Smart use of smartphones

June 17, 2016

Security and encryption are key elements of a protocol for using a smart phone to take clinical pictures. Without those, dermatologists risk heavy fines and more.

Doctors’ smartphone use came under fire when the late Joan Rivers' doctor allegedly used his to take a selfie with a sedated Ms. Rivers during the surgical procedure in which she died.

That’s how not to use a cell phone to take pictures in practice.

When used correctly, dermatologists say smart phone photos can be a great tool.
 

READ: One example of a HIPAA-secure platform

“The pictures that we can now take on cell phones are very useful because the accuracy of seeing morphology has been enhanced greatly as the pixels have increased. So, the images that we’re able to see on the pictures that are taken on the phone are really good,” says Thomas Olsen, M.D., of Dermatologists of Southwest Ohio, and clinical professor of dermatology at Wright State University School of Medicine, Dayton, Ohio. “ ... Are you going to make a final diagnosis? No. But you can at least triage that patient,” he adds.

Risky business

Doctors who take precautions regarding patient privacy and security can use smart phone-derived images in practice without much concern. The problem is that many don’t take the necessary precautions.

Australian researchers reported in one study that 48% of physicians responding to an anonymous survey indicated they took medical photographs. While most said they took the photos with hospital-owned cameras, one-fifth admitted to using their personal mobile phones. Most didn’t get written consent (only obtaining verbal consent) and a significant number of clinicians failed to understand image labeling, storage, copyright and more, putting at risk the security of their patients’ information, according to the authors.

Alan J. Parks, M.D., founder of Eastside Dermatology & Skin Care Center in Columbus, Ohio, says while he prefers to take clinical pictures with a traditional camera, he’ll use his smart phone on occasion.

“As far as taking photos on a phone … the phone should have a password to sign into, so, if it's accessed by someone else, they'll be unable to access photos. Ideally, the phone should also have a fingerprint scanner … to make it more difficult for anyone to access. In addition, the photo library should also require passcode to enter,” Dr. Parks says.

“If you are taking photos on your phone, it's best to transfer the pictures to patients' medical record as quickly as possible, which is hopefully protected by a firewall,” he adds. “Pictures should then be deleted from the phone once transferred.”

NEXT: Legal insight

 

Legal insight

Protocols for protecting the patient’s health information and ensuring their safe transmission are imperative, according to Alice Vautour, a medical malpractice defense attorney and vice president, consulting and audit division, MRM Group, Hartford, Conn.

The platform used to transmit the photographs should be encrypted, among other precautions. Another important consideration is to educate the patients about how any photographs are going to be used in the context of their medical care. That includes getting the patient’s consent and making sure the patient understands what those photos are being used for. Any nonclinical use is prohibited unless the patient gives express consent, Ms. Vautour says.

In essence, using a smartphone device in practice usually comes down to the encryption and security of that device.

“Photographs should be treated just like the provider would treat any other piece of the patient’s medical record. Use of a personal electronic device is appropriate so long as reasonable measures are in place to secure and encrypt the information,” Ms. Vautour says. 

There are no specific rules about taking smartphone pictures, but there is helpful guidance that can be applied to use of a smart phone to take photos in clinical practice.

The Department of Health and Human Services recently issued guidance regarding the use of mobile devices.[i] It goes through a multistep process about securing the device, securing the communication method, even performing a risk assessment of the devices being used to minimize the risk of a breach.[ii]

The Joint Commission also recently changed its position related to texting orders.[iii]

Although the context is different, the Joint Commission’s statement can be applied to smart phone photography, according to Ms. Vautour. In summary, the Joint Commission requires that the phone has a secure sign-on process, the method with which photos are transmitted is encrypted, there are date and time stamps on messages, and delivery receipts to confirm that the images are stored in a patient’s medical record.

Dermatologists and other providers also should have a dedicated contact list to ensure the appropriate person receives the patient’s images, according to Ms. Vautour.

These steps help avoid security breaches and mistakes, including sending the image to the wrong recipient, she says.

Simply taking a picture and sending it to your personal email, a colleague’s email or staff member is unacceptable practice because those destinations are likely not secured.

Consequences for violations

The consequences of inappropriate smart phone use in practice can be harsh, according to Ms. Vautour.

“The Department of Health and Human Services works in conjunction with the Office of Civil Rights, so a breach of HIPAA is essentially considered a breach of the patient’s civil rights,” she says.

Violations can result in significant fines, Vautour says.

“… if there is an institutional breach there may be a probation period, where the Office of Civil Rights comes back and reinvestigates to make sure that there has been remediation to ensure the information has been secured going forward,” she says.

In addition to fines, there are notification requirements to patients if there is a breach of data — all of which can be extremely costly and require substantial dedication of resources.

NEXT: Keeping up with changes

 

Keep up with changes

The recommendations surrounding cell phone use in practice are a work in progress, and government recommendations often lag technology innovations, Ms. Vautour says.

“Even in the absence of policies, I think it’s prudent to treat photographs as you would any other piece of protected health information—the same types of security measures apply,” she says.

Disclosures: Alice Vautour, Dr. Olsen, and Dr. Parks report no relevant disclosures.

References:

[i] https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security

[ii] https://www.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health-information-when-using-mobile-device

[iii] https://www.jointcommission.org/assets/1/6/Update_Texting_Orders.pdf