89% of doctors use their phone to take medical photos and 73% admit to storing them among personal photos. Your clinic is likely inadvertently breaking the law and risking huge fines, and you're vulnerable to cyber-extortion. PicSafe® provides instant protection.
Using the default camera app, or the camera built in to messaging apps, almost always results in a breach of privacy regulations.
Express consent isn't documented
Photos are stored on your phone
Photos are auto-uploaded to iCloud
Photos aren't de-identified properly
Lose your phone, lose patient data
Sent insecurely via email or SMS
Doctors often don't get consent, and when they do, they don't record it properly. A whopping 82% of the time, doctors don't document consent when taking a photo. A study among dermatologists revealed that only 2% obtained written consent! While 46% received verbal consent, they failed to document this.
See the "Can't I just infer consent? FAQ for details.
In a 2016 study, 73% of doctors admitted to storing medical photos among their private photos, while 26% admitted to accidentally having shown a medical photograph on their phone to friends or family! That's an instant privacy breach.
Even if a doctor "deletes" a photo, on iOS devices it remains in "deleted items" folder for 40 days, and on Android devices it remains in the "trash" folder for 60 days. See the "How do I delete medical photos I have stored on my photos FAQ.
There are two ways in which you can inadvertently be sending data to Apple/Google servers:
You should never have patient data on Apple or Google's servers.
Many operate under the assumption that they can merely de-identify the photos by not showing the patients face; however, this is not sufficient. Photos taken on the default camera app (or the camera within messaging apps) contain all sorts of metadata that can be used to identify the patient. See "Am I okay to use the default camera app if I de-identify photos?" in the FAQs for more.
Fortunately, all new iOS and Android phones have some form of a passcode, or facial recognition turned on by default. Unfortunately, between 11% and 15% of iOS devices, and around 33% of Android devices don't have it turned on.
While newer versions of iOS and Android push people into using passcodes, fingerprint scanners or face recognition, sometimes (on some Android devices) these methods are quite easy to "hack". Whether such measures are considered "reasonable" has not been legally tested.
With off-the-shelf data recovery tools, one can recover data on "locked" Android devices reasonably easily.
Sending medical photos by email, text message, and even WhatsApp is widespread, but it should not be happening!
Email is inherently insecure. Unless you're using a special email encryption service, it's like sending a postcard. Any number of people can view it along the way.
See the Is Sending patient data via email safe? FAQ for more.
Simply put, text messaging is not secure.
See the Is Sending patient data via text message (SMS) safe? FAQ for more.
Anecdotally, many doctors are using WhatsApp to share patient data.
See the Is Sending patient data via WhatsApp safe? FAQ for more.
Sending patient data unencrypted is like sending a postcard. Content, as it travels across the Internet, can be easily intercepted leaving you exposed to HIPAA violations and fines.
* HIPAA's Security Rule (Security Standards for the Protection of Electronic Protected Health Information, found at 45 CFR Part 160 and Part 164, Subparts A and C) requires: ENCRYPTION (A) - 164.312(e)(2)(ii) - You must, "Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate." STANDARD 164.312(e)(1) Transmission Security - You must, "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.".
Cyber-extortion is increasing at a rate of 350% per year with "rich" western clinics being prime targets.
As seen on 60 Minutes , there's an unfixable vulnerability in mobile networks meaning it's easy for hackers to intercept text messages from anywhere in the world. All they need is a phone number.
89% of physicians polled admitted to taking medical photos on their phones, and the practice of then sending them via text message is rife. A hacker can easily intercept messages and threaten to reveal patient data unless they receive an anonymous Bitcoin payment.
The FBI has issued a warning that hackers are actively trying to access patient data to "intimidate, harass and blackmail". By encrypting photos on your device before sending them, PicSafe® helps protect you from this threat.
Implied consent is insufficient
The HIPAA Privacy Rule requires patient authorization to disclose protected health information to a third party if the patient can, in any way, be identified. A photo isn't considered de-identifiable if any one of 18 identifiers are present. In practice, the removal of identifies often means the benefit of capturing a medical photo is lost.
PicSafe® provides various integration options into third-party medical record systems and storage services.
This allows automatic entry of photos into the appropriate patient's medical record.
If your practice, clinic, or hospital is using a third-party medical record system, to fully automate the process, you may have to lobby the vendor and/or your IT department to provide access. Understandably, access is locked down by default. Even if you can't initially automate the process, PicSafe® provides tools for making it far easier to add photos than when using the default camera on your phone.
For more, see "How do I get photos into the medical record?" in the FAQs.
Use of the camera on phones for medical photography is so widespread, and the benefits so broadly accepted that it can be considered "standard of care". That means you're...
PicSafe® also uses CBC mode, password stretching with PBKDF2, password salting, random IV, and encrypt-then-hash HMAC. There are no known cases of this encryption having ever been "cracked".
PicSafe® has undertaken independent Vulnerability Assessment and Penetration Testing (VAPT). See the PicSafe® Security page for more.
Summarizing the widely acknowledged benefits of smartphone medical photography - it can help save time, money and lives. More specifically it:
See some of the use cases for specific examples.
In an effort to deliver better and more efficient care, 89% of doctors use their phone for medical photography. They clearly recognize the benefits, but in doing so they are almost always violating privacy regulations. In fact, it's practically impossible to use the default camera app (or the camera within messaging apps) without violating privacy regulations. This gives rise to the first of two problems hospitals face in relation to smartphone medical photography.
Clinics face two problems with doctors capturing medical photos on their phones.
Use of a smartphone for medical photography is so wide spread it is now considered standard of care. To date, most clinics either:
Regardless of clinic policy, or lack thereof, doctors generally end up either:
… by using insecure practices. These insecure practices can lead to privacy breaches, cyber-extortion, bad press, loss of jobs, loss of licenses, and massive fines.
… in-which-case patient care and efficiency suffer. If doctors wary of privacy regulations are dissuaded from taking photos, clinic are open to litigation where an injury or death may have been preventable had a photo been taken and further opinion acquired earlier.
Either of the above scenarios are far from ideal, and can be easily prevented with PicSafe. PicSafe allows doctors to capture and share medical photos securely while complying with privacy regulations. PicSafe can be deployed within a clinic almost instantly.
Now we move on to the next problem.
Different jurisdictions have different requirements relating to the storage of medical photos. Almost universally, however, there is little argument that a medical photo, where the patient is identifiable, should not be stored securely and form part of the medical record.
This gives light to two issues.
It is clear medical photography is needs to be stored securely.
"Traditional" medical photography storage systems are often not practical for smartphone medical photography due to immediate nature and larger volume of medical photos capable of being captured on smartphones. Clinics, therefore have to look at other options to securely store medical photos.
Please note, it is unsafe to store unencrypted medical photos:
Regardless of the method you want to use to store medical photos, PicSafe can facilitate. Please note, in order to send photos to third party storage services and/or integrate with medical record systems, users must have either PicSafe PRO or be part of an PicSafe Enterprise account.