Like so many of the other issues discussed each month in this column, business ethics at the employee level is best served by solid recruiting and interviewing practices. A predisposition toward ethical behavior - as a character trait - is highly desirable among employees. With good people who want to do the “right thing,” business ethics becomes a matter of establishing boundaries and clearly communicating them. Most companies assume they have ethical people in place and operate accordingly, unless or until circumstances prove that assumption wrong. And, in all cases, ethical breaches are dealt with swiftly. The key is to be clear in policy statements and make certain that your employees know that the company is 100% committed to ethical operation. It's tough to demand ethical behavior from employees if the company is unethical - or “gray” in any way - regarding integrity in its overall operation.
Your ethics standard should be clearly written and thoroughly communicated, including a definition of the risks of unethical behavior and identification of training requirements. It should help employees define issues involving ethics using real-life examples in training. Provide them with the tools to handle these issues. When faced with an ethical dilemma, the employee should consider:
- Is this action legal?
- Does it comply with our standard of conduct?
- If you think it is wrong, don't do it!
- How would it look in the newspaper or on “60 Minutes”?
- If you are not sure, ask!
- Follow up to ensure compliance.
Discipline for ethical deviations should be clearly established in your policy and consistently administered. Remember: Errors in judgment can occur, but “ethical flexibility” is another matter entirely - assess ethical breaches carefully!
With respect to privacy issues, in particular those involving employee health and health care, very specific requirements have been established for businesses. In April 2003, the HIPAA laws went into effect. HIPAA (Health Insurance Portability and Accountability Act) prevents employers from receiving Protected Health Information. All medical records must be kept in a file that is separate from the personnel file and only authorized “privacy officers” may have access to that information. The Privacy Rule prevents covered employers from receiving Protected Health Information (PHI) unless it is related to providing and paying for health care. All wholesale distributors are encouraged to ascertain whether their business is covered by the Privacy Rule and take all appropriate actions.
Sidebar: Best PracticesEach month, we'll provide proven Best Practices. Readers are encouraged to send along any successful approaches they may be using in managing employees. We will feature the best of them in upcoming columns.
10. Establish a standard of ethical behavior; train all employees.
Assuming that all employees want to do the “right” thing, employers should establish and communicate the company's standard for ethical behavior. It's important that the standard first clearly identify the company's position on ethical operation of the business. That way, you are not applying a different set of rules to the employees than the overall operation. In effect, you're demanding consistency between the business and each individual employee.
Ethics covers the appropriate and inappropriate actions related to:
- Equal employment
- Substance abuse
- Health and safety
- Political involvement
- E-mail and the Internet
- Disciplinary action programs
11. Establish and follow all appropriate privacy standards.
It's important to maintain the proper separation between an employee's personal life and his or her source of employment. The things that an employee chooses to share with his peers and supervisors are clearly a personal decision. Whether a business is covered by HIPAA (Health Insurance Portability and Accountability Act) is certainly worth knowing and responding to appropriately. But, in actuality, every business has a moral responsibility to its employees to hold confidential matters confidential. Appropriate privacy standards and policies should be put into place and closely managed.