Why "General Photo Consent" Often Isn't Enough
Most new-patient packets include a line about photographs for treatment or marketing purposes. That language predates AI simulation and usually doesn't address the specific things that make AI different: the photo is processed by a third-party tool, a synthetic image is generated from it, and the result may be shown to the patient, shared with them, or used elsewhere. Broad "we may take photos" consent doesn't clearly cover any of that.
What Specific Consent Should Cover
- 1That the photo will be processed by a third-party AI simulation tool, named specifically
- 2That the output is an AI-generated simulation of a possible outcome, not a guarantee or a clinical prosthetic design
- 3How long the photo and the generated simulation are retained, and when they're deleted
- 4Whether the simulation may be used for any purpose beyond the patient's own consultation (marketing, case studies, training) — and that this requires separate, explicit consent
- 5That the patient can decline the simulation without it affecting their care
Sample Consent Language
Adjust the bracketed details to your actual vendor and retention policy — a form that states a retention period your vendor doesn't actually honor is worse than no form at all.
Separate Consent for Marketing Use
If you want to use a patient's before/after simulation on your website, social media, or in a case study, treatment consent doesn't cover that automatically. Use a distinct marketing-release form, specific to that use, with its own signature line — bundling it into the general intake consent invites exactly the kind of dispute a separate signature avoids.
Where This Fits With Your BAA
Patient consent and your vendor's BAA cover different things: the BAA governs the relationship between your practice and the vendor handling PHI; patient consent governs what the patient has agreed to. You need both — a signed BAA doesn't substitute for patient consent, and patient consent doesn't substitute for a BAA.