There is a commonly held belief amongst practitioners that "de-identifying" the patient in a photo obviates the need for consent, allowing them to store these photos openly. Technically, that's true. Practically, it's not true. It is very difficult to properly de-identify photo taken through the default camera app or the camera built in to messaging apps.
It is also worth considering what use a picture is when a doctor cannot attribute it to a patient and how much confusion could arise when a doctor tries to remember what patient it applies too.
We need to consider, what is "reasonably identifiable"? Even when a doctor does not record the patient's name and specific details with a photo, the patient may still be considered identifiable by third parties through, for example, physical characteristics of race and age or identifying marks such as tattoos, jewelry, and birthmarks. The AMA warns even a rare medical condition itself may provide recognition.
Despite removing identifiers in the image, it is also worth remembering that digital photos taken in the default camera app contain metadata (referred to technically as EXIF data) that may be used to identify a patient. The metadata includes the time/date of capture, details of the device used, the GPS location of capture, and other things. If this metadata is not removed, often the patient can be considered "reasonably identifiable".
Let's look at an, err, interesting case study.
Before the introduction of the 2014 privacy legislation in Australia, a photo of an x-ray showing the blunt end of a fork stuck in a penis emerged. A Google search of, "fork stuck in penis” will reveal the image and some details of the patient. He was a 70-year-old man from Canberra, Australia. You will also see that it gained significant, worldwide, traditional and social media attention.
The Canberra Times published the story, and given the press attention, it is reasonable to assume if you lived in Canberra at the time, you heard about the story.
Given the patient was not named, it sounds pretty harmless, but it is not. Consider the following:
One might say you can be cocksure, that patient was found out by his friends, colleagues, family, or someone. One would also reasonably assume the patient suffered a little "emotional distress” to accompany his physical suffering.
HIPAA guidelines stipulate that, among other things, "all geographic subdivisions smaller than a State" must be removed from a patient data in order for it to be considered de-identified. Even the date can be considered an "identifier", and it is practically impossible to remove the date from a photo that is quickly shared from one doctor to another to get a second opinion. Unfortunately, removing EXIF data is not straightforward but can be done by following these steps:
Download an app from the App Store called Metapho. It is free to download but requires an in-app purchase to unlock the ability to remove the metadata. Follow the instructions in the app to remove the metadata.
Download an app from the Google Play Store called Exif Eraser. Follow the instructions in the app to remove the metadata.
PicSafe automatically removes all EXIF metadata when taking medical photos on your smartphone, so you don't have to worry about this. Even better, PicSafe allows patient data to be sent securely so you can include patient data with the photo while complying with privacy regulations.