The Privacy and Security Issues in Healthcare

In the given case, the privacy and security issues arose because the nurse posted content on social media that contained details about patients and negatively commented on them. In particular, the nurse disclosed information about the patient’s weight and health condition, which may be considered a privacy breach. The manner in which the data were disclosed was not only unprofessional but also unethical as the healthcare worker judged patients and complained of their behavior and even weight. The nurse used discriminatory language and expressed a negative opinion about patients and the healthcare personnel. The patient’s information posted on the website was identifiable, which means that the nurse was required to obtain the patient’s consent before sharing it. The posting of unprofessional content, causing damage to the personal image, and the violation of personal-professional boundaries may expose not only the nurse but also the healthcare organization in which he or she works to liability under state privacy laws (Ventola, 2014). Thus, it is recommended that healthcare workers use social media only if they want to educate or interact with patients, provide important health information to the community, or promote healthy behaviors.

It is a must for healthcare workers to share patient information responsibly, especially in the light of privacy and security concerns associated with the proliferation of IT in healthcare. Before including patient information on the poster, a nurse educator has to obtain patient consent. Sharing the patient’s photographs may be a violation of patient privacy and confidentiality. However, in this case, it is unclear if the medical photograph used by the nurse is deidentifiable or identifiable. This difference is important as these two types of patient information should be handled differently. The rules and requirements of the Health Insurance Portability and Accountability Act are not applicable to deidentifiable photographs. In case the nurse has removed the main identifiers so that there is a small risk that a potential recipient could identify individual, no privacy breach has occurred. However, if the patient can be identified from the photograph, the nurse educator should be held liable for violating the patient’s right to confidentiality and privacy. Even though the nurse uses the photos for educational purposes, he or she has to obtain written consent from the patient to include them in the poster.

In this case, privacy and security issues are directly related to the rights of the hospital to share personal health information with the facility. Both the hospital to which Marcus was admitted and the long-term care facility have an authority to collect, store, and disclose patient health information on behalf of patients. This means that being empowered health information custodians, the hospital and the long-term care facility can assume that they have the patient’s informed consent in order to share their personal information. The hospital has to provide an update regarding Marcus’s status to the charge nurse at the facility because the purpose is to deliver high-quality care to the patient. Since Marcus is expected to return to the facility, it is important that this healthcare organization should receive all the needed information about this patient for his further treatment. However, it is worth mentioning that if Marcus requested not to disclose his personal information to the long-term facility, the hospital must follow the patient’s instructions.


Ventola, C. (2014). Social media and health care professionals: Benefits, risks, and best practices. P&T, 39(7), 491-499.

Find out your order's cost