What about the use of mobile devices?

Any cellphone used for your practice has to be password protected, so that if it gets lost or stolen, any information is secure. Most standard Androids and iPhones today have passwords that are encrypted and therefore secure.

Another concern relates to texts. Are your texts secure or not? And, equally important from a patient safety perspective, does the content of the text ever make its way into the patient’s chart? Conversations between physicians over text, or between the physician and the patient, need to be entered into the chart for continuity of care and so that if the phone is lost or stolen, no important patient information is lost.

If a physician or other practitioner uses a cellphone to photograph a patient — for example, a dermatologist has photographed a patient’s rash — this should also be entered into the patient’s chart as soon as possible.

Continue Reading

Are there any other concerns related to photographs and patient privacy?

There are some obvious concerns. No photographs of a patient should appear anywhere outside of his or her chart — for example, nothing should ever be posted on the practice’s Website or newsletter, or on an employee’s social media.

I know that physicians sometimes use close-up photographs of de-identified patients at medical meetings for demonstration or to discuss a particular disease or condition — perhaps a rash or surgical incision. But the law is very clear that the picture can’t be identifiable as any particular person to anyone else, even a spouse.

I had a case in which a woman had a breast augmentation and the surgeon took a before/after picture of her torso, which was later used in a medical presentation — without identifying information, of course, and without revealing any other body parts such as face, head, arms or legs. But the patient brought a suit claiming that she had a unique freckle pattern on her chest that could be identifiable to some people. The case was settled.

My advice is to obtain a patient’s permission if you want to use any images in a conference or a journal article. This can be done quite easily with a one-page document that should remain in the patient’s chart. In my experience, very few patients will refuse to allow their de-identified photograph to be used if they understand that it is for the purpose of medical education of other healthcare professionals.

As cumbersome as it can be to set up appropriate protocols and adequately train staff, it is essential, not only to protect you from potential litigation or disciplinary action but also to protect patient privacy and enhance patient safety.


1.    McCoy TH, Perlis RH. Temporal trends and characteristics of reportable health data breaches, 2010-2017. JAMA. 2018;320(12):1282-1283.