Here is a new example of where having a comprehensive social media policy will come in handy for minimizing risks and associated legal costs. It involves an employee who left an Internet company and took a Twitter account being used for business purposes. This includes all of the followers that had been built-up over his tenure -- who are now receiving tweets from a competitor business. So now, there is a lawsuit over ownership and value of the followers.
Having a policy that clearly stated that the account was the property of the business and implementing appropriate steps to secure the account at the time of the employee's departure would have saved much grief for both parties. For those who have authority to engage on the healthcare organization's social media channels, changing passwords to secure the account should occur at the same time you are collecting ID badges, keys and other property.
I've been hearing a push for have simple one page social media policies and I agree that a concise policy is best. However, I fear some healthcare organizations will eliminate important details in an effort to keep the policy short. It all comes down to negotiating the language with risk management and legal advisers.