Recommended Procedures to Prevent PHI Exposure in Online Medical Presentations

An advisory issued by the American College Of Radiology, the Society For Imaging Informatics In Medicine, and the Radiological Society of North America highlight a warning in relation to online medical presentations and the risk of accidental sharing of protected health information (PHI).

Most healthcare experts create educational presentations that contain medical images. Presenters must make it a point not to inadvertently expose or share PHI. Medical images have embedded patient identifiers so it is easy to find the correct patients corresponding to the images. Having said that, web crawling technology nowadays can be employed to get that embedded information creating a risk to patients’ data privacy.

Search engines including Google and Bing use advanced web crawling technology to facilitate wide-scale stored data extraction. That action includes indexing of slide presentations with patient identifiers that are considered de-identified information in the past. Now, source images from PDFs and PowerPoint slides can be extracted and the alphanumeric characters embedded in the image pixels can be identified.

The indexing process retains the association of that data with the images. So, if the search engine displays the images, that information will be included.

If a patient lookups for his name in Google, the data shown might consist of an image connected to a diagnostic study done years back. Clicking on the image will direct the patient to a site that belongs to a professional imaging organization, which retained a PowerPoint or PDF file that was used for teaching in the past.

It’s likely that the professional imaging organization did not know that the image contained PHI. The individual who produced the file in all probability didn’t know that the image used in the slide presentation was not completely de-identified and that the PDF file didn’t protect patient privacy.

The radiology groups released guidance that would teach healthcare providers how to avoid accidental exposures of PHI whenever creating educational online presentations with medical images.

It is vital to use only medical images stripped of patient identifiers when creating presentations. If the medical images have embedded patient identifiers, exclude the part of the image with patient identifiers by using a screen capture software program. Another solution is using the anonymization algorithm in the PACS prior to saving a slide presentation. Disabling patient data overlays before exporting the image is another option.

The radiology groups noted an important point when using presentation software like Keynote, Google Slides and Powerpoint. These programs can be used crop images to exclude patient identifiers, but it doesn’t permanently remove the PHI. Some use Adobe Photoshop to darken patient identifiers, however, this method is not secure nor recommended for de-identification.

After taking away patient identifiers, it is advisable to perform one final check to ensure that images are properly de-identified before sharing them with the public.

The published guidance on the proper use of medical images in making presentations can be viewed here.