Series: Digital Technologies in Health - The Opportunities and Pitfalls

Part 1: Do you use your mobile phone to share clinical information?

What are the options? What are risks?

TEGO: As part of our ongoing discussions with our members, we have found that there are a number of uncertainties and misconceptions around the use of digital technology for clinical work. We have started to work with industry stakeholders to raise awareness and provide education how to safely navigate this important aspect of today’s clinical practice. Our guest, Dr Katja Beitat, discusses the options of sharing medical information and how to be aware and mitigate associated medico-legal risks.

Over 98.9% of doctors own a smart phone (Mobasheri et al., 2015) and most use their private mobile phones to share sensitive clinical information (Kantar Media, 2015). Although it is common practice (Burke, 2013), there are privacy and medico-legal risks to be aware of to avoid getting into trouble (Visvanathan et al., 2011).

Let’s first understand why it is so common.

Smart phones have conquered every aspect of life. Quite understandably, the small gadget in our hand is a multi-tasking dream. We are able to call, receive emails, share photos, read books, listen to music, order food, tickets or our next holiday. For most of us, our phone is always by our side, available to help get organized wherever we are. So, it is no wonder, doctors use it to get a quick medical opinion or update on a patient to be able to move on in their busy days (Schiff & Bates, 2010).

But here is the issue, for medical information, different rules apply. In fact, medical or health information is considered ‘sensitive information’ under the Australian Privacy legislation and as such attracts the highest level of protection under Privacy Laws. In the absence of smart and efficient alternatives to share clinical information with the members of the care team, in particular the lack of simple alternatives to send medical images (Burke, 2013), doctors often chose to ignore the risks.

Let’s look the common ways to share clinical information; the risks associated with it and some strategies to mitigate them.

Mail: Referral letters, discharge letters, many clinical exchanges still are paper-based. The advantage is that it can be directed to the person using their work address, so official communication stays official. The disadvantages are that it is slow, costly and requires physical storage or time intensive scanning of paper-based letters into digital systems. Another challenge is to track who has received and seen a paper-based record. The age of the paper-based letters is slowly ending, with more and more systems using digital ways to capture and share information.

Risk Mitigation: Ensure your address database is up to date to avoid sending letters to wrong recipients or having delays with returned-to-sender mails. Conversely, if you are moving locations, make sure a mail forwarding system is in place, so you do not miss any information. For urgent or critical information, add a timely phone call to ensure the information has been received or make the letter a written record of a phone or verbal conversation.

Fax: The fax is still very commonly used by doctors, particularly as it overcomes some of the disadvantages of the paper-based letter as it is less costly and faster. However, it does ordinarily not link directly into electronic patient records (unless it is a digital fax, which is an alternative to consider by practitioners), and tracking who has received and seen the information can be challenge. This is particularly relevant when information sent by fax had not been acted upon, the question who is accountable in such circumstances might be difficult to answer.

Risk Mitigation: Always check the fax delivery receipt confirmed a successful transmission and ideally file the transmission receipt with the original letter or record. For urgent or critical information, follow on with a phone call to ensure the fax has been received and is forwarded to the right person.

Phone or In-Person: Often considered the easiest way to communicate critical or urgent findings many doctors appreciate a phone call. It is a fast and convenient way, and the doctor can make sure that the message has been received by the right person and understood, and any questions can be clarified on the spot. Often however, verbal information exchanges are not annotated in the medical record, which makes important information inaccessible to the whole care team. We also know that doctors take calls when they are with patients, which is disruptive in the best circumstances, but might breach a patient’s confidentiality in the worst case when sensitive medical information is overheard by another patient.

Risk Mitigation: Be aware of your surroundings and have conversations about patients in a private area. Ensure medical records are annotated with relevant information in a timely manner. Best to check yourself at the end of the day that the records accurately reflects any verbal discussions.

Email: Although widely used by doctors, email is ordinarily not considered a secure way to share medical information, unless you are using ‘encrypted emails’. Doctors commonly use their private email account for work purposes, because they like the ease of access from anywhere and the want to check one place for all their emails, rather than several different email accounts associated with different hospitals or health organisations they work for. Emails can be intercepted and when mixing private and professional correspondence, it is easy to send information to the wrong person, specifically when using auto-complete functions for adding recipients.

Risk mitigation

If you are looking into using encrypted email, ensure that the data is stored in Australia, as under Australian Privacy legislation, health information should stay within the Australian jurisdiction, unless you can guarantee that the privacy protection in the country where sensitive health date is stored is equivalent to Australian level. Lifewire (2017) published a useful summary of what to consider when implementing encrypted email systems.


