Security First: HIPAA isn’t just for Doctors, or just Hospital Staff...

August 11, 2014 in Safety First Series

Don’t forget about your Patients: Help them, help you!

Recap: From employees to volunteers to trainees to management – everyone needs to undergo HIPAA training to learn what their responsibilities are in the workplace when it comes to keeping Patient information private and secure. They only have once chance to do it right – you can’t replace a Patient’s privacy once it’s lost!

But what about the Patient?

Just as the Doctors and hospital staff may all have been educated on HIPAA policies and procedures – it is important to educate Patients how to protect their own privacy, and the respect the privacy of other Patients.

Which leads us to ask: For the Patient – What should and should not be allowed in the  hospital?

Screen shot 2014-08-11 at 1.02.04 PM

It used to be, that talking on cellphones was not allowed in the waiting room – and signs would be put up to remind Patients not to have phone conversations that might disturb other Patients.

Now that cellphones have become smartphones, and Patients can take photos and videos with them — do Clinicians and institutions create new policies to cover off on picture taking? Arguably a Patient, or their family and friends, while in the waiting room may take a picture and post on a non-secure site like Facebook – which is not just a disruption to other Patients, but a violation of their privacy!

I saw the sign.. and it said “no picture taking” in the Doctor’s Office.

Technically, Patients cannot violate HIPAA – but  practices are still duty-bound to do all they can to create an environment that respects patients and their privacy

One solution is posting signage like the one below, that covers off on both phone interruptions AND any photographic or recording equipment.

Screen shot 2014-08-12 at 11.12.10 AM

Help them understand the rules, help yourself minimize the risks.

If you do post signage saying that picture-taking is not permitted. John C. Parmigiani, a nationally recognized expert in HIPAA compliance, advises hospitals to post signs at the entrance to the emergency department or near emergency department examining rooms stating that picture taking is not permitted. That way, if a visitor ignores the rules, takes a picture and posts it online, the hospital can at least demonstrate that it was exercising reasonable measures to protect patient privacy. “To me, the posting prohibiting picture taking would represent another example/level of ‘due diligence’ on the part of the hospital,” Parmigiani says.

Kate Borten, president of The Marblehead Group, a firm that provides information security and privacy consulting for the healthcare industry, concurs. Borten explains that the HHS expects healthcare providers to take “reasonable” measures to protect patient privacy, but also “accepts situations such as waiting rooms where patients can be seen by the public or a family member accompanying a patient to a bed in the ER. As long as the hospital wasn’t doing something out of the norm, then it shouldn’t have any liability when a member of the public snaps a picture.”

The spirit of HIPAA pushes not just for the respect of patient privacy by Clinicians, but other Patients as well. So do your part – and make the rules clear not just to your employees but to your Patients as well.


Don’t make your 15 minutes of fame be the result of a patient snapping pictures in your office and the legal nightmare and loss of patient confidence that ensue!


AESAHAAPMAAlzheimer's diseaseAmerican Academy of NeurologyAmerican Epilepsy SocietyAmerican Heart AssociationAmerican Podiatric Medial AssociationBYODBeth Israel Deaconess Medical CenterBig DataBloombergCBSCaptureCapture of the DayCaptureProofCare CoordinationCelebrityChristmasClinical TrialsCommunicationCreativityDIA2014DLSDecorationsDemoDesert FootDesert Foot ConferenceDiabetic Limb Salvage ConferenceDisruptionDisruptive InnovationElectronic health recordEmailEpilepsyExponential MedicineGeriatric HealthGeriatricsHIEHIPAAHIPAA RulesHIPAA appHITHarvardHealthHealth 2.0Health Acceleration ChallengeHealth ITHealth Information ExchangeHealth Information TechnologyHealth TechHealth TechnologyHealthBeatHealthcareHealthcare ITHealthcare PrivacyHealthcare SecurityHealthcare TechnologyHealthtechHolidayIn the NewsInfographicInternIntern for a DayInternsJaime HeywoodJohns HopkinsLunch&Learn FridaysMEDy AwardMedia RxMedical MediaMedstartrMeghan ConroyMole GrowthMost DisruptiveNational Dog DayNeurologyNewsObamacareOncologyPHIParkinsonParkinson's diseasePatient privacyPharmaceuticalPodiatryRebecca BrownRural HealthSafetySafety FirstSan DiegoSecurity FirstSingularity UniversitySocial MediaStart Up ChallengeStartupsStefano BiniStrokeTelehealthTelehealth AccessibilityTelemedicineTemplatesThanksgivingThe National 2014The See-and-KnowTravis McKnightTutorialsUHCUNCUpdatesVAVentureBeatVeteransVideoVideosVisual InformationWearable IntelligenceWebinarbi-weeklycardiologycloudePHIhealth securityiCloudiHealthBeatmHealthmobile healthnutritionobesityphotographyphotosprivacysecuritysee-and-knowshow-and-tellsmartphonestbtthrowback thursdayxmed

This website uses cookies to allow us to see how our website and related online services are being used. By continuing to use this website, you consent to our cookie collection. More information about how we collect cookies is found here.