Print Page | Contact Us | Sign In | Register
Industry News: News

Keep Your MedSpa HIPAA Compliant With These 5 Tips On Managing Patient Photos

Monday, September 11, 2017   (0 Comments)
Posted by: Aly Boeckh
Share |

Before and after photos, as well as photos used to document patient procedures are considered PHI (Protected Health Information) by HIPAA, regardless of whether or not clients are using health insurance to pay for their services. Therefore, it is essential that your practice properly secures patient photos to avoid potential fees for improper PHI handling. Here are five easy tips to keep in mind to ensure that your patient photos remain HIPAA compliant.

Storage


Do not leave photos stored on devices indefinitely, and no photography equipment should ever leave the practice unless it has been wiped of photos. Although remote-wipe technologies exist, if you have set up this capability, make sure you are up to date on the most recent HITECH regulations (see csrc.nist.gov for more.) If using a DSLR camera, photos must be uploaded to a computer regularly and the SD card must be wiped clean so that photos cannot be accessed outside the practice or by anyone other than a trained staff member. If using a mobile device, the simplest way to remain HIPAA compliant is to use a service that stores photos in a HIPAA-compliant cloud server for you. That way, when photos are taken, they are automatically stored on the cloud and never stored on the device itself.

Communications


Sending or receiving photos of clients is an easy way to fall into HIPAA non-compliance. Emails are a big no-no. HIPAA requires that electronic communications with any PHI (this includes photos, names, any medical information or anything that can be used to identify a patient) be properly encrypted to ensure privacy. Also be aware that in order to share information with another party requires a consent form from the client to acknowledge that he/she is aware of the information being shared and with whom. HIPAA also states that the communications between two parties should only include the minimal necessary information to properly care for the client/patient. The exception is if the client is a mutual client/patient of the two parties sharing health information.

Read more at RXPhoto >>


Contact Us

180 N. LaSalle, Suite 3700,
Chicago, IL 60601

Phone: 312-981-0993

Fax: 312-277-3245

Mission

AmSpa provides legal, compliance, and business resources for medical spas and medical aesthetic practices.

Follow Us: