Almost everyone who owns a smartphone communicates via messenger services such as WhatsApp, Facebook Messenger or Instagram Messenger. It therefore makes sense to use these services for business purposes in order to communicate with customers or service providers. But what is the situation in the medical field? As a doctor or dentist, am I allowed to use these services to communicate with patients as part of my professional activities? Or even use these channels to simplify contact with my patients? Practice homepage integrate?
We were recently asked these questions by a dermatologist for whom we are developing a new website. We passed these questions on to our data protection officer in order to get a well-founded answer.
Unfortunately not a good idea
Patient communication via WhatsApp or Facebook Messenger violates the principles of data processing security pursuant to Art. 32 and 5 para. 1 GDPR
Katja Engel, lawyer and data protection officer, BGfD Bayreuther Gesellschaft für Datenschutz:
In data-sensitive areas such as healthcare, there can be no compromises. In the context of a treatment relationship, the requirements for data protection-compliant communication are higher than in normal cases due to the particularly sensitive nature of health data.
Although WhatsApp guarantees end-to-end encryption, the communication data is not encrypted in cloud backups. This means that who has communicated, when, with whom and how often is no secret. This means that the treating doctor cannot control how and to what extent patient data is processed by WhatsApp or Meta. The transmission of metadata alone reveals the treatment relationship and can therefore already constitute a breach of medical confidentiality.
Patients are also unable to consent to the use of WhatsApp. The law requires "informed" consent, which cannot be given due to WhatsApp's non-transparent data protection information. (Written) consent is just as ineffective as a release from the duty of confidentiality for communication via WhatsApp.
By responding to such messages or even proactively offering this communication channel, a doctor, as a person subject to professional secrecy, not only violates the principles of data processing security in accordance with Art. 32 and 5 para. 1 GDPR, but may also be liable to prosecution for violating private secrets.
Facebook and Instagram: Contact from patients cannot be prevented. What can you do?
Every medical and dental practice that has an Instagram channel or Facebook page enables patients to make contact using the integrated messenger services - and this cannot be prevented.
However, since these social media are virtually standard equipment in today's Practice marketing and are used thousands of times by doctors and dentists, this shows once again how far the practice is from legal conformity.
If you (understandably) do not want to do without Facebook, Instagram or WhatsApp despite this situation, we recommend that you at least bear the following things in mind:
- Use the function of the automated response (more here: → WhatsApp, → Facebook) and point out here that medical counselling cannot and must not take place via Messenger. In the automated response, also refer to other channels for making contact (e.g. telephone, email, online appointment booking)
- It is also advisable to point out elsewhere (e.g. in profile descriptions) that medical counselling or a general exchange cannot take place via messenger services.
How you should react if your patient announces that they will contact you via WhatsApp.
Picture: www.giphy.com
Possibly also interesting
Gesundheitsstadt-Berlin.de
→ Doctors are not allowed to give patients information via WhatsApp (23.01.2022)
Medical-Tribune.com
→ A no-go for doctors: WhatsApp is prohibited in practices and hospitals (28.08.2019)
Privacy-Bayreuth.de
→ BGfD Bayreuther Gesellschaft für Datenschutz mbH
Photo: © diego_cervo / elements.envato.com
