Can you take pictures of patients?

Patient photographs for treatment are considered part of their medical record. Consent is required for pictures used beyond direct patient care, such as for educational, research, or publication purposes.

Rules for using patient photos for treatment vs. other purposes 

For treatment

• Consent: In a treatment context, photographs are often considered a part of the patient's medical record. General consent for medical treatment typically includes consent for necessary documentation, encompassing clinical photos.
• De-identification: De-identification is usually not required since these pictures are used in patient care. They are protected under the confidentiality norms that govern all medical records.
  
  

For education, research, or publication

• Consent: When photographs are used for education, research, or publication, specific informed consent is required. This consent must clearly state that the images will be used for purposes beyond direct patient care and describe the nature of these uses. 
• De-identification: Photographs must be de-identified by removing identifiable features such as faces, tattoos, or other unique identifiers. This ensures that the photographs can be used for their intended purpose without the risk of linking them back to the individual patient.

See also: HIPAA Compliant Email: The Definitive Guide

Informed consent for patient photography

To ensure transparency with the patient, the photography consent form should state the purpose of the photographs and provide details on how the pictures will be utilized and shared.

The form should specify the de-identification process for photographs used beyond treatment, measures to safeguard patient identity, and the expected retention duration.

It should provide information on how the patient can retract their consent. This should be offset by the description of the confidentiality measures implemented to protect the security and privacy of the photographs, covering aspects of storage and handling.

See also: Consent vs. permission in healthcare

How does de-identification apply to patient photographs?

De-identification in the context of patient photographs involves removing or obscuring any identifiable information that could be used to trace the image back to an individual patient, including:

• Full-face photographs or any comparable images that can reveal the patient's identity. 
• Unique physical markers such as distinctive birthmarks, tattoos, and scars.
• Identifiers like the patient's name, birth date, medical record number, or any other unique characteristic or code that could link the image to the individual.
• Details like room details or medical equipment with identifiable tags, may also need to be altered or removed to prevent recognition.

See also: How to de-identify protected health information for privacy