Consider data security when using smartphones at work


For immediate release: Wednesday, 3 December 2014

Doctors are reminded to consider security of patient data and issues of confidentiality when tempted to use smartphones or tablets to deliver patient care, says UK-wide medical defence organisation MDDUS.

MDDUS has dealt with cases where doctors with the best intentions have found themselves in professional difficulties resulting from the use of these devices at work. Taking pictures of patients or storing any patient data on personal devices may result in local disciplinary procedures or even GMC referral.

MDDUS medical adviser Dr Barry Parker advises doctors to avoid using personal devices of this kind for recording purposes in the course of their work. “It is likely that employing organisations or contracting bodies will have IT policies that expressly forbid the use of personal devices in this way because of the very clear risk of a serious breach of confidentiality,” says Dr Parker.

“Lost or stolen smartphones holding identifiable patient recordings or pictures are a particular hazard and the doctor concerned may be held individually responsible in the event of an accidental breach of confidentiality of this kind.”

Doctors must also comply with the Data Protection Act 1998 as well as the GMC’s Confidentiality guidance which makes it clear that any personal patient information that you hold or control must be “effectively protected at all times against improper disclosure”.

In relation to making and using visual and audio recordings of patients, the GMC also advises that “recordings made as part of the patient’s care form part of the medical record and should be treated in the same way as written material in terms of security and decisions about disclosures.”

Dr Parker adds: “A doctor may feel that it would be helpful to take a photograph of a patient in the course of clinical care that could be used in discussion with colleagues or for teaching purposes.

“If this situation arises in a hospital setting, formal medical photography using devices and procedures approved by the organisation is most appropriate. The use of personal devices for taking and storage of images is not recommended.

“Clearly, doctors should also be mindful that consent must be obtained from patients before making recordings. Patients must be fully informed in advance about the nature of the recording and how it will be stored and used as well as with whom it will be shared, in order to provide informed consent.

“It is understandable that the use of smartphones by doctors is now commonplace, with the technology providing new opportunities in terms of apps which can be used to deliver clinical guidance and information. Doctors should not, however, be tempted to use personal devices to record and store patient data.”


For further information contact Richard Hendry on 0845 270 2034 or 07976 272266, or email

Note to editors

MDDUS (The Medical and Dental Defence Union of Scotland) is a medical and dental defence organisation providing access to professional indemnity and expert medico- and dento-legal advice for doctors, dentists and other healthcare professionals throughout the UK. For further information on MDDUS go to

This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.

For registration, or any login issues, please visit our login page.