HIPAA guidelines stipulate that, among other things, "all geographic subdivisions smaller than a State" must be removed from a patient data for it to be considered de-identified. Even the date can be considered an "identifier".
We need to consider, what is "reasonably identifiable"? Even when a doctor does not record the patient's name and specific details with a photo, the patient may still be considered identifiable by third parties through, for example, physical characteristics of race and age or identifying marks such as tattoos, jewellery, and birthmarks.
Many operate under the assumption that they can merely de-identify the photos by not showing the patients face; however, this is not sufficient. Photos taken on the default camera app, or the camera built in to messaging apps, contain all sorts of metadata that can be used to identify the patient. See "Am I okay to use the default camera app if I de-identify photos?" in the FAQs for more.
PicSafe automatically removes all EXIF metadata when taking medical photos on your smartphone, so you don't have to worry about this. Even better, PicSafe allows patient data to be sent securely so you can include patient data with the photo while complying with privacy regulations. If you don't want to use PicSafe, you will still need to download a special app to do it.
Download an app from the App Store called Metapho. It is free to download but requires an in-app purchase to unlock the ability to remove the metadata. Follow the instructions in the app to remove the metadata.
Download an app from the Google Play Store called Exif Eraser. Follow the instructions in the app to remove the metadata.