Social Media & the Workplace

The increased use of portable electronic devices in the workplace and the popularity of social media pose unique challenges for health care employers, particularly when the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) conflict with the NLRB’s position on policies that could infringe upon an employee’s right to engage in concerted activity under the NLRA.

HIPAA governs the use and disclosure of protected health information (“PHI”) by health care providers. HIPAA violations may occur when health care employees post images of patients or patients’ records or vitals on social media. Oftentimes, the disclosure is inadvertent. For example, sharing a photo of co-workers in the workplace without realizing that a patient’s file was captured in the photo could result in the unauthorized disclosure of PHI. HIPAA violations may also occur when an employee shares a positive patient experience on social media, with or without an image, as a nursing student recently did to support a three year old who was fighting cancer.

The NLRA applies to all employers, both union and non-union. Section 7 of the NLRA protects “concerted activity,” which includes an employee’s ability to form, join, or assist a union; choose representatives to bargain with the company on their behalf; and act together with other employees for mutual benefit and protection. In some circumstances, recording activities in the workplace may be protected, concerted activity.

Recently, the NLRB in Whole Foods Market, Inc., 363 NLRB No. 87 (Dec. 24, 2015), held that the company’s no-recording policy unlawfully restrained employees’ Section 7 rights. In doing so, the NLRB held that “[p]hotography and audio or video recording in the workplace, as well as the posting of photographs and recordings on social media, are protected by Section 7 if employees are acting in concert for their mutual aid and protection and no overriding employer interest is present.” Thus, an employer may not lawfully adopt a work rule prohibiting employees from workplace recording if the employees are acting in concert for mutual aid and protection and the employer cannot demonstrate an overriding business interest. The Board specifically stated that the employer may not prohibit employees from recording the following: protected picketing, unsafe equipment or workplace conditions, discussions with others about terms and conditions of employment, the inconsistent application of employer rules, and recordings that preserve evidence for later use in administrative or judicial forums in employment-related actions.

The Board, however, acknowledged that employers may be able to establish an overriding business interest to justify restrictions on workplace recordings. The NLRB explained, “[W]e do not hold that an employer is prohibited from maintaining any rules regarding recording in the workplace. We hold only that those rules must be narrowly drawn, so that employees will reasonably understand that Section 7 activity is not being restricted.”

Health care employers should be able to demonstrate such an overriding business interest to support policies restricting workplace recordings and social media use given their obligations to protect patient privacy and comply with HIPAA.

In fact, the NLRB previously upheld a recording restriction implemented to protect patient privacy in Flagstaff Medical Center, 357 NLRB No. 65 (Aug., 26, 2011), a decision which was upheld by the U.S. Court of Appeals for the District of Columbia. In that case, the NLRB ruled that a hospital’s policy prohibiting the recording of images of patients, hospital equipment, property, or facilities was lawful because “the privacy interests of hospital patients are weighty,” and the hospital had a “significant interest in preventing the wrongful disclosure of individually identifiable health information.” The Board in Whole Foods acknowledged the Flagstaff ruling and distinguished its rule from the one in Whole Foods, noting that the business interests at issue in Flagstaff were more pervasive and compelling. Thus, the implementation of narrowly tailored no-recording policies in the health care setting should pass the NLRB’s scrutiny.

The Board should find that health care employers’ interest in protecting patient privacy and complying with federal law justifies appropriately tailored restrictions on workplace recordings. Therefore, to prevent the disclosure of PHI and to protect patient privacy, health care employers should implement policies restricting employees from recording and sharing patients’ images, conversations, or information on social media. Such policies should restrict employees from recording (video, still images, or audio) in patient rooms or settings, and sharing patient images or information on social media. Restricting recordings in non-patient settings (e.g., break rooms, cafeterias, and administrative offices) should be limited to those that will not infringe upon employees’ Section 7 rights.


  • Review and revise no-recording and social media policies to ensure that they are narrowly tailored to protect patient privacy and the disclosure of PHI. Be sure that the policies clearly explain that any restrictions on workplace recordings are due to patient privacy and HIPAA obligations and are not intended to infringe upon employees’ Section 7 rights.
  • Consider revising existing policies on HIPAA compliance to address the use and restrictions of social media.
  • Regularly train employees on recording and social media policies and on HIPAA compliance to ensure that every employee has a working knowledge of the foundational privacy and security regulations issued under HIPAA, and understands how such privacy can be compromised by workplace recording and social media use.
  • Consult with counsel before disciplining an employee for making a workplace recording or posting patient information on social media.

