Volume 48, Issue 7, July 2019

Clinical photography of skin lesions: Professional and legal considerations in primary care

Charan Jeet Arora    James Mitchell    Muhammad Rafiq    Stephen Shumack   
doi: 10.31128/AJGP-12-18-4803   |    Download article
Cite this article    BIBTEX    REFER    RIS

Clinical photography is a fundamental component of visually oriented medical fields. The ubiquity of digital technology has brought the capacity to capture clinical photographs to the palm of a practitioner’s hand. It is important for general practitioners (GPs) who take clinical photographs of skin lesions to be aware of the associated legal and ethical obligations.
The aim of this article is to explore and explain current professional and legal considerations related to the use of clinical photography in general practice.
Ensuring compliance with professional and legal standards when using clinical photography in general practice requires a firm grasp of the obligations associated with image capture, use, sharing, storage and security. GPs should ensure that before employing clinical photography, they have adequate consent-obtaining practices, regular habits of uploading images to the patient record, and sufficient device security. This will help to ensure that patient images are protected from being compromised.

Importance of clinical photography

Clinical photography has become a boon to the world of medicine.1 Table 1 outlines the numerous uses of clinical photography in the medical field. Regard must be had for the legal and ethical obligations of practitioners to uphold a patient’s right to privacy, confidentiality and autonomy to consent to the use of photographs.2 Current research focuses on the use of clinical photography by dermatologists.3–5 However, clinical photography is also a valuable tool for general practitioners (GPs), who are often the first to assess skin conditions. It is therefore important for GPs to be aware of their ethical and legal obligations.

Table 1. Primary categories and uses of clinical photography of skin lesions
Category Uses
  • Documentation of condition
  • Teledermatology
  • Tracking patient progress
  • Evidence in case of future legal action
  • Visual aid that supports verbal clinical descriptions to benefit medical students
  • Assists professionals to obtain a better understanding of skin conditions and lesions
  • Photographs are mandatory for most research work as they help to substantiate findings; this contributes to the spread of knowledge and improvement in healthcare provision
  • Advertisements to generate public awareness about various conditions and the treatment options available


Legal considerations for GPs

Clinical photographs are a sensitive component of patient health records. For GPs working in private practice, the Privacy Act 1988 (Cwlth) requires adherence to the Australian Privacy Principles (APPs). If a breach of the APPs were to occur, a range of penalties may be applied to offending practitioners.6


Obtaining informed written consent from the patient before capturing clinical images is best practice. In the absence of written consent, a minimum standard of documentation in the patient file is necessary. Unfortunately, studies suggest that many practitioners routinely fail to properly obtain or document a patient’s consent to photography. A 2014 survey of 90 Philadelphia Dermatological Society members reported that 24% failed to obtain consent prior to capturing clinical photographs. Of those who did obtain consent, 31% failed to obtain written consent.7

A similar survey of Australian dermatologists and dermatology trainees revealed that only 2% obtained written consent for clinical photographs, 30% obtained and documented verbal consent in patient records, while just under half (46%) obtained verbal consent but failed to document it in their patient’s records.8 Additionally, 13% reported obtaining, transmitting and storing clinical photographs without patient consent.8

It is crucial that patient consent forms cover the permitted uses of clinical photographs. Consent forms should specify the purposes for which the images may be used, and ideally outline disallowed purposes (Appendix 1). Best practice requires every proposed use of clinical photographs to be clearly explained to patients, who should then be able to consent to some or all uses.

To comply with the APPs, identifiable clinical photographs can generally only be used for the primary purpose for which they were collected; typically diagnosis and treatment of conditions. Use for secondary purposes (education, research or sharing with a colleague) either requires the patient’s consent, or must be reasonably expected by the patient.6 Using identifiable clinical photographs when consent has not been obtained is not only unethical and inappropriate, but also a breach of the legal obligations imposed by the APPs.6

While patients maintain the right to withdraw consent for use of clinical images, they must be informed that information cannot usually be deleted from their medical record. Additionally, if clinical images have been published in a journal or on the internet, it is virtually impossible to undo. These limitations must be explained to the patient when obtaining consent. There are exceptions to a patient’s right to refuse consent to the disclosure of clinical images. However, a practitioner should always clarify such exceptions with their medical defence organisation.2


