Recent updates to search engines such as Google and Bing may expose patient imaging data previously thought to be anonymous.
That’s according to an update shared by the American College of Radiology, RSNA and the Society for Imaging Informatics in Medicine on Thursday. Radiologists and other providers often use patient images in educational presentations or online PDFs and, until recently, search engine spiders could not pinpoint any unique patient identifiers. However, advances in web-crawling and content processing are increasingly allowing for large-scale info extraction from previously stored files thought to be safe.
Physicians and other health professionals must pay special attention to this concern or open themselves up to potential privacy breaches and liability risk, the three groups advised.
“Healthcare providers frequently create presentations containing medical imaging for many worthwhile purposes,” according to an Aug. 20 ACR news update. “Patient privacy guidance including the Health Insurance Portability and Accountability Act and General Data Protection Regulation may extend to these situations. Providers may be responsible for protecting their patients’ privacy in this context just as they are in routine clinical operations.”
ACR gave the hypothetical example of a patient punching her name into a search engine and turning up a diagnostic imaging study from four years ago. Clicking through, she’d be directed to the website of a professional association, which has housed the presentation, unaware that it contains protected health information.
To avoid this concern, the societies suggest only using images that are free of any identifiers in educational presentations. They also recommend utilizing screen-capture tools to grab only the relevant portions, disabling patient information overlays, or using an anonymization algorithm in the PACS. Cropping out protected info or inserting a black box over it is insufficient to protect a patient and their imaging practice, the trio stressed.
“Specific functions are available in some software to permanently delete cropped, obscured or hidden information in presentation files. As a final quality control check, it is recommended that these ‘sanitization’ functions be run on all presentations prior to being made public,” the societies advised.
ACR said it has also assembled a best practices webpage to further guide radiologists in this safeguarding process.
Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic.