Clinical Image Consent

Patient consent for clinical photography is a foundational requirement in medical imaging workflows. Dermi Atlas includes a built-in consent management system that allows practices to document, verify, and track patient authorization for clinical image capture. The system supports multiple consent methods, configurable enforcement levels, and a full audit trail for compliance purposes.

This article covers how consent is configured, how it is obtained and recorded, how it appears across the application, and how it can be revoked when necessary.

Consent Enforcement Levels

The consent system operates according to the enforcement level configured in the application preferences. Three levels are available:

Disabled

Consent checks are bypassed entirely. No consent prompts are displayed, and image uploads are unrestricted. This is the default setting.

Advisory

Consent reminders are displayed during clinical image capture, but image uploads are not blocked. A blue informational banner appears on the patient details page, entry page, and image pool page when consent has not yet been obtained. The banner reads "Patient Photography Consent Advisory" and encourages documenting consent as a best practice. This mode is suitable for practices that want to promote consent documentation without enforcing it as a strict requirement.

Required

Documented patient authorization is enforced before image capture is permitted. When this level is active and consent has not been obtained for a patient, a warning banner reading "Patient Photography Authorization Required" is displayed. Image uploads to the Image Pool are blocked until consent is recorded. Attempting to upload while restricted triggers a notification indicating that the consent form must be completed first. The Image Pool displays an amber-colored warning state with a placeholder message prompting authorization.

Configuring the Enforcement Level

The consent enforcement level is configured from the Preferences page in Dermi Atlas.

Open the Preferences page from the sidebar.
Locate the Patient Consent for Clinical Photography section.
Select the desired enforcement level: Disabled, Advisory, or Required.
Save the changes.

Each option includes a brief description:

Disabled: Bypasses consent checks
Advisory: Displays consent reminders during capture
Required: Enforces documented patient authorization before permitting image capture

The selected enforcement level applies across all patient records and all pages where consent is relevant, including the patient details page, clinical entry page, and image pool page.

Preferences page showing the Patient Consent for Clinical Photography configuration card with the three enforcement options and their descriptions — The Patient Consent for Clinical Photography setting on the Preferences page allows selection between Disabled, Advisory, and Required enforcement levels.

Obtaining Consent

When consent enforcement is set to Advisory or Required, a consent prompt is displayed on patient-facing pages where consent has not yet been documented. The prompt includes an action button to begin the authorization process.

Clicking the action button opens the consent form in a side drawer. If the patient record has unsaved changes, the consent form cannot be opened until those changes are saved first; a notification is displayed explaining this restriction.

The consent form supports two methods of documentation: Digital Consent and External Verification.

Digital Consent

Digital Consent is used when consent is obtained directly through the application. The form includes:

An expandable consent description section titled "Consent for Clinical Photography and Medical Imaging," which outlines the purpose of image collection, how images may be used, privacy and security measures, and patient rights (including the right to withdraw consent at any time).
A confirmation checkbox: "I confirm I have read, understood, and agree to the terms outlined above."
A Digital Signature text field where the patient's full name is entered as the signature.

Both the confirmation checkbox and the signature field must be completed before the form can be submitted.

Consent form drawer showing the Digital Consent tab selected with the expandable consent description, confirmation checkbox checked, and digital signature text field filled in — The Digital Consent form includes an expandable consent description, a confirmation checkbox, and a digital signature field. All fields must be completed before submission.

External Verification

External Verification is used when consent has been obtained outside the application (for example, through a paper form or verbal agreement during a consultation). The form includes:

An expandable description section titled "Verification of External Consent for Clinical Photography," which outlines what the provider is attesting to by recording this verification.
A method selector with three options:
- Verbal: Consent was obtained through verbal communication
- Written: Consent was obtained through a physical written document
- Other: Consent was obtained through another method
An optional Additional Notes text field for recording details about how consent was obtained.

A method must be selected before the form can be submitted. The notes field is optional.

Consent form drawer showing the External Verification tab selected with the three method options (Verbal, Written, Other) and the optional notes text field — The External Verification form allows selection of the consent method used outside the application, with an optional notes field for additional context.

Provider Verification

Regardless of the consent method chosen, the consent form displays the current provider's ID at the bottom of the form. This associates the consent record with the provider who documented it, supporting accountability and audit trail requirements.

Submitting Consent

After completing the required fields, the consent is submitted using either the "Submit Digital Consent" or "Submit External Verification" button, depending on the selected method. A loading indicator is displayed during submission. Upon successful submission, a confirmation notification appears and the consent status is updated immediately across all relevant pages.

Viewing Consent Status

Once consent has been obtained, a consent information card replaces the consent prompt. The card displays a green "Consent Obtained" label with the date and time the consent was recorded.

Patient Details Page

On the patient details page, the consent card displays in its full variant, showing:

The consent status with a green check icon
The date and time of consent
A relative timestamp (for example, "3 days ago")
The consent method (Digital Signature, Verbal Consent, Written Consent, or Other Method) with a corresponding icon
For digital consent: the recorded digital signature
For external verification: the selected method and any additional notes
The provider ID of the user who recorded the consent
A "Revoke Consent" button

Consent information card on the patient details page in its full variant showing the green Consent Obtained status, timestamp, consent method details, provider ID, and the Revoke Consent button — The consent information card on the patient details page displays the full consent record, including method, timestamp, provider verification, and a revoke option.

