A dentist discovered that two employees were using the office computer for their personal use. He had been told that they sent e-mails and instant messages to carry on personal “conversations” with friends and family. The doctor found evidence that this was happening during working hours and gave both employees a written reprimand. Each employee claimed the disciplinary action was unfair and demanded the reprimand be removed from their personnel files or they would file a complaint alleging the dentist violated their right to privacy.
Due to the prevalence of computers in dentistry and the high percentage of employees with e-mail and Internet access, this issue is becoming more and more common, and carries with it some liability and risk for the employer.
Considerations
Results from a recent survey conducted by salary.com showed that employees born between 1980 and 1985 actually worked about six hours per eight-hour workday, while those born between 1930 and 1949 actually worked about 7.5 hours per eight-hour workday.
Employees’ use of the Internet for personal reasons accounted for 45 percent of nonwork time. In one case, an employee who was job hunting used the office computer to send out resumes and check responses.
While wasted time is costly, improper use of the Internet also can create legal liability and embarrassment for the employer. For example, just before a hygienist quit, she e-mailed confidential patient information to her home. The doctor found out two months later when several patients sued him for HIPAA violations.
Solutions
Make a habit of monitoring the use of the Internet and e-mail capabilities of the office’s computer/s. Ignorance of violations caused by misuse of the office’s resources is not a defense. Inform employees, as part of your Internet and e-mail policy:
→ The Internet capability is an important practice tool providing valuable information about vendors, customers, competitors, technology, new products and services, training, and much more.
→ Internet access is for business purposes only, and not for personal use. Employees who send, receive, store, browse, or view any material that is discriminatory, harassing, defamatory, or obscene are subject to discipline, up to and including termination.
→ Employees should not expect privacy regarding computer usage. The employer reserves the right to check any and all information stored in the computer, including any possible private correspondence.
→ If given a password, employees are to keep it confidential and use only passwords authorized by the employer.
→ Observe good security practices. Never assume that information sent or received is private. Communication can be intercepted in many ways by unknown individuals.
→ Strictly adhere to HIPAA guidelines relating to confidentiality of electronically transmitted patient information.
→ Be aware most deleted information can be restored.
→ Employees violating the Internet policy are subject to discipline, up to and including discharge. Also, under certain circumstances employees may be subject to civil liability and criminal prosecution.
→ Never open attachments that are not expected or those that contain .exe files.
In addition, a well-written Internet and e-mail policy should include, but not be limited to, prohibiting:
⇒ Unauthorized uploading or downloading
⇒ Unauthorized use of instant messaging, e-mail, Web browsing, and usenet or newsgroups
⇒ Engaging in illegal, fraudulent, or malicious conduct
⇒ Sending, receiving, or storing offensive, obscene, or defamatory material
⇒Sending uninvited e-mail of a personal nature or annoying or harassing others
⇒ Unauthorized monitoring or intercepting of files or electronic communications
⇒Unauthorized access to any computer system and using another individual’s account or authorization code
⇒ Attempting to test, circumvent, or defeat security or auditing systems
⇒Distributing or storing chain letters, jokes, solicitations, offers to buy or sell goods, or other nonbusiness material
Keep informed of any unauthorized use of the computer system. If a violation is found, take immediate disciplinary action (call for our Employee Counseling Memo).
Bent Ericksen is the founder and Tim Twigg is the president of Bent Ericksen and Associates. For more than 25 years, the company has been a leading authority in human resources and personnel issues, helping dentists successfully deal with the ever-changing and complex labor laws. Both authors are members of the Academy of Dental Management Consultants. To receive a complimentary copy of the company’s quarterly newsletter or to learn more, contact them at (800) 679-2760 or at www.bentericksen.com.
