Clinical photography is a valuable tool for physicians. Smartphones, as well as other devices supporting network connectivity, offer a convenient, efficient method to take and share images. However, due to the private nature of the information contained in clinical photographs there are concerns as to the appropriate storage, dissemination, and documentation of clinical images. Confidentiality of image data must be considered and the dissemination of these images onto servers must respect the privacy and rights of the patient. Importantly, patient information should be considered as any information deriving from a patient, and the concepts outlined therefore apply to any media that can be collected on, or transmitted with, a smart-device.
Clinical photography can aid in documenting form and function, in tracking conditions and wound healing, in planning surgical operations, and in clinical decision-making. Additionally, clinical photographs can provide physicians with a valuable tool for patient communication and education. Due to the convenience of this type of technology it is not appropriate to expect physicians to forego their use in providing their patients with the best care available.
The technology and software required for secure transfer, communication, and storage of clinical media is presently available, but many devices have non-secure storage/dissemination options enabled and lack user-control for permanently deleting digital files. In addition, data uploaded onto server systems commonly cross legal jurisdictions. Many physicians are not comfortable with the practice, citing security, privacy, and confidentiality concerns as well as uncertainty in regards to regional regulations governing this practice.1 Due to concern for patient privacy and confidentiality it is therefore incredibly important to limit the unsecure or undocumented acquisition or dissemination of clinical photographs.
To assess the current state of this topic, Heyns et al. have reviewed the accessibility and completeness of provincial and territorial medical regulatory college guidelines.2 Categories identified as vital and explored in this review included: Consent; Storage; Retention; Audit; Transmission; and Breach. While each regulatory body has addressed limited aspects of the overall issue, the authors found a general lack of available information and call for a unified document outlining pertinent instructions for conducting clinical photography using a smartphone and the electronic transmission of patient information.2
The discussion of this topic will need to be ongoing and it is important that physicians are aware of applicable regulations, both at the federal and provincial levels, and how these regulations may impact the use of personal devices. The best practices supported here aim to provide physicians and healthcare providers with an understanding of the scope and gravity of the current environment, as well as the information needed to ensure patient privacy and confidentiality is assessed and protected while physicians utilize accessible clinical photography to advance patient care. Importantly, this document only focusses on medical use (clinical, academic, and educational) of clinical photography and, while discussing many core concepts of patient privacy and confidentiality of information, should not be perceived as a complete or binding framework. Additionally, it is recommended that physicians understand the core competencies of clinical photography, which are not described here.
The Canadian Medical Association (CMA) suggests that the following recommendations be implemented, as thoroughly as possible, to best align with the CMA policy on the Principles for the Protection of Patient Privacy (CMA Policy PD2018-02). These key recommendations represent a non-exhaustive set of best practices - physicians should seek additional information as needed to gain a thorough understanding and to stay current in this rapidly changing field.
* Informed consent must be obtained, preferably prior, to photography with a mobile device. This applies for each and any such encounter and the purpose made clear (i.e. clinical, research, education, publication, etc.). Patients should also be made aware that they may request a copy of a picture or for a picture to be deleted.
* A patient's consent to use electronic transmission does not relieve a physician of their duty to protect the confidentiality of patient information. Also, a patient's consent cannot override other jurisdictionally mandated security requirements.
* All patient consents (including verbal) should be documented. The acquisition and recording of patient consent for medical photography/dissemination may be held to a high standard of accountability due to the patient privacy and confidentiality issues inherent in the use of this technology. Written and signed consent is encouraged.
* Consent should be considered as necessary for any and all photography involving a patient, whether or not that patient can be directly recognized, due to the possibility of linked information and the potential for breach of privacy. The definition of non-identifiable photos must be carefully considered. Current technologies such as face recognition and pattern matching (e.g. skin markers, physical structure, etc.), especially in combination with identifying information, have the potential to create a privacy breach.
* Unsecure text and email messaging requires explicit patient consent and should not be used unless the current gold standards of security are not accessible. For a patient-initiated unsecure transmission, consent should be clarified and not assumed.
* Transmission of photos and patient information should be encrypted as per current-day gold standards (presently, end-to-end encryption (E2EE)) and use only secure servers that are subject to Canadian laws. Explicit, informed consent is required otherwise due to privacy concerns or standards for servers in other jurisdictions. Generally, free internet-based communication services and public internet access are unsecure technologies and often operate on servers outside of Canadian jurisdiction.
* Efforts should be made to use the most secure transmission method possible. For data security purposes, identifying information should never be included in the image, any frame of a video, the file name, or linked messages.