De-identification is the process of obscuring areas of a clinical image and removing names and dates of birth that would otherwise identify a patient. De-identification must take into consideration identifiable features such as tattoos, birthmarks and jewelry that may distinguish patients. It is recommended that consideration is also given to the metadata contained in electronically captured and stored images.2,9 Identifying metadata includes information such as the device used to capture images, as well as the location, time and date of capture.2

Storage and security

Practitioners are legally bound to keep records, including clinical photographs, for several years.1 With the digitisation of medical records, new challenges have emerged to maintain security, especially when clinical photographs are stored outside of a central medical record. APP 11 requires practitioners who hold personal information (including clinical photographs on a personal smartphone) to take reasonable steps to protect such information from misuse, interference, loss, unauthorised access, modification or disclosure.6

Recent surveys of Australian dermatologists and dermatology registrars paint an alarming image of current storage and security practices. In one study, only 51% of practitioners transferred clinical images to patient files, while 46% stored images on their smartphones.8 Another study reported that 85% of registrars had more than 100 images of patients on their phones, while only 23% had enabled security on devices used to take clinical photographs.10 There are no comparable studies of Australian GPs on their compliance with storage and security requirements.

For GPs capturing clinical photographs, best practice is to use a work-specific device. However, GPs who do not have access to work-specific devices may resort to using personal devices. In either situation, photographs should be promptly uploaded to the patient’s record and then erased from the device.

When clinical images are not immediately uploaded to the patient’s file, they should be securely protected. Using passwords that prevent unauthorised access to devices, as well as enabling a phone’s remote data-wiping capacity are two simple methods to achieve this. These are reasonable steps that place a GP in a legally defensible position.

When storing patient images on phones, GPs should be aware of whether they are automatically uploaded to cloud-based storage sites. This is of heightened relevance for storage sites hosted internationally. APP 8 regulates cross-border disclosure of personal information, mandating that practitioners holding personal information take reasonable steps to ensure overseas recipients do not breach the APPs with respect to such information.12 To prevent a breach of APP 8, it is prudent for GPs who store patient images on their phones to ensure that the auto-upload feature is disabled.


Sharing of clinical photographs between clinicians has become increasingly easy and prevalent. However, sharing of images via non-encrypted or non-secured networks could amount to a breach of patient consent and privacy if images were incorrectly addressed or intercepted. It is essential that GPs understand the importance of secure image sharing so that images are not subject to misuse; interference; loss; or unauthorised access, modification or disclosure.

APP 11 requires GPs to take reasonable steps to ensure that patient information is not accessed without authority,6 meaning care is required when sharing clinical images. The same legal obligation is imposed on GPs who receive clinical photographs.6 To ensure compliance when transmitting clinical photographs, images should be encrypted or password protected. It is also important to check that images are correctly addressed; if the wrong email address or phone number is used, this would amount to a clear breach of privacy and APP 11. If a patient’s personal information is subject to unauthorised loss, disclosure or access, this may also amount to a notifiable data breach. In these cases, there is an obligation to notify patients where serious harm is the likely result of the breach.13

Awareness of guidelines and policies

In 2014, the Australian Medical Association (AMA) released a comprehensive set of guidelines on the use of personal smartphones for clinical photography.2 These guidelines provide advice on the collection, use, disclosure, security and storage of clinical images taken with smartphones. Where a practice has a policy regarding smartphone use for clinical photographs, it should be followed. However, where no workplace guidelines exist, or where they inadequately address these issues, the AMA guidelines are an invaluable resource to ensure best practice and protection against liability.

A 2018 study of Australian dermatologists and dermatology registrars reported that only 22% were aware of policies on workplace smartphone use, while 65% felt they would benefit from education on the use of personal smartphones for capturing clinical photographs. Less than half had read the AMA guidelines on clinical images and the use of personal mobile devices.8 This provides a clear indication of the current awareness of Australian dermatologists regarding guidelines and policies for smartphone use for clinical photography. There are no comparable studies of Australian GPs on their awareness of clinical photography guidelines.


