Читать книгу A Dentist’s Guide to the Law - American Dental Association - Страница 59

If patient information such as full face photos or other identifiers is captured by surveillance equipment, the HIPAA Privacy Rule may require appropriate administrative, technical and physical safeguards to protect the privacy of the information. A covered dental practice might meet this obligation through encryption or by otherwise restricting access to the surveillance records. If the surveillance is managed by a vendor, the vendor may meet the HIPPA definition of a “business associate” and may need to sign a compliant business associate agreement with the dental practice. HIPAA and applicable state law should be considered when deciding how to manage retention, access, and disposal of surveillance records.

State employment laws and privacy laws may also govern the surveillance of employees as well as patients and the public. A qualified attorney could help a dental practice determine whether a surveillance program complies with applicable federal and state law.

Clearly, monitoring equipment that captures information or behavior that is deemed private, such as employee break rooms, would pose a much higher legal risks. Monitoring that captures activity in restrooms and similar private areas could result in criminal prosecution as well as lawsuits for damages.