If ever you take a patient photo on your phone, you’re at risk
... even if your intentions are pure and you're just trying to deliver a better patient outcome. You should record patient consent every time. You MUST securely store photos. Photos MUST be encrypted when transmitted.
There's patient data stored on your phone. What happens if you lose it?
Photos are often auto-uploaded to cloud accounts. There have been breaches in the past.
Patient data often isn't transmitted securely and can be intercepted.
When shared, patient data often isn't stored safely by recipients.
There's no record of consent. No consent can lead to trouble if there's a dispute later!
There's no record of who has accessed the data.
"To avoid a dispute over whether or not an image is identifiable, the best approach is to obtain patient consent in all cases before taking clinical photographs, and before using or disclosing them."
International Committee of Medical Journal Editors. Protection of patients’ rights to privacy. BMJ 1995;311:1272.
The PicSafe app encrypts all data and media before being sent.
Patients can either sign on the screen or record verbal consent.
Access to reports is logged and is therefore traceable (geo/time/device stamped).
PicSafe is super easy to use, just like the camera app on your phone.
Most people will not need to know this but, we also use CBC mode, password stretching with PBKDF2, password salting, random IV, and encrypt-then-hash HMAC. What you do need to know is that there are no known cases of this encryption having ever been "cracked".
PicSafe has undertaken independent Vulnerability Assessment and Penetration Testing (VAPT). See the PicSafe Security for more.
Sending patient data unencrypted is like sending a postcard. Content, as it travels across the Internet, can be easily intercepted leaving you exposed to HIPAA violations and fines.
* HIPAA's Security Rule (Security Standards for the Protection of Electronic Protected Health Information, found at 45 CFR Part 160 and Part 164, Subparts A and C) requires: ENCRYPTION (A) - 164.312(e)(2)(ii) - You must, "Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate." STANDARD 164.312(e)(1) Transmission Security - You must, "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.".
PicSafe is free and will always be free.
We realized that if we charged for the app, doctors might continue to send photos insecurely using the default camera and messaging apps on their phones. This practice is dangerous, and we want to help. Full disclosure, we also have an ulterior motive! We have a "PicSafe PRO" version with some advanced features. The free version (PicSafe Basic) will suit most people but if you want some advanced features, find out more here. We also have enterprise licensing that will allow institutions to easily integrate PicSafe into patient medical record systems.