POSTED BY Cherie M. Ching


New informational sharing apps allow medical professionals to post photos and share comments regarding their patient’s medical conditions, similar to the components of the Instagram app.  Although these apps may provide a higher degree of efficient and effective services to medical patients, issues of breach of privacy rights and fiduciary duties arise.


Doctor’s appointment.  Not your favorite part of your day, particularly because it is usually scheduled due to health failure or after you have discovered something abnormal, and it always consumes an unnecessary part of your valuable day.  However, in reality, your doctor’s appointment should be considered THE valuable part of your day for the fact that you entrust your doctor with personal information and truthful information.  Private information, such as medical history and medical conditions, is probably unknown to most of the people in your life. You place a certain level of trust and confidence in your doctor, creating an important and non-waiveable fiduciary duty to provide you with the utmost respect and act in your best interest.


Medical records play two essential roles in the practice of medicine: First, they assist with patient health and wellness by better recording keeping and sharing, thereby provide quality treatment. Second, they help improve scientific research and development, and contribute to the advancement of medical sciences. These records consist of a broad range of information about the patient’s demographic, medical history, symptoms, and diagnosis.  Historically, doctors recorded and stored patient information in physical forms of x-rays, photos, diagnosis, and prescriptions. This time consuming process of transferring and delivering hard copies of medical information is being replaced by electronic sharing of digital graphs, image, and patient records.  This process allows collaboration in real-time and for a quicker response to concerns and updates regarding a patient’s situation. Patient’s medical records are essential in providing timely and accurate treatment.


Thousands of healthcare providers use apps as a database to upload, share, and review images.  These apps do not collect the medical information of the individual patient, but rather provide the means for a broad educational exchange between healthcare providers and medical students.  Patient consent is not a prerequisite for posting the photo, however, it is encouraged that pre-existing patient consent forms are provided.  As discussed in a recent BBC news article, Figure 1 has become a popular database for healthcare professionals to share photos by obscuring the identifying marks on the patient’s body.  Identifying the patient is not the intent of the program, but posting photos can inadvertently cause identification of a patient when a rare disorder or disease identified and a specific number of cases in the area are known.  In addition, if a specific doctor posts a photo, the identity of the patient may be easily determined.  The apps capacities are similar to the free social networking platform, Instagram, which allows users to take pictures and share them in real-time with other followers, tag followers and subjects, identify location of the photo, “like” the photo, and make comments.  Figure 1, like Instagram, allows users to chose their audience, which could be your private followers or public to anyone in the Figure 1 community.  If a doctor is not careful of appropriately masking the patient’s identity, he/she is at risks privacy violations.


Posting photos of a Sunday picnic or a day at the beach on Instagram is far different from posting a photo of a patient’s skin rashes.  Regardless of how the information is obtained, stored, or shared, privacy protection still applies and the Fourth Amendment protects each individual from privacy violations.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets national standards for the security and protection of electronic patient health information.  Through HIPAA the privacy of individually identifiable health information is protected and notification is required if a breach of unsecured health information has occurs.  Even with patient consent, healthcare providers still risk breaching HIPAA standards if the patient does not understand the purpose for which his/her information is used. The Patient Safety and Quality Improvement Act of 2005 (PSQIA) similarly promotes protection of personally identifiable health information by establishing a voluntary reporting system aimed to enhance the data available to assess and resolve patient safety and health care quality issues.


With a broader range of searchable information, practitioners are able to expand their research grounds. Although not free from privacy concerns, health record sharing confirms the recipient, the location, and purpose of the shared information. Healthcare providers who use apps such as Figure 1, UpToDate, or DynaMed experience shortened hospital stays, fewer deaths, better quality performance, and rapid feedback for clinical questions. However, doctors reaping the benefits of such invocation should remember not to sacrifice their patient’s privacy.


Cherie is a 2L Staff Member of the Journal of High Technology Law at Suffolk Law.  She enjoys dancing, aerobics, and running.  Her fitness goal is to complete a half-marathon in every state.  

Print Friendly, PDF & Email
Skip to toolbar