Patient Privacy
What does PHI Stand for?
What is Protected Health Information
A patient asks you about another client they know who also comes to the spa. How should you respond?
Politely explain that you cannot confirm or share any information about other patients due to HIPAA.
What year was HIPAA enacted?
1996
True or False: It’s okay to share before-and-after photos on social media if the patient gave verbal consent.
False, must have written authorization.
True or False: HIPAA violations can result in fines
True
True or False: A patient’s birthday is considered PHI.
True
Is it okay to text patient details from your personal phone?
No, must use secure communication, Boulevard messaging is compliant!
Who does HIPAA apply to?
Covered entities & business associates handling PHI.
“You’re walking a patient to the lobby and another patient asks, ‘What treatment did they just get?’ How should you respond?”
Do not share any details. Politely explain that you cannot disclose another patient’s treatment — it’s protected information.
What’s the maximum fine per HIPAA violation?
Up to $50,000 per violation
Can you confirm over the phone if someone is a patient?
No
You’re on social media and want to post about a “fun day at work” — can you share a photo of the office if charts or patients aren’t visible?
Yes, only if no PHI, charts, or patients are in the image. Always double-check.
Name 2 identifiers that make info PHI
Name, SSN, phone #, medical record #
A celebrity client visits the spa, and you want to text your friend that you saw them. What’s the risk?
Huge HIPAA violation. Disclosing even the fact that someone is a patient is prohibited
Besides fines, name one consequence of a HIPAA breach.
Job loss, legal action, loss of trust, audits