Recently, several Medical and Dental Justice members have asked us about the type of consent needed for posting patient photos on the Internet.
The reason for posting is to show the quality of work the doctor performs – often in the way of before and after photos. The reason for members asking is because attorneys have recently come sniffing looking for money.
We have a template of an excellent release to help doctors patients navigate through the issues and the process. Get in touch with us for the release document. (Contact Us)
Of greater concern… and the reason for this alert. Some before and after photos posted by doctors on the web have the patient’s name embedded in the filename. So, if you place your cursor over the picture’s link, the patient’s name is popping up. The same applies to alt text (short for “alternate text”).
If the patient gave explicit permission to display his or her name, it should not be a problem. But, the vast majority of patients have signed releases explicitly promising that their name will NOT be made public. And many of these photos are accompanied by black strips over the patient’s eyes to mask identity. Most patients are expecting a great deal of privacy. So, this is a problem.
You must, I repeat, must make sure that file names or alt text of these photos are not connected to a patient’s name. If so, and you have no consent to publicize the patient’s name, you have an immediate HIPAA and state privacy problem – that needs to be fixed.
At least one surgeon who is being sued for this issue pointed the finger at her web hosting company – a company that manages sites for several thousand healthcare practices.
The not-very-reassuring-statement from the web hosting company. They do not post, control or influence the content. The company might also have immunity under the Communications Decency Act, which protects websites from suits over postings by third parties.
In short, the website company was arguing doctors are responsible for their own content. And if a file name has the patient’s name embedded in it, the doctor is responsible for scrubbing the name.
Don’t let a detail escalate into page one news story and litigation.
Thanks for the caveat, Dr. Segal.
If you’re a PS and regularly upload photos of patients to the web,your database of patient photos is likely arranged in alphabetical order, based on your patients’ names. Whsn you choose a photo, which typically contains your patient’s name, change the file name immediately prior to upload to avoid the problem of violating privacy.
I may use the first initial of the patient’s name followed by f p or 3 so I’ll know if the photo is a frontal, profile or 3/4 view, since I may upload to several sites.
Hope this helps everyone.
We actually delete the patients last name from the JPEG file prior to transferring to our server to be uploaded using Mirror software. Our standard web photo release states that we will post by first name only. There is also a waiver releasing the practice from liability from third party usage. We keep the original signed photo release in a secure file and also keep a scanned copy for digital access. Only photos that are accompanied with a scanned digital file are published. Hope this helps- Dr. Gross