A paramedic’s posts in a controversial Facebook group uncovered serious breaches of patient privacy and ethical conduct, leading to disciplinary action and broader industry concerns.
The situation
In November 2019, a news investigation exposed a private Facebook group called ‘EMS Dark Humor’ and other similar groups with thousands of emergency responders as members. These groups shared uncensored photos and videos from emergency calls, including graphic scenes involving patients. Many of the posts mocked patients and situations in ways described as vulgar, misogynistic, and disturbing.
One of the group’s creators, Amanda Courtright, worked as a paramedic at Grady Hospital in Atlanta. Courtright not only posted patient details but also encouraged group members to target anyone who reported posts to Facebook. Despite warnings, she continued to post and moderate the group, even sharing details of ambulance calls from Atlanta. Grady Hospital disciplined her twice in six months before ultimately firing her after the investigation became public.
Going deeper
The content shared in the group ranged from mocking individuals in vulnerable states to graphic images of tragic incidents. Some posts even included identifiable details about patients or the locations of emergency calls. Dennis Westover, an EMS veteran, said, “The things I’ve seen over the past 34 years stay in my head—they don’t need to be shared online. This behavior tarnishes the hard work and reputation of so many good people in our field.”
Courtright defended her actions by claiming the group was a way to cope with stress. “It’s not so much funny as it is a way to get rid of our stress,” she told reporters. However, critics, including psychologist Heather McElroy, argued that this behavior crossed ethical boundaries. “Venting is normal, but this goes too far. It’s harmful and inappropriate. These workers need professional resources, not groups that perpetuate more trauma,” McElroy said.
What rules were violated
Courtright’s actions violated the National Association of Emergency Medical Technicians’ Code of Ethics and Grady Hospital’s policies and risked breaching the Health Insurance Portability and Accountability Act (HIPAA). HIPAA mandates the confidentiality, integrity, and availability of protected health information (PHI). Sharing any details about patients, even if identifiers are removed, can violate HIPAA if the shared information could reasonably be used to identify the individual.
Under HIPAA’s privacy rule, EMS practitioners must ensure that patient information is safeguarded, whether in written, verbal, or electronic forms. Social media posts that include patient details or scenarios without explicit authorization could qualify as an impermissible disclosure of PHI. Such actions might result in investigations and penalties by the Office for Civil Rights (OCR) and damage to the organization's reputation.
Related: HIPAA and social media rules
How companies can avoid violations in the future
To avoid similar HIPAA violations, healthcare organizations must implement strategies such as:
- Enhanced social media policies: Explicitly include HIPAA requirements in policies, clarifying that any sharing of patient details online—directly or indirectly—is prohibited without proper authorization.
- Regular HIPAA training: Provide ongoing education that includes examples of social media risks, and discussing the importance of patient confidentiality and professionalism.
- Promote a culture of accountability: Ensure staff understand the consequences of HIPAA violations, including potential fines, employment termination, and licensure impacts.
- Implement monitoring mechanisms: Regularly review employee compliance with social media and HIPAA guidelines to identify and address potential violations early.
- Foster a supportive work environment: Address burnout and stress through mental health resources, reducing the likelihood of employees resorting to unprofessional outlets.
“It’s heartbreaking to see this happen,” said Westover. “The vast majority of EMS professionals are compassionate and dedicated. We can’t let the actions of a few erode the trust and respect we’ve built.” Courtright’s case shows how organizations must balance supporting employees with maintaining strict HIPAA and ethical standards. Taking early steps can help protect patient trust and encourage a culture of accountability.
FAQs
Can healthcare providers connect with patients on social media?
Connecting with patients on social media is acceptable but requires careful consideration. While HIPAA doesn't directly mention social media, its principles extend to online engagement. Ensure your interactions steer clear of sharing any private health information. Prioritize patient privacy by following this guideline, thereby aligning with HIPAA regulations.
Do healthcare organizations need special training for staff on HIPAA and social media?
Specialized staff training ensures HIPAA compliant social media use. Cover the elements of HIPAA regulations, emphasizing ongoing education to instill a culture of privacy awareness within the healthcare organization.
Is it okay to share general health information on social media, like upcoming events or tips?
Sharing general health information on social media is generally acceptable, but be cautious to prevent inadvertent disclosure of patient-specific details. Avoid using specific examples that could be linked to identifiable individuals to maintain the confidentiality of patient information.
See also: Social media & HIPAA compliance: The ultimate guide
Farah Amod
