Social media slip

A foundation doctor had just completed a difficult shift in which she'd treated a trans rights activist who had been attacked on the way home from college and left with cuts and bruises.

That evening, the doctor took to social media to express her anger at what had happened. She described the patient as a trans campaigner and mentioned their injuries. The doctor’s post was widely shared and she eventually received an angry call from her educational supervisor to say she’d breached patient confidentiality. 

The doctor was confused because she’d not named the patient and called the MDU for advice. 

What happened next

The medico-legal adviser explained that most confidentiality breaches are actually unintentional, such as a doctor discussing a patient where they might be overheard. In the case of social media, the risk was magnified because a post might be seen by more people who could piece together snippets of information and potentially identify the patient. In fact, even disclosing that someone was a patient is a breach of confidentiality. 

The doctor concluded she’d behaved thoughtlessly and wanted to make amends. On MDU advice, she arranged a meeting with her educational supervisor and with their support, approached the hospital’s data protection lead to notify this as a breach of patient data. She was given a verbal warning and it was agreed she should write a letter of apology to the patient saying she had deleted her posts and was undergoing additional training in patient confidentiality. The patient accepted her apology and did not pursue the matter.

The doctor also reflected on her experience and what she’d learned about the risks of including identifiable details in a social media post.

The trust reported the incident to the ICO within 72 hours and explained how it had been managed. No further action was taken. The hospital later issued a reminder to all staff about its social media policy.

Take home messages

  • Protect patient confidentiality online – never discuss individual patients on public social media and remember that even private groups may not be secure or confidential.  
  • Report patient data breaches immediately to the local data protection lead.
  • Keep in mind your ethical responsibilities when using social media – be respectful, maintain professional boundaries and don’t undermine public trust.
  • Try to reflect on mistakes and learn from them.

This page was correct at publication on 13/05/2021. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.