Back

Can the doctor communicate health data via chat (in the EU)?

25/09/2019
Maria Livia Rizzo

The use of health messaging apps helps to enhance communication between doctors and patients: patient satisfaction is increased by the immediacy of the tool. This considerably increases the involvement of patients in the treatment process, also allowing them to obtain a quicker response to their questions.

In addition, the practicality of managing medical consultations via smartphone, increases the therapeutic adherence of the person assisted. Moreover, the convenience provided by applications that allow text messages, images and audio files to be exchanged in real time is leading an increasing number of healthcare professionals to use these tools to schedule appointments with the patient and to exchange medical documentation.

International medical literature has spoken out on the subject through the publication of scientific articles and the issuing of guidelines on the use not only of messaging apps but also of social media in general. They point out that the same legal and ethical obligations for doctors apply online as well as offline, especially in view of the possible consequences in terms of professional liability, especially in disciplinary terms.

With regard to the use of chat tools by healthcare professionals to communicate with patients or with their colleagues in order to obtain their clinical opinion, there are specific implications in terms of both information security and patient privacy.

In these cases, in fact, special categories of personal data relating to health are processed, which are, for example, contained in medical records, such as first aid reports, medical reports or discharge forms, that can be transmitted through pictures or by reproducing their content in text messages.

The fact that the medical sector is one of those most exposed to cyber attacks should subject the use of any type of ICT tool in healthcare to an assessment of the vulnerabilities that can expose patient data to breaches.

In this regard, it should be remembered that messaging software, like any tool used to carry out data processing operations, in compliance with Article 25 of European Regulation 679/2016, must also:

  • be designed in such a way as to comply with the rules on the protection of personal data according to the principle of privacy by design;
  • be set up in such a way as to process by default only the personal data necessary for each specific purpose of processing.

Particular attention should be paid to messaging applications, such as WhatsApp, whose servers are located outside the European Union.

Communicating patient data via chat involves storing the data on the servers of the messaging app in question: where the servers are located in a third country, this transfer of data can only be carried out in compliance with the provisions of Chapter V of the GDPR.

Data Protection New Technologies
Share