A Dermatologist is consulting a patient that is worried about a mole. The doctor feels it is suspicious and wants to take a photo of it before removing it.
- The doctor opens the PicSafe® app on his/her personal device and explains to the patient while doing so that he/she would like to take a photo. Upon receiving the patient's agreement, the photo is subsequently taken.
- The doctor enters the patient details and records the patient's consent (the patient signs on screen after reading the proposed usage of their photo).
- The doctor submits the form and the app uploads a “report” to the medical record system.
- The doctor opens the camera app on their phone.
- The doctor explains, to the patient, they are going to take a photo and takes a photo.
- Doctor emails the photo to their receptionist (the email server is in the USA).
- The iPhone automatically uploads the photo to iCloud.
- The receptionist adds the photo to the patient's record in the clinic software they use (e.g. Medical Director).
The Result (without PicSafe):
- No consent recorded.
- Patient data leaves the country.
- The doctor's phone (and potentially, their commercial application being used) is storing patient data.
- In breach of HIPAA.