Carolyn Buppert, MSN, JD


April 25, 2014

To submit a legal/professional nursing question for future consideration, write to the editor at (Include "Ask the Expert" in subject line.)


Can smartphones be used to send texts about patients or to take photographs of them?

Response from Carolyn Buppert, MSN, JD
Healthcare attorney

Smartphones in Healthcare Communication

A nurse in long-term care asks the following questions about the use of smartphones in healthcare:

Is it appropriate for nurses to use their personal smartphones to communicate with physicians about patient issues?

Is it appropriate to take photos of wounds or skin issues on a personal phone for any reason?

There are 2 categories of patient protections to consider when using a smartphone for communication: the patient's privacy and the patient's confidentiality.

With respect to photos, the patient needs to consent to it; otherwise, it is a breach of the patient's right to privacy. Once a photo is taken, the issue of confidentiality arises -- how will the photo be used? The Health Insurance Portability and Accountability Act (HIPAA) allows healthcare providers to divulge protected health information to those who need it for the purposes of treatment, payment, or healthcare operations. Protected health information is individually identifiable health information transmitted or maintained in any form by a covered entity (a nurse) or a covered entity's business associate.

So, if there is a photo of a patient's leg, and there is no name or other identifying information on the photo, and no one could tell whose leg it was (no identifying tattoos or other distinguishing marks), then HIPAA would not apply, because the leg isn't identifiable as being that of a specific individual. If a photo had the patient's name on it, then HIPAA would apply. If a photo with a patient's name on it was transmitted for treatment purposes -- say, a skin lesion photo was being transmitted to a dermatologist for an opinion on diagnosis -- that transmission could be HIPAA compliant, if the transmission was encrypted. However, if the person transmitting the photo made a mistake and transmitted it to the wrong person, then that would be a HIPAA violation.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.