Secure sharing of patient information

Secure sharing of patient information

We live in an era of ubiquitous computing using mobile devices, where we can get instant updates on social events from our family and friends on Facebook, instantly share  photographs that capture important moments in our lives on Instagram and even do our day-to-day banking whenever and wherever we have a free moment.

Yet in healthcare, we have struggled to advance past handwritten notes, desktop-based medical record applications and faxed messages.

Healthcare professionals are now at a crossroads.

We know what can be achieved using the latest in mobile and secure communications, yet struggle to adapt our professional lives given the security and privacy requirements when sharing patient information.

As a result, our patients may be impacted by missed opportunities for their care team to communicate through digital channels, or have the security of their personal health information potentially threatened by well-meaning health care providers who use insecure means such as email and text messages.

I’m going to share a few examples of what I’ve been exploring in my own practice, and compare/contrast what’s happening vs how we could do things differently with concrete, real-world examples.

Inter-provider messaging/communication

Status quo

In Fraser Health, when a member of the health care team needs to contact a physician, we generally send a page, or perhaps call a cellphone.

While a reliable means of communication, there is no mechanism to identify the priority of a message and it can interfere with existing workflow and patient care.  Most physicians can remember examples of  being paged to get a laxative order for a patient with mild constipation while in the middle of managing a critically ill patient.  While the incoming message may be important, it may not be urgent enough to interrupt the current activity.

There’s likely a reason while the millennial generation has larger abandoned voice and moved to text.  It’s far more efficient, adapts to a fast paced lifestyle and allows one to prioritize easily.  Seems to be an excellent match for healthcare.

Reports from US institutions suggest that HCPs are frequently using insecure technologies to send digital messages.  There is every reason to believe this is also happening in Canada.


In the Fraser Health renal program, we been trialling a secure messaging platform provided by Medinet (the same folks who get lab results securely/digitally into physicians medical records).


How does it work?

It’s basically like email, but more secure.

For those who are unaware, we can’t send email that contains personal health information, as email gets transmitted around the world through the open internet.  If you wouldn’t write something on the back of a postcard, it shouldn’t go in email.  So email is not safe for the personal health information of our patients as it’s too easy for someone to intercept and isn’t compliant with privacy legislation.

Secure messaging ensure that the content of a message cannot be accessed by anyone but the intended recipient while in transit or stored on a server.

If anyone did see the content of a message, it would look something like this (as it has been encrypted):


Our partners in IT and privacy spent more than 1 year vetting the Medinet secure messaging solution and we’ve now been piloting it in our Royal City Kidney Care Centre.

By using this technology, the Kidney Care team can easily communicate with the physician as needed to address important but non-urgent issues, despite challenges of distance and competing priorities (such as on call emergencies).

With the pilot successful thus far, I’m really looking forward to this technology rolling out to more members of our renal program.

Physician submissions to Medical Services Plan (MSP)

Status quo

Physician are frequently paid via a fee for service model rather than being salaried or employed by the health authority.  This requires that the physician record the following information for patient encounters: patient name, personal health number, date of birth, date/time of contact, service provided and diagnosis.  This information must then be submitted electronically to the Medical Services Plan (MSP) and physicians often using billing agents to achieve this.  How the patient health information gets from the bedside to MSP is essentially up to each individual physician, but given the sensitive nature of the information, it should be protected in keeping with privacy requirements.

The challenge is that there are no existing secure methods to extract, record and transmit this information from the hospital to a physician’s office or billing agent, and existing physician practices are not well described.

Anectodally, it would seem that many are recording this information on paper and physically transporting it, with the risk of documents being lost or misplaced along the way.  One might also speculate that some may use insecure digital solutions such as email, excel, or dropbox to transmit this information.  Again, these solutions wouldn’t meet the security and privacy requirements needed when storing and transmitting personal health information (PHI).


Ideally, I’d like a solution that allows physicians to capture the information required for billing using a digital device that cannot be accessed by others, and then securely transmits this information to their billing agent.

As it turns out, I’ve discovered a solution which offers this exact service. offers a mobile app for iPhone that allows physicians to easily capture required demographic data on patients they see in hospital or clinic.  The information is protected behind a secondary login (known only to the physician) as well as layers of digital security, both on the device and in the servers where the information is housed.


While the information is moved from the iPhone to Dr Bill’s server, it is encrypted.  This means that even if someone could intercept the data being shared, it is impossible to understand what it says.  This is the same technology that allows one to safely move ones banking information between the bank’s computers and ones laptop or smartphone.

Dr-Bill is already an approved billing service by MSP, and has been required to meet their privacy and security requirements.

This solution has recently been submitted to Fraser Health for evaluation and I look forward to the review, and (hopefully) approval of this solution.

Getting second opinions on visual diagnoses

Status quo

Health care providers frequently find themselves needing second opinions when making a diagnosis.  While some requests for assistance can easily be described in words (eg. How do you generally treat relapsing ANCA vasculitis?), in some cases, there is a distinct advantage to sharing an image. For example, when one is looking at an unusual rash or a difficult to interpret ECG, sharing an image can literally be worth a thousand words.

In the past, HCPs may have often been tempted to grab a photograph using their smartphone and share it insecurely with colleagues using email, SMS or other systems.


A recently launched app called Figure1 allows one to capture images in a secure manner and share them with like-minded colleagues to get more clinical input.  The app takes into account patient permission (with a built-in tool to document patient consent) and the need to make the image private (by deleting any identifying characteristics on a lab report or obscuring any unique identifiers such as a patient tattoo).


The app also takes advantage of the crowd-sourcing concept.  Rather than just asking an opinion from a single individual you might know, Figure1 offers the advantage of getting insights and input from thousands of colleagues from all over the world.  While the advice should not be used for medical diagnosis directly, it can certainly give more suggestions and ideas than simply flipping through a medical textbook or searching through PubMed.


With the advent of increasingly seamless and convenient digital communication tools, and a growing number of healthcare providers who have adopted these tools as part of their lifestyle, we shouldn’t be surprised to learn that patient information may increasingly be exchanged through inadequately secure mechanisms.

I’m hoping that healthcare organizations will get ahead of this trend and assess, then implement, secure digital services to protect patient privacy while simultaneously enhancing patient care.