Virtually every physician knows that patient privacy is sacred. One needs a patient’s affirmative consent to disclose what is known as protected health information. This is covered by state and federal (HIPAA) privacy laws.
If a doctor posts the medical record, that is disclosure of protected health information.
If a doctor acknowledges a particular patient is indeed a patient of his, that is disclosure of protected health information.
But, what if the doctor just describes the generalities of a case to the public, without disclosing the name or identifying information of the specific patient.
Well, it depends upon whether or not the “dots can be connected” to identify the individual.
Which brings me to Jane Doe in the Chicago area.
Ms. Doe had a breast augmentation surgery. She was presented two forms. One to allow the doctor to take photos for medical use. Later, she received a “waiver” to use the photos for promotional and marketing purposes. She supposedly only signed the first release.
Before and after pictures of the patient’s breasts were allegedly placed on the doctor’s website. No name. No face. On first blush, it would seem that these breasts were not protected health information.
Not so, as articulated in the lawsuit filed in Cook County.
Ms. Doe’s lawyer is arguing the patient has a distinctive freckle pattern on her chest allowing her to be identified by those who know her well. The complaint continued she had an intense fear that friends or family would find these photos online.
The practice took down the photos as soon as they were made aware the patient did not want them on the website. But, the lawsuit soon followed.
Sometimes, it does not take much to “identify” a patient. Could be a distinctive tattoo, scar, or anything else.
The take home message is if there is any doubt, get the patient’s written authorization to use the photos in the manner in which you intend to do so.
Which brings me to North Carolina Medical Board’s proposed Policy for the Use of Audio or Visual Recordings in Patient Care.
The Board recognizes that there may be valid reasons for licensees to make audio or visual recordings of patients during a healthcare encounter. However, such recordings must be made for appropriate professional reasons and should employ safeguards that protect a patient’s autonomy, privacy, confidentiality, and dignity. In instances where a patient may be asked to disrobe, the patient should be provided an opportunity to disrobe beyond the view of any camera.
So far, so good.
Prior to an audio or visual recording being made of a patient, licensees should ensure that they have obtained the patient’s informed consent. The informed consent should be documented in the medical record and should allow the patient an opportunity to discuss any concerns before and after the recording. The patient should also be informed:
1. Of the purpose of the recording and its use;
2. That the recording is voluntary and that a refusal to be recorded will not affect the patient’s care;
3. That the patient may withdraw consent to be recorded at any time and what will be done with any prior recordings;
4. Of the possibility of accidental or deliberate dissemination during the acquisition or storage of the information.
While I understand the rationale for getting a patient’s authorization if photos will be used for anything other than direct patient care, this policy goes much further. Note that HIPAA does NOT require a patient’s written authorization to disclose protected health information to take care of the patient. For example, you may speak with the patient’s referring doctor to take care of the patient – unless the patient explicitly tells you not to.
What if you want the medical records to include a video of a patient’s treatment after surgery for Parkinson’s disease? Before and after photos for the medical record for plastic surgery patients? How about photos of an unconscious patient being treated for trauma?
I could go on.
My take. This policy seems onerous and burdensome.
What do you think?
Did you enjoy this article?
Then you may enjoy our white paper, How Doctors Can Avoid 5 Marketing Landmines that Risk HIPAA & Regulatory Compliance. Maintaining compliance with HIPAA, TCPA, the FTC, and the host of other regulatory boards is complicated. An inadvertent error can result in massive fines, but there is much to be gained from a smart online strategy if you avoid the minefield of potential violations.