HIPAA and Photographs: How to Secure Medical Images
Healthcare organizations have an obligation to ensure the confidentiality, integrity, and availability of PHI, and this includes medical photographs. In regards to HIPAA policy, how can you ensure the security of your medical images?
Encryption. Whether you are storing medical images on a laptop or USB drive, it is important to encrypt the images. Encryption prevents unauthorized access to data by allowing only users possessing a decryption key to access encrypted data.
Access Controls. Only employees that require access to medical images should have access to the files. As such, each employee must have unique login credentials to access patient data, and employees should only be granted access to the files that they need to perform their job.
Policies and Procedures. To ensure that PHI is used and disclosed in a HIPAA compliant manner, it is important to have policies and procedures that dictate the proper uses and disclosures of PHI, including medical images.
Employee Training. Training employees is an important aspect of HIPAA compliance. Employees must be trained on the proper uses and disclosures of PHI, among other things, to ensure that employees are aware of their HIPAA obligations.
HIPAA and Photographs: HIPAA Photo and Video Violations
There are several instances in which sharing patient photos, or videos or patients, would constitute a HIPAA violation. Common occurrences for HIPAA photo violations include:
◈ Use or disclosure of unencrypted medical images
◈ Posting a patient testimonial to your website without patient authorization
◈ Including patient images, or other PHI, in marketing material without patient authorization, such as a brochure
◈ Sharing PHI on social media without patient authorization, even if the PHI is in the background of a photo or video