It looks like you're in .
Like to go to the PicSafe site?

Taking a photo

Don't risk fines, litigation or lives. Keep clinical pics safe.

89% of doctors use their phone for clinical photography. It's now standard of care. If hospitals don't allow it, they're risking litigation and patient lives. If they do, without PicSafe®, they're likely inadvertently violating privacy regulations, risking huge fines, and they're vulnerable to cyber-extortion.

Support your doctors by giving them PicSafe®. Comply with privacy regs, get photos into the medical record, and help save lives while reducing costs.

The PicSafe® Solution

  • Just as easy as using the default camera app the default camera
  • Documents patient consent
  • Encrypts your photos before sending
  • Wipes patient data once sent
PicSafe on an iPhone X

Six ways doctors often break the law when taking clinical photos

Using the default camera app, or the camera built in to messaging apps, almost always results in a breach of privacy regulations.


Express consent isn't documented


Photos are stored on your phone


Photos are auto-uploaded to iCloud


Photos aren't de-identified properly


Lose your phone, lose patient data


Sent insecurely via email or SMS

1. Express Consent Isn't Documented Properly

Doctors often don't get consent, and when they do, they don't record it properly. A whopping 82% of the time, doctors don't document consent when taking a photo. A study among dermatologists revealed that only 2% obtained written consent! While 46% received verbal consent, they failed to document this.

See the "Can't I just infer consent? FAQ for details.

2. Clinical Photos Are Stored Alongside Personal Photos

In a 2016 study, 73% of doctors admitted to storing clinical photos among their private photos, while 26% admitted to accidentally having shown a clinical photograph on their phone to friends or family! That's an instant privacy breach.

Even if a doctor "deletes" a photo, on iOS devices it remains in "deleted items" folder for 40 days, and on Android devices it remains in the "trash" folder for 60 days. See the "How do I delete clinical photos I have stored on my photos FAQ.

3. Patient Data Leaves the Country

There are two ways in which you can inadvertently be sending data cross borders:

  1. All iOS and Android devices steer you into automatically backing up your photos to their servers by default.
  2. If sending a text message from an iPhone to a recipient with an iPhone, it is, by default, sent via iMessage, not SMS. If sent via iMessage, although encrypted, data again leaves the country. See the FAQ Is sending patient data via iMessage safe? for more.

You should never have patient data on Apple or Google's servers.

  • There have been security breaches in the past (e.g. the celebrity "hacking" scandal).
  • Privacy regulations forbid sending patient data internationally.
  • The US Patriot Act (2001) potentially enables foreign entities to rifle through patient data, without your knowledge.

4. De-identifying Photos Isn't/Can't Be Done Properly

Many operate under the assumption that they can merely de-identify the photos by not showing the patients face; however, this is not sufficient. Photos taken on the default camera app (or the camera within messaging apps) contain all sorts of metadata that can be used to identify the patient. See "Am I okay to use the default camera app if I de-identify photos?" in the FAQs for more.

5. Clinical Photos Are Accessible If You Lose Your Phone

Fortunately, all new iOS and Android phones have some form of a passcode, or facial recognition turned on by default. Unfortunately, between 11% and 15% of iOS devices, and around 33% of Android devices don't have it turned on.

While newer versions of iOS and Android push people into using passcodes, fingerprint scanners or face recognition, sometimes (on some Android devices) these methods are quite easy to "hack". Whether such measures are considered "reasonable" has not been legally tested.

With off-the-shelf data recovery tools, one can recover data on "locked" Android devices reasonably easily.

6. Sending Patient Data Unencrypted Isn't Safe

Sending clinical photos by email, text message, and even WhatsApp is widespread, but it should not be happening!


Email is inherently insecure. Unless you're using a special email encryption service, it's like sending a postcard. Any number of people can view it along the way.

See the Is Sending patient data via email safe? FAQ for more.

Text Message

Simply put, text messaging is not secure.

  • There's a vulnerability in mobile network infrastructure that makes intercepting text messages trivial;
  • Messages are stored indefinably on the sender and recipient's device; and
  • iOS sends messages to other iOS devices via iMessage (see above).

See the Is Sending patient data via text message (SMS) safe? FAQ for more.


Anecdotally, many doctors are using WhatsApp to share patient data.

  • US owned WhatsApp uses end-to-end encryption. Good but not the holy grail of security. Cough, "Snowden".
  • A 2017 a security vulnerability exposed the data of millions of users. It was quickly patched but it's still concerning.
  • By default, received and captured photos appear in the phones gallery.

