8
Emily, a 20-year-old nursing student, wasn’t aware
of the potential repercussions that could occur
when she took a photo of Tommy, a 3-year-old
leukemia patient in a pediatric unit, on her personal
cell phone. When Tommy’s mom went to the cafe-
teria, Emily asked him if she could take his picture,
and Tommy immediately said yes. Emily took his
picture as she wheeled him into his room. She
posted Tommy’s photo on her Facebook page with
this caption: “This is my 3-year-old leukemia
patient who is bravely receiving chemotherapy!
He is the reason I am so proud to be a nurse!”
In the photo, Room 324 of the pediatric unit was
visible. Days later, the dean of the nursing program
called Emily into her office. A nurse from the
hospital found the photo Emily posted of Tommy
on Facebook and reported it to hospital officials
who also contacted Emily’s nursing program.
While Emily never intended to breach the patient’s confiden-
tiality, the hospital faced a HIPAA violation. From Emily’s
post, people were able to identify Tommy as a cancer patient
and the hospital where he was receiving treatment. School
officials expelled Emily from the nursing program for
breaching patient confidentiality and HIPAA violations.
The nursing program was also barred from using the pedi-
atric unit for their students. Emily’s innocent, yet
inappropriate, action of posting a patient’s photo had
repercussions for her, the nursing program and the hospital.
But what if Emily removed the photo hours later? If it’s taken
down, no harm, no foul, right? No. Anything that exists on a
server is there forever and could be retrieved later, even after
deletion; therefore, it would still be discoverable in a court
of law. Further, someone could have taken a screenshot
of her Facebook page and posted it on a public website.
Patient information and photos should never be posted on
social media websites. Even after being deleted, the photo
is still on a server and possibly posted somewhere else on
the Internet.