This is the second Pers J RP podcast episode, and the second part of a two part series on using healthcare social media without violating patient privacy or getting fired. If you want to learn more about healthcare social media, check out the first episode in this series published on 31 Aug 2014, or “Healthcare social media and you!“ published on 13 Feb 2012.

Podcast script for “Social media and healthcare privacy laws: 10 tips to avoid a PHIA violation or getting fired (part 2 of 2)”
Patient Vignettes (Continued)
6. Context matters
Who, what, when, where, why, and sometimes how. Those are basic information-gathering questions that everyone learns in elementary school. The answers to those basic questions can tell a complete story. However, it is important to note that if someone gets the answers to a few of those questions, they can probably piece together enough of the story to guess the answers to the rest, including the all-important “WHO?” That is why the context surrounding your posts matter.
Sometimes people say that obeying PHIA is as easy as omitting a patient’s name, but that’s certainly not good enough to protect your job. Consider the case of Katie Duke, a nurse who was featured on NY Med, a serialized documentary about the staff and patients at New York—Presbyterian Hospital. Duke posted a photo on Instagram of an empty trauma room that had been used to treat a patient who had suffered severe trauma. Let’s see how many questions we can answer with her Instagram post: We can answer “what,” which would be “severe trauma following an accident (her actual description was more detailed, check out the link to the New York Post article for more information)”; we can answer “when” using the timestamp on the post; and we can answer “where” because Duke’s workplace is well-known.
I should also point out that this is a clear violation of tip #5: The patient would definitely be able to identify themselves from her post.
Now, this could lead to an interesting academic debate about whether or not Duke violated privacy laws, but I must point out that Duke was not fired for violating HIPAA, the US version of PHIA. That would be sort of awkward, because Duke is being followed by a camera crew for the NY Med documentary series. She was fired for being insensitive, which is sort of related to tip #2. She wasn’t venting online, but the tone of her post was a little too morbid for her hospital’s administration to bear.
Anyways, my point is this: Before you discuss a patient, or post a status or photo, ask yourself if you’re inadvertently answering too many of “who, what, when, where, why, and how?”
7. Don’t write about your patients
You’re working in a hospital, and you’ve just witnessed an adverse event. Later on, you consider writing a blog post describing that adverse event, the harm that was caused, the lessons learned, and the changes that were undertaken to prevent that event from occurring again. You don’t name the patient or the hospital in your post, but you’ve got an about page (and a Facebook profile and a LinkedIn profile and a Twitter account) that clearly identifies you and the hospital you work at.
This is the scenario posed in a