Health Information Management

HIPAA Q&A: You’ve got questions. We’ve got answers!

HIM-HIPAA Insider, November 25, 2013

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Submit your HIPAA questions to Associate Editor Jaclyn Fitzgerald at and we will work with our experts to provide you with the information you need.

Q: Is it permissible to take pictures of patients (including behavioral health patients) for identification purposes as a part of the registration process? Do patients need to sign a consent form before their picture can be taken?

A: Many facilities take photographs of patients to aid in the management of patient safety (for ­instance, these can be used as one of the two required identifiers prior to passing out medications or performing procedures). Having patient photos on file would also help in the case of elopement or to avoid medical or other identity theft.

You should have a policy that lists your guidelines if it is your practice to take photos of every patient. You might also include this in your Notice of Privacy Practices. The patient would not necessarily be required to consent in writing, but you need to determine by policy how you will handle a patient who refuses.

Will you release photos as part of your legal health record? How will you store the photos? How long will you keep the photos? If the patient was in last week, are you going to require another photo? These are all issues you should address in your policy. In the end you may ­decide that taking and maintaining the photo is not worth the effort it will entail to manage the process.

In a psychiatric facility where I worked, we used patient photos (instead of ID bracelets) as one of the two identifiers. Occasionally, we had patients who did not want their photo taken, and we did everything we could to persuade them. Failing that, we might get a photo from home (from the family) or from a driver's license. On very rare occasions, we snapped the photo while the patient was unaware. This should be an absolute last resort, and we only did this because we felt we had to have the photo from a patient safety perspective. I would not recommend this approach when any other possibility exists.

Editor’s note:
Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, N.H.,, answered this question for HCPro’s Medical Records Briefing newsletter.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular