The Maryland Attorney General’s office has issued a memo to EMS providers and personnel stating that photos taken of patients who are identifiable constitutes “individually identifiable health information” under HIPAA, the release of which through any means (including social media) is a violation.
The memo was dated May 30, 2013 and began being circulated to local and regional EMS providers this week. It was issued by Assistant Attorney General Sarah M. Sette.
Quoting from the memo, HIPAA applies to “photographs of patients taken by EMS providers if the patient can be identified, whether directly through their features, or indirectly through unique clothing or a license plate or the nature of the particular injury or motor vehicle crash or event. Similarly, a photograph of a medical record such as EKG, or a unique injury or treatment, might also be susceptible to being linked to a specific patient.
“Accordingly, distributing such a photograph, whether via email, by posting it on Facebook, or through other media, may be an unauthorized disclosure of protected health information and violate HIPAA.”
The memo also discusses the penalties that violators face, including fines of up to $250,000 and 10 years in prison, and the fact that Maryland state law governing medical confidentiality, Health General Article, Sections 4-30 l, et seq., is also applicable and carries fines of up to $250,000, imprisonment, and possible civil liability to the victims.
Here is a copy of the memo. MD EMS Social Media
For those concerned, neither HIPAA nor state medical confidentiality laws prohibit the taking of photos, dash or helmet cam video, or other types of imagery. What is required is that any imagery that shows an identifiable patient must be treated as part of the patient’s confidential medical record.
For those currently using my digital imagery and/or social media policies… you are protected… no need to change a thing.