We are modernizing the Good Practices Guide. Learn more

Privacy and confidentiality

Protecting patient information


  • Social networking sites are public spaces.

Case: Posting patient information
Close-up of female hand on keyboard


Sasha is a second year medical student who takes photographs during the resuscitation of a trauma patient. She plans to share the experience with her colleagues.

That night Sasha uploads the photos to Facebook. Concerned about protecting the patient's confidentiality, she limits showing her photos only to the "friends" in the Facebook group dedicated to her class.

The next day, she is called to speak with the Chief of Emergency.

Think about it

  • How could the photos be a concern given the care that Sasha took to ensure they were shared only with her classmates?
  • What other information should you be careful about posting on social media websites?

Lessons learned

Discussions on social networking or even professional websites may constitute a breach of privacy and violate a patient's expectation of confidentiality.

Collage of social networking sites symbols

Social networking websites such as Facebook and Twitter, teaching sites run by medical schools (e.g. study groups), and professional sites run by associations and societies are all public spaces. Password protection on such sites may give users a false sense of security that they're in an exclusive environment.

When you have a challenging medical problem you may want to pose questions or share experiences with your online friends. Because clinical challenges may be related to an unusual medical condition or the social circumstances of the patient, mentioning the condition or other details may inadvertently identify the patient, even if his or her name is not stated.

Your online friends may find the issues equally interesting and forward the information to their friends, who are not known to you. Once even a single online friend receives information, that information is no longer within your control and you cannot prevent it from being circulated rapidly and indiscriminately.

Most user agreements governing these websites state that the website owners cannot control how information circulates and to whom, and take no responsibility for its spread.

Some medical regulatory authorities (Colleges)
Regulatory authority, professional:  Licensing body for a profession.
Provincial/territorial medical regulatory authority (College)
Body that regulates the practice of medicine in each province or territory to ensure the public receives quality medical care from physicians. The responsibilities include:
- Issuance of certificates of registration to allow the practice of medicine,
- Maintenance of standards of practice,
- Investigation of complaints against physicians, and
- Remedial education or discipline for those guilty of professional misconduct or incompetence.
The medical profession is self-regulating in Canada. Each authority has an investigative process and committee structure to make decisions on different issues and complaints.
 specifically prohibit the use of social media for matters related to patient care.