David Lauder examines why using personal mobiles to take and store clinical photos poses risks to dentists and patients.

The impact that mobile devices have had on society is undeniable. However, along with the many advantages this technology has brought, their use is not without risk.

This is particularly the case when using mobile devices to take clinical photographs. While on the face of it this may seem a convenient and cost effective approach, there are a number of important considerations.

Data protection and the law

Clinical photographs can be very useful when it comes to both treatment planning and allowing patients to make informed decisions. From a dento-legal perspective, they can also provide important evidence if a patient were to make a complaint or claim for compensation, but they must be stored safely and securely.

The relevant law in this area is the Data Protection Act 1998. From the perspective of both the Data Protection Act and the GDC, a photograph of a patient is confidential personal data. Interestingly, this is the case even if the patient cannot be identified from the photograph.

The Data Protection Act stipulates that you must have appropriate security in place to prevent any personal data you hold being compromised. Others may have access to your personal device and mobile devices themselves can easily be lost or stolen.

Even if you are registered as a Data Controller, which is a requirement if you are controlling personal data, this data may not be considered secure on a mobile device. Using a personal mobile phone or computer to hold patient data could be a breach of the Data Protection Act, which in turn could result in a large fine or disciplinary action by either the GDC or your employer.

DDU corporate banner ad

Cameras and consent

Ideally each practice should have a dedicated clinical camera or device, which could be used both in the practice and when on domiciliary visits. It would need to be kept secure at all times, such as in a locked room or cabinet. When used to take an image of a patient, this should quickly be downloaded onto the clinical record system and then deleted from the device.

Patients' consent should also always be sought, even if the photographs are only to make up part of the clinical record. If a photograph of a patient is to be used for any other purpose, the patient would need to be told:

  • what part of the photograph will be used
  • where it will be used
  • for what purpose
  • who will see it
  • that they can withdraw their consent to its use at any time.

In these circumstances, and after the necessary discussion, the patient should be asked to sign a written consent form which details all the information above. This should then be kept or scanned into the clinical records.


As mobile devices become an increasing part of our daily lives, it is understandable that many practitioners think there is a place for them in the dental surgery. But because of the legal considerations associated with the protection of personal data, and the potential consequences associated with their use in this setting, it would be wise to avoid involving personal devices at all.

This page was correct at publication on 15/07/2017. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.