ADVERTISEMENT
Dangers of a Wireless World
It's a regular day at Homeland EMS. In the conference room, the president, treasurer and operations director are meeting about the recent loss of several good nursing home and hospital contracts.
In the human resources offices, a clerk is processing accounts receivable. From time to time she stops, picks up her BlackBerry and makes an entry. A coworker silently thinks the clerk spends too much time reading e-mails on her wireless device, but doesn't say anything.
The employee with the BlackBerry decides to work during lunch. She plugs her device into a port in her desktop computer, pulls up a file and sends it, via the BlackBerry, across town to the HR director of the new EMS transfer service that's been picking off Homeland's best clients (and also seems to be hiring away some of its best employees).
In another office, a male supervisor is berating a female medic over her documentation. He tells her she's within an inch of losing her job, but he can save it if she'll go out with him. He subtly touches her knee. She bends over slightly so the camera hidden in a pen in her pocket will catch his movement.
Meanwhile, in the locker room, unknown to employees, the company has installed a hidden camera to catch anyone stealing or using drugs. The company has never advised its employees that they're subject to surveillance.
In the squad bay, two medics are watching a porn movie on a cell phone. They have to be paged three times before acknowledging a call for difficulty breathing. Later, during the call, one of the medics interrupts care three times to read and answer e-mails on his cell phone.
Electronic devices are pervasive in our lives. We use them at work and at home, for job functions and entertainment. Wireless computer networks, personal digital assistants (PDAs) like the BlackBerry, cellular phones with cameras, Internet and e-mail capabilities, and microcameras and voice recorders that can be concealed in a wide variety of ways all find their way into the workplace.
Although they may interfere with work, most uses of wireless Internet and cellular devices are benign. However, when they're used with bad motives, such devices can enable an employee to do great damage to a company.
Cyber Spying
A company's employees and contractual relations are its greatest assets and the essence of its business. Yet these assets can be looted or devalued when an employee is dishonest. An employee with access to proprietary secrets and a will for betrayal can funnel essential information about contracts and employees to a competitor with a few simple strokes of a computer's keyboard or through a peripheral device.
Employers have varying degrees of protection built into their systems, and while health information is encrypted, other programs on their computers or networks may not be. Even passwords may not prevent disloyal employees from disclosing information to which they have access.
A recent federal lawsuit illustrates how this can be done. In Shurgard Storage Centers vs. Safeguard Self Storage,1 an employee of one company (Shurgard) was contacted about employment by a rival company (Safeguard). The Shurgard employee apparently became an agent for Safeguard and, over a period of time, systematically provided Safeguard with information about Shurgard's employees, enabling Shurgard to recruit them. Shurgard sued both the renegade employee and Safeguard. A federal court ruled it had a claim against both of them.
Two federal statutes, the Computer Fraud and Abuse Act2 and the Economic Espionage Act of 1996,3 are designed to protect companies from fraudulent acts of an employee or competitor. The Economic Espionage Act deals with trade secrets, and while most EMS companies may not have trade secrets that can be protected, it can be argued that a company's customer lists, contractual agreements and employee information might be protected under this act.
Protected Records
The development of new technologies has brought a new dimension to information flow. Before computers and wireless devices proliferated, information was written on paper and kept in file cabinets.
Now, information is increasingly kept in electronic space, and transmitted thousands of times faster than it could be before. Great amounts of information can be stored in small spaces and retrieved in many ways. For example, it is now possible for a medic to record a call in both audio and video on his cellular phone and send that information to a third party either in real time or later.
When used correctly, such record-keeping methods are not only innovative but offer the possibility of giving receiving physicians a video record of the patient's condition and the interventions done during a call. If they're misused, however, they could represent a serious violation of HIPAA4 and subject both the employee and his company to civil and criminal penalties. A full discussion of HIPAA is beyond the scope of this article, but keep in mind that any scene photographs and recordings taken by medical caregivers will become a part of the patient's medical record and subject to HIPAA rules.
