Did you know your staff - your wound care team, neurology faculty, your dermatology fellows - are all taking photos of patients on their iPhones?
Photos are becoming an increasingly important part of the care and clinical education progress. Professors are taking videos of a Parkinson's patient's tremor progression to better teach their students. Dermatologist are tracking the growth and change of sun spots. Surgeons are recording new, innovative techniques to show at industry conferences. But are the images they're capturing secure?
Without the right guidance and institutional resources, your organization could be at risk for a very serious privacy breach. Here are three important issues you and your staff should understand before snapping those photos:
Password protection is one of the most basic, important requirements for any employee using their iPhone for professional purposes. Most Apple devices encrypt their contents by default, with varied levels of protection. But to protect against someone stealing and accessing the phone's contents, it should also be encrypted with a unique passphrase or code. Your web, integrity and/or legal teams should all be involved in establishing encryption standards for your organization.
Photo Storage and HIPAA
When staff charge their iPhones at night, oftentimes auto-sync'ing to the cloud, HIPAA has been breached. When the dermatologist emails a photo to their patient or texts it to the lab tech for safekeeping, HIPAA has been breached. Your organization should consider investing in unique, secure devices, used only for clinical purposes and/or approved iPhone applications, like Epic Haiku, for safe image storage and exchange. These newer apps allow staff to send their iPhone photos directly through to a patient's electronic health record (EHR), bypassing storage on the device, itself.
When training teams, I often get asked whether photos and video are OK to take on personal, encrypted devices, as they are de-identified:
"We put a sheet over the patient's face before we photograph them."
"We cover up any identifying tattoos and moles."
"I make sure protected health information isn't out on my desk, when I take the photo."
Unfortunately, unique identifiers are not limited to the physical elements of the photograph. Other unique identifiers, called meta data, are captured automatically with each iPhone photo or video. Meta data includes information like the date and time the photo was taken, its geographic location, including altitude, latitude, longitude. Your iPhone also automatically tags the make and model of your camera, the image resolution, software used to process the image, and more.
Your operating staff likely does not know (nor should they) how to remove meta tags from individual iPhone photos. But they should know how to encrypt and use their devices appropriately and which devices or applications are approved for clinical documentation use at your company.
Inappropriate and unsafe device use is one of the most serious issues in health care today. You must invest in comprehensive internal education and clinical resources to protect your patients, your employees and your organization.
Click here to learn more about our internal training services.
Principal, Med|Ed Digital