A version of this article originally appeared in the Take 5 newsletter Five Key Issues Impacting Health Care Employers.”

Denise Dadika
Denise Dadika

Everyone has “friends” who overshare their daily activities on Facebook.  Rodney Jones’ oversharing cost him his job.  Jones worked as an activity director for Accentia Health, a long–term care nursing facility.  Accentia Health granted Jones 12 weeks of FMLA and an additional 30 days of non-FMLA leave in connection with his shoulder surgery.  Prior to the end of Jones’ leave, Accentia Health learned that Jones was posting about his leave activities on Facebook, including his visits to Busch Gardens Amusement Park and his Caribbean vacation, where he spent time swimming in the ocean despite his shoulder injury.  It seems that Jones’ colleagues did not appreciate seeing photos of Jones’ fun times while they were busy working and reported his posts to management.

When Jones returned to work, Accentia Health confronted Jones with his Facebook posts and permitted him to provide information about his leave and activities during leave, but Jones declined to do so.  Accentia Health discharged Jones “due to the poor judgment [he] exhibited as a supervisor and the negative impact that his Facebook posts and text messages had among the associates at Accentia Health.”  In addition, Accentia Health concluded that Jones’ conduct violated the Company’s Social Media Policy, which provides that “Social Media usage that adversely affects job performance of fellow associates … may result in disciplinary action up to and including termination.”

Jones sued Accentia Health alleging it interfered with his FMLA rights by requiring him to present a fitness for duty certification upon his return and discharged him in retaliation for taking leave under the FMLA.  The Court dismissed Jones’ claims on summary judgment finding that (1) Accentia Health did not interfere with Jones’ FMLA rights when it enforced its uniformly-applied policy requiring Jones to present a fitness for duty certification, and (2) Jones was not discharged because he took leave, but because of his actions while on leave, opining an employer “may terminate an employee for a good or bad reason without violating federal law.  [Courts] are not in the business of adjudging whether employment decisions are prudent or fair.”

The case serves as a reminder that employers may take action against employees who violate company policies while on leave and/or are suspected of FMLA abuse.  Before taking any action, however, employers should take the time to investigate the suspected violation and/or abuse, including questioning the employee about the need for leave and inability to work before confronting the employee with the misconduct.  Employers should also consider creating policies that protect against employee abuse while on leave, including policies that require employees to remain within the close vicinity of their homes while on medical leave and/or social media policies, similar to Accentia Health’s, that provide for discipline of employees whose social media posts adversely affect the job performance of fellow employees.  Finally, employers may require employees returning from leave to present a fitness for duty certification but should uniformly enforce the requirement to protect against FMLA interference claims.

My colleagues Steven M. Swirsky and Adam C. Abrahms published a Management Memo blog post that will be of interest to many of our readers: “NLRB Issues Critical Guidance on Employer Handbooks, Rules and Policies Including “Approved” Language.”

Following is an excerpt:

On March 18, 2015, NLRB General Counsel Richard F. Griffin, Jr. issued General Counsel Memorandum GC 15-04 containing extensive guidance as to the General Counsel’s views as to what types employer polices and rules, in handbooks and otherwise, will be considered by the NLRB investigators and regional offices to be lawful and which are likely to be found to unlawfully interfere with employees’ rights under the National Labor Relations Act (“NLRA” or the Act”).

This GC Memo is highly relevant to all employers in all industries that are under the jurisdiction of the National Labor Relations Board, regardless of whether they have union represented employees.

Because the Office of the General Counsel investigates unfair labor practice charges and the NLRB’s Regional Directors act on behalf of the General Counsel when they determine whether a charge has legal merit, the memo is meaningful to all employers and offers important guidance as to what language and policies are likely to be found to interfere with employees’ rights under the Act, and what type of language the NLRB will find does not interfere and may be lawfully maintained, so long as it is consistently and non-discriminatorily applied and enforced.

Read the full blog post here.

