A breach of patient privacy on Twitter

A medical student was attending a clinical genetics clinic as an observer. Patients with rare genetic conditions were being reviewed. Some had physical abnormalities, for example, severe skeletal abnormalities of the hands and feet.

The student was asked to take photographs for the medical records of a patient's extremities by a consultant. Appropriate consent was sought from the patient to allow the photographs to be taken and stored in their notes, and the patient consented to the images being used for teaching purposes within the department.

After the clinic the student uploaded the images from the department camera to the department computer. The images were identified by the patient's identification number, rather than by name.

Whilst the student was still at the computer he emailed the images to himself and tweeted one of them making a comment about the appearance. He did not mention the patient's name but did name the condition she was suffering with the hash tag.

The patient was later informed by a friend, who also had the condition and was part of a worldwide Twitter community for sufferers, that the image had been posted. The friend had recognised the patient's hands due to the deformity and a characteristic ring she was wearing. The patient checked herself and confirmed that the image was of her hands. As the only photograph that had been taken of her hands had been done in the clinic, the patient knew that a member of staff at the hospital must have been the source of the tweet.

The patient made a complaint to the trust that the image had been used without her consent and that she had been identified from it by a third party. This was a breach of her confidentiality and had been done without her express permission.

The trust investigated the incident and identified the student involved. The matter was referred to his medical school and a fitness to practise investigation followed.

With the assistance of an MDU medico-legal adviser, the student explained he had not appreciated that the patient's express consent was needed before the images were used as he had not identified her by name and they were not of her face.

In preparation for the investigation, the student was advised to review the trust's policy on confidentiality and review the GMC's guidance on the use of social media and on using visual recordings of patients. The investigating team were satisfied the student had reflected on his behaviour and had addressed the concerns raised.

Learning points

It is important to remember that patients can be identified by means other than their name or face. Consent should always be sought before using patient images and the patient should be fully aware of what the images may be used for. Twitter has a worldwide audience and using a Twitter account, even if it is anonymous, does not protect you from being identified.

This is a fictional case compiled from actual cases from the MDU's files.

This page was correct at publication on 20/01/2014. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.


Login to comment

Be the first to comment