The leaders of fire, EMS and police departments have been struggling with the challenge of emergency personnel taking emergency scene photos and videos and sharing them through social media.
Inexpensive, high quality digital cameras have become a perceived necessity in the digital age – so much so that most cellphones now come with cameras built in. The digital imaging phenomenon has fueled inappropriate taking and sharing of imagery, which in turn has created public relations nightmares for chiefs. In a growing number of cases, the taking and posting of patients photos has also led to costly lawsuits.
The problem promoted two states, Connecticut and New Jersey, to take the drastic step of making it a criminal offense for emergency personnel (fire, EMS or police) to take photos depicting patients unless the photo taking was authorized by the department. Both states also prohibit any sharing of a lawfully taken photo without the patient’s written consent.
On May 30, 2013, a new corner was turned in this battle when Maryland Assistant Attorney General Sarah M. Sette issued an opinion memo connecting photo-taking to violations of the Health Insurance Portability and Accountability Act (HIPAA) as well as state law medical privacy violations.
HIPAA is a federal law enacted in 1996 that addressed a broad range of health care issues, but has become most well-known for the medical confidentiality requirements it imposes on health care providers.
In her memo, AAG Sette concluded that photos taken of identifiable patients constitute “individually identifiable health information” under HIPAA, the release of which through any means (email, social media, use in PowerPoint slides) is a violation with both civil and criminal consequences.
The memo began being circulated to local and regional EMS providers in Maryland and instantly sparked panic and concern from folks who up until this point had not considered the HIPAA implications of emergency scene digital imagery.
Quoting from the memo, HIPAA applies to:
“photographs of patients taken by EMS providers if the patient can be identified, whether directly through their features, or indirectly through unique clothing or a license plate or the nature of the particular injury or motor vehicle crash or event. Similarly, a photograph of a medical record such as EKG, or a unique injury or treatment, might also be susceptible to being linked to a specific patient.”
“Accordingly, distributing such a photograph, whether via email, by posting it on Facebook, or through other media, may be an unauthorized disclosure of protected health information and violate HIPAA.”
The memo outlines the penalties that violators face, including fines of up to $250,000 and 10 years in prison. It also discusses the fact that Maryland has a state law that addresses medical confidentiality, Health General Article, Sections 4-30 l, et seq., which would also be violated by such photo taking. The Maryland law similarly carries fines of up to $250,000, imprisonment, and possible civil liability to the victims.
In the aftermath of the memo a number of questions are being asked:
Does HIPAA and state medical confidentiality laws apply to the news media and citizens who may take photos at emergency scenes? No. HIPAA only applies to “covered entities”. While the scope of who is covered by HIPAA is a complicated subject and beyond the scope of this article, generally it is limited to medical providers who engage in electronic medical billing. Many fire and EMS departments do bill electronically for ambulance transports and thus are subject to HIPAA. However, virtually all fire and EMS departments will find themselves subject to the state’s medical confidentiality laws. In this regard, the state medical confidentiality laws usually provide even broader protections than HIPAA.
Courts have said people have a First Amendment Right to take pictures at emergency scenes. What takes precedence, the First Amendment or HIPAA? Emergency responders do not have a First Amendment right to take photos at emergency scenes. That right is limited to citizens who are not acting on behalf of an emergency response organization. Thus an off-duty emergency responder may have the right to take photos at an emergency scene, while an on-duty responder would not.
Does HIPAA and state medical confidentiality laws prohibit taking photos? No. Neither HIPAA nor state medical confidentiality laws prohibit the taking of photos, whether intentionally for incident documentation, training, or investigation purposes, nor inadvertently by members who are using dash or helmet cams, or taking a photo of something else and accidentally capture a patient. What is required is that any imagery that shows an identifiable patient must be treated as part of the patient’s confidential medical record. It cannot be released or used without the patient’s written consent, except that it may be shared with other health care providers treating the patient.
For those currently using PATC/LLRMI’s fire service digital imagery and social media policies, there is good news: your policies are already in compliance with this latest interpretation on medical confidentiality. There is no need to change a thing!
Note: Court holdings can vary significantly between jurisdictions. As such, it is advisable to seek the advice of a local prosecutor or legal adviser regarding questions on specific cases. This article is not intended to constitute legal advice on a specific case.
For any questions or comments, please contact Jim Alsup, Director of PATC by email at: [email protected]