Posting a picture of your smiling patients on your practiceâ€™s social media accounts may seem benign, but according to our experts, you could be in violation of HIPAA standards. Under HIPAAâ€™s stipulations, social media is treated the same as any other form of public record, so written consent to use patient images is a must. To learn more about HIPAA requirements and how to protect yourself from legal trouble, watch or read what Rita Zamora and Brian Colao advise.
Posting a picture of your smiling patients on your practice’s social media accounts may seem benign, but according to our experts, you could be in violation of HIPAA standards. Under HIPAA’s stipulations, social media is treated the same as any other form of public record, so written consent to use patient images is a must. To learn more about HIPAA requirements and how to protect yourself from legal trouble, watch or read what Rita Zamora and Brian Colao advise.
RELATED: More videos
Interview Transcript (Modified for Readability)
“I think people have to treat social media as the same [as any type of media]. We've gotten, in society, very casual often with social media, and I’ve seen at some dental offices, they'll have patients smiling on Facebook or Instagram, and everybody thinks it's innocent fun that this patient enjoys the practice, is smiling, wants to have their picture taken. But that counts — you're technically disclosing that to the public, and often you're not allowed to do that without the patient's consent. If they patient consents, you're allowed, but you have to be scrupulously careful, because I think as a society, just the way social media has evolved, there seems to be a casual view. For instance, we would never publish a patient record in the newspaper, or put a patient record in the public domain, but on Facebook we can all smile and hug each other. Well, no! Actually, HIPAA applies to Facebook equally, and the equivalent of putting a patient on Facebook smiling without a consent form is putting their patient record in the newspaper. It's treated as a violation the same way as if you literally put it on TV, or something like that.
Maybe with the dentist it's not as big a deal as it is with psychology or other [physicians], but HIPAA protects the identity that you’re even a patient of that particular health care provider. If you're [revealed as] the patient of a dentist, maybe that's not the end of the world, but it's still a violation. You can imagine in some other fields, like [oncology], people clearly want their identity protected, and HIPAA doesn't discriminate. It doesn't say, ‘Just because it's the dentist, it's OK.’ If you disclose the mere fact that a patient goes to an office, or they're a patient of a given dental office, that can be a HIPAA violation.”
“When it comes to utilizing patients' images, whether it’s a picture of the patient's partial face, really it comes down to any identifiable part of a patient's body or their smile. It's my understanding that you really need to have that signed consent from the patient. That's a legal form, so you need to make sure — especially if you're using it on social media — that it contains that specific language that the patient would give consent to share that particular photo or any image of themselves or their name. Any protected patient health information, you need to have signed consent from that patient in order to use it. Also, I've heard from some practices, ‘I'm not really sure if the patient would be able to identify this,’ or ‘It would still maintain their privacy.’ But if a patient does happen to see it and recognize it, that could also turn into a PR nightmare for you if they say, ‘We didn't want that to be shared.’ Just to prevent any misunderstanding, and certainly to prevent any HIPAA violation, you want to make sure you have that signed consent. Oftentimes, local or state associations are going to have a consent form that’s been vetted by a risk management expert or an attorney, so you know that it's an iron-clad, safe and secure consent form for you practice to use.”