Transmitting patient data digitally – but with particular caution
The advancing digitalization is also opening up new opportunities for more efficient communication in the healthcare sector. However, especially when exchanging sensitive health data such as laboratory results, doctor’s letters, or diagnoses, the question inevitably arises: How can the electronic transmission of findings be legally compliant and secure at the same time?
One thing is clear: traditional faxing is a thing of the past. Since the fax ban in the healthcare sector, resulting from the Austrian Health Telematics Act (GTelG) and the requirements of the GDPR, the unencrypted transmission of health data is no longer permitted. The regulations stipulate that personal medical information may only be transmitted via secure, encrypted channels. But what about sending medical results via email? Can medical results simply be sent electronically? The answer: Only under certain conditions.
What does the law say?
According to the GDPR, health data is considered particularly sensitive personal data. Therefore, according to Article 32 of the General Data Protection Regulation, medical professionals are obligated to protect their patients’ personal data as best as possible. The transmission of this data is only permitted if technical and organizational measures are in place that ensure a level of protection appropriate to the risk.
This in turn means:
- Unencrypted emails are not permitted because they do not offer sufficient protection.
- Sending emails via common email programs like Outlook or Gmail without additional security measures violates the GDPR. The consequences are heavy fines and a loss of patient trust.
- Sending by fax is now also prohibited in the medical field.
- Anyone who wants to send medical reports securely must rely on data protection-compliant solutions.
Sending medical results by email – what’s permitted
Sending medical results by email is generally only permitted under strict data protection regulations. This requires consistent end-to-end encryption, and both the content of the message and all attached documents – such as lab results or doctor’s letters – must be reliably protected from unauthorized access. Furthermore, the chosen solution must comply with the requirements of the GDPR. This is the only way to ensure the legally compliant and trustworthy electronic exchange of health information.
zertmail. as a legally compliant fax alternative
This is precisely where zertmail. comes in: Our solution combines proven encryption standards like S/MIME with high user-friendliness – ideal for use in the healthcare sector. With zertmail., you can send medical reports, patient records, or other sensitive documents securely and in compliance with data protection regulations directly from your usual email program. We ensure that your messages are reliably protected from unauthorized access – neither readable nor tamperable by third parties.
zertmail. advantages at a glance:
- Full GDPR and GtelG compliance for communication with patients, laboratories, and colleagues
- Automated encryption and certificate renewal – no additional IT effort
- Seamless integration into existing systems such as Outlook, Apple Mail, etc.
Common mistakes when sending medical data by email
❌ “A password-protected PDF attachment is enough, right?”
→ No. Even if the report is password-protected, the transmission method (the email) is often unencrypted. That’s not enough.
❌ “I’m only forwarding this internally anyway.”
→ Wrong. Internal emails of reports must also be encrypted – regardless of whether the sender and recipient belong to the same organization.
❌ “Patients want it quickly – so I’ll just send it by email.”
→ Speed shouldn’t come at the expense of security. Sending results securely also means maintaining patient trust.
Conclusion: Health data needs security – even in email communications.
Anyone who still sends unencrypted medical reports by email or fax not only risks a data protection breach, but also the trust of their patients. With zertmail., sending medical reports by email is secure, efficient, and legally compliant.