See the Is Sending patient data via WhatsApp safe? FAQ for more.

Why risk litigation over privacy breaches?

Sending patient data unencrypted is like sending a postcard. Sending patient data unencrypted is like sending a postcard. Content, as it travels across the Internet, can be easily intercepted leaving you exposed to privacy breach litigation.

HIPAA compliant

Protect Your Hospital From Cyber-extortion

Cyber-extortion is increasing at a rate of 350% per year with "rich" western hospitals being prime targets.

As seen on 60 Minutes (America) , there's an unfixable vulnerability in mobile networks meaning it's easy for hackers to intercept text messages from anywhere in the world. All they need is a phone number.

89% of physicians polled admitted to taking clinical photos on their phones, and the practice of then sending them via text message is rife. A hacker can easily intercept messages and threaten to reveal patient data unless they receive an anonymous Bitcoin payment.

  1. The hospital is ethically obligated to notify the patient.
  2. The hospital is often required to notify relevant government bodies.
  3. The hospital may be issued a fine for using insecure practices.
  4. The responsible doctor may face suspension, dismissal or other disciplinary action for using insecure practices.

FBI Logo FBI The FBI has issued a warning that hackers are actively trying to access patient data to "intimidate, harass and blackmail". By encrypting photos on your device before sending them, PicSafe® helps protect you from this threat.

As seen in...

Royal Australasian College Of Surgeons

Medical Record Integration

Easily add clinical photos into third-party Electronic Medical Record (EMR) and Electronic Health Record (EHR) systems.

IT-less Integration

Send a report to yourself, decrypt and open it at, and import it into any third party tool that can accept JPEGs and PDF's. No complex setup required - no need for help from IT!

PicSafe is Literally on FHIR

Send reports directly to Fast Healthcare Interoperability Resources (FHIR) supported EMR/EHR's. FHIR is the emerging standard for exchanging health information to and from electronic health records.

For more, see "How do I get photos into the medical record?" in the FAQs.

Standard of Care

Use of the camera on phones for clinical photography is so widespread, and the benefits so broadly accepted that it can be considered "standard of care". That means you're...


Using current standard practices, hospitals and doctors (personally) are likely breaching privacy regulations.


Patient care is less efficient, lives can be lost, and there's a risk of litigation for not delivering the standard of care.

"But my hospital already has an app"

Clinical photography apps bundled with medical record systems allow for capturing and automatically inserting clinical photos into the medical record. That sounds great, but there are three problems:

Can't Share Externally

Communication between general practitioners, nurses, specialists, allied health and patients all need to occur outside the confines of one hospital. Given these apps don't allow "outside" access, health professionals have to revert to using insecure practices.

Consent Isn't Documented

A review of medical record vendor apps reveals that most of these apps don't document consent and are thereby non-compliant. See the "Can't I just infer consent?" FAQ for more.

Hard-to-use = Don't Use

Many are so "unfriendly" or "clunky" that they simply are not be used when the need arises to quickly share a photo. Again, doctors revert to using the default camera app on their phone. See the "Can't I just use the default camera app to take clinical photos?" FAQ for more.

We use Advanced Encryption Standard 256-bit keys

PicSafe® also uses CBC mode, password stretching with PBKDF2, password salting, random IV, and encrypt-then-hash HMAC. There are no known cases of this encryption having ever been "cracked".

Security Tested

PicSafe® has undertaken independent Vulnerability Assessment and Penetration Testing (VAPT). See the PicSafe® Security page for more.

Use of Smartphones for Clinical Photography

View Infographic

Smartphone Clinical Photography Background Information

Summarizing the widely acknowledged benefits of smartphone clinical photography - it can help save time, money and lives. More specifically it:

  1. Accelerates access to specialist care;
  2. Enhances education for trainees;
  3. Facilitates efficient triaging of patients; and
  4. Documents what has taken place.

See some of the use cases for specific examples.

In an effort to deliver better and more efficient care, 89% of doctors use their phone for clinical photography. They clearly recognize the benefits, but in doing so they are almost always violating privacy regulations. In fact, it's practically impossible to use the default camera app (or the camera within messaging apps) without violating privacy regulations. This gives rise to the first of two problems hospitals face in relation to smartphone clinical photography.

The Two Big Issues Hospitals Face

Hospitals face two problems with doctors capturing clinical photos on their phones.

