Frequently Asked Question: FAQ:

How do we securely store medical photos?

Other FAQs

Patient photos form part of the patient's medical record. As with any document that forms part of the patient's medical record, you must store photos securely. Placing medical photos into a patient's medical record can be a rigmarole, but it is required if it is used to help treat the patient (like a standard laboratory test).

PicSafe provides integration into third-party medical record vendors to allow automatic entry of medical photos into the appropriate patient's medical record (for details, please see our documentation).

You must securely store photos taken for research and education purposes, as well. What is considered "secure", and what is not, is always going to be debatable. In the real world, there is always a trade-off between security and practicality. Storing photos on a USB drive, which is in turn stored in a high-security vault, is secure but not practical. Storing photos unencrypted on your phone is practical but certainly not secure.

Box and Dropbox are considered the most popular cloud storage services available. Both Box and Dropbox offer a HIPAA-compliant secure storage option, and while HIPAA is a US-based standard for protecting patient privacy, it is viewed by many around the world as the gold standard in patient privacy regulation. Both Box and Dropbox, however, are US companies and, hence, raises the issue of data sovereignty.

Box and data sovereignty

In late 2016 Box announced "Box Zones" in the Canada (Toronto). This enables Canadian customers to store their data locally.

Unfortunately, you must have a Box Enterprise account to use Box Zones. The Box website asks that you contact them to get a quote. The Box website asks that you contact them to get a quote. Expect to pay around US$35 per month for this service.

Dropbox and data sovereignty

The Dropbox website says all data is stored in data centers across the United States. There is talk of them using Amazon Web Service's data centres in Europe but the fact that this issue is conspicuously not addressed on its website raises some doubt about using Dropbox outside of the US.

Dropbox have recently added a note on their security page saying "data hosting based in Europe is available for Dropbox Business customers with 250+ seats".

If you decide to use Dropbox, the "Dropbox Basic" free plan, may be all you need for a while. That gives you 2GB of storage which should be enough for roughly 400 photos. If you require more storage space, you can upgrade to various paid plans with monthly fees.

The biggest threat to security is your password

80% of "Security Incidents" that occur are the result of weak passwords. "Organisations are spending millions of dollars to beef up their data, application, and network security, but still keep overlooking the one obvious area of exposure: user passwords."

Passwords can be hard to remember which explains why 80% of people reuse the same password for lots of services. When a security breach does occur (e.g. in 2016 Yahoo revealed that 1 billion accounts were compromised), you can count on hackers trying the same passwords to access to other services.

We recommend using a password manager like 1Password or LastPass.

PicSafe Integration with Box and Dropbox

If you have PicSafe PRO or your part of a PicSafe Enterprise License, you can link your Box or Dropbox account and upload medical photos directly to Box or Dropbox. Doing so dramatically streamlines the workflow in a busy clinic setting where smartphone medical photography provides critical input to supporting patient therapy and billing processes. PicSafe PRO costs AU$14 a month.