Home

Published

- 2 min read

The Fine Line Between Visibility and Violation

ethics medical ethics social media linkedin HIPAA GDPR LGPD
img of The Fine Line Between Visibility and Violation

In a world where professional branding often conflicts with personal storytelling, we need to raise red flags, especially when healthcare professionals step into ethically questionable areas. Yes, doctors and scientists are human. But when they post patient images, trauma scenes, or diagnostic scans with identifiable details, they are not just being careless; they may be breaking the law. Let’s be clear: Sharing sensitive medical information online, even with good intentions, can be both legally and ethically wrong.

What do the laws say?

HIPAA (USA)

The Health Insurance Portability and Accountability Act strictly forbids the disclosure of Protected Health Information (PHI) without explicit patient consent. This includes names, dates, medical record numbers, facial images, and any other unique identifiers, such as tattoos or scars. HIPAA applies to providers, institutions, and businesses that handle health data, not only hospitals.

GDPR (Europe)

It states that health data is a special category of personal data. Even de-identified information can be considered personal if re-identification is possible through context, such as facial features in MRI scans, case details, or rare conditions. Anonymization must be irreversible. Simply blurring a name on a CT scan is not enough. Pseudonymized or partially anonymized data still falls under GDPR protection.

LGPD (Brazil)

It is inspired by GDPR, protects sensitive data such as health records. Brazil goes even further in some research ethics areas: burned-in information and facial features in MRI must be completely removed. Ethical review boards (CONEP/CEP) often require documented proof of anonymization, and even eyeballs in brain scans may be considered identifiers.

Ethics is not optional.

Too often, posts aim for “awareness” or “education” but end up being performative, exploitative, or emotionally manipulative. In medicine, we’re not just handling data; we’re handling people’s dignity. Don’t post it online if you wouldn’t show it at a conference without the patient’s informed, plain-language consent. Final thought

We should share our knowledge and experience, but only while respecting privacy laws. Otherwise, it’s not outreach but a violation. Our digital presence must demonstrate the same integrity we show in clinical and academic work to build trust with the public, patients, and each other. Visibility is important, but never at the expense of someone’s right to be forgotten.