The dangers of using medical images on social media

Once you have shared, you can't take them back

Published: 13 July 2020 The dangers of using medical images on social media

There are a number of factors to be considered when thinking about using images on social media (SoME), such as SCoR guidance, the General Data Protection Regulations (GDPR), as well as HCPC guidance, and local policy.

The HCPC guidance suggests that, “When you post information about another person on social media, think about whether it is appropriate to share that information.

"If the information could allow a service user to be identified, you must not put it on a site without their permission.

"This information could include details about their personal life, health or circumstances, or images relating to their care.”

The HCPC provides an example of uploading a radiograph on social media, to highlight the potential to breach patient confidentiality. The SCoR guidance showcases the many positive aspects of using SoMe, in addition to acknowledging the responsibility radiographers have for protecting the reputation of the profession (SCoR 2015).  

The RCR have published guidance on the use of patient images for teaching and research, offering advice on using de-identified images for teaching.

They suggest that images which have been fully anonymised can be used in research and education “without explicit consent”. This does mean that care is needed to ensure that the images are properly anonymised. Using the crop facility in Word or PowerPoint is not sufficient, as the data can be uncropped.

In many cases, if you are using the images for teaching and learning via SoMe they are likely to be unusual, in which case they could be identifiable back to a patient (RCR), particularly if your social media accounts have information about your role, geographical location, or workplace.

Advice from the Royal College of General Practitioners (RCGP) Social Media Highway Code includes two points which are particularly relevant:

  1. Act as though any information and images you post online will remain there forever and might be distributed, shared, commented upon and accessed by anyone, including your patients, family, colleagues, or employers (even many years later).
  2. Familiarise yourself with the basics of copyright, privacy and data protection law and understand how this affects the material, images and personal data you can legally copy, upload, distribute, store and share online.

In addition to the SoMe guidance from SCoR 2015, it is advisable to review the SCoR (2018) document Obtaining consent: a clinical guidelines for the diagnostic imaging and radiotherapy workforce.

Also, check local policies and procedures, and review the latest guidance from the regulatory bodies and The Information Commissioner’s Office Anonymisation: managing data protection risk code of practice.

Your Caldicott Guardian should also be able to advise on the specific use of images for teaching and learning. The article by Ranschaert et al (2015) provides useful information about the use of SoMe.


SoMe can be an excellent tool for sharing information for service users and health care professionals to engage in multi-professional learning across continents.

It is important to consider your local workplace guidelines, in association with the professional code of conduct and guidance from the regulatory and professional bodies, before making a decision about using images for teaching, or sharing on social media.

SCoR guidelines state that “Even on private or closed group sites, it is inadvisable to post messages or other media which might portray the profession in a negative way”.

If in any doubt, it is better not to use images on social media without explicit consent from the patient.

Once you have shared images, you can't take them back.

Case study - Desmond's mistake

This is an edited version of a case study written by the Health and Care Professions Councilabout a radiographer who shared patient images on social media leading to a complaint and an investigation.

Desmond started using Facebook at work, posting photos of himself and his colleagues, but he also posted details of patient injuries and occasionally shared x-ray images.

Although the posts did not show patient's faces sometimes confidential patient information was not removed.

Desmond's posts were also geo-tagged, identifying the hospital location in which they were taken.

Desmond's intention was that the images would only be seen by friends and did not believe there was a patient confidentiality issue. Because Desmond’s Facebook privacy settings were set to public, anyone could see his posts.

A friend of Desmond saw a post of an x-ray and suspecting this might be a co-workers, he tagged his colleague in a comment and asked if the x-ray was his. The colleague agreed that the post was referring to his images and considered the post breached his right to confidentiality.

The colleague had wanted the nature of the injury to be kept private, however the post had been seen by several of his workmates. This led to a formal complaint to the HCPC about Desmond’s conduct.

Desmond had not intended to breach patient confidentiality, but the HCPC were concerned about the inappropriate nature of his posts and opened an investigation.