Adams School of Dentistry: Policy on Photography of Patients


Adams School of Dentistry: Policy on Photography of Patients

I. Introduction


The purpose of this Policy is to establish reasonable measures to regulate the creation, use, and disclosure of patient images at the UNC Adams School of Dentistry.


This Policy applies to all UNC Adams School of Dentistry personnel who create or otherwise have access to patient images.

II. Definitions

  1. Clinical photography: photographs or video recordings made of patients during the course of their evaluation or treatment.
  2. De-identified: health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.

III. Policy

A. Policy Statement

All photographs of patients must be created for a legitimate Adams School of Dentistry business purpose and stored using appropriate technical safeguards. Except as permitted by the HIPAA Privacy Rule (e.g., for treatment, payment, or health care operations), patient images that are not de-identified cannot be used or disclosed unless the patient has signed a valid authorization.

1. Legitimate Business Purpose

Clinical photography is often appropriate and necessary for the identification, diagnosis, evaluation, management and/or treatment of health conditions. Accordingly, the general consent to treatment includes the patient's consent to take and use photographs for treatment, payment, or health care operations purposes, including the education and training of Adams School of Dentistry students and other personnel in the practice of health care. In addition, photographs may also be taken for research purposes, provided this is done in a manner consistent with the University's Institutional Review Board (IRB) requirements. Patients must give their written permission before they may be photographed for other business purposes, such as for marketing or public relations.

It is inappropriate to photograph a patient for personal reasons (including patients who are family or friends of the provider).

2. Appropriate Technical Safeguards

All photographs of patients must be taken using a device that is owned or approved by the School. Once created, patient images must be stored to a University-approved secure environment as soon as practicable and deleted from the device on which was created.

a. School-Owned Devices

School-owned camera devices are encouraged as the most appropriate means to create patient images. Department Chairs and Heads of other administrative units are responsible for ensuring that devices used in their area are appropriately handled in accordance with the requirements above.

b. Personally-Owned Devices

Under no circumstances may patient images be stored locally on a personal smartphone or tablet. Since many smartphones automatically backup data to third party cloud services, storing images on a local device could lead to unauthorized disclosure. In addition, personal smart devices may not be used to create photographs of patients unless:

  1. using a mobile application specifically designed to interface photos with Epic (e.g., Haiku or Canto) that does not store images locally; and
  2. the device complies with the University's IT Security Controls Standard.

Other personally-owned camera devices (e.g., cameras required by residency programs) may be approved for patient photography only if:

  1. the SD card contained within the device that will be used to store patient images is owned by the School; and
  2. the device owner agrees in writing that patient images will be appropriately secured, including but not limited to, keeping SD cards on Adams School of Dentistry premises at all times.

B. Exceptions

When providing or supervising patient care at UNC-Health Care (UNCHCS), Adams School of Dentistry personnel should adhere to relevant UNCHCS privacy and security policies.

External media representatives wishing to photograph patients must obtain approval from the Public Affairs and Marketing Team. External media representatives may not photograph or record patients without the patient's prior written permission as coordinated through the Public Affairs and Marketing Team (see attached External Media Release form). Once signed, the form is to be uploaded to the patient's dental record.

IV. Related Requirements

A. External Regulations and Consequences

  1. UNC-Chapel Hill Policy on the Privacy of Protected Health Information
  2. UNC-Chapel Hill Policy on Information Security
  3. UNC-Chapel Hill Information Classification Standard
  4. UNC-Chapel Hill Information Security Controls Standard
  5. UNC-Chapel Hill Standard for the Transmission of PHI and SI Over an External Network or Unsecure Medium

B. Unit Policies, Standards, and Procedures

  1. UNC Adams School of Dentistry Policy on the Use of Social Media

V. Contact Information

Topic, Title, and Contact Info Table
Topic Title Contact Info
Appropriate Technical Safeguards

Assistant Dean for IT (VACANT)

ASOD HIPAA Security Officer


External Media Representatives Director for Marketing and Communications
Print Article


Article ID: 131293
Thu 4/8/21 9:05 PM
Fri 6/23/23 1:19 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Adams School of Dentistry
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Director of Marketing and Communications
Next Review
Date on which the next document review is due.
05/09/2025 12:00 AM
Last Review
Date on which the most recent document review was completed.
05/09/2023 2:01 PM
Last Revised
Date on which the most recent changes to this document were approved.
05/09/2023 2:01 PM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
03/02/2021 12:00 AM
Date on which the original version of this document was first made official.
04/24/2019 12:00 AM

Related Articles (1)

The UNC-Chapel Hill Adams School of Dentistry has a legal and ethical responsibility to safeguard patient information. This responsibility includes ensuring that devices storing Protected Health Information ("PHI") or other Sensitive Information are properly encrypted and are serviced by an appropriate vendor. The purpose of this Policy is to ensure that all Computing Devices used by students will meet institutional security requirements.