A Dermatologist is consulting a patient that is worried about a mole. The doctor feels it is suspicious and wants to take a photo of it before removing it.
- The doctor opens the PicSafe® app on his/her personal device and explains to the patient while doing so that he/she would like to take a photo. Upon receiving the patient's agreement, the photo is subsequently taken.
- The doctor enters the patient details and records the patient's consent (the patient signs on screen after reading the proposed usage of their photo).
- The doctor submits the form and the app uploads a “report” to the medical record system.
- The doctor opens the camera app on their phone.
- The doctor explains, to the patient, they are going to take a photo and takes a photo.
- Doctor emails the photo to their receptionist (the email server is in the USA).
- The iPhone automatically uploads the photo to iCloud.
- The receptionist adds the photo to the patient's record in the clinic software they use (e.g. Medical Director).
The Result (without PicSafe):
- No consent recorded.
- Patient data leaves the country.
- The doctor's phone (and potentially, their commercial application being used) is storing patient data.
- In breach of multiple Australian Privacy Principles. Potential fine of $340,000 (for individuals) and $1.7 million (for corporations) per privacy breach.
If a dermatologists takes photos of 12 patients a day with a scenario similar to described above, to the letter of the law, they would rack up fines of over $500 million per year (12 photos per day x 5 days per week x 48 weeks a year x $174,000 per breach)!
If a corporation is facilitating this and they had a practice of 4 dermatologists, they would rack up files of nearly $20 billion (12 photos per day x 4 dermatologists x 5 days per week x 48 weeks a year x $1,700,000 per breach)!