Sunday 16 September 2012

Patient care overlooked in the concern over patient privacy

A recent journal article (paywall) had the lead-in line of:

Patient privacy and confidentiality are being overlooked in the burgeoning use of smartphones to take medical photos”.

I argue the opposite: that ease of access to medical images has been overlooked in the concerns over privacy and confidentiality.

So is privacy an issue for the patients? Of course, but privacy of what? This is where the Privacy Rights Clearinghouse comes in. This very comprehensive and easy to use website has categorised records of thousands of data breaches in the US involving over 500 million records (including non-medical areas). A search of “Unintended Disclosure” in “Healthcare” from 2005 to 2011 inclusive, revealed 67 breaches involving 1,331,879 health records. They cover everything from a lost laptop to major firewall lapses. Interestingly, many of the cases were due to incorrect mailings. The information was both medical and personal (social security number, name and even credit card details) and there were several associated lawsuits, but none of the breaches referred to transmission of images by smartphone.

Despite this, the restrictions placed on viewing X-rays on line, in the name of security and privacy, are such that many specialists cannot see the films, or can, but couldn’t be bothered with the elaborate process of ID tokens, multiple passwords, computer incompatibility, updating passwords, and the need for a dedicated desktop (making it non-mobile). It is easier just to have the hospital doctor take a photo and message it. Done. Near instant access anywhere, anytime.

When we started our digital X-ray system many years ago, I could log in with my smartphone and view the films. That was before concerns over privacy trumped ease of access.

I have been involved in many hospital investigations prior to digital imaging, for mistakes made because a specialist doctor could not access the X-ray films. The solution was always the same: to bring in a digital X-ray system. Now we have such a system, but none of the doctors in my unit use it outside the hospital. Then the smartphone came along and solved the problem for us.

The bottom line
I would like to see some balance. I can quote many cases of harm from lack of access to medical images, yet I know of no cases of harm from unwanted transmission of such images. The authors of the paper write:

People will only take this issue seriously if there is litigation”

They are correct. The fact that there has never been litigation over this commonplace event doesn’t seem to strike them. Even if there was a case, what harm would they be claiming, and would it offset the harms from having such tight restrictions to access? Haven’t we more important things to worry about than having our photo taken or our X-rays viewed? Are we that special?


  1. I could not agree more. I am unaware of any attempt by any unauthorized person to view images of patients. We too have elaborate security measures which deter most docs from looking at their patients' images. It's a sad state of affairs.

    1. Thanks. I thought you would appreciate this one.

      And I agree: criminals are after your credit card details, not your chest X-ray.

  2. Well said.

    The tardiness of IT administrators to allocate logins and passwords to new registrars or locum staff presents another problem: either the required images can't get viewed (a medical safety disaster waiting to happen), or (more commonly) a generic password gets issued... which is then written on tape applied to the top of computer screen for all to see and use. Surely this presents more of a privacy concern, as unlike MMS messages the access and transmission can not be traced.

    1. Thanks.

      From those comments, I think you must work at my hospital.


Note: only a member of this blog may post a comment.