Loading... Please wait...

What Rules Govern Photography and Remote Consultations in the Practice?

Posted by

Technological advances that are becoming commonplace in many walks of life are rapidly spreading to general use in healthcare. In the UK, the NHS is often at the forefront of new technology, but it also imports good practice from industry and elsewhere. For example, GP practices are now commonly accepting the booking of appointments online via their websites. It has long been acceptable for GPs to perform rudimentary consultations by telephone, particularly to address the need for further examination.

Increasingly, practices are incorporating photographic and remote consultations within their procedures to aid patient care. However, such procedures demand observance of legislation with regards to data protection and privacy. Laws that must be adhered to include:

 - Data Protection Act 1998

 - Human Rights Act 1998

 - Mental Capacity Act 2005

 - Freedom of Information Act 2000

While all these Acts are important, perhaps it is the Human Rights Act that provides the overriding principle that makes it unlawful for public authorities to work in any way that is not compatible with the right to certain standards of privacy. This principle extends to the collection and administration of medical records. As such, a photograph (or other photographic imagery, such as skype recordings, for example) would be considered to identify a patient and should be kept private.

A potted set of principles

The length and breadth of the Acts which the GP practice must observe would take our whole website to discuss and explain. Fortunately, the GMC provides concise guidance for GPs wishing to make and use visual and audio recordings of patients. These guidelines cover the following principles:

 - Patients’ privacy and dignity

 - The supply of information to patients (including need and use of recording)

 - The need for consent or authority to record, and ‘no-pressure consent’

 - Stopping the recording if requested, or when causing excess anxiety to the patient

 - The requirement for anonymity when recordings are used for a secondary purpose

 - Consent for use if the patient could be identified

 - Secure storage

The need for consent and protection of identity

The Data Protection Act requires any photograph that may contain sensitive personal data (or could be used to identify a person and then relate that personal data to that person’s identity) to have received consent to be taken and used. There are certain recordings that do not require such consent to be given, namely:

 - Images of internal organs or structures

 - Images of pathology slides

 - Laparoscopic and endoscopic images

 - Recordings of organ functions

 - Ultrasound images

 - X-rays

Of course, it is not always possible for the patient to give their direct consent, in which case consent must be obtained from someone with legal authority to give consent.

Make sure you store effectively

Storage of photographs should be treated with the same respect that the practice treats a patient’s medical records. Indeed, they would be considered to form a part of patient records. The photograph should only be taken for a specific purpose, and then kept only while needed. When no longer needed, the photograph should be destroyed, though if the image is the primary source of information for diagnosis it should be retained for 30 years.

Like other data, photos must not be stored to personal computers, laptops, or other devices. Storage repositories or secure servers should be used, and a suitable audit trail must be in place with photos either anonymized or coded securely.

Clinical recordings should be stored in their original format and backed up regularly. Any manipulated photos should also be stored with the original.

Remember that photos also come under the Serious Incident Requiring Investigation Guidance

If any member of staff has a concern about how photos are used, or guidelines and rules regarding their use are breeched, the IG Toolkit for Incident Reporting should be used to make a report immediately.

Coach practice employees now

Privacy and data protection are important issues, and will have a greater relevance in the GP practice as technology advances and procedures and processes continue to evolve. Quality of care goes hand-in-hand with quality of privacy. Maintain high standards in both by maintaining relevant and up-to-date training and coaching, and start by refreshing staff with GMC guidelines on making and using visual and audio recordings of patients.

Please do not hesitate to contact me if you have any questions - alex.henma@esuppliesmedical.co.uk - 01865 261451.


Securing Practice Photos , Data and Information Securely:

Encrypted USB Flash Drives:

Imation SECURE Software Encrypted Flash Drive USB 2.0 8GB £18.99

Imation SECURE Software Encrypted Flash Drive USB 2.016GB £25.06

SafeXs Guardian 3.0 Aluminium 8GB Flash Drive withAES256-Bit Encryption Software £31.03


Dermatoscopes with cameras

DermLite DL3N  977.50

Schuco DermLite DLCAM £2,109.95

For our extended range of Dermatoscopes, please click here.


Other useful information:

Making and using clinical and healthcare recordings for learning and teaching

Data protection

Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation

Information Governance Toolkit

Using mobile phones in NHS hospitals. January 2009

Records Management. NHS Code of Practice Part 2 (2nd Edition)

Information: To share or not to share? The Information Governance Review

Legal and ethical

Human Rights Act 1998 c.42 Schedule 1 Part I Article 8