Digital technology can make life easier for the dental professional provided basic steps are taken to allow for data protection requirements. The image captured in the process of taking the shade of a patient’s tooth is personal data and forms part of their dental record, so before sharing this data with a dental laboratory there must be a registered data controller at the laboratory as well as within the practice.

The image of the teeth alone will not be easily identifiable; so provided you have sought the patients’ agreement to sharing their data with a dental laboratory in this way, you can go ahead.

Before sharing the image with the laboratory, it should be uploaded to the patient’s record on the practice computer system prior to deleting the file from your phone. The picture can then be securely emailed from the practice computer with any other details required by the laboratory. The security of the patient data on your practice computer is already subject to the precautions required by the Data Protection Act 1998 (DPA). The same legislation applies to the dental technician’s laboratory.

If you happen to share data with your other devices using the Cloud you will need to turn off this storage system before taking the patient’s picture or eliminate the file from those linked locations.

Key points

• Offer the patient this method of shade taking, outlining the process and note the conversation and their consent in the dental records
• Turn off any online storage system associated with the mobile phone
• Save the image to the patient’s record on the practice computer
• Check to see that the laboratory you are using is compliant with the Data Protection Act. ( Advice from Information Commissioner (ICO) below)
• Email the image to the laboratory in an identifiable anonymised form from the practice computer
• Delete all original images from your smartphone and any associated shared locations
• Record your final protocol in a written practice policy.

The following is taken from the ICO summary following review of dental practice and dated September 2015:

• Choose a data processor providing sufficient guarantees regarding information security
• Take reasonable steps to ensure compliance with those measures; and 
• Have a contract in place, in writing, specifying that:
• The data processor is to act only on instructions from the data controller; and
• The data processor must comply with information security measures comparable to those in the DPA.

From a risk management perspective, you should look for ease of printing all relevant patient record information, ideally with a single click. Many current computer systems do not easily print out the whole record. It is also important to be able to print out historical information, such as earlier dental charts and periodontal records.

Many systems currently only print out the most recent chart. As well as the accurate chronological reproducibility of the complete patient record you might also want to consider the ability to print out individual patient treatment plan summaries and pricing that can be offered to the patient to sign at the time of the initial examination.

In addition the system needs to back up to a remote site to ensure data can be restored following an unexpected system failure or service interruption.