By Kirt E. Simmons D.D.S., Ph.D.
In this day and age it is “hip” to be connected everywhere and very easy given the nearly universal presence of powerful “smart” phones and tablets connected to the Internet. My iPhone is in essence a much more powerful computer than my first Mac I bought in 1986 and able to communicate to others via text messaging, E-mail, internet blogs or forums, web sites (Facebook, Twitter, etc.), and voice. In this day and age it is easily possible to access one’s patient records on such a device or a tablet, copy any of the information and relay it via any of the aforementioned methods. It is also very easy to get high quality photographs with these devices, including of patients or any of their records. Any of your patients with such devices can also easily capture photos of themselves or others in your treatment areas.
“Great!” You say, but beware of potential HIPAA violations with these devices. Many health care workers and organizations in other environments (mostly medical to date) have run afoul of HIPAA in this regard and paid heavy fines, been personally sued, lost their jobs and/or lost public credibility/trust. The classic example is the health care worker who “tweets” or posts on other social media sites about celebrities they have seen/treated in their facility (without the patient’s consent/knowledge of course!). Even non-celebrities but extreme or “shocking” cases, easily identifiable without “naming names”, have been the subject of these illegal disclosures and resultant negative consequences.
As a health care provider, and especially if you are the owner or proprietor of your practice, you are responsible for any breaches of patient confidentiality by yourself or any of your employees and you are also responsible for that confidentiality in your facility. For this reason many medical offices now require patients to turn off any cell phones, computers, tablet computers, or cameras while in treatment areas or leave them outside treatment areas. The HIPAA regulations also require that ALL transmission of personal health information (PHI) be “protected”. Common E-mail, text messaging, social media sites, etc. are not “secure and protected”. So even if the sharing of PHI is allowed between two entities (say yourself and the patient’s general dentist), doing so by the above means is NOT allowed (but IS required to be noted and tracked by yourself!). The ADA has some excellent resources discussing the proper sharing of PHI I encourage you to follow (ADA Technical Reports No. 1048, Attachment of DICOM Dataset Using Email, and No. 1060, Secure Exchange and Utilization of Digital Images in Dentistry, are available for download purchase from the ADA Catalog at www.adacatalog.org or by calling 1-800-947-4746).