* The sender should always ensure that each recipient is intended and appropriate and, if possible, receipt of transmission should be confirmed by the recipient.
* Storing images and data on a smart-device should be limited as much as possible for data protection purposes.
* Clinical photos, as well as messages or other patient-related information, should be completely segregated from the device's personal storage. This can be accomplished by using an app that creates a secure, password-protected folder on the device.
* All information stored (on internal memory or cloud) must be strongly encrypted and password protected. The security measures must be more substantial than the general password unlock feature on mobile devices.
* Efforts should be made to dissociate identifying information from images when images are exported from a secure server. Media should not be uploaded to platforms without an option for securely deleting information without consent from the patient, and only if there are no better options. Automatic back-up of photos to unsecure cloud servers should be deactivated. Further, other back-up or syncing options that could lead to unsecure server involvement should be ascertained and the risks mitigated.
4. Cloud storage should be on a Canadian and SOCII certified server. Explicit, informed consent is required otherwise due to privacy concerns for servers in other jurisdictions.
5. AUDIT & RETENTION
* It is important to create an audit trail for the purposes of transparency and medical best practice. Key information includes patient and health information, consent type and details, pertinent information regarding the photography (date, circumstance, photographer), and any other important facts such as access granted/deletion requests.
* Access to the stored information must be by the authorized physician or health care provider and for the intended purpose, as per the consent given. Records should be stored such that it is possible to print/transfer as necessary.
* Original photos should be retained and not overwritten.
* All photos and associated messages may be considered part of the patient's clinical records and should be maintained for at least 10 years or 10 years after the age of majority, whichever is longer. When possible, patient information (including photos and message histories between health professionals) should be retained and amalgamated with a patient's medical record. Provincial regulations regarding retention of clinical records may vary and other regulations may apply to other entities - e.g. 90 years from date of birth applies to records at the federal level.
* It may not be allowable to erase a picture if it is integral to a clinical decision or provincial, federal, or other applicable regulations require their retention.
* Any breach should be taken seriously and should be reviewed. All reasonable efforts must be made to prevent a breach before one occurs. A breach occurs when personal information, communication, or photos of patients are stolen, lost, or mistakenly disclosed. This includes loss or theft of one's mobile device, texting to the wrong number or emailing/messaging to the wrong person(s), or accidentally showing a clinical photo that exists in the phone's personal photo album.
* It should be noted that non-identifying information, when combined with other available information (e.g. a text message with identifiers or another image with identifiers), can lead to highly accurate re-identification.
* At present, apps downloaded to a smart-device for personal use may be capable of collecting and sharing information - the rapidly changing nature of this technology and the inherent privacy concerns requires regular attention. Use of specialized apps designed for health-information sharing that help safeguard patient information in this context is worth careful consideration.
* Having remote wipe (i.e. device reformatting) capabilities is an asset and can help contain a breach. However, inappropriate access may take place before reformatting occurs.
* If a smartphone is strongly encrypted and has no clinical photos stored locally then its loss may not be considered a breach.
* In the event of a breach any patient potentially involved must be notified as soon as possible. The CMPA, the organization/hospital, and the Provincial licensing College should also be contacted immediately. Provincial regulations regarding notification of breach may vary.
Approved by the CMA Board of Directors March 2018
i Heyns M†, Steve A‡, Dumestre DO‡, Fraulin FO‡, Yeung JK‡
† University of Calgary, Canada
‡ Section of Plastic Surgery, Department of Surgery, University of Calgary, Canada
1 Chan N, Charette J, Dumestre DO, Fraulin FO. Should 'smart phones' be used for patient photography? Plast Surg (Oakv). 2016;24(1):32-4.
2 Unpublished - Heyns M, Steve A, Dumestre DO, Fraulin FO, Yeung J. Canadian Guidelines on Smartphone Clinical Photography.
GUIDING PRINCIPLES FOR PHYSICIANS RECOMMENDING MOBILE HEALTH APPLICATIONS TO PATIENTS
This document is designed to provide basic information for physicians about how to assess a mobile health application for recommendation to a patient in the management of that patient's health, health care, and health care information.
These guiding principles build on the Canadian Medical Association's (CMA) Physician Guidelines for Online Communication with Patients.1
* Mobile health applications, distinct from regulated medical devices, may be defined as an application on a mobile device that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. The functions of these applications may include:
o The ability to store and track information about an individual or group's health or the social determinants thereof;
o Periodic educational information, reminders, or motivational guidance;
o GPS location information to direct or alert patients;
o Standardized checklists or questionnaires.2
* Mobile health applications can enhance health outcomes while mitigating health care costs because of their potential to improve a patient's access to information and care providers.3
* Mobile health applications are most commonly used on a smart phone and/or tablet. Some may also interface with medical devices.
