Using Your Shining Armor to Protect PHI: No Photos, Please!
All healthcare professionals are expected and required to protect company, facility, and patients' confidential information. Staff are cautioned to protect the security of data in all forms - written, verbal and electronic. We are all charged with protecting information not only for the company for whom we work, but most importantly for our patients. In addition, staff are encouraged NOT to use personal devices to create, transmit, receive, text, store, post, photograph, email, download, upload, access, or otherwise use or disclose in any manner or form any data that relates to our patients or our business. Personal devices are not protected or HIPAA compliant. When working with patients, we all have a responsibility to protect their personal information as stated in HIPAA guidelines and personally safeguard any data that could potentially be shared.
HIPAA Protection? HIPAA defines PHI as information related to a patient's past, present or future physical and/or mental health or condition. PHI can be in the form of:
- written/paper as in soft charts,
- spoken/oral such as in hallway discussion or voicemail, or
- electronic including email, text message, and electronic records or software.
PHI is any health information that has a personal identifier including but not limited to name, address, Social Security Number, Medical Record Number, Health Plan Beneficiary Number, full face photographic images, and all elements of dates except year.
Photographic Images? Photographic images are also subject to HIPAA protections. In addition, prior to utilizing patient photographs for any reason, authorization should be obtained from the patient or his/er authorized representative. At NO time should photographs or other identifying information be posted to social networking sites! Remember, staff, at all times, should refrain from using devices (e.g., smart phones, laptops, tablets, etc.) to capture, photograph, email, post or otherwise use or disclose Facility PHI.
If you are in doubt, just don't share! Consult your Privacy Officer for additional guidance. And in the meantime, NO PHOTOS, PLEASE!