On the other hand, events that take place in public, where anyone passing by can observe them, are not protected, and photos and videos of these events can be made freely. A good example is the tape of the Rodney King beating. The difference in whether an audio or video record of a medical event is covered by HIPAA is governed entirely by who made the recording. If a recording is made by a healthcare provider attending to a patient, it is part of the patient's medical record and hence protected.
Employers who use wireless networks must take appropriate security measures to keep data from being intercepted. PDAs, personal notebook computers and perhaps even cellular phones carry the potential of hacking into wireless networks and extracting information.
Recording Meetings and Conversations
An increasing number of employees are recording meetings with management, either with small, unobtrusive recording machines or cellular phones. This practice may or may not be against the law, depending upon the state where the recording is made.
Some states permit people to record conversations in which they're engaged without telling the other person. These are called "one-party states." Others require anyone recording a conversation to inform the other party and obtain their permission first. These are called "two-party states." These rules generally apply both to recordings of telephone conversations and face-to-face conversations and meetings.
In one-party states, unless there's a specific prohibition against making a recording, it's not a violation of the law to do it. The same rules apply to meetings and seminars, except that seminar presenters often prohibit recordings of their presentations because they intend to sell videos or tapes of them themselves. Such prohibitions usually don't have the force of law, but someone wishing to record a presentation might be denied access to it unless they give up their recording device.
In two-party states, continuing to record without approval or after being advised that it's prohibited might constitute a law violation. Anyone wishing to make recordings should know the legal requirements in his jurisdiction.
Copyright laws generally won't come into play when recording a seminar or meeting strictly for personal use; however, any reproduction for sale can run afoul of them. Copyright law is complex. Before duplicating any copyrighted material, check with someone knowledgeable to determine the legality of what you want to do.
It is always illegal to record any private conversation in which the person recording is not a party. This is wiretapping, and it is both a state and federal crime. Such eavesdropping can only be done under court order or under extraordinary circumstances involving national security.
There are several issues confronting an employer who wants to place surveillance devices in the workplace. The first is the existence of policies governing such surveillance. Employees who know about surveillance and consent to it do not generally have a complaint about it unless the surveillance invades their privacy in such a way as to violate another law.
The expectation of privacy is a key factor in determining whether surveillance is proper. In a squad room or supply area, for instance, there's no reasonable expectation of privacy. On the other hand, a surveillance camera placed in a women's rest room might well violate the law even if employees are told about it. It could be viewed as creating a hostile workplace under sexual harassment laws.
Employers wishing to monitor employees' behaviors through hidden cameras should consult legal counsel prior to doing so. They should have clear and well-known policies for such monitoring in place, and be able to prove that employees are aware of them.
The Pen Has Eyes
In the opening scenario, an employee is subjected to sexual harassment by her supervisor. Such conduct is difficult to prove-it's often a case of "he said/she said." Where it's permitted by law, many employment lawyers advise their clients to record such conversations with harassing individuals. These recordings can have a devastating effect when presented in court.
Camera phones can be positioned to capture conversations or confrontations. There are also miniature "spy" cameras available on the Web. One of these, like the one described in the scenario, is shaped like a pen. Others are disguised as pagers, buttons and other items.
Most lawyers will advise their clients never to say or do anything they don't want recorded and played back in court. In today's wireless world, that's good advice. employee use of wireless devices Employees frequently use cell phones, laptop computers, personal pagers and PDAs at work. There are legitimate reasons for this, including communicating with children and other family members during long shifts. However, some employees may use such devices for inappropriate activities.
For this reason, some employers have banned the use of personal wireless devices by employees at work. Such rules should always be supported by clear, written policies that are fully known, understood and agreed to by each employee. Exceptions can be made for personal and family emergencies.
All The Caller Says
Another way voice recordings can be used either for or against a service is through recorded 9-1-1 calls and dispatch tapes. These often constitute a valuable record that shows adherence to standards or deviation from them.
In one case in which medics dispatched to a call were unable to locate the patient, dispatch tapes helped absolve them of negligence. In another, dispatch tapes of the original 9-1-1 call showed that the caller advised the call-taker that the patient had been knocked unconscious, but this information was never conveyed to the responding crew. The crew didn't realize the patient had sustained a head injury, and he refused treatment and transport, developed an intracranial hemorrhage, and suffered permanent injury. The dispatch tapes were later used to the plaintiff's advantage in his lawsuit against the EMS provider.
