Risks and side effects of digital transformation in medicine

Digitalisation is advancing inexorably – including in the healthcare sector. Data security is the critical factor for success. A key role lies in the exchange and storage of data. The recent fine imposed on Mainz University Hospital highlights the pressing need for improvement, especially in hospitals.

Electronic health records, as mandated by the Digital Care Act, surgical robots, health data measurement via apps, fully automated pharmacies – at first glance, digitalisation in healthcare seems well-advanced. However, there is currently one barrier, particularly for hospitals, that is difficult to overcome: the organisational boundary. While hospitals can rely on systems such as PACS, MIS, or KIS for internal communication, these options are unavailable for external exchanges.

Hospital data reaches gigabyte levels

Data management in hospitals is complex. Beyond their sensitivity, the speed and accuracy of transmission often determine the success of treatment – in extreme cases, even the patient's life. Another complicating factor is the size of the data: a single X-ray may be a manageable 30 MB, but a mammogram can reach 130 MB, and a 3D CT scan can be a full gigabyte. It is no surprise that fax machines are still in use, and patients continue to receive discharge letters on paper or diagnostic data on CDs.

This issue extends to hospital administration. Currently, 1,088 hospital construction projects are underway in Germany, with over 600 still in the planning phase. Alongside the financial challenges, planning such projects presents significant logistical hurdles. Exchanging data is often difficult due to the size of architectural plans, the sensitivity of financial documents, or simply ensuring remote access to tender materials.

A €105,000 fine

Data loss – whether through analogue or digital channels – can be costly. Recently, the State Commissioner for Data Protection and Freedom of Information in Rhineland-Palatinate (LfDI), Professor Dieter Kugelmann, imposed a €105,000 fine on Mainz University Hospital. According to the LfDI, the legally binding penalty was issued for multiple violations of the European General Data Protection Regulation (GDPR) following a patient mix-up during admission.

The hospital may have been let off lightly. Under GDPR, companies can face fines of up to four percent of their annual turnover for serious data protection violations. In 2018, Mainz University Hospital reported €480 million in hospital operation revenue.

The data protection commissioner raises concerns

“It is essential to make substantial progress in healthcare data protection, given the particular sensitivity of such data. I hope this fine will serve as a signal that data protection authorities are maintaining heightened vigilance in this field,” stated the State Commissioner for Data Protection.

To protect sensitive data from exposure, manipulation, or loss, robust, preventative technical solutions are required to prevent unauthorised access – even by privileged users. Many public cloud and business cloud solutions struggle with this, as most data centres allow privileged admin access for monitoring or maintenance purposes.

End-to-end encryption is essential

Hospitals cannot avoid implementing end-to-end encryption for their data. This includes secure encryption of the transport path as well as the encryption of messages and attached files.

End-to-end encryption starts on the sender’s device and extends across the entire transmission path to the recipient. It adheres to the zero-knowledge principle, considered by security experts to be the most effective method against data loss. This level of security is provided by FTAPI's encryption technology. With a unique combination of security and user-friendliness, FTAPI SecuPass protects EKG results, X-rays, ultrasounds, MRIs, and other patient information, regardless of file type or size, during transmission.