Question: An on-call ophthalmologist used a personal cell phone to document a patient’s facial wound involving the medial canthus after a motor vehicle accident. Seeking advice for closing this complicated wound, the ophthalmologist sent patient photos, including close-ups of the lacrimal area, to an oculofacial colleague for a second opinion. Later that evening, his daughter was playing with the phone and uploaded the “super gross” photos to Facebook to share with her friends. Without a doubt, allowing the daughter access to these photos on his phone was a mistake, but is the request for a colleague’s opinion in the manner noted problematic?
Answer: Depending on how much of the patient’s face was revealed in the photographs and whether any other identifying information was available to the recipients, both instances could be considered a breach of confidentiality. Even if you do not include the patient’s name, any information that allows others in the community to identify the patient is too much. Examples include sex, age, dates, location, time-frame, unique identifying numbers, and sometimes even the diagnosis. It could be considered an unauthorized disclosure, or breach, of personal health informant (PHI).
It is common for health care providers to communicate with patients and colleagues using mobile devices or to access/relay PHI to others using mobile devices. The unauthorized disclosure of PHI is a big risk when using such devices because they are portable, unlikely to be password protected or encrypted, and likely to connect with Wi-Fi (further risking interception), and they can be easily lost or stolen.
Physicians should approach social media, email and text messages in the same way they approach conversations in hospital elevators: Don’t discuss confidential patient information in a public setting, whether physical or virtual.
When using social media, those who post information should safeguard confidential health information consistent with the law. For more information, see Code of Ethics. To submit a question, contact the Ethics Committee at firstname.lastname@example.org.