Frequently Asked Question: FAQ:

Can't doctors just use the default camera app to capture clinical photos?

Other FAQs

No. The standard practice of taking a photo in the default camera app (or the camera built in to messaging apps) and then sharing it via email, text message or WhatsApp almost always involves breaking the law. It is near impossible to not breach privacy regulations doing this. Below we list six ways privacy regulation violations often occur.

To form these opinions we have reviewed the following:

No Documentation of Consent

1. No Documentation of Consent

What's required?

In summery:

  • The legislation does not explicitly state whether consent is required or give hard and fast rules.
  • Common Law, generally requires "reasonably expected" practices.
  • Guidelines will suggest you do get consent.

"You must get the patient's consent to make a recording that forms part of the investigation or treatment of a condition, or contributes to the patient's care."

Paragraph 13 General Medical Council (GMC) - Making and using visual and audio recordings of patients
What is happening now?

Doctors often don't get consent, and when they do, they don't record it properly. A whopping 82% of the time, doctors don't document consent when taking a photo.

A study among dermatologists revealed that only 2% obtained written consent! While 46% received verbal consent, they failed to document this. A further 30% acquired verbal consent and documented it in the clinical notes, but they did not record it using an appropriate consent form.

We suggest you always obtain consent, if for no other reason to cover yourself, so you don't have to read all the legislation and guides! The ease of distribution of digital images, the difficulty of properly de-identifying photos, and the grey area around when consent is required, in practice, means consent should be sought to cover yourself. Being able to point to documented consent may save grief should dispute arise in the future.

Photos are auto-uploaded to iCloud

2. Patient Data Travels Internationally

What's required?

"Patient Identifiable Data should not be recorded outside of the England boundary in any format for any reason without the prior explicit written permission of the NHS."

What is happening now?

There are three ways in which you can inadvertently be sending data internationally:

  1. Most people don't know this, but all new iOS and Android devices steer you into auto backing up your photos by default. If this happens, any photo you take will get uploaded to Apple or Google's servers and thereby leave the country.
  2. Backups are usually an excellent idea, but with regulations saying that patient data should not exit the country, and with security breaches in the past, using these services is ill-advised. Apple had a series of high profile cases of unauthorised access to photos stored on iCloud a few years back.
  3. If sending a text message from an iPhone to a recipient with an iPhone, it is, by default, sent via iMessage, not SMS. If sent via iMessage, although encrypted, data leaves the country. See the FAQ for a discussion on end-to-end encryption and why it is not the holy grail of security.

With the enactment of the US Patriot Act (2001), storing data with an offshore company may allow foreign entities to rifle through it, without your knowledge.

Photos are stored on your phone

3. Storing Clinical Photos Alongside Personal Photos

What's required?

Common law and common sense stipulate that "reasonable" steps be taken to protect patient data.

What is happening now?

In a 2016 study, 73% of doctors admitted to storing clinical photos among their private photos, while 26% admitted to accidentally having shown a clinical photograph on their phone to friends or family! That's an instant privacy breach.

Even if a user "deletes" a photo from their phone, they almost always don't do it completely. iOS devices still store photos in a "Recently Deleted" folder for 40 days. Android devices store them in the "Trash" folder for 60 days. While possible to delete items in the "Recently Deleted" or "Trash" folder, it is highly impractical.

Photos aren't de-identified properly

4. De-identifying Photos Isn't/Can't Be Done Properly

What's required?

We need to consider, what is "reasonably identifiable"? Even when a doctor does not record the patient's name and specific details with a photo, the patient may still be considered identifiable by third parties through, for example, physical characteristics of race and age or identifying marks such as tattoos, jewellery, and birthmarks.

What is happening now?

Many operate under the assumption that they can merely de-identify the photos by not showing the patients face; however, this is not sufficient. Photos taken on the default camera app (or the camera built in to messaging apps) contain all sorts of metadata that can be used to identify the patient. See "Am I okay to use the default camera app if I de-identify photos?" in the FAQs for more.

Lose your phone, lose patient data

5. Clinical Photos Are Accessible If You Lose Your Phone

What's required?

Common law and common sense stipulate that "reasonable" steps be taken to protect patient data.

What is happening now?

Fortunately, all new iOS and Android phones have some form of a passcode, or facial recognition turned on by default. Unfortunately, between 11% and 15% of iOS devices, and around 33% of Android devices do not have some form of a passcode, or facial recognition turned on.

While newer versions of the operating systems on phones push people into using passcodes, fingerprint scanners or face recognition, sometimes (mostly on some Android devices) these methods are quite easy to "hack". Whether such measures are considered "reasonable" has not been legally tested.

With data recovery tools, one can recover data on "locked" Android devices reasonably easily. Again, whether using passcodes, fingerprint scanners or face recognition is considered "reasonable" hasn't been legally tested.

Sent insecurely via email or SMS

6. Sending Patient Data Unencrypted Isn't Safe

What's required?

Common law and common sense stipulate that "reasonable" steps be taken to protect patient data.

What is happening now?

Sending clinical photos by email, text message, and even WhatsApp is widespread, but it should not be happening!


Email is inherently insecure. Unless you are using a special email encryption service, information is not encrypted. Email is like sending a postcard. Any number of people can view it along the way. See this discussion in the FAQs for more on how and why email is not considered secure.

Text Message

Simply put, text messaging is not secure. There are three issues:

  • Despite Australian telcos encrypting SMS in transit, the keys are stored with the messages (we have no oversight into its security);
  • Messages are being stored indefinably on the sender and recipient's device; and
  • iOS sends messages to other iOS devices via iMessage (Apple's messaging platform), meaning patient data leaves Australia.

Anecdotal evidence suggests many doctors in Australia are using WhatsApp to share messages, and images with other physicians. In the UK the use of WhatsApp is now ubiquitous in NHS hospitals.

  • WhatsApp uses end-to-end encryption, but this isn't the holy grail of security. Facebook owns WhatsApp. Cough, "Snowden".
  • In 2017, a security vulnerability exposed the data of millions of users Although quickly patched; it's still a cause for concern.
  • By default, photos taken within WhatsApp appear in the gallery. Impractically, doctors have to delete them from there (and the conversation) manually.

Summery: What is "Reasonable"?

Much of the discussion above involves common sense, and where involving common law, you must look at whether "reasonable" steps be taken to protect patient data.

Reasonable implies some trade-off between what is practical and what is best. What is "reasonable" is also a matter of subjective interpretation. Despite this, given the discussion above, it would be tough to argue that using the default camera app, or the camera built in to messaging apps, to take clinical photos and then sharing them via email, text message or WhatsApp is taking "reasonable steps" to endure patient privacy.

It is easy to suggest what is best but often it is entirely impractical. It is unrealistic to require doctors to immediately delete photos from their device after sending (particularly when you look at the steps involved in doing so correctly). Likewise, one guideline suggests that to avoid accidentally texting/emailing patient data to the wrong recipient, the doctor should first send a message to the proposed recipient without patient data, wait for the recipient to respond to confirm that they are sending it to the correct recipient, and then sending it.

The Office of the Australian Information Commissioner, recognising both the impracticalities of securely using the default camera app (and the camera built in to messaging apps) on devices, suggests, purpose-built software is required to secure patient data adequately. Likewise, an AMA article suggests healthcare organisations must consider an app when scoping and developing an automated information management solution. In fact, the AMA even said, "PicSafe® ensures that the collection, use and disclosure of clinical photographs accords with the requirements of the HRA, without compromising efficiency."

PicSafe® makes the capture, sharing, and storing of clinical photos both secure and highly practical.