Bezpieczeństwo danych

Photo from the patient on Whatsapp - or how to store the patient's medical data in accordance with the law

2024-11-25

DoctorOne

together with

Olga Dąbrowska

Doctor, John got a rash like that last night. What could it be?
Doctor, I have such a red eye and a broken capillary in the middle. I am sending a picture for preview. What can I do?

Patient photos are a quick and effective way to communicate important information about the patient's health status to the doctor in remote contact, which is complementary to in-patient visits.

This form of contact is used by 80% of doctors in Poland, and the most preferred channel immediately after SMS are commercial instant messengers, e.g. Whatsapp or Messenger1.

In this article, you will learn how to handle medical data sent to the phone from a patient.

I get pictures from patients on the phone. How to deal with them?

A photograph of a patient or a photograph of the test results is health data, i.e. a specific type of personal data to which an increased level of protection should be applied. A doctor who receives a file from a patient on his phone - on the basis of which he makes a diagnosis or provides other services - is obliged to keep it in the medical records (in accordance with the requirements of the Act of 6 November 2008 on the rights of the patient and the Ombudsman and the Act of 28 April 2011 on the health information system). How to do it step by step?

1.Avoid saving photos and files from patients directly on your private phone.

The received photo from the patient should go to his medical records (e.g. patient card in the office management system) or to a dedicated medical messenger. Saving patient photos in a commercial channel (e.g. Whatsapp, Messenger), may violate the obligation to properly store medical records or health data. After saving the photo in the patient's medical record or medical messenger, delete it from the commercial messenger/email.

2.Control access to patient photos and files.

Avoid using tools (email, Whatsapp, Messenger) that are easy for unauthorized people to access. Restrict access to the gallery on your phone to external applications (i.e. Facebook, Whatsapp, Messenger, Google).

3.Use a secure channel to receive and save photos from the patient.

Choose a secure channel for exchanging messages and files with patients, such as a medical messenger, where you can be in contact with the patient as on the channels you know (Whatsapp, Messenger, email), but at the same time make sure that all conversations and files are securely stored.

4.Educate your patients.

Talk to patients about the safety of their data and redirect conversations about their health to a secure channel.

Why is Whatsapp/Messenger or private email not a safe place where I can receive a photo from a patient?

  1. Whatsapp, Messenger or private email only use so-called transport encryption, i.e. messages are encrypted on the way between individual stations (e.g. between the sender of the message and the server). In contrast, on the messenger server, messages are available again in the form of unencrypted text and images. Photos of patients saved on WhatsApp/Messenger/Mail or on the doctor's phone remain vulnerable to external threats.
  2. WhatsApp/Messenger/Private Mail servers do not meet medical record keeping requirements.
  3. Users are not verified and if the doctor's phone number/email is changed or mistaken, patient data may end up in the wrong hands.

How does Doctor.One medical messenger keep my patients' medical data safe?

Doctor.One medical messenger is designed for the secure exchange of messages and files between doctor and patient and between doctor and doctor. How does the app keep your health data safe?

  1. In accordance with the GDPR, all necessary information obligations are fulfilled for patients who join Doctor.One and the necessary consents for data processing are obtained through the application.
  2. Photos and files of patients are encrypted and stored securely in the application, therefore the doctor complies with the obligation of adequate data protection, required by the regulations of the GDPR.
  3. With biometric login or by PIN, only the doctor has access to the application.
  4. Every doctor and patient is vetted to ensure that no information, messages or files fall into unwanted hands and are accessible only to the physician who is in charge of his or her patient.

The article was prepared in cooperation with Olga Dąbrowska, a lawyer specializing in personal data protection law, medical law and IT law.

Źródła

  1. Ogólnopolskie badanie “Pacjent w telefonie - niewidzialny etat lekarzy”

Article prepared in collaboration with:

Prawniczka

Olga Dąbrowska

LinkedIn

Also read

Interdisciplinary teams in chronic diseases: the key to better care and quality of life for patients

Lekarze
25.11.2024

Another text message from the patient after hours? How to Set Healthy Boundaries Without Losing Empathy and Care Effectiveness

Współpraca lekarz-pacjent
25.11.2024

Top 5 medical communicators in the world

Technologia
25.11.2024
Take the first step today

Take back control
on contact with patients.

Create an account and transfer patients to Doctor.One in 3 minutes!
try
Doctor.One Logo

Empowering physicians with a medical messenger tailored to their needs

A secure medical messaging platform where each patient is connected with their trusted doctor, and every healthcare professional has the capacity to focus on their patients' health.
“Download on the App Store” button“Get it on Google Play” button

Contact us

Doctor One Sp. z o.o.
The Warsaw Hub
Roundabout Daszyńskiego 2B
00-843 Warsaw
+48 797 088 854
contact@doctor.one

Learn more

About the application
About Doctor.One
For patients
Dla lekarzy
Dla pacjentów

Help

Terms and Coditions for doctors
Terms and Conditions for Patients
Privacy Policy
Data deletion

Stay up to date

Logotipo FacebookLogotipo InstagramLogotipo LinkedIn
Doctor.One Polska is a medical entity registered in the national register with the number 000000254837.