Vail Valley Medical Center Policy



Similar documents
What Virginia s Free Clinics Need to Know About HIPAA and HITECH

Patient Privacy and HIPAA/HITECH

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

SCDA and SCDA Member Benefits Group

COMPLIANCE ALERT 10-12

Health Insurance Portability and Accountability Act (HIPAA) Compliance Training

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

HIPAA Security Rule Compliance

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

State HIPAA Security Policy State of Connecticut

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc HIPAA Hotline

HIPAA Compliance: Are you prepared for the new regulatory changes?

Child Abuse and Neglect:

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES

BUSINESS ASSOCIATE AGREEMENT

HIPAA Privacy & Security Rules

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

HIPAA Security Education. Updated May 2016

HIPAA BUSINESS ASSOCIATE AGREEMENT

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

PRIVACY PRACTICES OUR PRIVACY OBLIGATIONS

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA Privacy and Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

HIPAA Information Security Overview

HIPAA Security Alert

STANDARD ADMINISTRATIVE PROCEDURE

HIPAA Awareness Training

How To Protect Your Health Care From Being Hacked

Montclair State University. HIPAA Security Policy

PHI- Protected Health Information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE

C.T. Hellmuth & Associates, Inc.

My Docs Online HIPAA Compliance

HIPAA Compliance Annual Mandatory Education

Authorized. User Agreement

Strategies for Electronic Exchange of Substance Abuse Treatment Records

Providers are expected to conduct their business activities in full compliance with all applicable state and federal laws.

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES

COVERMYMEDS BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

Health Information Privacy Refresher Training. March 2013

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Use & Disclosure of Protected Health Information by Business Associates

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT TERMS

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Annual Compliance Training. HITECH/HIPAA Refresher

HIPAA BUSINESS ASSOCIATE SUBCONTRACTOR AGREEMENT

HIPAA Compliance Guide

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

HIPAA Privacy for Caregivers

HIPAA and Mental Health Privacy:

HIPAA Privacy and Security

Business Associate Agreement

NOTICE OF PRIVACY PRACTICES

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Patients First: How We Protect Your Privacy

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Department of Health and Human Services Policy ADMN 004, Attachment A

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

HIPAA Orientation. Health Insurance Portability and Accountability Act

What s New with HIPAA? Policy and Enforcement Update

HIPAA PRIVACY AND SECURITY AWARENESS

Transcription:

Vail Valley Medical Center Policy TITLE: HIPAA - Photographing, Video Recording, Audio Recording, and Other Imaging of Effective Date: November 13, 2012 Status: Final Replaced: New Policy Purpose: 1. To facilitate compliance with the Health Insurance Portability and Accountability Act (HIPAA) Standards for Privacy of Individually Identifiable Health Information (Privacy Standards), 45 CFR Parts 160 and 164, and any and all other Federal regulations and interpretive guidelines. 2. To establish guidelines for situations where patients and/or workforce members may or may not be photographed, video or audio recorded or otherwise imaged within Vail Valley Medical Center (VVMC). Definitions: 1. Audio Recording: recording an individual s voice using video recording (e.g., video cameras, cellular telephones), tape recorders, or other technologies capable of capturing audio. 2. Authorization: a written form executed by the patient or the patient s legal representative that meets the requirements in the Authorization for Uses and Disclosures of Protected Health Information policy. 3. Consent: the patient s or patient s legal representative s written acknowledgment and/or agreement of the use and/or disclosure of protected health information for treatment, payment, or health operations purposes or other reasons permitted by the HIPAA Privacy Rule. 4. Photography: recording an individual s likeness (e.g., image, picture) using photography (e.g., cameras, cellular telephones), video recording (e.g., video cameras, cellular telephones), digital imaging (e.g., digital cameras, web cameras), or other technologies capable of capturing an image (e.g., Skype). Page 1 of 5

a. This does not include medical imaging such as MRIs, CTs, laparoscopy equipment, etc. or images of specimens. 5. Workforce Member: employees, volunteers, trainees, and other persons whose conduct, in the performance of work for VVMC, is under the direct control of VVMC, whether or not they are paid by VVMC. Policy Statement: 1. VVMC shall take reasonable steps to protect patients, visitors, and workforce members from unauthorized photography, video or audio recordings, or other images. 2. Sanctions shall be applied in accordance with VVMC s Sanctions for Privacy and Information Security Violations policy. 3. VVMC shall post the photography policy or signs/posters addressing photography in various locations in VVMC Procedures: 1. The following limited circumstances may be used to capture or record a patient s likeness or voice using photography and/or audio recording. a. Only designated company-owned devices to photograph or audio record a patient may be used by VVMC workforce. b. VVMC s procedures address how VVMC-owned devices are securely stored, how photographs or recordings will be saved, stored, and disposed, and designate appropriate personnel with access to the devices. c. Photographs should not be stored on the device (e.g., camera) or on unencrypted memory cards and must be timely deleted (e.g., within 2 business days) from the device. d. Personal cellular telephones, cameras, etc. may not be used. 2. Photographing/Audio Recording Patients and Workforce Members by Patients, Family Members, and/or by the Patient s Visitors: a. VVMC is not required to obtain consent from the patient when the patient is the subject of the photography/audio recording and such recording is performed by the patient or the patient s family members or the patient s visitors. Page 2 of 5

