The Royal Australian College of General Practitioners (RACGP) has cautioned doctors to think carefully before using personal phones for taking clinical photos and how those records are stored.
RACGP president, Dr Harry Nespolon, told iTnews that new guidance from the college on using personal phones for clinical work is about making sure they’re approached in a systematic way that protects both patients and doctors.
He said the ubiquity of phones with quality cameras has meant it’s become common practice for GPs to use their own phones to take photos, which are then uploaded to a patient’s medical record or sent to colleagues for a second opinion.
Doctors have also been known to snap particularly interesting or abnormal cases for the RACGP to use in exams, Nespolon added.
When photos are taken for patient management, the images are subject to the same federal and state or territory laws as other parts of a person’s health record.
Images are also considered personal information under the Privacy Act 1988 if a patient is ‘reasonably identifiable in the image’, the college warns, and is considered sensitive information in the Australian Privacy Principles if it contains health information or is taken to provide a health service.
The RACGP now suggests that general practices establish dedicated policies and procedures to ensure patients and doctors are informed of their legal obligations and adhere to best practice privacy and security standards.
One of the key focuses of the new guidelines is informed consent - making sure practitioners let patients know about why the photo is being taken, how it will be stored and transmitted, with whom it will be shared and why, and whether the photos will be de-identified.
The RACGP also advises that clinicians should avoid third-party storage options, like the cloud-based apps, to limit the risk of a data breach and instead upload photos straight to patient medical files “as soon as practicable”, deleting the photo from their own device immediately afterward.
Automatic backup of photos to the cloud should also be disabled if clinicians are going to use their own phone to take photos.
However, the guidance still allows GPs to upload to closed social media groups, which Nespolon is often done to quickly obtain a second opinion.
Given the propensity for images to spread even beyond closed groups on social media, the college warns particular care should be taken to make sure no identifying details are in the image.
If GPs receive a photo on their own device or through social media, they should treat it as though they had taken the photo themselves, the guidance states.
The RACGP also suggests practices start using a dedicated phone that’s securely stored on-premises to take clinical photos, rather than personal devices, to ensure compliance across the clinic and prevent accidental loss or the forwarding of images to the wrong contact.
Nespolon added, however, that there hadn’t been any reported incidents of a GP losing a phone containing clinical photos or of any other data breach relating to the use of personal devices in a clinical setting.