Our new Policy Portal is now live! If you don't already have an invitation to link your policy, you will need your client number in order to link the policy. Please send an email to submissions@profsolutions.com to request your client number. Please visit our FAQ for more information and how-to videos.

Notice to policyholders in the Southeast recently affected by Hurricane/Tropical Storm Helene. 

Handing something off to another person

Photos & Protected Health Information

Photos that show individually identifiable information are considered protected health information (PHI). Are you showing or sharing too much?

Any photo that shows individually identifiable information is considered protected health information (PHI). This can include a patient’s face, name or initials, their date of birth, the date of their treatment or photos of any birthmarks, moles or tattoos.

Here’s advice on what to do and not to do with PHI photos:

  • Photos should not simply be wiped of PHI and then stored on a device for any period of time. To hold onto photos long term, use software that uses encryption.
  • Never email, text, or otherwise send this information without proper encryption software.
  • Patients should always give their consent before photos are shared.
  • Only take pictures on facility-owned and approved equipment. To avoid a breach in health information, a PHI photo should not be taken on a personal phone or computer under any circumstances.
  • Never post any photograph that contains PHI to any social media accounts without direct consent from the patient.

Photo risk tips in review:

  • Don’t disclose photos without proper encryption and protection.
  • Don’t share unauthorized photos of patients on social media.
  • Avoid taking patient photos out of the practice on devices.
  • Only use photo equipment owned by the practice.