Menu
Button: Make a Payment Button: Newsletter Mailing List

Icon: Healthcare LawHands-On Experience

Providing legal advice

and services since 1977

Healthcare Newsletter

Baby Photos as HIPAA Breach? NYT Article highlighting concern.

August 19, 2014
Question:

Jennifer,

Care to comment on the NY Times Baby Picture Kerfuffle?

AR

Answer:

Happy to!   For those who missed the NYT's article published on August 10th, click here to read reporting on large institutions encouraging practitioners from posting baby photos as a prohibited practice under HIPAA.  

We can all agree there is merit to the HIPAA laws protecting patient privacy.  To assert having our private health information as public record would a deterrent to care is an understatement and would significantly make light of a legitimate patient concern.  However, where do we draw the line between protective and preposterous?  Oftentimes the line is thin and not obviously recognizable, and oftentimes laws, rules and regulations are drafted with wide room for interpretation.  Here too, the HIPAA law leaves itself to interpretation, sometimes explained through its enforcement.  To shed some light on applicable definitions - HIPAA protects and requires protections of all individually identifiable information unless proper consent is obtained/received.  So, the question at issue here, is whether a baby photo constitutes "individually identifiable information", which may also be taken through context.  Would images of a baby on hospital surveillance constitute individually identifiable health information?  Would that surveillance also capture the baby's name potentially, address or possibly parent insurance information?  In context, that baby image, if public, would potentially, or absolutely cause a stir and cause for concern.  The issue discussed in the NYT article, posting baby photos submitted by parent's that are hung anonymously and very arguably would not be easily, if at all, be traced back to an individual, is remarkably different than the surveillance example.  Here we have (assumed) a legal guardian, most likely an authorized parent, sharing a treasured photo (presumably consent, implied if not explicit).  

To this date I am unaware of the Office for Civil Rights targeting any practitioner for posting baby photos.  Similarly, the Office for Civil Rights does not address release of photos, or in particular, baby photos, as a cause or area of particular concern.  

So, where do I shake out on this issue - posting of images that are most likely not "individually identifiable", for which consent is implied, is likely a low risk for HIPAA exposure.  If you are concerned about HIPAA, which we all should be given increased enforcement, and you wish to be extra careful, ask parents to sign a short release authorizing posting of a submitted baby photo.  Happy to help with drafting if requested. 

   
 


I-STOP Implementation - Common Q&As

Looking for HIPAA and compliance forms?  
Click here to visit 
our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or  at (516) 747-6700 x. 302.

Looking for the KK Healthcare Exchange?  Click Here. 

MISSED OUR RECENT WEBINARS?  CLICK HERE ANYTIME!
Looking for HIPAA and compliance forms?  
Click here to visit our website.
Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or  at (516) 747-6700 x. 302.
Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com
Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!