Frequently Asked Question: FAQ:

Am I okay to use the default camera app if I de-identify photos?

Other FAQs

There is a commonly held belief amongst practitioners that "de-identifying" the patient in a photo obviates the need for consent, allowing them to store these photos openly. Technically, that's true. Practically, it's not true. It is very difficult to properly de-identify photo taken through the default camera app or the camera built in to messaging apps.

It is also worth considering what use a picture is when a doctor cannot attribute it to a patient and how much confusion could arise when a doctor tries to remember what patient it applies too.

We need to consider, what is "reasonably identifiable"? Even when a doctor does not record the patient's name and specific details with a photo, the patient may still be considered identifiable by third parties through, for example, physical characteristics of race and age or identifying marks such as tattoos, jewelry, and birthmarks. The AMA warns even a rare medical condition itself may provide recognition.

Despite removing identifiers in the image, it is also worth remembering that digital photos taken in the default camera app contain metadata (referred to technically as EXIF data) that may be used to identify a patient. The metadata includes the time/date of capture, details of the device used, the GPS location of capture, and other things. If this metadata is not removed, often the patient can be considered "reasonably identifiable".

Let's look at an, err, interesting case study.

Before the introduction of the 2014 privacy legislation in Australia, a photo of an x-ray showing the blunt end of a fork stuck in a penis emerged. A Google search of, "fork stuck in penis” will reveal the image and some details of the patient. He was a 70-year-old man from Canberra, Australia. You will also see that it gained significant, worldwide, traditional and social media attention.

The Canberra Times published the story, and given the press attention, it is reasonable to assume if you lived in Canberra at the time, you heard about the story.

Given the patient was not named, it sounds pretty harmless, but it is not. Consider the following:

  • The population of Australia is 23.13 million.
  • Age distribution charts show there were around 82,000 70-year-old Australians when this happened. That is 0.35% of the population.
  • Assuming a similar age distribution, and given Canberra's population is around 350,000, there are roughly 1,240 70-year-old men in Canberra.
  • A patient that goes to a hospital to have a fork removed from their penis after 12 hours (it took him that long to work up the courage to go to the hospital), is probably going have to lay low for a few days. They are going to miss a day at work, their regular golf game the next day, a dinner with friends, or whatever it might be.
  • Let's assume the patient was working. On average Australians take an average of 8.75 sick days a year. With all the public servants in Canberra that figure might be higher, but for now, we will use the national average.
  • There are 218 working days a year. That means people take sick leave on 4% of all available working days. One would, therefore, expect that day after, there were 50 70-year-old males from Canberra absent.
  • Now we get a bit subjective. If the 70-year-old man you know had a bit of a cough and a runny nose the day before, or the day after taking the sick day, you would not be suspicious. But, if there were fine the day before and all of a sudden they are walking a little gingerly the next time you see them, suspicion is high.

One might say you can be cocksure, that patient was found out by his friends, colleagues, family, or someone. One would also reasonably assume the patient suffered a little "emotional distress” to accompany his physical suffering.

Unfortunately, removing EXIF data is not straightforward but can be done by following these steps:

How to remove metadata from photos on a smartphone


Download an app from the App Store called Metapho. It is free to download but requires an in-app purchase to unlock the ability to remove the metadata. Follow the instructions in the app to remove the metadata.


Download an app from the Google Play Store called Exif Eraser. Follow the instructions in the app to remove the metadata.

PicSafe automatically removes all EXIF metadata when taking clinical photos on your smartphone, so you don't have to worry about this. Even better, PicSafe allows patient data to be sent securely so you can include patient data with the photo while complying with privacy regulations.