At the most basic level, why any business would want their employees to have access to a time waster is beyond me.
Back in “the day”, when windows was young, there was a time waster included (it still is) called solitaire.
Larger businesses have their IT folks remove solitaire from the computers.
Why? Because it is a time waster.
So, concerned business person…how do you feel about your staff playing solitaire during the work day?
That just doesn’t make much sense, does it?
Hire people to play solitaire?
How different is Facebook from solitaire?
In the time waster category, it may only be different in that people spend more time on Facebook than they do playing solitaire these days.
Time Waster + Virus = $$$
According to BitDefender, a software security firm that produces a Facebook application that helps block malware (malware a broad reference to software with a virus or spyware), 20% of Facebook users are exposed to malware.
What does this mean to you proud business owner?
Again, at the basic level, that means that employees visiting Facebook on office computers increase the probability that your office computer will get a virus or spyware by 20%.
Now add the wasted time of being of Facebook with the cost of having your IT folks clean this computer (and possibly more in the office!).
Time Waster + HIPAA Violation = Bankruptcy?
When we consult with medical businesses, one of the first things we tell the business is DO NOT EMAIL PHI.
“Yes, but what if we have a secure email system?”
That is great, but generally only hospitals have the budget to spend on a secure email system.
Additionally, as a paranoid HIPAA consultant, I don’t like the idea of people being used to sending PHI via email…secure or not.
If sending PHI via email becomes a habit, if it becomes the norm because you have a secure email system, you exponentially increase the probability of somebody accidentally emailing PHI via non-secure email, because…”we do it all the time”.
Add the potential for employees to accidentally post PHI to their Facebook account and you have a real problem.
The fine structure for HIPAA violations gets steeper every year.
Have you noticed the IRS doesn’t seem to care if they run somebody out of business, I’m sure the bureaucrats at HHS couldn’t care less if they run physicians out of business either.
A Written Policy
To do this right, you better have a written employee policy that clearly states which websites are off limits…better yet, that clearly states the few websites they are allowed to visit. Each employee should sign this policy at least once a year.
Without this written policy, you may have no ground to stand on when this policy is violated.