Protecting Patient Privacy on Social Media


Patient privacy is among the key concerns in healthcare. According to the National Council of State Boards of Nursing (2018), nurses’ use of social media poses a threat of disclosure of protected information. Privacy breaches have significant consequences for both institutions and staff. Hence, nurses must avoid publishing any information about patients on social media. Reviewing recent cases where a privacy breach occurs helps to improve policies and prevent similar occurrences in the future.


Recently, a nearby hospital experienced a privacy breach because a nurse posted about her patient on Facebook. The patient was suspected of having measles, and the nurse used his medical information to post on an anti-vaxxers page. Although no identifying information, such as name, age, or address, was given, the nurses’ name, job, and workplace were visible on her profile. As a result, the information shared by the nurse could be used to identify the patient, and thus constituted a privacy violation.


As explained by the NCSBN (2012), cases of privacy breaches have critical consequences for medical institutions. The nurse was fired immediately upon finding out about the breach. Moreover, the hospital could have faced a lawsuit from state authorities and the patient’s family. Patient privacy lawsuits cause substantial financial and reputational damage. The incident also showed organizational culture, which should focus on patient privacy protection. Thus, preventive policies were created to avoid similar incidents.

HIPAA Rules on Social Media

The key legal document-governing nurses’ use of social media is the Health Insurance Portability and Accountability Act of 1996. Although the Act was signed into force years before social media became popular, it provides general principles for maintaining patient privacy and confidentiality. Information protected under HIPAA includes patients’ medical history, demographic characteristics, test results, insurance information, name, address, and other data. Patients disclose this information to health providers because they trust us to preserve their privacy. Thus, protected information should not be disclosed on social media under any circumstances.

This rule also includes images and videos of patients. Under the recommendations provided by the HIPAA Journal (2018a), all employees are required to complete training on safe social media use, and institutions must have appropriate controls in place to avoid breaches.

Updates to Institutional Policies

Although the incident occurred in a different institution, our policies were also updated to reflect the threat. From this day forward, employees are not permitted to share protected information on social media. Employees are also forbidden from using social media during their shift, except for lunchtime. In case a privacy breach happens, the responsible employee will be fired on the spot. All staff should complete additional training on HIPAA rules and social media used by October 31, 2019. To help in identifying threatening activity, the staff should report suspected breaches to the management immediately.


To conclude, maintaining patient privacy and confidentiality is essential for achieving full legal compliance. Since privacy breaches impair patients’ trust, strict regulations can also contribute to relationships between patients and care providers and improve the quality of care provided. The case discussed here represented a violation of HIPAA and showed that social media is a high-risk environment when it comes to patient privacy. Hence, the staff should use social media with caution and in accordance with new institutional policies. Compliance in this area will help to protect patient privacy and confidentiality.

Find out your order's cost