By Lars Lubienetzki | Aug 14, 2023 at 7:23 am
The back hurts, the knee joint crunches, in these cases getting a quick appointment with a specialist takes time and a lot of patience in queues. Isnāt there an app? Is there: Doctolib. But how safe is the data here and what should users consider. TECHBOOK explains.
One of the best-known digital helpers for digitally booking appointments with the doctor comes from France and is called Doctolib. The Doctolib app has also been available in Germany since 2016. In Germany, around 70,000 medical practices and other medical facilities are now using Doctolib ā and the trend is rising. Especially during Corona, the platform experienced a boom due to the numerous appointment bookings for vaccinations. However, data protection concerns have been around for a while. Thatās why we take a closer look.
Inexpensive appointment booking solution for doctors
The popularity of the Doctolib app is closely linked to the pandemic period. During the Corona peak, many medical practices were no longer able to adequately provide their patients with timely appointments over the phone. The number of telephone inquiries has increased immensely during the Corona period.
At that time, Doctolib had a simple alternative that was also cheap for doctors. The cost of the appointment booking service for a doctor working alone is just under 150 euros. This is worthwhile and relieves the so-called medical assistants (MFA) in the doctorās office. Because thanks to Doctolib, the phone rings much less often, leaving more time for the patients on site.
Berlin has even commissioned Doctolib with the entire coordination of the COVID19 vaccinations from 2021. A significant time saver for people looking for a vaccination appointment.
Why do data protection experts criticize Doctolib?
For all groups involved, Doctolib obviously only seems to bring advantages. Data protection experts, on the other hand, see it differently and raise some serious allegations.
The core of the criticism is aimed at the role of Doctolib. The company is not just a simple broker of free doctorās appointments. If Doctolib has agreed to work with a doctor, the company will have access to the entire patient master data record. These include, for example:
Address, telephone numbers, e-mail addresses, previous illnesses, course of illness or insurance status.
Data protectionists have found that Doctolib even gets access to the data of the deceased or of patients who have been treated by another doctor. This is the case when a doctor takes over an existing practice as a successor.
It is precisely because of this data that there is criticism. After all, it is difficult to argue here that these people would have consented to the data transfer in any way. What many people donāt know when you arrange a free doctorās appointment online or via an app with an external service provider: You are concluding a contract with a company and not with the doctor treating you. The doctor, in turn, has previously granted Doctolib the right to act as a so-called legally authorized external processor by concluding the contract. What does that mean?
This gives Doctolib, for example, the right to access the complete patient master data record. Doctors should actually point this out to their patients before they book their first appointment via Doctolib.
The provider based in Berlin argues that the doctors would also explicitly point this out when concluding the contract. It is difficult to check whether the doctors actually comply with this obligation to provide information. It is just as difficult to track what Doctolib is doing with the sensitive health data and whether it is properly stored. The only thing that really helps here is trust, control does not work in this case.
data protection cases in the past
At least events in the past show that not all data holes have been closed. In 2021, various media reported that Doctolib shared data with Facebook and the online marketing agency Outbrain. Both companies are based in the USA. According to the EU General Data Protection Regulation (GDPR), this is exactly what should no longer happen: passing on data from the EU to servers in non-EU countries.
After this incident, Doctolib reports that the company has removed all marketing cookies to prevent such a data breach from happening again. Nevertheless, the Digitalcourage association is giving the Big Brother Award to Doctolib in 2021, among other things because of the aforementioned data breach and the unfiltered access to patient data.
Also read: āKryā in the test ā does the app replace a doctorās visit?
How does Doctolib react to the criticism?
Doctolib takes the criticism of data protection experts seriously and also faces the critics. Regarding the criticism of access to the entire patient master data record, the company has repeatedly emphasized that communication is still only between the patient and the treating doctor. Doctolib does not use any data for its own purposes. As mentioned above, all patient data is also stored on servers in an anonymous form.
Since these processes are all invisible, the statement cannot be verified. The company makes no concrete statements about the security standards used for this.
What data security options are there?
First of all: booking appointments via the Doctolib app or another provider is basically a significant improvement compared to the previous method by telephone. A Doctolib account is quick to set up. Even non-technical people can easily book an appointment. And the system reminds you several times in advance of upcoming doctorās appointments.
In the future, more and more such apps will certainly come onto the market. Doctors also report that since they have been working with Doctolib, many more younger patients have found their way into their practice. Apparently, a younger target group seems to prefer booking a doctorās appointment via an app. Nevertheless, the development should be critically monitored. Of course, not all patients have to like booking appointments via the app.
If you are unsure what providers like Doctolib are doing with your data, you can ā as before ā simply pick up the phone. The majority of German doctors still do not use digital booking services such as Doctolib.
Or you can use the online service of the National Association of Statutory Health Insurance Physicians. There you can search for specialists in your area and also make appointments directly. This does not run quite as smoothly as with the app and also takes a little more time. However, you then have complete security: only the doctor treating you receives your data and no one else.