Patient Privacy Protection Newsletter In The Provision Of Telemedicine Services

• Law Firm: Reinhold Cohn Group
• Subject Matter: Food, Drugs, Healthcare, Life Sciences, Privacy, Privacy Protection, Biotechnology & Nanotechnology
• Author: Ms Orit Gonen and Alexandra Cohen
• Published date: 09 January 2023

On August 2, 2022, the Privacy Protection Authority published a document detailing the challenges of privacy protection involved in the use of telemedicine services.¹ The document presents recommendations regarding how these services should be used in order to reduce the harm of patients' privacy.

It should be noted that medical data is defined in the Protection of Privacy Law, 5741-1981 (hereinafter: "the Law") as sensitive data, and has even been determined to be at the core of privacy,² and therefore it is of utmost importance to prevent its leakage and exposure to unauthorized parties. Against this background, and particularly in light of the growing phenomenon of the provision and receipt of medical services remotely, the document published by the Privacy Protection Authority, whose purpose is to shine a spotlight on the phenomenon and the privacy challenges involved, is intended to serve as a kind of reference manual for health organizations, external suppliers, and therapists when it comes to the proper management of medical data (including collection, documentation, storage and processing).

The document is divided into four chapters: (1) mapping the types of remote medical services currently provided in Israel; (2) a review of risks to patients' privacy when using telemedicine services; (3) a summary of legal provisions and relevant guidelines; (4) presentations of clarifications and recommendations. In this newsletter, we will briefly review the above chapters, and present the main points raised in their framework.

The first chapter of the document classifies the medical services provided remotely into five categories: ³ (a) services that allow the patient to view medical data on himself or herself, and perform actions remotely (such as an HMO application); (b) remote care services through a virtual patient-therapist meeting (synchronous); (c) self-examination services using online medical examination devices intended for home use for the purpose of consultation, diagnosis or treatment at a later time (asynchronous); (d) services of continuous medical monitoring using wearable or implantable devices; (e) services of preliminary diagnosis using Artificial Intelligence.

It is important to clarify that when receiving the services listed above, the medical data may also reach (in addition to the therapist directly treating the patient) external providers that provide and/or operate the online medical platforms and devices used in the service. In such...