Patient photos form part of the patient's medical record. As with any document that forms part of the patient's medical record, you must store photos securely. In Australia you must store photos for a minimum of 7 years (or if a minor, until they are 25). Placing clinical photos into a patient's medical record can be a rigmarole, but it is required if it is used to help treat the patient (like a standard laboratory test).
PicSafe provides integration into third-party medical record vendors to allow automatic entry of medical photos into the appropriate patient's medical record (for details, please see our documentation).
You must securely store photos taken for research and education purposes, as well. What is considered "secure", and what is not, is always going to be debatable. In the real world, there is always a trade-off between security and practicality. Storing photos on a USB drive, which is in turn stored in a high-security vault, is secure but not practical. Storing photos unencrypted on your phone is practical but certainly not secure.
Box and Dropbox are considered the most popular cloud storage services available. Both Box and Dropbox offer a HIPAA-compliant secure storage option, and while HIPAA is a US-based standard for protecting patient privacy, it is viewed by many around the world as the gold standard in patient privacy regulation. Both Box and Dropbox, however, are US companies and, hence, raises the issue of data sovereignty. If you store data outside of Australia, then it becomes subject to the laws of the country in which the data resides.
In November 2106 Box fortunately announced "Box Zones in Australia” which enables Australian customers to store their data locally. Box says that by storing customer data in-country, it “can help address Australian Privacy Principles for organisations with data residency concerns and help companies meet the Australian Signals Directorate's strong recommendation that cloud providers handling sensitive data be located in Australia”.
Unfortunately, you must have a Box Enterprise account to use Box Zones. The Box website asks that you contact them to get a quote. Expect to pay around $35 per month for this service.
According to Dropbox's VP of Enterprise Strategy, Ross Piper, "Dropbox stores its Australian customer files in Amazon Web Service's Sydney data centre". This is despite their website saying all data is stored in data centers across the United States. Technically speaking, then, it sounds like you can use Dropbox. However, they state that they hold related metadata in the US, thereby raising the accessibility spectre once again. The fact that this issue is conspicuously not addressed on its website raises some doubt about using Dropbox here in Australia.
If you decide to use Dropbox, the "Dropbox Basic" free plan, may be all you need for a while. That gives you 2GB of storage which should be enough for roughly 400 photos. If you require more storage space, you can upgrade to various paid plans starting at AU$11.60 a month.
80% of "Security Incidents" that occur are the result of weak passwords. "Organisations are spending millions of dollars to beef up their data, application, and network security, but still keep overlooking the one obvious area of exposure: user passwords."
Passwords can be hard to remember which explains why 80% of people reuse the same password for lots of services. When a security breach does occur (e.g. in 2016 Yahoo revealed that 1 billion accounts were compromised), you can count on hackers trying the same passwords to access to other services.
If you have PicSafe PRO or your part of a PicSafe Enterprise License, you can link your Box or Dropbox account and upload clinical photos directly to Box or Dropbox. Doing so dramatically streamlines the workflow in a busy clinic setting where smartphone clinical photography provides critical input to supporting patient therapy and billing processes. PicSafe PRO costs AU$14 a month.