In recent years companies, including hospitals, have found a powerful tool in social media. But some have also experienced the legal consequences when something goes wrong. Naval Hospital Jacksonville in Florida, where viral images of newborn babies being mishandled by staff recently originated, may be the latest example.

Such inappropriate conduct, hastened by the prolific use of smartphones and ease of data sharing, can expose hospitals to a number of legal causes of action, experts say. But the risks can be mitigated, they added, by planning ahead and training employees.

Last week, a photo—shared 185,000 times on Facebook—showed a hospital staff member raising a middle finger to a baby. “How I currently feel about these mini Satans,” read the photo's caption. In an online video, another staff member is seen moving a baby to make it look like the child is dancing to rap music.

“We are aware of a video/photo posted online,” the hospital said in a statement. “It's outrageous, unacceptable, incredibly unprofessional and cannot be tolerated. We have identified the staff members involved. They have been removed from patient care and they will be handled by the legal system and military justice.”

Such actions by employees could result, most commonly, in invasion of privacy or intentional infliction of emotional distress lawsuits against the hospitals, said Kristin Michaels, a labor and employment litigation partner at McDermott Will & Emery. In the Jacksonville hospital case, a battery claim could also be brought if the child were handled in a potentially harmful way, she added.

A California anesthesiologist's decision in 2011 to decorate an unconscious patient's face with stickers, a cellphone photo of which was taken by a nurse's aide and spread online, prompted a lawsuit against the hospital and doctor for alleged breach of medical privacy. The plaintiff dismissed the suit in 2014, according to an online docket report of the case.

To help prevent such instances, all health care providers should have a policy that spells out the appropriate use of social media in the workplace, making clear, among other things, that patient privacy and confidentiality must be maintained and that social media cannot be used to harass either patients or employees, Michaels said.

While the company's general counsel should have a hand in developing such a policy, other departments, including human resources, compliance, risk management and information technology, should also be involved, said Jo-Ellyn Sakowitz Klein, senior counsel who focuses on privacy and data security matters at Akin Gump Strauss Hauer & Feld.

Klein said that policies should be developed after a risk assessment that considers not just the legal but the business and public relations risks associated with that particular type of facility's social media use, adding that the analysis should also include consideration of social media-related problems the company has already experienced. There is no “one-size-fits-all” social media policy in the health care space, she said.

“It's really important for everyone to remember that social norms of decency must continue to apply in the online context, as applicable laws certainly do,” Klein said.

Having a policy in place is not enough, though, Michaels said. Companies are well-advised to redistribute the policy and have employees acknowledge receipt on an annual basis, she added.

Contact Kristen Rasmussen at [email protected].