I was doing some last minute research for tomorrow’s article on the El Paso Children’s Hospital and UMC when I came across the children’s hospital Facebook page and I noticed something disturbing. There are hundreds of patient pictures on their Facebook account.

As a stock photographer, I am always careful to get my subjects to sign a release form before I photograph them. Unbeknownst to many individuals, any picture you take with the intention of commercially using it must have a release form attached to it. It is not only the individual but also private property, such as recognizable buildings or products, that must have a signed release form attached to them. The exceptions are pictures used in an editorial basis, such as a newspaper or newscast but even many of those require certain releases.

Commercial use is the use of any image, picture or otherwise of an identifiable person for the purpose of commercially attracting new users or raising money. Social media outlets are considered publications and thus the proper release must be attained before publishing a picture of someone. Even if it is your business and you take the picture of a patron, you must have their consent to use the image on any advertising including Facebook or other social media.

In the case of El Paso Children’s Hospital, their Facebook posting of numerous patient pictures is likely a misuse of patient and family likenesses, but likely also violates HIPAA.

HIPAA is the Health Insurance Portability and Accountability Act that protects patient’s rights. There are also state laws that have been enacted to protect the privacy of patients. Basically, medical providers have a duty to keep private the health condition of their patients, including any information that can identify them or reveal any medical condition they are being treated for. Under the Act, a health provider can only release the information to a third party provided it is for providing treatment to the patient. They must protect it otherwise from public release. Health professionals are liable for the unauthorized release of patient information.

The image above is one I copied from the El Paso Children’s Hospital Facebook page today. Although I am not required to, I felt compelled to hide the identity of the patient and the adults, which I presume to be the parents. Other than the text identifying where the image came from and the black bars across the faces the rest of the image is as it was posted on Facebook.

Clearly, the patient is identifiable and anyone medically inclined can generally tell what the patient is suffering from. This is one of hundreds of other patient pictures posted by the El Paso Children’s Hospital on Facebook.

Not only do the use of the pictures on Facebook seem to violate the patient’s right to controlling how their image is used for commercial purposes but it looks like it violates federal laws on patient privacy, as well.

In tomorrow’s article I’ll reveal to you what the end game is for Veronica Escobar in regards to the El Paso Children’s Hospital.

Martin Paredes

Martín Paredes is a Mexican immigrant who built his business on the U.S.-Mexican border. As an immigrant, Martín brings the perspective of someone who sees México as a native through the experience...

3 replies on “Is El Paso Children’s Hospital Violating HIPAA?”

  1. This is horrible! Patients should not be paraded on Facebook! Where is the news media on this? That Facebook page needs to be taken down immediately and someone held accountable.

  2. The pictures are to remind you “it’s for the children”. A popular slogan to distract and create guilt for not supporting the effort.

    Distract the public from the obvious financial crisis or a failed idea.

Comments are closed.