Our colleague Steven Swirsky at Epstein Becker Green wrote an advisory on an NLRB ruling that affects all employers: “NLRB Holds That Employees Have the Right to Use Company Email Systems for Union Organizing – Union and Non-Union Employers Are All Affected.” Following is an excerpt:

In its Purple Communications, Inc., decision, the National Labor Relations Board (“NLRB” or “Board”) has ruled that “employee use of email for statutorily protected communications on nonworking time must presumptively be permitted” by employers that provide employees with access to email at work.  While the majority in Purple Communications characterized the decision as “carefully limited,” in reality, it appears to be a major game changer.  This decision applies to all employers, not only those that have union-represented employees or that are in the midst of union organizing campaigns.

Under this decision, which applies to both unionized and non-union workplaces alike, if an employer allows employees to use its email system at work, use of the email system “for statutorily protected communications on nonworking time must presumptively be permitted . . . .” In other words, if an employee has access to email at work and is ever allowed to use it to send or receive nonwork emails, the employee is permitted to use his or her work email to communicate with coworkers about union-related issues.

Read the full advisory here.

WHEN: November 17, 2014

TIME:    2:00pm – 3:30pm EST

To register for this webinar, please click here.

Please join us for a complimentary webinar addressing the professional and business challenges encountered by health care providers dealing with Ebola and other infectious diseases. This webinar will offer a clinical overview as well as a review of the guidelines which offer protocols for addressing concerns over Ebola and similar diseases, the health regulatory and risk management issues providers might consider in developing a response strategy, and the resulting labor and employment considerations facing health care employers. A question and answer period will follow the program.

Topics will include:

  • Clinical Overview and Emergency Management Issues
  • Health Regulatory Considerations for Providers
  • Risk Management Concerns
  • Employment Issues Confronting the Health Care Industry


  • Bruno Petinaux, M.D. – Associate Professor, Co-Chief of the Emergency Management Section, Department of Emergency Medicine, George Washington University Medical Faculty Associates
  • George B. Breen – Member, Epstein Becker Green, Chair, Health Care and Life Sciences Practice Steering Committee
  • Frank C. Morris, Jr. – Member, Epstein Becker Green, Employment, Labor and Workforce Management Practice
  • Amy F. Lerman – Associate, Epstein Becker Green, Health Care and Life Sciences Practice

To register for this webinar, please click here.

If you have questions regarding this event, please contact Whitney Krebs at (202) 861-0900, or

By: James P. Flynn

The New Jersey Legislature was overwhelmingly in favor of a measure that would have barred employers from obtaining social media IDs and other social media related information from employees and applicants. Click here for A2878 as passed.  But Governor Chris Christie vetoed A-2878 because it would frustrate a business’s ability “to safeguard its business assets and proprietary information” and potentially conflict with regulatory requirements on businesses in regulated industries such as finance and healthcare. Click here for the Governor’s Veto Statement. While the Governor thought the bill well-intentioned, he conditionally vetoed it for painting “with too broad a brush,” citing the trade secrets/proprietary information concern as a primary motivation: “In view of the over-breadth of this well-intentioned bill, I return it with my recommendations that it be more properly balanced between protecting the privacy of employees and job candidates, while ensuring that employers may appropriately screen job candidates, manage their personnel, and protect their business assets and proprietary information.”

The Governor specifically recommended the bill be revised to:

  • Create an exception to allow investigation of work place misconduct or unauthorized transfer of confidential or proprietary data to a personal account;
  • Add language confirming that an employer may view, access, or utilize information about a current or prospective employee that can be obtained in the public domain;
  • Carve out of the definition of “personal account” any account, service or profile created, maintained, used or accessed by a current or prospective employee for business purposes of the employer or to engage in business related communications;
  • Eliminate provisions that would create a civil cause of action for affected employees or applicants;
  • Add a proviso stating that nothing in the act shall prevent an employer from implementing and enforcing a policy pertaining to the use of an employer issued electronic communications device or any accounts or services provided by the employer or that the employee uses for business purposes; and
  • Add a proviso stating that nothing in the act should be construed to prevent an employer from complying with the requirements of State or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.

Click here for the bill as revised after the Governor’s veto statement.

These last two provisos are important ones, especially for the financial services industry and the healthcare industry. They are important because FINRA, for example, has laid out certain monitoring and record keeping requirements concerning social media used to communicate with clients and prospective clients concerning potential financial transactions. See, e.g., FINRA Guidance here.

