Doctors sharing images of patients' conditions

Doctors sharing images of patients' conditions - The MDU

Doctors who share images of patients' clinical conditions over the internet may be acting outside their ethical obligations. Dr Carol Chu, MDU medico-legal adviser, explains how to stay 'snap happy'.

From a quirky 'selfie' to images of a good night out with friends, digital photography has made it easier than ever to share a memorable image with others. According to the photo sharing site Instagram, more than 16billion photos have been shared by its users and new images are being uploaded at a rate of 55m every day.

With many GPs now using smartphones and tablets for professional purposes, it may be tempting to make use of file sharing apps and websites to share clinical photographs with colleagues.

Although this may seem a useful way to discuss medical conditions with other doctors or to seek another professional opinion, the medico-legal risks could outweigh the benefits. Here's how to stay on the right side of your ethical obligations. 

Patient consent

Before you share any clinical image, it is essential to have the patient's consent, and to have done everything possible to protect their confidentiality.

If an image has been taken as part of a patient's care, perhaps to trace the progress of their condition over time, you should have already obtained and noted their consent, setting out how it will assist in their care and confirming it will be stored securely.

If practicable, the GMC would usually expect you to explain if the images may be used in anonymised form for a secondary purpose. When patients do not want their image to be used for any other reason, this should be noted in their record.

When a patient presents with an unusual medical condition, you may want to take a picture to share with colleagues or for research. Before you do so, you need the patient's explicit consent, whether or not you believe they are identifiable. It is your responsibility to do this in a way the patient can understand, telling them the purpose of taking the picture, how long it will be kept and how it will be stored.

At the same time, reassure them that they can withdraw consent while the picture is being taken or immediately afterwards, without this affecting the quality of care they receive. Again, the patient's consent should be recorded in their notes.

When the patient is a child who is not Gillick competent, or an adult without capacity, you must obtain permission from someone with authority to act on their behalf. If the image is not required as part of the patient's care, you and the patient's representative must be satisfied it is necessary, is in the patient's best interests and the purpose cannot be achieved another way.

Bear in mind that as young patients mature, you will need to seek their consent to use images taken in previous years.

If you want to share or disclose an image of a patient who has since died, you should follow their known wishes. If the patient is identifiable, you may need to consider obtaining further authority from their executor or family before the picture appears in the public domain.

Storage and security

A digital photograph of a patient must be protected in the same way as other clinical records or recordings. This is likely to be more difficult if you take the photo on a smartphone or tablet that you also use outside work, or which other family members or friends have access to.

Photo sharing apps that automatically upload images to the internet are another potential risk.

We recommend that the issue of use of personal devices by staff is addressed in your practice data protection policies. This reflects recent advice from the Information Commissioner's Office (ICO) which warned organisations to be clear about which types of personal data may be processed on personal devices.

The ICO guidance Bring your own device, advises using strong passwords, encryption and automatic locks when a password is entered incorrectly too many times.

It also advises registering devices with a remote 'locate and wipe' facility to maintain confidentiality of the data should a device be lost or stolen.

We strongly advise doctors not to store identifiable patient images on unencrypted mobile devices. Not only is this against Department of Health guidance, which states that 'any data to be stored on a portable device such as a laptop, PDA or mobile phone, should be encrypted', but if your phone was stolen or mislaid, it would be difficult to argue that you had taken all reasonable steps to protect its security.

If the smartphone you use to take a picture is not encrypted, you should download the images to a device that is encrypted and permanently delete the original image.

Sharing images on social media

The GMC states that you must be careful not to share identifiable information about patients online, even if the site is not accessible to the general public.

Even if you think you have removed the identifying details, it may still be possible for the patient or someone close to them to recognise the image from an apparently insignificant detail.

The GMC also warns doctors to exercise caution about the amount of information they reveal, in case multiple posts allow other users to piece the details together and identify the patient.

This article originally appeared in the printed Good Practice June 2014 issue entitled "Snap happy"

Previous article Next article

This page was correct at publication on . Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.