Can I receive and store images sent from patients during remote consultations?BMJ 2020; 370 doi: https://doi.org/10.1136/bmj.m2675 (Published 13 July 2020) Cite this as: BMJ 2020;370:m2675
Consider, carefully, if it’s appropriate
Samuel Stone, standards policy officer at the General Medical Council, says, “Photographs and videos are increasingly important tools for doctors embracing remote consultations—but patients must be assured of their protection.
“To support doctors through what can be a sensitive area, we’ve published fresh advice on our ethical hub1 exploring key considerations such as consent, keeping information secure, and dealing with intimate images.
“Before requesting patient images, ask yourself: will it be possible or appropriate to assess the patient’s condition remotely? If it won’t, consider whether a face-to-face consultation is necessary, or signpost to other services where appropriate.
“If images are needed, you should seek informed consent by providing the patient with all the information they might want or need about why these are necessary and how the files will be kept secure.
“Make sure you’re using clinically approved video consultation software, and secure arrangements for storing and transferring images. Guides can be found on the NHS Digital website2 and Attend Anywhere,3 a nationally funded video consultation platform designed to support NHS trusts in their response to the pandemic.
“Be particularly cautious when requesting and storing images of patients’ intimate areas. Patients may need additional reassurance about how their images will be kept secure before providing their consent for storage and processing. It’s also important to consider relevant laws regarding intimate images of adults, as well as safeguarding4 for vulnerable adults.
“If your patient is uncomfortable with sharing sensitive images, you could show them illustrative images of the suspected condition or ask them to describe their symptoms in detail.
“The Royal College of GPs has a helpful guide5 on safe video consulting. If you’re unsure, or have any concerns, seek advice from your employer and information governance colleagues.
“Ultimately, doctors should carefully think about when and how to use images, ensuring that they always protect patients and listen to their preferences.”
Images need secure storage
Bernadette John, digital professionalism expert, says, “Prior to accepting images from patients during a remote consultation, it’s essential that you discuss matters around transfer, storage, and use of these images so that informed consent can be gained and recorded.
“Clinical images form part of the medical record and therefore they need secure storage. For this reason, I wouldn’t advocate using WhatsApp because images are downloaded to cloud storage by default and streamed between your other networked devices. If you must use Whatsapp, make sure you disable the cloud storage functionality.
“Clinicians should also note that deleted images on your smartphone are stored in the ‘deleted images’ album for the next 28 days. Therefore, all devices should be password protected and wiped before you trade them in, ensuring that the cloud based backup is fully disabled until the images are fully deleted from your device. Don’t just delete, be sure to empty the trash.
“You should also make sure that data encryption is enabled on your smartphone, operating systems are up-to-date, and default settings, such as global positioning satellite location information linked to photographs, are disabled. Bluetooth should not be used to transfer images between devices.
“Hospify6, which has been approved by the NHS apps library, allows you to receive images from a patient securely. Currently this free app provides secure image availability on your smartphone for 30 days. From June, the new web app will allow doctors to store these images securely indefinitely. Video consulting will also be available on this app in the next few months.”
Obtain documented consent
Louise Fearfield, clinical vice president of the British Association of Dermatologists, says, “During the covid-19 pandemic dermatology departments have become increasingly reliant on patients sending in their own images to enable us to make clinical decisions.
“These images are often used to support video and telephone consultations as the clarity on video images is often not good enough to see skin lesions clearly. There are some key principles that should be considered to establish consent policies for receiving, reviewing, and storing images.
“Patients should be informed of the risks associated with sending any images over the internet—this constitutes a non-secure transfer, as images are not subject to information governance and data protection until they have been received by the healthcare professional.
“Once the image has been received, any onward data transfer and storage should meet the NHS data protection and information governance requirements of the healthcare organisation.
“It’s important that the routine documented consent process should be undertaken verbally and documented with a message explaining consent (such as ‘by sending these images you consent to them being held in your medical record’) or by sending a written patient consent form for the patient to complete and return.
“Which form of consent is used should be determined by the trust’s own commissioners and the organisation’s guidance from their information governance team. In some circumstances, images are deleted based on clinical judgement or patient preference with documentation of verbal consent, and patients should be advised to retain the images.
“Ultimately, however, it’s recommended that images are retained when they’ve been used to make clinical judgements on patient care. Standard secure pathways to transfer images should be resumed in preference to patient emails as covid-19 recovery progresses, including image attachments sent with patient referrals and advice and guidance requests through the NHS e-referral service.”
Keep the patient informed
Michael Devlin, Medical Defence Union head of professional standards and liaison, says, “Ask yourself if an image will be enough to make a diagnosis or is a more extensive examination necessary? In line with GMC guidance on making and using visual and audio recordings of patients,7 explain to the patient why a photograph will help in providing clinical care.
“Tell the patient and document in their records how the image and records will be securely stored and reassure them that it won’t be used for any other purpose without their express permission.
“Ensure the image is sent securely, such as to your NHS encrypted email account, in accordance with your organisation’s policy. Upload the image to the patient’s records and delete the message and image from your account.
“If the patient is a child who lacks capacity to decide about a photograph being shared with you, seek permission from someone with parental responsibility. With an adult who lacks capacity you must be satisfied that the photograph is necessary, will be of benefit to them, and is in their best interests. If there’s someone who has legal authority to act on their behalf in healthcare decisions, then their agreement should be sought.
“Intimate images, such as of genitalia, anus, and breasts, create particular medicolegal risks. Seek advice from your medical defence organisation if an intimate image is required or if you need further advice.”
Bernadette John is undertaking a doctorate in the use of smartphone communication of patient data by clinicians. She would like readers to consider contributing to the research and you can do so through the web link here: https://forms.gle/Yz9WTZXrficg5JT9A.
This article is made freely available for use in accordance with BMJ's website terms and conditions for the duration of the covid-19 pandemic or until otherwise determined by BMJ. You may use, download and print the article for any lawful, non-commercial purpose (including text and data mining) provided that all copyright notices and trade marks are retained.https://bmj.com/coronavirus/usage