Texting is one of the most convenient and effective ways to communicate. About two thirds of doctors use SMS texting and one third other messaging services, such as WhatsApp, for clinical information exchanges (Mobasheri et al., 2015).

The rise of messaging is due to its ease of use, fast and mobile access, and the ability to share images and videos with one or a group of clinicians.

However, SMS is not sufficiently secure for a health care environment, as text messages are stored on servers in plain text and can be intercepted during transit.

Other messaging providers, such as WhatsApp, have increased in popularity over the past few years. With WhatsApp offering end-to-end encrypted messaging, users view it as a safe alternative to normal SMS texting. However, guidelines have been very clear that WhatsApp should never be used for the sending of information in the professional healthcare environment’ (Information Governance Bulletin, 2015).

The reasons for that warning include that messages may temporarily be stored on overseas servers; the images or videos shared are mixed with private images and can be accessed by anyone who has access to your phone (Colyer, 2016). One aspect often not considered is that messaging creates a copy of information, so if information has to be retracted, the sender has lost control over the multiple copies that can be freely shared by the recipients.

Risk Mitigation:

In Australia, there are now bespoke secure messaging systems available that have been developed specifically for health care settings. Some might allow users of the same Electronic Medical Record system to securely share information with each other (Best Practice, HealthKit), others are independent internal secure messaging platforms (Clinivid, MedX, TigerText). Some providers support communication that flows beyond hospital boundaries, for example when getting 2nd opinion or in multi-disciplinary care settings, it allows practitioners to securely share medical images and video (Clonivid, PicSafe) or any type of information (Clinivid). Those bespoke systems work either as stand-alone platforms (MedX), or allow the information to link back into patient records (Clinivid, PicSafe).

It ‘is clear that doctors will continue to use methods of communication that are most useful and efficient in practice’ (Gould & Nilforooshan,2016). When sharing clinical information, a clinician needs to consider the context of the chosen method to minimise risks to patient privacy, confidentially of patient data, the security and storage of patient data, data access and record-keeping obligations. Bespoke health communication platforms appear to play a greater role in allowing fast and simple information sharing in health care settings and at the same time aim to mitigate most of the risks associated with using less secure or generic communication tools.

If you are unsure about the risks associated with using digital communication tools in health care settings, you can contact your Tego broker.


Burge K (2013). World at Your Fingertips. The Medical Journal of Australia, [online] 198(1). Available at:

Colyer S (2016), Medical pics on personal devices a “privacy time bomb”, The Medical Journal of Australia, [online], issue 48, Available at:

Gould G, Nilforooshan R. BMJ Innov 2016;0:1–2. doi:10.1136/bmjinnov-2016-000116 1

Information Governance Bulletin No. 21 [Internet]. 1st ed. 2015. wp-content/uploads/2015/01/ig-bull-21.pdf

Kahol K (2014). Mobile phone messaging to improve health. BMJ, 347(aug06 2), pp. g6158-g6158.

Kantar Media (2015), Professional usage of Smartphones by Doctors in 2015.

Mobasheri M, King D, Johnston M, et al. The ownership and clinical use of smartphones by doctors and nurses in the UK: a multicentre survey study. BMJ Innov 2015;1:174–81.

Schiff G & Bates D (2010). Can Electronic Clinical Documentation Help Prevent Diagnostic Errors? New England Journal of Medicine, 362(12), pp.1066-1069.

Tschabitscher H (2017) The 5 Best Services for Secure Email. Encrypted email services that keep your messages private. Accessible at Lifewire

Visvanathan A, Gibb A. and Brady R (2011). Increasing Clinical Presence of Mobile Communication Technology: Avoiding the Pitfalls. Telemedicine and e-Health, 17(8), pp.656-661.

Mentioned Providers

Best Practice     






Author: Dr Katja previously worked for the NSW Heath Care Complaints Commission where she experienced first-hand the consequences of inefficient communication in health care. She researched the impact of medical incidents and related communication in the context of the patient-doctor-relationship as part of her PhD thesis. She is the founder of Clinivid secure mobile communication for clinicians.

This publication is general in nature and is not comprehensive or constitute legal or medical advice. You should seek legal, medical or other professional advice before relying on any content, and practice proper clinical decision making with regard to individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgment or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Tego Insurance Pty Ltd is not responsible to you or anyone else for any loss su­ffered in connection with the use of this information.