Photos that show identifiable information about patients are considered protected health information (PHI). Are you showing or sharing too much?
Posted in Articles on Monday, May 13, 2024
Any photo that shows individually identifiable information is considered protected health information (PHI). Of course this includes obvious things like photos of their face and records that show name or date of birth, but even things like initials, birthmarks, tattoos or moles are considered PHI. Here are a few must-dos when it comes to PHI photos in your practice.
Opt for Safe Storage and Encryption
Wiping photos of PHI isn't enough if you're simply storing them on a device that isn't well protected. If you need to keep photos for a long period of time, invest in software that uses encryption. And you should never email, text, or send any PHI without using the proper encryption software.
Obtain Consent
Before you share any photos, make sure your patient has agreed. Preferably, this agreement will be on a written or digitally signed consent form you can save for your records. This is especially true if you're sharing the photo via social media accounts.
Use Facility-Owned Equipment
Never use your personal phone or laptop to take photos of patients—ever. To avoid a breach in data, as well as any ethical concerns, keep PHI photos limited to equipment provided and approved by the practice or clinic.