* The use of mobile health applications reflects an emerging trend towards personalized medicine and patient involvement in the management of their health information. By 2016, 142 million health apps will have been downloaded.4 According to some industry estimates, by 2018, 50 percent of the more than 3.4 billion smartphone and tablet users worldwide will have downloaded at least one mobile health application.5
* While mobile health application downloads are increasing, there is little information about usage and adherence by patients. It is believed that many patients cease to use a mobile health application soon after downloading it.
* Distributers of mobile health applications do not currently assess content provided by mobile health applications for accuracy, comprehensiveness, reliability, timeliness, or conformity to clinical practice guidelines.6 However, mobile applications may be subjected to certain standards to ensure critical technical requirements such as accessibility, reachability, adaptability, operational reliability, and universality.
* Increasingly there are independent websites providing reviews of medical apps and checklists for health care professionals. However, the quality criteria used by these sites, potential conflicts of interest, and the scope and number of mobile apps assessed are not always declared by these groups.
To date, randomized controlled trials are not usually employed to assess the effectiveness of mobile health applications. Some believe that the rigorousness of this type of assessment may impede the timeliness of a mobile health application's availability.7
* Some examples of the uses of mobile health applications include tracking fitness activities to supplement a healthy lifestyle; supported self-management of health and health information; post-procedure follow up; viewing of test results; and the virtualization of interaction between patients and providers, such as remote patient monitoring for chronic disease management. Some mobile health applications may be linked to a patient profile or patient portal associated with a professional or recognized association or medical society or health care organization.
* Some mobile health applications may be an extension of an electronic medical records (EMR) platform.
* The objective of recommending a mobile health application to a patient must be to enhance the safety and/or effectiveness of patient care or otherwise for the purpose of health promotion.
* A mobile health application is one approach in health service delivery. Mobile health applications should complement, rather than replace, the relationship between a physician and patient.
* No one mobile health application is appropriate for every patient. Physicians may wish to understand a patient's abilities, comfort level, access to technology, and the context of the application of care before recommending a mobile health application.
* Should a physician recommend a mobile health application to a patient, it is the responsibility of the physician to do so in a way that adheres to legislation and regulation (if existing) and/or professional obligations.
* If the mobile health application will be used to monitor the patient's condition in an ongoing manner, the physician may wish to discuss with the patient what they should watch for and the steps they should take in response to information provided.
* Physicians are encouraged to share information about applications they have found effective with colleagues.
* Physicians who require additional information about the competencies associated with eHealth and the use of health information technologies may wish to consult The Royal College of Physicians and Surgeons of Canada's (RCPSC) framework of medical competencies, CanMEDS.8
* Physicians may wish to enter into and document a consent discussion with their patient, which can include the electronic management of health information or information printed out from electronic management platforms like mobile health applications. This agreement may include a one-time conveyance of information and recommendations to cover the elements common to many mobile health applications, such as the general risk to privacy associated with storing health information on a mobile device.
Characteristics of a safe and effective mobile health application
A mobile health application does not need to have all of the following characteristics to be safe and effective. However, the more of the following characteristics a mobile health application has, the likelier it will be appropriate for recommendation to a patient:
1. Endorsement by a professional or recognized association or medical society or health care organization
As recommended by the Canadian Medical Protective Association (CMPA), it is best to select mobile health applications that have been created or endorsed by a professional or recognized association or medical society.9 Some health care organizations, such as hospitals, may also develop or endorse applications for use in their clinical environments. There may also be mobile health applications associated with an EMR platform used by an organization or practice. Finally, some mobile health applications may have been subject to a peer review process distinct from endorsement by an association or organization.
There are a number of usability factors than can complicate the use of mobile applications, including interface and design deficiencies, technological restrictions, and device and infrastructure malfunction.
Many developers will release periodic updates and software patches to enhance the stability and usability of their applications. Therefore, it would be prudent for the physician recommending the mobile health application to also recommend to the patient that they determine if the application has been updated within the last year.
Physicians considering recommending a mobile health application to a patient may wish to ask about the patient's level of comfort with mobile health technologies, their degree of computer literacy, whether or not the patient owns a mobile device capable of running the application, and whether or not the patient is able to bear potential one-time or ongoing costs associated with use of the application.
Physicians may consider testing the application themselves beforehand to understand whether its functionality and interface make it easy to use.
