Skip navigation

When social media use breaches service user confidentiality

Social media case study


Desmond is a radiographer. He has recently started using Facebook whilst at work. Primarily he has been posting photos of himself and his colleagues on duty in a clinical setting, but in some instances he has posted about particular patient injuries and occasionally shared photos of their x-rays.

These posts do not show the face of the patient but there is otherwise no attempt to hide their identity. A number of the posts contain confidential patient information, despite this not being the focus of the images.

Typically this is in the background of the photo, but sometimes includes their names and / or date of birth. His posts are also geo-tagged, meaning they identify the location in which they were taken (in this instance the hospital in which Desmond works).

Desmond believes he is only sharing these images with his friends on Facebook, and does not believe they pose a risk to his patients’ confidentiality. However Desmond’s Facebook privacy settings are set to public, meaning all his posts are publically available.

Therefore a member of the public who sees a post and is aware of a patient being treated at Desmond’s place of work could identify the patient from his posts.

Eventually a mutual friend of Desmond’s – Ben - sees one of Desmond’s posts of an x-ray and believes that this might be of one of his co-workers. Ben tags this co-worker in a comment, asking if the x-ray is his.

The co-worker sees the post is of him, and considers this to be a breach of his confidentiality. The nature of the injury was something he wanted to keep private, and instead had been now seen by a number of his colleagues. He makes a formal complaint to HCPC.

Despite no intention on Desmond’s part to breach patient confidentiality, HCPC are concerned about the inappropriate nature of his posts and open an investigation.

Learning material
Case study
Tudalen wedi'i diweddaru ymlaen: 24/03/2021