Entry and Image Pool Pages

On the clinical entry page and image pool page, the consent card is displayed in a minimal variant that shows the consent status and timestamp without the full method details or the revoke option. This provides a quick confirmation that consent has been obtained without occupying excessive screen space.

Consent information card in its minimal variant as displayed on the clinical entry page or image pool page showing the green status and timestamp — The minimal consent card on entry and image pool pages confirms that consent has been obtained without displaying full details.

Consent in PDF Reports

When a patient record is exported as a PDF report, the Clinical Image Consent section is included in the patient details portion of the report. The exported consent information includes:

An authorization status badge (Authorized or Not Authorized)
The date and time consent was recorded
The consent method (Digital Signature or External Consent)
For digital consent: the recorded signature
For external verification: the method type and any notes

The consent section only appears in the report if consent has been documented for the patient.

Clinical Image Consent section as it appears in an exported PDF report showing the authorization badge, method details, and timestamp — The Clinical Image Consent section in exported PDF reports includes the authorization status, consent method, and timestamp.

Revoking Consent

Consent can be revoked from the patient details page by clicking the "Revoke Consent" button on the consent information card.

Patient details page showing the consent information card with the Revoke Consent button highlighted — The Revoke Consent button is located on the consent information card on the patient details page. Clicking it opens a confirmation drawer.

Revocation opens a confirmation drawer that explains the consequences of the action:

The existing consent record will be removed
If the consent enforcement level is set to Required, new clinical images will not be able to be captured until consent is obtained again
The previously recorded consent will remain in the activity logs until deleted manually
New consent can be obtained from the patient at any time

To confirm the revocation, the phrase REVOKE CAPTURE CONSENT must be typed into the confirmation field. This safeguard prevents accidental revocation.

Upon successful revocation, the consent record is removed from the patient profile and the consent prompt is displayed again (if enforcement is not set to Disabled). A confirmation notification is shown.

Revoke consent confirmation drawer showing the explanation text, the confirmation phrase input field, and the Revoke button — Revoking consent requires typing the confirmation phrase REVOKE CAPTURE CONSENT to prevent accidental removal of the consent record.

Audit Logging

All consent operations are recorded in the patient activity logs. Both consent creation and consent revocation events are logged with:

The identity of the user who performed the action
The patient associated with the consent
A timestamp of when the action occurred
The full details of the consent record at the time of the action

These logs provide a compliance audit trail. Consent revocation logs are preserved even after the consent record itself is removed from the patient profile, ensuring that a history of consent changes is maintained.

Impact on Image Uploads

When the enforcement level is set to Required, the consent status directly controls whether images can be uploaded to the patient's Image Pool. The restriction applies to both drag-and-drop uploads and file picker uploads. The Image Pool border changes to an amber warning color and a placeholder message reading "Patient Photography Authorization Required" is displayed in place of the upload area.

Once consent is obtained, the restriction is lifted immediately and normal upload functionality is restored. If consent is later revoked while the enforcement level remains set to Required, the restriction is reapplied.

For more details on the image upload workflow, see Uploading and Organizing Images.

Related Features

Uploading and Organizing Images for the complete image management workflow, including how consent restrictions affect uploads
Configuring Data Retention for Deleted Records for how consent-related activity logs are retained alongside other patient data

What This Means for Clinical Workflows

The clinical image consent system in Atlas is designed to integrate consent documentation into the existing patient management workflow without adding unnecessary steps. When configured in Advisory mode, it provides gentle reminders that encourage best practices. When configured in Required mode, it ensures that no clinical images are captured without documented authorization, supporting compliance with medical privacy regulations such as HIPAA and PIPEDA.

The ability to record both digital and externally obtained consent accommodates different clinical environments, whether consent is captured on a tablet during the appointment or verified from a paper form signed in advance. Provider verification, timestamped records, and audit logging ensure that every consent action is traceable.

Every feature described here is available in Dermi Atlas Professional, the self-hosted deployment designed for clinical use. The Dermi Atlas Cloud Demo provides access to core workflows for evaluation, though some capabilities may be restricted.

Was this article helpful?

Your feedback helps us improve our documentation

Clinical Image Consent

Consent Enforcement Levels

Disabled

Advisory

Required

Configuring the Enforcement Level

Obtaining Consent

Digital Consent

External Verification

Provider Verification

Submitting Consent

Viewing Consent Status

Patient Details Page

Entry and Image Pool Pages

Consent in PDF Reports

Revoking Consent

Audit Logging

Impact on Image Uploads

Related Features

What This Means for Clinical Workflows

Was this article helpful?

Still have questions?

Clinical Image Consent

Consent Enforcement Levels

Disabled

Advisory

Required

Configuring the Enforcement Level

Obtaining Consent

Digital Consent

External Verification

Provider Verification

Submitting Consent

Viewing Consent Status

Patient Details Page

Entry and Image Pool Pages

Consent in PDF Reports

Revoking Consent

Audit Logging

Impact on Image Uploads

Related Features

What This Means for Clinical Workflows

Was this article helpful?

Still have questions?