• E-mail
• Print
• RSS

HIPAA Q&A: You’ve got questions. We’ve got answers!

HIM-HIPAA Insider, November 25, 2013

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Submit your HIPAA questions to Associate Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide you with the information you need.

Q: Is it permissible to take pictures of patients (including behavioral health patients) for identification purposes as a part of the registration process? Do patients need to sign a consent form before their picture can be taken?

A: Many facilities take photographs of patients to aid in the management of patient safety (for ­instance, these can be used as one of the two required identifiers prior to passing out medications or performing procedures). Having patient photos on file would also help in the case of elopement or to avoid medical or other identity theft.

You should have a policy that lists your guidelines if it is your practice to take photos of every patient. You might also include this in your Notice of Privacy Practices. The patient would not necessarily be required to consent in writing, but you need to determine by policy how you will handle a patient who refuses.

Will you release photos as part of your legal health record? How will you store the photos? How long will you keep the photos? If the patient was in last week, are you going to require another photo? These are all issues you should address in your policy. In the end you may ­decide that taking and maintaining the photo is not worth the effort it will entail to manage the process.

In a psychiatric facility where I worked, we used patient photos (instead of ID bracelets) as one of the two identifiers. Occasionally, we had patients who did not want their photo taken, and we did everything we could to persuade them. Failing that, we might get a photo from home (from the family) or from a driver's license. On very rare occasions, we snapped the photo while the patient was unaware. This should be an absolute last resort, and we only did this because we felt we had to have the photo from a patient safety perspective. I would not recommend this approach when any other possibility exists.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, N.H.,, answered this question for HCPro’s Medical Records Briefing newsletter.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

• E-mail to a Colleague
• Print
• RSS
• Archive