The Gap Between Ethics and Compliance – What side are you on?


Does crossing ethical boundaries necessarily mean you have broken out of compliance? Let’s consider a recent case where a healthcare worker posted a video that has many people upset. If you haven’t seen it (it’s been taken down) we have this clip of another healthcare worker’s comments on the incident – Healthcare Worker Slammed for Recording Alleged Patient in Distress (

First, was this a HIPAA violation? It’s not a clear yes or no. The argument would be could this patient be personally identified. There are no indicators where this is located, there is no identification visible on the healthcare worker, and there’s nothing in the background to indicate a facility. Can the patient’s voice be identified? This is where we get into the gray and where legal subjectivity arises. I believe if you asked 100 HIPAA experts if this is a violation, you would get a fairly evenly divided field. But if you ask could this be punishable as such, I think the majority would argue yes.

Is this a violation of other laws? We know recording phone conversations in most states requires mutual consent. Does this cross this legal threshold? Do you think an agitated patient may want to pursue it legally to find out? Does this potentially involve the facility as well? If an attorney were to take this case, they would certainly be naming the facility in their argument – that’s where the money is.

Is this an ethical violation? We have a patient screaming in the background in obvious distress/discomfort. There may well be other care providers tending to the patient. The fact that this employee is not hands-on helping doesn’t indicate the patient is not receiving care. The meme may be inappropriate, her nonchalant demeanor may be off-putting to many, but that’s not the issue – the issue is she’s recording a patient at a very unpleasant moment in their lives. It’s not how she comes across in the video, it’s the fact that she made the video in the first place.

This may or may not be a violation of the law. This may or may not be a HIPAA violation. What it is, however, is a situation no patient wants to be on the other end of, and that’s something we expect all of our caregivers to take into consideration. This employee could very well lose her job for this. She could lose her credentials as well.

We hold our healthcare workers to a higher standard than the law. From a CNA who does homecare to a cardiologist, we expect them all to treat us with dignity and respect. Sadly, healthcare workers are human and don’t always rise to that level of expectation. When that happens, we as patients, those of us with financial and physical means of doing so, do have recourse. However, many patients have neither the financial means nor the physical ability to prevent abuse of any kind, and that’s why things like this video get the ire of so many people.

Since this is a HIPAA-oriented newsletter, let’s bring it home. DON’T RECORD YOUR PATIENTS. Not their voices, not their diagnostic images, not their underwear, nothing. You can joke amongst yourselves (fellow staff members) if needed, but if you enter the realm of social engagement, you run the risk of losing your job, your career, and potentially landing in jail – look it up, it happens. Most of all, while we as patients recognize you do this day in and day out, for us, it’s among our worst of days. Your understanding and empathy goes a long way.

Remember – your posts on social media can be weaponized against you and that information is often used in phishing scams. Keep your guard up.

Thank you for reading.


If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.

For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.