Social media slip

A foundation doctor had just completed a difficult shift in which he'd treated a trans rights activist who had been attacked on the way home from college and left with cuts and bruises.

That evening, the doctor took to social media to express his anger at what had happened. He described the patient as a trans campaigner and mentioned their injuries. The doctor’s post was widely shared and he eventually received an angry call from his educational supervisor to say he’d breached patient confidentiality. 

The doctor was confused because he’d not named the patient and called the MDU for advice. 

What happened next

The medico-legal adviser explained that most confidentiality breaches are actually unintentional, such as a doctor discussing a patient where they might be overheard. In the case of social media, the risk was magnified because a post might be seen by more people who could piece together snippets of information and potentially identify the patient (see the GMC's guidance, 'Using social media as a medial professional', paragraph 19). In fact, even disclosing that someone was a patient is a breach of confidentiality. 

The doctor concluded he’d behaved thoughtlessly and wanted to make amends. On MDU advice, he arranged a meeting with his educational supervisor and with their support, approached the hospital’s data protection lead to notify this as a breach of patient data.

He was given a verbal warning and it was agreed he should write a letter of apology to the patient saying he had deleted the post and was undergoing additional training in patient confidentiality. The patient accepted his apology and did not pursue the matter.

The doctor also reflected on his experience and what he’d learned about the risks of including identifiable details in a social media post.

The trust reported the incident to the ICO within 72 hours and explained how it had been managed. No further action was taken. The hospital later issued a reminder to all staff about its social media policy.

Key messages

  • Protect patient confidentiality online. Never discuss individual patients on public social media and remember that even private groups may not be secure or confidential.  
  • Report patient data breaches immediately to the local data protection lead.
  • Keep in mind your ethical responsibilities when using social media. Be respectful, maintain professional boundaries and don’t undermine public trust.
  • Try to reflect on mistakes and learn from them.

This page was correct at publication on 30/01/2024. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.