Clinical photography is a fundamental tool in visually oriented medical fields. Through the development of smartphone technology, clinical photography has proven to be of great use in general practice. It has enhanced diagnostic capability, improved treatment monitoring and facilitated rapid access to expert opinions. However, this rapid technological development has potentially left a need to inform practitioners of how best to manage clinical photographs from a medicolegal standpoint.

Legislation and guidelines exist to assist practitioners who use clinical photography, but they are not always user-friendly. Studies considering the current status of GP knowledge, awareness and utilisation of safeguards in clinical photography would help to plan appropriately targeted educational strategies for obtaining appropriate patient consent, and the safe use, storage and transmission of clinical photographs.

Appendix 1 – Sample content

Competing interests: None.
Provenance and peer review: Not commissioned, externally peer reviewed.
Funding: None.
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log
  1. Mahar PD, Foley PA, Sheed-Finck A, Baker CS. Legal considerations of consent and privacy in the context of clinical photography in Australian medical practice. Med J Aust 2013;198(1):48–49. doi: 10.5694/mja12.11086. Search PubMed
  2. Medical Indemnity Industry Association of Australia, Australian Medical Association. Clinical images and the use of personal mobile devices: A guide for medical students and doctors. Barton, ACT: AMA, 2017. Available at [Accessed 1 May 2019]. Search PubMed
  3. Duong TA, Cordoliani F, Julliard C, et al. Emergency department diagnosis and management of skin diseases with real-time teledermatologic expertise. JAMA Dermatol 2014;150(7):743–47. doi: 10.1001/jamadermatol.2013.7792. Search PubMed
  4. Barbieri JS, Nelson CA, James WD, et al. The reliability of teledermatology to triage inpatient dermatology consultations. JAMA Dermatol 2014;150(4):419–24. doi: 10.1001/jamadermatol.2013.9517. Search PubMed
  5. Muir J, Xu C, Paul S, et al. Incorporating teledermatology into emergency medicine. Emerg Med Australas 2011;23(5):562–68. doi: 10.1111/j.1742-6723.2011.01443.x. Search PubMed
  6. Commonwealth of Australia. Privacy Act 1988, Schedule 1, Part 4, Principle 11. Canberra: Commonwealth of Australia, 1988. Search PubMed
  7. Anyanwu CO, Lipoff JB. Smartphones, photography, and security in dermatology. J Am Acad Dermatol 2015;72(1):193–95. doi: 10.1016/j.jaad.2014.09.035. Search PubMed
  8. Abbott LM, Magnusson RS, Gibbs E, Smith SD. Smartphone use in dermatology for clinical photography and consultation: Current practice and the law. Australas J Dermatol 2018;59(2):101–07. doi: 10.1111/ajd.12583. Search PubMed
  9. Bhattacharya S. Clinical photography and our responsibilities. Indian J Plast Surg 2014;47(3):277–80. doi: 10.4103/0970-0358.146569. Search PubMed
  10. Kunde L, McMeniman E, Parker M. Clinical photography in dermatology: Ethical and medico-legal considerations in the age of digital and smartphone technology. Australas J Dermatol 2013;54(3):192–97. doi: 10.1111/ajd.12063. Search PubMed
  11. Stevenson P, Finnane AR, Soyer HP. Teledermatology and clinical photography: Safeguarding patient privacy and mitigating medico-legal risk. Med J Aust 2016;204(5):198–200. doi: 10.5694/mja15.00996. Search PubMed
  12. Commonwealth of Australia. Privacy Act 1988, Schedule 1, Part 3, Principle 8. Canberra: Commonwealth of Australia, 1988. Search PubMed
  13. Commonwealth of Australia. Privacy Amendment (Notifiable Data Breaches) Act 2017, Schedule 1, Part IIIC, Division 2, Section 26WE(2). Canberra: Commonwealth of Australia, 2017. Search PubMed

Clinical imagingClinical photographyDermatologyMedico-legal medicine

Download article