FIRST ARRIVING NETWORK
First Arriving Network
Powered by the First Arriving Network,Reaching 1M+ First Responders Worldwide

Maryland AG Says Patient Photos Trigger HIPAA

The Maryland Attorney General’s office has issued a memo to EMS providers and personnel stating that photos taken of patients who are identifiable constitutes “individually identifiable health information” under HIPAA, the release of which through any means (including social media) is a violation.

The memo was dated May 30, 2013 and began being circulated to local and regional EMS providers this week. It was issued by Assistant Attorney General Sarah M. Sette.

Quoting from the memo, HIPAA applies to “photographs of patients taken by EMS providers if the patient can be identified, whether directly through their features, or indirectly through unique clothing or a license plate or the nature of the particular injury or motor vehicle crash or event. Similarly, a photograph of a medical record such as EKG, or a unique injury or treatment, might also be susceptible to being linked to a specific patient.

“Accordingly, distributing such a photograph, whether via email, by posting it on Facebook, or through other media, may be an unauthorized disclosure of protected health information and violate HIPAA.”

The memo also discusses the penalties that violators face, including fines of up to $250,000 and 10 years in prison, and the fact that Maryland state law governing medical confidentiality, Health General Article, Sections 4-30 l, et seq., is also applicable and carries fines of up to $250,000, imprisonment, and possible civil liability to the victims.

Here is a copy of the memo. MD EMS Social Media

For those concerned, neither HIPAA nor state medical confidentiality laws prohibit the taking of photos, dash or helmet cam video, or other types of imagery. What is required is that any imagery that shows an identifiable patient must be treated as part of the patient’s confidential medical record.

 

For those currently using my digital imagery and/or social media policies… you are protected… no need to change a thing.

Comments - Add Yours

  • john k. murphy

    This is a major issue with HIPAA issues and our audience needs to pay attention to this ruling. Reinforces our need for POLICY

  • Jason

    No Kidding, Of course it violates HIPAA. don't ever take photos of patients

  • Barry Banker

    I have a couple of questions.

    1. Who all is covered by HIPAA? Does this extend to NON health care providers and the media? What about a non affiliated fire department who does not operate an ambulance. The FD just provides rescue and assistance to EMS as requested!

    2. What about news photos. There are many court rulings upholding that things that happen in public places, such as streets are fair game and can be photographed. Most responsible media will not show patients, but some do and certainly license plates are visable. This gets to be a conflict between the first amendment and HIPAA.  Your opinion!

     

    • Bobball

      Barry,

      I'm not certain about MD's state laws, but HIPAA only applies to "covered entities". That would be clinical providers (doctors, nurses, hospitals, clinics, most EMS agencies, etc.). FD agencies that are not primary EMS providers may well not find the federal law applicable (I'd check with legal counsel on that to be certain though…and to be sure you don't run afoul of any state laws).

      HIPAA has nothing to do with the media or public. They want to take pictures, they can. They want to post them on FB or twitter, they can…provided the incident occurrs in public (they can't go into someone's home wihtout permission, but there is nothing to stop them from their 1st Amendment rights in a public venue.

       

      • http://firelawblog.com Curt Varone

        Just to clarify – many FDs are subject to HIPAA. It's a bit more complicated that I can comfortably explain here – but many FDs are subject to HIPAA – and virtually all will be subject to their state medical confidentiality laws.

    • http://firelawblog.com Curt Varone

      The AG's opinion has no affect what so ever on non-emergency responders taking photos. Non responders can take as many photos as they want.

      There is no conflict between the First Amendment and HIPAA.

  • Barry Banker

    Since this ruling was by the Maryland AG's office what effect, other that a ruling that can be cited, does this have on other states? I understand that any clear violation of HIPAA would be a violation, but the interpretation of pictures of cars with license plates on public highways is a stretch IMHO.

     

    • http://firelawblog.com Curt Varone

      Generally HIPAA violations would be prosecuted by the US Attorney, not the state attorney general. The state could certainly enforce the state medical confidentiality law.

      I don't read the AG's letter to prohibit photo taking of license plates. I read it as – if you take a photo of a victim where the victim is not facially identifiable – but can be identified because of his/her license plate (also in the photo) it would be a violation.

  • http://statter911.com Dave Statter

    My predicition is that there will be a lot of fire and EMS folks who didn't read the memo thoroughly or understand it who will come away thinking that what the AG is telling them to stop anyone from taking pictures of their patient. I wish Doug had added a disclaimer at the top in big bold letters saying  something like "this only applies to EMS providers and does not prohibit in any way the press or public from taking pictures and sharing them."  Something tells me there will be some new confrontations similar to the Miami-Dade captain's video.

    • http://firelawblog.com Curt Varone

      Dave

      Its funny how folks can split the tiniest of hairs when it suits them and then cry foul about what seems to me to be a pretty damn clear line when it suits them.

      Here is the line: when you respond to an emergency as a firefighter, police officer or EMT/Medic… you are different from everyone else… for good… or for bad….

    • Legeros

      STATtercylin. Oral medicine. Recommended for severe cases of HIPAA anxiety induce public photography at emergency incident s. Reduces anxiety and promotes rationale thinking. Side effectsinclude  increased sarcastic sense of humor.

  • Legeros

    So how common are HIPAA violation citations/prosecutions to EMS organizations and "field agencies" anyway?

    And are there watchdog agencies, or patient advocates that monito or patrol for such things?

    • http://firelawblog.com Curt Varone

      Mike

      GREAT question!!!! I have not seen a single instance where fire or EMS providers have been cited for a HIPAA violation for photos – and trust me there have been PLENTY of worthy cases!!!!

      Watch dog agencies??? I would assume the US Attorneys Office… DOJ for starters.

      If anyone out there is aware of such a case – please chime in.

      • BH

        The only HIPAA prosecution I know of, at all, involved financial crimes perpetrated by a hospital employee using patient information she obtained using her job-related access to patient records.  

        There have been plenty of HIPAA-related employement terminations (something like 15 nurses and doctors fired for checking out George Clooney's records during his ER visit after motorcycle crash is a famous example).  But no strictly confidentiallity-related actions that I'm aware of, in ANY healthcare field.

  • DCFDmember

    It's amazing at how many fire/EMS personnel still continue to wrongly use the HIPPA law to try to restrict non-healthcare providers (general public, media) from taking photos at incident scenes.  They were supposed to all have taken the HIPPA training where it clearly spells out that it only applies to health care providers and those who do medical billing.  

     

    Maybe that is something that should be addressed in the HIPPA training programs so that it can help to reduce any confusion as to what the law is for and who it applies to.

  • http://www.everydayemstips.com/ Greg Friese

    I would suppose a tatoo is another unique identifier. 

    Have you seen instances of agencies/organizations have a photo release as part of a signature form that might be presented to a patient before, during or after assessment/treatment?

  • Pingback: Security First: Photos, Policies, Procedures – oh My! | CaptureProof Press()