Pay close attention to dispatching practices to ensure that proper procedures are followed. It's easy for dispatchers to forget that everything said on the telephone and radio is preserved. Dispatch protocols should ensure that correct information is recorded in every case.
Missing The E-mail
It is now common for management to convey information to employees through e-mails. This is a quick and inexpensive way to spread information, but does it carry the same legal weight a letter would?
This question was addressed in a recent case decided by the U.S. First Circuit Court of Appeals involving a company changing a material portion of its employment policy and notifying its employees of the change by e-mail.5 This e-mail contained neither any sort of eye-catching title nor a notice that it was announcing a critical change in policy that would substantially affect employees' rights. It also failed to require an acknowledgment of receipt and agreement. Instead, it contained an attachment which, if read, stated that continued employment would be taken as consent to and agreement to be bound by the policy.
An employee was later fired for violating the changed policy and appealed his termination to the courts, arguing that he was never given proper notice of the change. Both the trial and appeals courts agreed. One of the things the appeals court pointed out was that the mere fact that a company maintains a policy and procedures manual does not necessarily make its provisions binding upon employees. Therefore, it is of the utmost importance that employees be oriented to policies and procedures and that they contractually assent, in some provable way, to be bound by them.
There is nothing wrong with using electronic means to notify employees of a policy change, so long as the employee is required to acknowledge receipt, understanding and consent to be bound by the change.
Clear, Firm And Fair
How can employers and employees continue to use the expanding capabilities of wireless communications without violating confidences and running afoul of the law? Wireless devices aren't going away, and although some employers have taken the step of banning cell phones with cameras from the workplace or even banning cell phones entirely, it is doubtful that such bans are workable. Employees routinely use their cell phones, PDAs and personal notebook computers at work for both legitimate purposes (keeping up with their children, continuing education, communicating about professional issues) and for personal entertainment.
Of course it is incumbent upon EMS providers to use their wireless equipment responsibly. Misuse can result in job loss, violations of HIPAA and perhaps other legal sanctions. It is incumbent upon employers to implement limits on the ability of unauthorized persons to access data, and to be sure that authorized personnel are using data responsibly.
Every employer should have simple, clear written policies on the use of wireless electronic devices in the workplace. These policies should take into consideration the legitimate needs of employees to communicate with their families and others during long shifts.
Policies and procedures should be presented to each employee at a face-to-face meeting, if possible, and the employee given a chance to ask questions. Then they should sign an acknowledgment that they have been oriented to the policies, understand them and agree to abide by them.
Clear, firm and fair policies that define the boundaries for use of wireless devices may stave off mistakes, hard feelings and situations that lead to privacy violations or litigation. Add to that fair employment practices, sensitivity to employees' grievances and unwillingness to tolerate inappropriate behavior by one employee toward another.
As competition becomes greater, every provider must be vigilant and protective of its proprietary information. Measures to counter cyber-mischief can be costly, but so can leaks.
Wireless and other sophisticated data-manipulation devices are here to stay. The wise employer will become thoroughly familiar with the sorts of gear that make it vulnerable to spying and take measured steps to prevent it.
References
- Shurgard Storage Centers vs. Safeguard Self Storage, 119 F. Supp. 2nd, 1121 (W.D. Washington), 2000.
- Computer Fraud and Abuse Act, 18 USC 1030.
- Economic Espionage Act of 1996, 18 USC 1831.
- The Health Insurance Portability and Accountability Act of 1996, P. L. 104-191, 104th Congress.
- Campbell vs. General Dynamics, et al. No. 04-1828, U.S. Court of Appeals for the First Circuit, decided May 23, 2005.
William E. "Gene" Gandy is an EMS educator living in Albany, TX. A former practicing lawyer, he now concentrates on writing, teaching and expert witness testimony. He has been a paramedic for 25 years and has recently written chapters on legal aspects of airway management for two paramedic texts. Contact him at wegandy@aol.com.