3. Reliability of information
Physicians considering recommending a mobile health application may wish to understand how the patient intends to use the information, and/or review the information with the patient to understand whether it is current and appropriate.
Information presented by the mobile health application should be appropriately referenced and time-stamped with the last update by the application developer.
4. Privacy and security
In 2014, the Officer of the Information and Privacy Commissioner of Alberta assessed approximately 1200 mobile applications and found nearly one-third of them required access to personal information beyond what should be required relative to their functionality and purpose, and that basic privacy information was not always made available.10
Physicians entering into and documenting a consent discussion with their patients may wish to include the electronic management of health information in the scope of these discussions, and make a notation of the discussion in the patient's health record.
Some mobile health applications may feature additional levels of authentication for use, such as an additional password or encryption protocols. If all other factors between applications are equal, physicians may wish to recommend that patients use mobile health applications adhering to this higher standard of security.
5. Avoids conflict-of-interest
Physicians may wish to recommend that patients learn more about the company or organization responsible for the development of the application and their mandate. There is a risk of secondary gains by mobile health application developers and providers where information about patients and/or usage is gathered and sold to third parties.
A standardized conflict of interest statement may be made available through the mobile health application or on the developer's website. If so, physicians may wish to refer the patient to this resource.
Physicians who develop mobile applications for commercial gain or have a stake in those who develop applications for commercial gain may risk a complaint being made to the College on the basis that the physician engaged in unprofessional conduct if they recommend mobile health applications to their patients in the course of patient care.
6. Does not contribute to fragmentation of health information
Some mobile health applications may link directly to an EMR, patient portal, or government data repository. These data resources may be standardized, linked, and cross-referenced.
However, health information entered into an application may also be stored on a mobile device and/or the patient's home computer, or developers of mobile health applications may store information collected by their application separately. While there may be short-term benefits to using a particular mobile health application, the range of applications and developers may contribute to the overall fragmentation of health information.
If all other factors between applications are considered equal, physicians may wish to recommend mobile health applications which contribute to robust existing data repositories, especially an existing EMR.
7. Demonstrates its impact on patient health outcomes
While not all mobile health applications will have an appropriate scale of use and not all developers will have the capacity to collect and analyze data, physicians may wish to recommend mobile health applications that have undergone validation testing to demonstrate impact of use on patient health outcomes. If mobile health applications are claiming a direct therapeutic impact on patient populations, physicians may wish to recommend that their patients seek out or request resources to validate this claim.
1 Canadian Medical Association. Physician guidelines for online communication with patients. Ottawa: The Association; 2005. Available: http://policybase.cma.ca/dbtw-wpd/PolicyPDF/PD05-03.pdf?_ga=1.32127742.1313872127.1393248073
2 US Food and Drug Administration, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research. Mobile medical applications: guidance for industry and Food and Drug Administration staff. Rockville (MD): The Administration; 2015. Available:
3 Canada Health Infoway. Mobile health computing between clinicians and patients. White paper. Toronto: The Infoway; 2014 Apr. Available: www.infoway-inforoute.ca/index.php/resources/video-gallery/doc_download/2081-mobile-health-computing-between-clinicians-and-patients-white-paper-full-report
4 iHealthBeat. 44M mobile health apps will be downloaded in 2012, report predicts. Available: www.ihealthbeat.org/articles/2011/12/1/44m-mobile-health-apps-will-be-downloaded-in-2012-report-predicts
5 Jahns R-G. 500m people will be using healthcare mobile applications in 2015. Research2guidance. Available: www.research2guidance.com/500m-people-will -be-using-healthcare-mobile-applications-in-2015/
6 Lyver, M. Standards: a call to action. Future Practice. 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf
7 Rich P. Medical apps: current status. Future Practice 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf
8 Royal College of Physicians and Surgeons of Canada. The CanMEDS 2015 eHealth Expert Working Group report. Ottawa: The College; 2014. Available: www.royalcollege.ca/portal/page/portal/rc/common/documents/canmeds/framework/ehealth_ewg_report_e.pdf
9 Canadian Medical Protective Association. Managing information to delivery safer care. Ottawa: The Association; 2013. Available: https://oplfrpd5.cmpa-acpm.ca/en/duties-and-responsibilities/-/asset_publisher/bFaUiyQG069N/content/managing-information-to-deliver-safer-care
10 Office of the Information and Privacy Commissioner of Alberta. Global privacy sweep rasies concerns about mobile apps [news release]. Available: www.oipc.ab.ca/downloads/documentloader.ashx?id=3482