Clinical images and patient confidentiality

Ms Maria Campbell provides advice on legal requirements in relation to clinical images

They say a picture paints a thousand words and that can undoubtedly be true in the case of clinical imaging. Taking and sending clinical images, such as photographs, videos, or audio recordings, has become a common feature of medical practice and can be valuable tools for diagnostic and therapeutic purposes.

In appropriate cases, clinical images can be a beneficial addition and can lead to more efficient delivery of patient care. For example, visual symptoms, such as a rash or wound, can be documented and tracked over time. They can also be a valuable addition to education and training. Sharing clinical images provides the opportunity to get second opinions from colleagues across the world at the click of button.

With the increasing popularity of this technique, a doctor must be mindful of their legal requirements and ethical duty to uphold patient confidential. This article provides advice and practical steps to consider.

1. Ethical considerations

The important role that clinical images have in the delivery of patient care is recognised in the updated Medical Council Guide to Professional Conduct and Ethics for Registered Medical Practitioners (the ‘Guide’). The ninth edition of the Guide came into operation on 1 January 2024 and goes further than previous editions in providing guidance for doctors regarding clinical imaging.

Section 31: Photographic, video, or audio recording of a patient by a doctor

31.1“Making audio, video, or photographic recordings of a patient on your personal or work devices may be necessary for safe patient care. You must take particular care in relation to the storage and sharing of recordings of a patient.”

31.2“Where you determine that making audio, video, or photographic recordings of a patient is necessary and appropriate for patient care and/or beneficial for education and training purposes, you must explain this to the patient and obtain their consent to both the making and any proposed sharing of a recording.”

31.3 “You must take all reasonable and required steps to ensure that you follow your professional duty of confidentiality as well as your legal duties regarding data protection. You should keep these recordings confidential as part of the patient’s record (see paragraph 38). If they are being used for education and training purposes beyond the patient’s healthcare team, you must ensure that the patient is neither identified nor identifiable, unless they have given consent to being identified.”

31.4“You should be aware of security when sharing information by electronic means, including text, other electronic messaging or emailing, and you should take all reasonable measures to protect confidentiality.”

In light of the above, it is essential that a doctor considers storage, consent, confidentiality, and security before taking or sharing a clinical image.

Deceased patients

Patient information remains confidential even after death and a doctor’s duty to maintain patient confidentiality remains, as outlined in paragraph 30.1 of the Guide. Doctors should keep in mind that their ethical duty of patient confidentiality still applies when dealing with the clinical images of a deceased patient.

2. Data privacy

Lawful basis for processing

Article 9.2(h) of the General Data Protection Regulation (GDPR) provides a lawful basis for the processing of special categories of personal data for medical purposes, where that processing:

“… is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.” (emphasis added)

Clinical images sent to a doctor should be treated as medical records and should be stored securely in the patient’s records, with adequate security
systems in place

It is best practice to document why you considered clinical imaging necessary in the context of a patient’s care.

3. Consent

As above, article 9.2(h) of GDPR provides a lawful basis for the processing of special categories of personal data in general practice. However, in the context of clinical images, you should also keep a record of having obtained explicit patient consent to taking/receiving and storing the imaging.

Consent to clinical imaging should be sought from a parent/legal guardian in respect of young children. Minors can consent to treatment from the age of 16 (with the exception of mental health treatment), but they may have sufficient understanding and maturity at an earlier age to express an opinion or preference and if so, their views should be taken into account.

A doctor should exercise caution in the context of a patient who lacks capacity. It may be that no one has official authority to make decisions on their behalf (eg, pursuant to wardship proceedings, a decision-making representative, or on foot of a power of attorney/enduring power of attorney). In such cases you should have regard to where the patient’s best interests lie and whether clinical imaging is necessary in the context of their clinical care.

4. Remote consultations

In the absence of a face-to-face consultation, if clinical imaging is provided or requested as an aid to diagnosis or treatment, you should consider the following:

Discussing with the patient the limitations of relying on imaging and conducting examinations remotely. Explain that ultimately, a physical examination may still be required.

Whether it would be in the patient’s best interests to wait until they can attend in person. If this is not feasible and/or delaying could potentially cause further harm or delay further investigation, you may decide the use of clinical imaging and a remote examination is appropriate. Your records should reflect your decision making in this regard.

Obtaining the patient’s informed consent to proceed.

Deciding on the most appropriate modality for the imaging. A video consultation may provide a better overview whereas a photograph typically provides better resolution.

Considering the patient’s need for privacy and comfort with their environment and ensuring no interruptions at your end.

Paragraph 24.3 of the Guide defines intimate examinations as including:

“… examinations of breasts, genitalia, and rectum. Consent for intimate examinations must be documented in the patient’s medical record.”

The same standards apply to consultations carried out remotely and doctors should keep these guidelines in mind when considering if a remote consultation or clinical image would fall within the category of an intimate exam.

5. IT considerations

Clinical images sent to a doctor should be treated as medical records and should be stored securely in the patient’s records, with adequate security systems in place. Patients’ clinical images should not be stored separately to their patient files. Any medical information, including images, should be stored and retained in accordance with data retention policies, having regard to the time periods for each category of data. Some other key points to consider:

It is best practice to use a secure platform for processing clinical images, rather than rely on freeware apps or personal devices.

If a patient is planning to send you a clinical image, you should advise the patient to send it to a secure account. Any device which you use to take or receive clinical imagery should be properly secured.

Clinical images should be transferred securely from personal devices to the correct patient’s records as soon as possible. All images should be securely deleted from the personal device afterwards.

Just like clinical records, clinical images should be protected with back-up (disaster recovery), robust security, encrypted data transmission and appropriate user access controls. Clinical IT providers can provide best practice guidance on IT safeguards and controls.

Conclusion

Whilst the use of clinical images has become more prevalent in clinical care, it is important to remember that they are sensitive medical information and must be treated with care. If you are unsure about how to approach any particular aspect of dealing with clinical images, please contact your indemnifier for specific advice.

Please do not hesitate to contact Medisec if you require further guidance.

References available on request