HEALTH professionals’ increasing use of personal mobile phones to take and share clinical photos is creating a patient privacy time bomb that hospitals cannot afford to ignore, experts warn.

Writing in this week’s MJA, Dr Paul Eleftheriou, deputy chief medical officer at Austin Health, together with the hospital’s former chief medical officer, Dr John Ferguson, and graduating medical student Kieran Allen, warned that even when doctors think they have protected patients’ privacy, the images they take may be identifiable.

“The capture of potentially identifiable physical features and metadata, and the unknown factor of how software developments may enable the identification of image subjects, dictate that health care organisations treat every patient image as potentially identifiable,” they wrote.

In January 2017, Austin Health will launch its own medical photo app to reduce some of the risks inherent in health professionals using their personal phones to take clinical photos.

The app will facilitate patient consent prior to photos being taken and will instantly delete the images from the health worker’s phone after automatically transferring them to the patient’s electronic medical record.

Dr Eleftheriou told MJA InSight that Austin Health had prioritised the app because most doctors were using their phones to take patient photos “on an insecure system, but with the best intentions”.

“We know that most of our doctors are responsible by seeking consent from patients, taking de-identified photos and by making every effort to delete photos; however, this practice is fraught with many risks and leaks in the system,” he said.

“Harms to the patient may include non-consensual secondary uses, identification, publication, psychological trauma and financial, occupational and reputational damage,” he warned.

The new tool is “not clunky or onerous” according to Dr Eleftheriou, who said staff were keen to use it to streamline patient care. “Because photos get automatically deleted from the user’s device, it is extremely less likely, compared to the status quo, that users will inappropriately share patient photos.”

Dr Eleftheriou said he hoped that other hospitals and institutions would adopt the same software to enable personal mobile device photography to improve patient care and health outcomes.

Photos taken through the app will only be able to be shared with approved users at the hospital or institution.

It’s a very different proposition to the medical photography app that tens of thousands of Australian health professionals are already using – called Figure 1 – which enables them to share images with one million users worldwide.

Among the collection of images on Figure 1 is a case of severe periodontitis in an older Indigenous woman in remote Australia, and the brain scan of a 30-year-old man concussed during an Australian rules football game. Each is followed by a string of comments – mostly comparable anecdotes from other countries, but also some medical advice.

Dr Joshua Landy, the Canadian clinician who launched the app in 2013, said that it was a mistake to operate as though all medical photos contained protected health information.

“The main consequence of treating all images like protected health information is that it doesn’t seem to fully consider a health care professional’s workflow in a practical setting,” he told MJA InSight.

For instance, getting patient consent wasn’t always achievable in “real life”, such as “in the middle of an operation”, he said.

Figure 1 has consent forms built into the app; however, it is up to the individual users to comply with the rules of their institutions and jurisdictions. Case photos are processed to remove all potentially identifying information, including names, tattoos, unique pieces of jewellery, faces and metadata.


Latest news from doctorportal:




8 thoughts on “Medical pics on personal devices a “privacy time bomb”

  1. Paul Eleftheriou says:

    As always, this is all about balance.

    Patient autonomy, privacy & trust on one hand versus the effective, efficient & safe process of medical photography on the other.

    This is why we extensively consulted with clinicians, patients & other key stakeholders to ensure we struck the most appropriate balance.

    As an example, privacy purists encouraged us to recreate a consent form before photos were captured but we knew this would be onerous, cumbersome & a hindrance to using this important tool – thus we received advice & verbal consent plus medical record documentation was considered sufficient.

    We agree that we can’t practice defensive medicine but as the volume of medical photos being captured on mobile devices exponentially expands & patients get more legally savvy then we too will be subject to litigation like in the States so why not be prepared & implement a sensible (& balanced) tool that our clinicians & patients alike are hotly anticipating?

    Balance is key.

  2. Sue Ieraci says:

    Privacy concerns must, of course, be balanced with good clinical care. As a previous poster states, unidentified images of skin lesions, rashes, radiological images or wounds present little risk, but may save a lot of time for the patient.

    While practical efforts to maintain privacy are important, along with informed consent, patients are much more likely to be upset about failure to communicate and refer than failure to maintain their images securely.

  3. Jane Andrews says:

    given the amount of continual “oversharing” in which people (i.e. patients) indulge regularly via social media, loud conversations in ward and waiting areas etc, I think we should be mindful of the opportunity costs of over-reacting to potential privacy issue with medical photography. Most images are not “sensitive” they are ulcers, rashes, polyps, operative images, radiology etc.
    remember every bit of resource we spend somewhere in the health system, cannot be used elsewhere.

    Sensationalist headlines in the MJA don’t help either. “time bomb” !! really?? such a first world issue!

  4. Kieran Allen says:

    Without proper controls in place, it is a time bomb for patients’ privacy indeed, Commonsense. A blaise attitude to protecting health information is unhelpful. Quality care is principally founded on the principle of “do no harm”. The harms detailed in our article are not artificial, nor do they exist in a legal or mental construct alone. The potential psychological trauma of having sensitive images handled inappropriately or used for secondary purposes without consent cannot be ignored. It is a breach of the trust provided by the patient.
    Fortunately, the resource outlay for many health networks is minimal, compared to the potential financial penalties for failing to adhere to privacy legislative requirements. We cannot refuse to protect patients on the presumption of resource costs.

  5. Commonsense says:

    Time bomb?, from another artificial mental and legal construct, sure. Let’s be distracted and expend lots and lots of resources to patch this loophole to protect ourselves and the law.

  6. Dr Katja Beitat says:

    Fully agree with Stephen’s comment. That’s why having a local solution such as Clinivid that has undertaken the full privacy impact assessment should be a consideration for potential users before making a decision which technologies fits their needs and context.

  7. Stephen Wilson, Lockstep Consulting says:

    Just remember that in our light touch regulatory environment, “privacy compliant” is not really a thing.
    If a piece of IT is to be used to handle patient information, in Australia the main regulatory requirements are process related. There is no approval process for common medical imaging or healthcare IT; rather, case-by-case, implementers of these solutions should undertake Privacy Impact Assessments (PIAs).
    A PIA is really the only accepted way for a system to be shown to be compliant with the Privacy Act and/or relevant state health privacy laws. Absent a PIA, ‘privacy compliant’ is really meaningless in Australia, as we have no prescriptive privacy regime, much less an organised compliance program.

  8. Dr Katja Beitat says:

    Offering Clinicians a simple, but safe and privacy-compliant tool to share visual patient information is important for care coordination and decision-making. Australian AHPRA registered practitioners now have an Australian developed alternative with the recently launched Clinivid App that offers the same protection by not storing images on the clinician’s phone and is available in the Apple App Store.

Leave a Reply

Your email address will not be published. Required fields are marked *