I recently completed my required Compliance Education which discussed all types of ways doctors can go to jail.
One issue that stood out was HIPAA violations (Health Insurance Portability and Accountability Act) in the modern digital era. Apparently, it wasn't just the doctor who treated Octomom that is in trouble-EIGHTEEN employees of the hospital where she delivered were fired as a result of improper access of her records. Even though, as it turned out, no information was fed to the media from these employees.
There was another case (I know, you can't believe that I actually read the pdf before answering the questions!) where a patient had a FB [foreign body] lodged up his rectum (you can imagine what the FB is) and multiple employees viewed the x-ray and some snapped cellphone pics of it and put it on their Facebook site. They too were fired.
There's two HIPAA issues here: Access and Distribution. Improper access of records is a violation. And in both situations this was violated by many employees. Distribution is not necessarily a HIPAA violation if no personal identifiers (see below) are used.
I just read this fascinating post, initiated by this question: "Are Doctors required to get patient permission to use unidentifiable x-rays, CTs, EKGs for medical education online?"
According to the article, the answer is...No.
This is based on the 18 indentifier criteria for Case Reports, to make them HIPAA compliant. They are listed in the above linked blog.
However, just because it isn't a HIPAA violation does not mean that it is not a fireable offense. I was discussing this issue with a Health Care Lawyer friend of mine who pointed out that the hospital owns all the records related to the patient. And even taking a cell phone picture is in violation of their intellectual property which can easily get you fired.
That may be your patient, but it is not your right to use that information, EVEN if you get permission from the patient to do so, or don't get permission but eliminate identifiers and have no HIPAA violation.
I would be very careful taking any images of anything related to any patient in a hospital or clinic that you personally do not own. And don't access a patient chart unless you have legitimate medical reasons to do so. If you want to use, academically, something of your patient's, don't assume you can do it because it is not a HIPAA violation. Ask your administration for permission.
It is better to be safe than sorry.