 U.S. App. LEXIS 27 (U.S. Cir. Ct. 5th Cir., No. 10-40246, Jan. 6, 2011) and A.G. C.M.C, 2011 U.S. LEXIS 3757, cert denied (U.S., May 16, 2011). 21 A.G. et al v. CMC, 2010 U.S. Dist. LEXIS 57317 (U.S. Dist. Ct. Tex, S.D., C.A. No. V-10-14 May 27, 2011). 22 A.G. v. C.M.C. 2011 U.S. App. LEXIS 27 (U.S. Cir. Ct. 5th Cir., No. 10-40246, Jan. 6, 2011). 23 CDC Injury Prevention: Electronic Aggression – Technology and Youth Violence. Accessed July 31, 2011. http://www.cdc.gov/ViolencePrevention/youthviolence/electronicaggression/index.html Also see CyberBullyHelp.com, accessed July 31, 2011 and the White House Conference on Bullying Prevention, accessed July 30, 2011 at http://www.stopbullying.gov/references/white_house_conference/

cyberbullying in the healthcare field · cyberbullying in the healthcare field by joshua i....

Documents