b. Patients, family members, and/or visitors are not permitted to take photographs of or audio record other patients or workforce members without consent. c. To the extent the workforce member is aware of any inappropriate attempt to photograph a patient and/or workforce member, the workforce member must take reasonable steps to ensure that patients and/or workforce members are not photographed within VVMC by a patient or the patient s family members or visitors. 3. Photographing/Audio Recording Patients by Workforce Members for Treatment Purposes: a. Written patient informed consent is required before workforce members may photograph or audio record a patient for patient care purposes. 4. Photographing Patients by Workforce Members for Security or Health Care Operations Purposes: a. The Conditions of Admission or Consent for Treatment form advises patients that photographs or video recordings may be taken for security or health care operations purposes (e.g., quality assurance). b. This does not apply to general security surveillance of public areas. 5. Photographing Patients by Workforce Members to Document Abuse or Neglect: a. Patient consent is not required; however, the photographs may not be used for any other purpose beyond submission to the investigating agency unless otherwise permitted by federal or state law (e.g., for treatment purposes). 6. Photographing/Audio Recording Patients by Workforce Members for Research: a. Any use and/or disclosure of photographs or audio recording for research purposes will be in compliance with state and federal regulations concerning privacy and research. b. If a photograph or audio recording is determined to be identifiable, the VVMC Institutional Review Board overseeing the specific research project will determine if additional authorizations are required based on the criteria set forth in the privacy laws. 7. Photographing/Audio Recording Patients by Workforce Members for Publicity Purposes: a. VVMC must obtain written authorization from the patient prior to photographing/audio recording the patient for publicity purposes. Page 3 of 5

i. The authorization is only good for the type of photographs/recordings indicated and the timeframe listed in the authorization. Otherwise, a new authorization form must be obtained. ii. When the photography/audio recording is for publicity purposes, VVMC must obtain an Authorization for Use and Disclosure of PHI for Marketing and/or Promotional Purposes and a the Consent for Use and Disclosure of Image, Voice, and/or Written Testimonials. 8. Photographing/Audio Recording Patients by the Media or Law Enforcement: a. VVMC may permit news media or law enforcement agencies to photograph or audio record a patient if the patient s responsible (e.g., attending) physician agrees the patient is medically stable and the patient consents. b. VVMC may also disclose photographs and/or audio recordings to law enforcement when required by state law, such as child abuse and neglect, domestic violence, elder abuse, rape, and similar disclosures required by law. 9. Photographing for Gifts or Commemorative Purposes: a. Obtain written consent prior to photographing a patient when the photograph will be given as a gift or sold to the patient or patient s family. b. When a vendor is used to provide these services, obtain a written authorization from the patient or have the patient initiate contact with the vendor. i. For example, VVMC may leave a brochure about the services in the patient s room in order for the patient to contact the vendor directly. 10. Photographing/Audio Recording Patients for Telemedicine or the Internet (i.e., official uses only): a. Written patient consent is required prior to transmitting or using patient photographs/audio recordings for telemedicine or on the internet. b. Information Security policies and procedures for encryption and other company requirements must be followed. 11. Photography/Audio Recording of Patients or the Patient s Visitors within VVMC by Workforce Members for Personal Use: a. Workforce members are prohibited from photographing or audio recording patients or the patient s visitors within VVMC for personal use, including, but is not limited to, Page 4 of 5

i. taking pictures to share with friends and/or co-workers, ii. to post on the internet using social media (e.g., Facebook, MySpace, Twitter), etc. 12. Storage: a. Refer to VVMC sample Designated Record Set Policy to determine which photographs and/or audio recordings must be stored in the medical record. b. VVMC will designate a secure area(s) to store photographs and recordings that contain protected health information and will not be housed in the patient s record. c. Photographs and recordings will be clearly identified and securely stored and readily accessible for retrieval. 13. Disclosure: a. Do not release photographs and audio recordings without specific written authorization from the patient, unless the disclosure is for treatment, payment or health care operations purposes or is otherwise permitted or required by law. b. Unless prohibited by law, photographs and audio recordings may be released to the patient in accordance with Patients Right to Access. c. VVMC will retain the originals. Reviewed By: Vicki Dwyer, Compliance Officer 10/12; Michael Holton, Director of Marketing 11/12; Stephanie Palmer, Director of Safety and Security 11/12; Patient Safety Council 11/12. DocuShare SuperUser: Irby Lawrence Content Owner: Compliance Officer References: 1. Health Insurance Portability and Accountability Act (HIPAA), Standards for Privacy of Individually Identifiable Health Information 45 CFR Part 164. 2. American Recovery and Reinvestment Act of 2009, Title XIII, Subtitle D. 3. Rights and Responsibilities of the Individual, The Joint Commission Standards, 2010. 4. Rights and Responsibilities of the Individual, Standard RI.01.03.03, The Joint Commission Standards, 2010. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information