1 How do we allow doctors to share clinical photos securely?

Use of a smartphone for clinical photography is so wide spread it is now considered standard of care. To date, most hospitals either:

  1. Have no policy on smartphone clinical photography. Here hospitals turn a blind eye to doctors using the default camera app and sharing via email, or using the camera within the text messaging app or other messaging apps like WhatsApp. This is considered insecure but it is allowed to continue because it's ultimately helping deliver better and more efficient care.
  2. Ban the use of smartphones for clinical photography. This means doctors either won't listen and will continue using poor security practices (most likely) or the hospital risks patient lives and litigation, should a case arise where a photo might have changed the outcome.
  3. Use an app provided by the medical record vendor. These apps allow doctors to take a photo and get that photo into the hospitals medical record. That can be valuable but many of the benefits of smartphone clinical photography are lost if this is the only solution. Vendor apps:
    • Don't allow sharing outside of the hospital. Colleague communication is not limited to confines of one hospital. Many doctors that work out of multiple hospitals and/or have their own private practice. Further, their network extends well beyond the walls of the hospital they are in. Given these apps don't allow access to "outside" colleagues, doctors revert to using the default camera app or the camera within messaging apps.
    • Don't document consent. A review of medical record vendor apps reveals that many of these apps do not document consent and are thereby non-compliant.
    • Are often hard-to-use. Many are so "unfriendly" or "clunky" that they simply are not be used when the need arises to quickly share a photo. Again, doctors revert to using the default camera app or the camera within messaging apps.

Regardless of hospital policy, or lack thereof, doctors generally end up either:

Violating Privacy Regulations

… by using insecure practices. These insecure practices can lead to privacy breaches, cyber-extortion, bad press, loss of jobs, loss of licenses, and massive fines.

Or ... Not Taking Photos At All

… in-which-case patient care and efficiency suffer. If doctors wary of privacy regulations are dissuaded from taking photos, hospital are open to litigation where an injury or death may have been preventable had a photo been taken and further opinion acquired earlier.

Either of the above scenarios are far from ideal, and can be easily prevented with PicSafe. PicSafe allows doctors to capture and share clinical photos securely while complying with privacy regulations. PicSafe can be deployed within a hospital almost instantly.

Now we move on to the next problem.

2 How do we securely store clinical photos?

Different jurisdictions have different requirements relating to the storage of clinical photos. Almost universally, however, there is little argument that a clinical photo, where the patient is identifiable, should not be stored securely and form part of the medical record.

This gives light to two issues.

  1. Is there value in a de-identified photo if the patient can't be later "re-identified"? For research and educational purposes there can be value, but not for assessment, treatment, or referral purposes. A photo without identification may lead to confusion and mistakes.
  2. How do you de-identify photos taken using the default camera app? Photos taken on the default camera app contain all sorts of metadata that can be used to identify the patient. See the "Am I okay to use the default camera app if I de-identify photos?" FAQ for more.

It is clear clinical photography is needs to be stored securely.

"Traditional" clinical photography storage systems are often not practical for smartphone clinical photography due to immediate nature and larger volume of clinical photos capable of being captured on smartphones. Hospitals, therefore have to look at other options to securely store clinical photos.

  • Medical Record System. Integration with a hospitals medical record system is the ideal solution. PicSafe provides an API that makes it easy to get photos into medical record systems but it requires access to be grated to PicSafe, or the IT department to perform the integration. See "How do I get photos into the medical record?" in the FAQs for more.
  • Data Warehouse. A dedicated "data warehouse" to store clinical photos (and other documents). There are third-party services that provide this option. PicSafe can integrate with them. Contact us for more.
  • 3rd Party Storage A third-party storage service like Box or Dropbox. Both Box and Dropbox offer a HIPAA-compliant secure storage option. While HIPAA is a US-based standard for protecting patient privacy, it is viewed by many around the world as the gold standard in patient privacy regulation. Both Box and Dropbox, however, are US companies and, hence, raises the issue of data sovereignty for those outside the US. See "How do I get photos into the medical record?" in the FAQs for more. This can be a great option for hospitals that are looking to comply quickly as it requires very little effort to setup.

Please note, it is unsafe to store unencrypted clinical photos:

  • On a doctors mobile device (see discussion below);
  • In a doctors email account (see discussion below); and
  • On a portable hard disk or USB drive (due to risk of failure, loss or theft).

Regardless of the method you want to use to store clinical photos, PicSafe can facilitate. Please note, in order to send photos to third party storage services and/or integrate with medical record systems, users must have either PicSafe PRO or be part of an PicSafe Enterprise account.

Download PicSafe® Now FREE

There is a paid version with advanced features although the free version will suit most people.