August 6, 2019
You've been subscribed to our newsletter.
Ready for some BAD advice? As in advice from the British Association of Dermatology. We review their guidance. They provide guidance that is of interest, not just for dermatologists, but all doctors that work in the UK.
The working group that assembled the UK Guidance on the use of Mobile Photography Devices in Dermatology document have done an excellent job of bringing together requirements and guidance from various sources. They have attempted to provide clear guidance for the use of mobile devices for capturing patient photos. Unfortunately, much of the advice they have brought in is not always practical.
The document breaks the guidance into three standards.
We feel there are some inconsistencies and many impracticalities with the guidance provided. We discuss each below.
The document recommends not storing patient data on your device. They also suggest that your device or any app you use "for capturing" photos should be password protected. Password protection seems unnecessary. If you follow the first bit of advice, there is no data stored on your device. There is, therefore, no need to password-protect any app that captures photos as there is nothing to protect! We agree you should password-protect your device if storing patient data on a device. It is, however, an unnecessary barrier for doctors to overcome if they have to enter a password each time they want to take a photo. We suggest ignoring the requirement that an app that captures patient photos be password protected.
The document suggests you should anonymize or pseudonymize photos if you cannot send then securely, or you can't capture consent. They also suggest that all photos should appear in a patients medical record. If you genuinely de-identify a photo, it is practically difficult to link it to the correct patient record. Our advice is to take the approach of always sending patient photos securely so there will be no issues relating to matching photos to patient files.
The document also suggests that you balance the risk of anonymizing photos with the risk of sending via insecure means. The thinking being that if the inherent risks in anonymized or pseudonymized photos are high, then you should use highly secure sending methods. And vice-versa, if the intrinsic risks in anonymized or pseudonymized photos are low then sending via less secure methods may be acceptable. We feel that it is not practical for anyone other than security specialists to be able to make these kinds of subjective assessments. There are efficient and easy-to-use techniques for always sending patient data securely. Use them, and we can avoid the confusion of suggesting some trade-off. PicSafe provides such a practical way of securely sending patient data.
The suggested consent form is to too long to be practical. It is 300+ words and requires the signature of the health professional, the patient, and a witness. The length makes a capture on a mobile device impractical meaning it would best to use a paper form. The paper form could be captured in a photo to make it easy to store alongside the photo; however, it is impractical for a doctor to always have a paper form available. Even if an app displayed the form, the time constraint of completing it will discourage its use. That, in turn, has the potential to reduce patient care.
The guidance suggests "any cloud-based backup systems" are disabled. This advice prevents photos stored on your phone from being uploaded to locations deemed to be insecure (e.g., iCloud and Google Drive). It is of no benefit if you use a specialized app that does not store photos on the device. Disabling cloud-based backup systems are incredibly inconvenient should you lose your phone, or when you upgrade your phone. Without a backup, considerable time is needed to set up a new phone, and cherished personal photos may be lost forever.
The guidance suggests disabling Bluetooth. We agree you should avoid Bluetooth for transferring data from your phone. However, your phone uses Bluetooth for many other functions like connecting to wireless headphones (e.g., Air Pods), hands-free kits in cars, and many other accessories. It is not practical to suggest that doctors disable Bluetooth for this reason. If it is not practical, doctors will likely ignore it.
The recommendations for how to send securely involve three methods.
Overall, we find the document very helpful. We feel, however, a doctors perspective needs more consideration. It is easy for those not in the trenches to cover their backsides and place all sorts of restrictions on the use of mobile devices. If there is a privacy breach, they can then point to unfollowed guidance and clean their hands. What this is in effect doing is discouraging the use of a valuable tool that can help deliver better and more efficient patient care. There are practical ways in which mobile devices can be used to capture and send patient photos securely - through the use of a "secure clinical image transfer app."
Not only is there no better "secure clinical image transfer app" than PicSafe, we believe there is no other "secure clinical image transfer app" that provides doctors with a practical yet secure means of capturing and sending patient photos. PicSafe allows you to comply with the guidance provided in the document (except for password-protecting the app used to capture photos - which is ill-conceived).
Download the document from the BAD website.