Q&A: You've got questions! We've got answers!
Physician Practice Insider, September 18, 2017
Q. Can facilities require a patient to take a photo for the patient’s medical record? Can a photo of a patient be stored in the EMR? If so, would the photo be considered PHI? Are there any restrictions on how the photo could be used?
A. You can’t require a patient to have a photo taken. You can require a patient to present ID that validates the patient’s identity. You can’t require the patient to permit you to scan and store the patient’s driver’s license.
Photos can be stored in the EMR. Photos are PHI, especially given the fact that they will likely be stored in the EMR with other PHI. Just like any disclosure of PHI, there are restrictions on how photos can be used. You need to take into account the minimum necessary standard. If the patient’s photo is stored to help identify the patient when he or she is checking in, that’s all it should be used for. As far as disclosures, you can’t publicly display photos without patient authorization. It’s similar to children’s pictures that are posted at pediatric practices. You need authorization from the patient or the patient’s personal representative—often the parents when it comes to photos of minors.
Editor’s note: This question was answered by Chris Apgar. Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a Briefings on HIPAA editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Email your questions to Editor Karen Long Rayburn at klong@decisionhealth.com.
Related Products
Most Popular
- Articles
-
- CMS seeks comment on quality measures
- Don't forget the three checks in medication administration
- Practice the six rights of medication administration
- The consequences of an incomplete medical record
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- Neurological checks for head injuries
- Q&A: Primary, principal, and secondary diagnoses
- ICD-10-CM coma, stroke codes require more specific documentation
- Skills of effective case managers
- E-mailed
-
- Establish an ongoing records review process with five easy steps
- Know the JCAHO's ongoing records review requirements
- Tip: Report drugs with HCPCS code, revenue code 636
- The pros and cons of geographic rounds
- Sneak peek: Evidence-based practices can help improve, enhance case management skills
- Know the medical gas cylinder storage requirements
- Know the JCAHO's ongoing records review requirements
- Hold a scavenger hunt to prepare for survey
- Clear up confusion surrounding observation services
- Assisted living home owner bills Medicaid from unlicensed facility
- Searched