There are likewise data security requirements emerging out of HIPAA and other bodies of law that may require security and monitoring of social media. Click here for a discussion of such issues by Dan Goldman (@danielg280), legal counsel at Mayo Clinic and Advisory Board member to the Mayo Clinic Center for Social Media. In an age of BYOD (Bring Your Own Device) and the consolidation of business and personal activity to a single mobile device, failure to include such exceptions would force employers into hard choices between required monitoring and desired seamlessness of the business/personal transition.

While many states have in the last year adopted such statutes, the interplay between the Governor and the Legislature in New Jersey plays out the competing interests nicely, and hopefully starts a trend toward a more measured approach to such questions. Accommodating these competing interests is not only a legislative challenge, but is one faced by employers and businesses every day.

by: Steven M. Swirsky and D. Martin Stanberry

An NLRB Administrative Law Judge (“ALJ”) has found that two computer usage policies of University of Pittsburgh Medical Center (“UPMC”) violated the National Labor Relations Act (“Act”) because they had an unreasonable tendency to chill employee activities, including union organizing and employee discussions about terms and conditions of employment, protected by Section 7 of the Act.

The policies at issue prohibited employees from using the employer’s email and other electronic messaging systems “in a way that may be disruptive, offensive to others, or harmful to morale” or “[t]o solicit employees to support any group or organization, unless sanctioned by UPMC executive management.”

The ALJ, found that the policies, by using the terms and phrases “disruptive”, “offensive” and “harmful to morale” without providing examples or guidance to assist employees in interpreting the policy, “would reasonably be understood to include a spectrum of communication about unions, and … criticism of [the employer’s] working conditions, while permitting widespread nonwork use of the email system for an array of other subjects.”

The ALJ also found that the policy’s language restricting solicitation was unlawful because it provided managers with discretion to grant or deny solicitation in a manner thatdiscriminates against unions and union supporters.

The ALJ also found unlawful UPMC’s social media policy, which prohibited employees from using web-based applications to describe their affiliation with UPMC, disparage or misrepresent UPMC, or make false or misleading statements about UPMC,  largely the same reasons.

Alluding to an issue decided by the NLRB in the Register Guard decision, the ALJ noted that “a complete ban on employee email use would not raise a legal issue.” Practically speaking however, this is not necessarily true. The current Board has taken an activist stance regarding the potentially discriminatory application of workplace policies and, in the real world, very few employers maintain and enforce absolute prohibitions on the personal use of employer communications and electronic systems. Thus it may be quite difficult to prove consistent and non-discriminatory enforcement of such policies.

The April 2013 issue of Take 5 was written by David W. Garland, Chair of Epstein Becker Green’s Labor and Employment Steering Committee and a Member of the Firm in the New York and Newark offices.

In it, he summarizes five recent labor and employment actions that employers should consider:

  1. EEOC Releases Letter Addressing Wellness Programs and Reasonable Accommodation Obligations
  2. Paying Interns May Not Be Enough to Stave Off Wage and Hour Claims
  3. House Committee Votes Out Bill Prohibiting NLRB from Acting Without a Quorum
  4. New York City Human Rights Law Expanded to Prohibit “Unemployment” Discrimination
  5. New Jersey May Become the Latest State Law Banning Employers from Requesting Social Media Passwords

 Click here to read the full version on

It is no secret that the National Labor Relations Board (the “Board”) is engaged in a purposeful and partisan attempt to issue rules and decisions that benefit unions, often to the detriment of employers, including attempts by the Board to assert itself into non-union workplaces.    The decisions that the Board has issued over the past few weeks illustrate that this trend is likely to continue during President Obama’s second term.  Indeed, the holiday season has provided unions with additional reason to celebrate as, among other things, the Board has overturned decades of precedent with regard to the law surrounding check-off of union dues following expiration of a collective bargaining agreement and the confidentiality of witness statements.  Here is a summary of several of the Board’s latest pro-union decisions and their potential impact on employers:

1)      Confidentiality of Witness Statements.  For 34 years the Board has recognized witness statements collected by an employer during the course of an internal disciplinary investigation to be privileged and not subject to disclosure to the Union.  But in the recent decision of Piedmont Gardens the Board overturned this bright line rule and replaced it with a balancing test that weighs the union’s need for the information against the employer’s legitimate and substantial confidentiality interests.  This decision may decrease the likelihood that employee witnesses will be willing to participate in investigations, and could prolong and add to the cost of arbitrations as the parties litigate whether witness statements are subject to disclosure.  It is also likely to increase the number of cases that unions will take to arbitration.  We also note that this decision comes on the heels of the Board’s decision limiting an employer’s ability to require employees to keep confidential the contents of an internal investigation.

2)      Union Dues.  In WKYC-TV, Gannet Co. Inc., the Board overturned 50 years of NLRB precedent by ruling that an employer must continue to deduct dues after a collective bargaining agreement has expired.  Previously, if the agreement expired, the employer could cease dues deductions, which served as an important and effective negotiating strategy that forced expeditious bargaining.  Under the new rule, employers are deprived of this bargaining tool.

3)      Social Media.  The Board continues to take an ever broader view as to when employees who comment or engage in discussions concerning their employers and their jobs on Facebook are engaged in concerted, protected activity, even in non-union workplaces.  In Hispanics United of Buffalo, Inc., an employee at a non-union organization threatened to complain to management about her coworkers lack of assistance.  One coworker posted a message on Facebook complaining about this employee and, in her post, asked how her coworkers felt about the complainant.  Four co-workers commented on the post.  The employer subsequently terminated the five employees who posted on Facebook, and they promptly filed an unfair labor practice charge with the Board alleging that they had engaged in concerted protected activity under Section 7 of the National Labor Relations Act.  The Board agreed with the employees and ordered the employer to reinstate them with backpay.

Even where the Board finds that a discharge was lawful and not based on an employee’s protected activity, the social media policy underlying the termination decision may nonetheless be found to be unlawfully broad and violative of the Act.  Such was the Board’s ruling in Knauz Motors, Inc. in which the Board upheld a termination decision, but held that a “courtesy” policy in the company’s employee handbook was unlawfully broad because employees could reasonably construe its broad prohibition against “disrespectful” conduct and “language which injures the reputation of the company” as infringing on employees’ Section 7 rights to engage in concerted activity about their terms and conditions.

4)      Bargaining Over Discretionary Discipline.  In Alan Ritchey, Inc. the Board ruled that an employer whose employees were recently unionized but are not yet covered by a collective bargaining agreement with a grievance and arbitration procedure, must notify the union and offer it the opportunity to bargain before enforcing discretionary discipline on its union represented employees.  This decision does not apply to oral or written warnings for misbehavior, but does apply to changes in workplace policies, discretionary employee suspensions, demotions, and terminations that are made on a case-by-case basis.

5)      Taxes on Backpay Awards.  Under the Board’s recent decision in Latino Express, employers will be required to compensate workers for any additional taxes incurred as a result of their receipt of backpay in a lump sum.  In addition, employers ordered to pay back wages must file a report with the Social Security Administration that allocates the back wages to the years in which they were or would have been earned.  This decision is intended to address a situation in which an employee receives a lump sum backpay award covering more than one calendar year that pushes the worker into a higher tax bracket and results in the worker paying more in income and social security taxes than if the money had been paid as wages in the year(s) in which it was earned.

Each of these decisions will make it more difficult for employers to defeat aggressive union tactics and they increase the arsenal of weapons available to unions seeking to organize and represent workers.  Over the next few years, expect the Board to continue issuing decisions and rules that favor unions.  The Board’s regional offices prevailed 90.1% of unfair labor practice and compliance decisions in 2012.  Accordingly, it is imperative that employers plan for union organizing in advance and train managers on how to avoid committing unfair labor practices in both unionized and non-union settings.

The Board is targeting all employers, not just those who are likely to face a union organizing campaign.  Employees should audit and revise their policies to prepare in advance for the Board’s ramped-up enforcement efforts.

David W. Garland“Take 5: Views You Can Use – April 2012,” written by David W. Garland, a Member of the Firm in Epstein Becker Green’s New York and Newark  Offices, discusses a number of topics relevant to employment in the health care industry.    
 The April 2012 issue covers employer’s requests for Facebook access, a new EEOC publication on the rights of disabled veterans returning to the  civilian workforce,  EEOC’s amended rules governing the defense of disparate impact claims based on age, challenges to the use of unpaid interns, and a recent case regarding the application of  Title VII to the provision of severance benefits.
Click here  to read the April issue of  “Take 5.”