Maintaining patient confidentiality is the most sacred, non-negotiable duty we have as healthcare professionals. It is the bedrock of the trust our patients place in us. In the digital age, however, this duty faces a new and insidious threat. We have all felt the urge: you see a fascinating, “textbook” case in your clinic and you want to share it. You might post it in a professional social media group or a forum, seeking advice or simply sharing the knowledge -being careful, of course. You remove the name and date of birth and think it is anonymous.

But is it? This is where we must confront the concept of “jigsaw identification.” This is the risk that individual, seemingly anonymous pieces of information can be combined—like pieces of a puzzle—to reveal a patient’s identity. This article explores this modern threat to patient confidentiality. We will discuss why sharing cases is so tempting, what the GOC and GDPR say, and how you can uphold your ethical duty while still being an active, learning professional.

What is the “Jigsaw” Risk to Patient Confidentiality?

The “jigsaw” concept is simple but deeply concerning. A single piece of data is almost always anonymous. “A patient with a retinal detachment” is not an identifiable person. But what happens when you start adding other, seemingly harmless details? “A patient in their 40s with a detachment” is still vague. How about: “A 45-year-old teacher who presented to my practice in Bristol with a detachment last week.” Suddenly, the puzzle pieces are snapping together. If that patient happens to be in a local community group and mentions their eye problem, they have just been identified. This is a catastrophic breach of patient confidentiality.

The risk is that we underestimate how unique our patients’ stories are. A specific prescription, combined with an occupation and a rare clinical sign, can be as identifying as a fingerprint. As professionals, we must understand that true anonymisation is incredibly difficult. Upholding patient confidentiality means protecting not just the name, but the story.

The Motive to Share vs. The Duty of Care

Let’s be clear: the desire to share clinical cases almost always comes from a good place. It is born from a passion for optometry, a desire to educate students, or a genuine need for a second opinion from peers. I have felt it myself.

This collaborative spirit is what makes our profession so strong. However, our good intentions do not, and cannot, override our primary legal and ethical duty. The General Optical Council (GOC) standards are absolute on this. We must “protect the confidentiality of [our] patients’ information.” This is not a suggestion; it is a core standard.

Furthermore, the legal framework of GDPR is extremely strict. Patient health data is “special category data,” and sharing it without explicit, informed consent is a significant legal breach. Our professional curiosity does not give us a pass. Our commitment to patient confidentiality must be our default setting in every single situation, both in and out of the clinic.

The Real-World Harm of Breaching Patient Confidentiality

Why is this so important? What is the real harm? We are not just protecting abstract data; we are protecting a human being. Imagine your patient—or worse, their employer or a family member—stumbling across your post. The trust that you spent time building in the test room is not just broken; it is shattered. That patient may feel violated, embarrassed, or anxious. They may become reluctant to seek future healthcare, fearing their private information will become public gossip. This is a profound betrayal of their trust.

A breach of patient confidentiality is not a minor slip-up. It can have devastating real-world consequences for the patient and severe professional consequences for you, including a GOC fitness-to-practise investigation. It undermines the integrity of our entire profession. Protecting patient confidentiality is about protecting the public’s faith in us as healthcare providers.

How to Share Safely: A Guide to True Anonymisation

So, can we ever share case studies? The only answer is: with extreme, systematic caution. If you believe there is a genuine and significant educational benefit, you must go far beyond just removing the name. True anonymisation requires you to fundamentally alter the “jigsaw pieces” while preserving the clinical lesson. Instead of saying “a 42-year-old male accountant from Cardiff,” say “a patient in their 40s.” Instead of “a prescription of -14.00 DS,” say “a high myope.”

You must change ages, occupations, locations, and any specific details that are not essential to the clinical point. The golden rule should be this: “Could this patient ever identify themselves from this post?” If the answer is even a remote “maybe,” you must not post it. Your duty to patient confidentiality is always greater than the desire to share.

Conclusion: The Golden Rule of Patient Confidentiality

The digital world has blurred the lines between public and private. For us as eye care professionals, that line must remain sharp, clear, and unbreachable. The “jigsaw” risk is real. A few “anonymised” details are all it takes to expose a life. Before you ever hit “post” on a case study, ask yourself one question: “If this patient was my mother, my child, or my partner, would I share this?”

That is the ultimate test. It moves the discussion from a place of abstract rules to one of human empathy. And as I have always believed, our moral compass is our best guide. Our commitment to patient confidentiality is not just a professional rule; it is a human one. Let’s commit to upholding it, always.

Thank you for taking the time to read this article – if this resonates with you and you feel that it is worth sharing across your wider networks, please do. The more people are aware of this “jigsaw risk”, the less likely confidentiality will be broken.