• Helping you with HIPAA Security Solutions.
  • Call Us (631) 403-6687
  • Office HrsMon - Fri: 9.00am to 5:00pm
Log InSign Up

Requesting Pictures of Patients' Feet

  • April 29, 2024
  • By tahlia@tldsystems.com
  • 0 Comments

Requesting Pictures of Patients' Feet

by Michael Brody, DPM, CEO TLD Systems

"The doctors in our practice request patients to text or email them photos of their various foot conditions and post-op P&As to their personal mobile phones. We know this is not HIPAA compliant. What is a better way to handle these situations?"

Having patients send pictures and information to personal cell phones is problematic for several reasons.

HIPAA

Your phone is not secure. Having patient images on a device that is not secure is a risk. If your phone is lost or stolen, whoever finds the phone can have access to that patient information.

Most phones backup to an online repository. In the case of Apple devices, they backup to iCloud. You do not have a Business Associate Agreement with iCloud and iCloud is not secured up to HIPAA standards. The same is true for the online backup for Android Phones, and other phones.

Even when you delete the information from your local phone, you do not know how long copies of the information will be stored somewhere in the cloud phone backup system.

Therefore this is a major issue when it comes to HIPAA.

Medical Records / Quality of Care / Possible Malpractice Cases

Anything a patient sends to your personal cell phone needs to be transferred to your EHR to document the information and communication in the patient’s record. There have been malpractice cases where patients kept copies of the text messages they sent to their provider. However, the provider did not transfer these messages to the patient’s medical record. This resulted in a negative impact on the outcome of the malpractice case. Receiving information via text message requires you to go through all of the steps to document the data into the patient record.

Billing

There are billing codes for you to communicate with patients via messages in this manner. However, in order to bill those codes, you need to capture the information in the medical record.

Recommendations

Use a method that integrates with your EHR system so that patients can send information to you in a secure manner and automatically incorporates into the patient record.

Tags: HIPAATextingMalpracticeSecurityText MessageEHR
tahlia@tldsystems.com

Tahlia

Read Comments

Add Your Comment