The Australian Medical Association Limited and state AMA entities comply with the Privacy Act 1988. Please refer to the AMA Privacy Policy to understand our commitment to you and information on how we store and protect your data.




Storage and security of clinical images

Retention of clinical images

Health information has to be retained for set periods of time prescribed by legislation. This requirement extends to the retention of clinical images.

Hospitals and their staff have a duty to take reasonable steps to protect the personal information they hold, including clinical images, from misuse, loss, unauthorised access or interference, modification, and disclosure.

Storage in the health record

Clinical images taken by doctors on their personal mobile device in the course of providing clinical care are part of, and should be stored securely in, patient’s health record. This means that clinical images are treated in exactly the same way as other clinical records in terms of security and decisions about disclosure. They may be accessed for use in legal proceedings or patient complaints.

If the purpose for obtaining the clinical image is to provide clinical care, the patient’s details should be linked to the image to ensure proper identification. It is essential to record who took the image, when it was taken, and the mode of capture.


Clinical images included in the health record are generally the property and responsibility of the health service/hospital, even if they have been taken on a personal mobile device.

Transferring the clinical image from a personal mobile device to the health record – reasonable steps

Some organisations have systems in place that provide a secure platform to enable doctors to transfer an image from their personal mobile device to a patient’s
health record safely, securely, and effectively. Find out if your hospital has a process that allows you to transfer an image from your mobile device and store it electronically.

If it doesn’t, you will need to produce a hard copy/copies of the image to store in the patient record.

Securing your mobile device – reasonable steps

While the clinical images reside on your personal mobile device, you must take reasonable steps to have controls on the device to prevent unauthorised access. Make sure any clinical images do not auto-upload to any social media networks or back-up sites that might be publically available.

Your mobile device should have password protection, and you should be able to erase images remotely if your device is stolen. Leaving clinical images on a mobile device increases the risk of unauthorised access if the device is lost or stolen, and increases the risk of the image being sent by mistake to an unauthorised third party.

Deleting clinical images from your mobile device

Once images taken for the purpose of providing clinical care are securely stored in the patient’s health record, they should be immediately deleted from the mobile

Key Points to Remember

  • Find out what your health service/hospital policy is for storing clinical images, and what systems your hospital has in place to facilitate the
  • storage of digital images.
  • Make sure clinical images do not auto upload to any social media networks or back-up sites.
  • Delete any clinical image after saving it onto the health record.
  • Have controls on your mobile device to prevent unauthorised access.