3242 - Respecting Patients Privacy Rights and Medical Data Safety at a Radiation Oncology Department during Remote Consultations and Surveillance

M. Mocydlarz-Adamcewicz^1,2, M. Fundowicz^1,2, D. Galas-Swidurska¹, A. Skrobaa^1,2, and J. Malicki^1,2; ¹Greater Poland Cancer Centre, Poznan, Poland, ²Electroradiology Department, Poznan University of Medical Sciences, Poznan, Poland

Purpose/Objective(s): The growing use of telemedicine requires strict data protection measures to ensure protection of patients’ privacy rights. The aim of this study was to evaluate compliance with regulatory and internal data safety protocols at a radiation oncology (RO) department during online consultations, video surveillance, and electronic exchange of medical data. Materials/

Methods: This was a four-part study. First, an ad hoc survey was administered to staff members (technologists, radiation oncologists, physicists, and administrative staff) at our department to identify key issues and challenges related to data safety protocols. Next, we reviewed the relevant governmental regulations and internal protocols. An observational study was performed to evaluate adherence to data safety protocols during a six-month period (July to December 2023). The collected data were analyzed.
Results: 1) Online consultations. Remote consultations were predominantly performed by telephone, without video. The lack of visual contact hinders patient identification and does not allow the physician to judge patient reactions. No incidents were reported or observed. Data security was verified for each telemedicine provider. 2) Video surveillance. Video surveillance of medical procedures is allowed. Voice surveillance is prohibited and calls cannot be recorded. We detected a few incidents involving video surveillance of patient rooms without prior approval (as required by regulation). All incidents were processed and the involved staff members received specific training. 3) Data sharing. Most patients preferred to share medical documents electronically (even when these messages contained personal health-related data), mainly by e-mail, despite governmental regulations requiring document sharing be performed through specialized information technology (IT) tools. Although hospital employees are legally required to use encryption when sharing medical data, several attempts were detected by the hospital IT system during the study period. All attempts to send unencrypted e-mails were blocked by the system. In a few cases, the incident was reported to the data protection manager. In one incident, the system blocked an e-mail containing a photograph of an employee and the incident was reported to data protection authorities. Based on these findings, staff members were required to undergo mandatory training.
Conclusion: Overall compliance with both governmental regulations and internal hospital protocols was good. Unintended attempts to send unencrypted e-mails containing patient data were automatically blocked by the hospital IT system. These findings suggest a need for prospective studies, ideally multi-institutional, to better characterize adherence to governmental and institutional regulations on remote consultations and electronic data sharing.