top of page
  • Writer's pictureDr. Leslie Baumann

Is Your Medical Practice HIPAA Compliant?

Updated: Mar 25, 2020

Keeping patient information safe is a top priority for all healthcare professionals, but many practices may not realize that with the influx of new technology, some day-to-day activities may not be HIPAA compliant. Here are three important components of any dermatology practice that may need to be reevaluated to make sure your patients and business are safe.

Staff Education

One of the most common reasons for HIPAA violations is that staff members are not properly educated about what actions are and are not appropriate when dealing with or discussing patient information (Becker’s Healthcare). Make sure your staff and employees know and understand HIPAA regulations and how to implement them on a day-to-day basis. Even something as small as forgetting to remove a patient’s chart from the exam room as soon as they leave can be cause for concern.

If you don’t currently have a formal training program, consider investing in an online HIPAA training course for your employees, such as My HIPAA Training or HIPAA Exams. These programs typically cost around $25.00 per staff member, but taking every precaution to ensure that sensitive information is safe is an investment well worth making.

Social Media

Actively using social media to promote your practice and interact with patients and potential patients is a great marketing strategy, but this can also lead to HIPAA noncompliance if you’re not careful. Keep in mind that even though a patient may comment on a particular post, your dermatology practice cannot imply that he or she is a patient, nor can you mention any particular treatment that they’ve tried. It’s also best to stay away from suggesting treatments or products via your practice’s social media accounts, as these recommendations may be seen as medical advice given by a non-medical professional (Practical Dermatology).

In the same vein, healthcare employees cannot discuss or share patient information on their own personal social media accounts, even if these accounts are private and even if patient names are not used. Even a seemingly innocent post such as a photo taken in the employee break room, where patient information happens to be in the background can be a major HIPAA violation and could have very serious consequences for your practice. Be sure that all staff members fully understand how to use social media in a professional manner to minimize this risk.

Marketing Materials

Many dermatologists’ offices utilize before and after photos of previous patients to show potential clients the results that they may be able to achieve themselves. However, know that simply blacking out a patient’s eyes in their photos is not enough to remain HIPAA compliant. There may be other identifying characteristics, such as a tattoo, mole, or birthmark that could give away the patient’s identity (Practical Dermatology).

If you are going to use before and after photos, which can be quite helpful, make sure you receive written consent from the patient before making them available to the public. You should also very clearly outline what these photos will be used for, where they will be posted, and who might have access to them.

Additionally, any time you receive a photo of a patient, you need to make sure that it is encrypted and stored securely on your computer or other electronic device. Simply receiving a photo unencrypted via email or text is not in compliance with HIPAA regulations.

In Summary

Staying on top of HIPAA compliance and other security strategies to make sure that all patient information is safe and secure is a crucial step in maintaining the integrity and reputation of your dermatology practice. Take steps such as regularly requiring staff members to revisit HIPAA training modules to ensure that small mistakes that could end up turning into large privacy problems don’t occur in the first place. With the right precautions and systems in place, your practice can run smoothly and safely, while still being able to take advantage of tools like social media marketing and before and after patient photos.

Developed by world-renowned dermatologist, Leslie Baumann, MD, the Skin Type Solutions® Franchise System is an educational, science-based skincare store that implements a simple and reliable system to maximize skincare product sales and improve patient compliance and results.

Based on Dr. Baumann’s patent-pending Baumann Skin Typing System, this first-of-its-kind retail model provides dermatologists with the scientific methodology, training, and education necessary to prescribe effective, customized skincare regimens utilizing multiple brands of products that have been independently tested and approved by Dr. Baumann. To learn more about what Skin Type Solutions can do for your dermatology practice, visit the STS site here.


bottom of page