We’ve always said that good EMS documentation should “create a picture” of the patient’s condition so a reader of that report can visualize the patient. With all the new imaging technology, electronic patient care report (ePCR) reporting programs now permit iPads and other notepad and notebook devices to capture images of the patient at the scene and attach those images directly to the patient care report (PCR). These images can be helpful to the receiving physicians and other care providers in the early stages of illness or injury, and to show the mechanism of injury. As they say, “A picture is worth a thousand words!”
But is it legal to attach to the PCR images of a patient being extricated from a vehicle or images of a stroke patient to show facial drooping and other clinic signs? The answer is yes, as long as these images are being used as part of the treatment and care of the patient and in accordance with federal and state privacy laws. Patient images are considered protected health information (PHI) under the HIPAA privacy rules, just like PCRs and other medical records. And it’s generally lawful to attach these images to the patient record in appropriate circumstances under the “treatment” exception of HIPAA. That exception allows the sharing of PHI with other healthcare providers involved in the care of the patient without authorization of the patient. Under this exception it would be appropriate to share that image with the hospital staff members who received the patient.
The key to avoiding legal entanglement is to use patient imaging only for legitimate patient care or operational reasons and to safeguard those images. Your agency should have a policy that outlines when and how these images may be taken, how they may be distributed, and how these images will be secured and protected from improper use or disclosure. Imaging should be limited to occasions where it can be helpful for the care of the patient or to document the situation for operational, quality assurance, risk management, and other legitimate purposes. Images with PHI should be protected in the same manner as other PHI, like the patient care report.
There’s considerable risk patient images can be leaked and used improperly. Recently, there have been numerous incidents where emergency responders have improperly used patient images. In one case, a young Georgia woman was killed when her vehicle hit a tree head on. She had extensive head injuries and was pronounced dead at the scene. The firefighters on scene used a personal smartphone to capture video recordings of her body while it was in the vehicle. This video also recorded the audio of the firefighters making inappropriate comments about the deceased young woman. Unfortunately, this video was allegedly shown in a bar, was forwarded to others not involved with the care of the patient, and ultimately was sent by text message to the father of the deceased young woman. As the parents said in a Today Show interview, the video showed a “lack of concern and empathy” toward their daughter. Needless to say, the parents were livid. They suggested laws be passed to prohibit emergency responders from taking video or other images of patients at the scene of an incident.
The EMS community needs to police itself and ensure images and videos of patients are only used for legitimate medical purposes. It’s lawful to capture an image or video of a patient for attachment to a bona fide medical record, but there must be adequate safeguards in place to ensure the image is secured and only accessed and used by those who have a need to see it.
A strict policy that outlines how these images will be captured and used is absolutely essential. And it’s not a bad idea—when the patient is able—to seek permission from the patient to take the image in the first place, especially if it’s inside the patient’s home or other non-public area. A simple release form that explains how these images will be used for treatment and made part of the patient’s medical record should be considered.
There’s a higher concern about patient privacy when images of a patient are taken within their home or while in the back of a closed ambulance. EMS providers need to use common sense and good judgment when deciding when to capture a patient image and how it will be used. And all patient images should be taken and stored on company-owned equipment that is properly secured in accordance with HIPAA security requirements. Images taken with personal devices are most susceptible to improper disclosure and an unlawful “breach.” Violation of the privacy laws now come with significant fines and penalties.