Medical data are among the most sensitive personal data that exist. Any healthcare provider who sends patient records, imaging or referrals carries a special responsibility. This article explains how to transfer medical data in a demonstrably secure way, and why, in healthcare, this requires more than an ordinary secure connection.
Why medical data requires extra protection
Health data fall under GDPR art. 9: the special categories of personal data. Processing them is in principle prohibited, with exceptions for, among other things, the provision of healthcare (GDPR art. 9(2)(h)). That exception permits processing, but leaves the obligation to provide appropriate security fully intact, and for health data that minimum threshold is high.
The sensitivity is not only legal. An accidentally leaked patient record directly affects the relationship of trust between provider and patient, and can lead to stigmatisation, harm and a lasting loss of confidence. The importance of a robust, verifiable transfer procedure is therefore fundamental in healthcare.
Security in the healthcare context
Beyond the GDPR, secure data exchange in healthcare demands demonstrable measures around access, integrity and traceability. A transfer method that combines encryption, identity verification and a verifiable audit log gives substance to these principles.
Concrete situations in healthcare practice
The secure transfer of medical data arises in a wide range of everyday situations. A few examples in which the right transfer procedure makes the difference:
- Referrals between providers. A GP who refers a patient to a specialist often shares a complete record, including medical history and medication.
- Sharing imaging (MRI, CT, X-ray). Radiological images are almost always needed for diagnosis or treatment elsewhere, and come with clinical context.
- Second opinions. A patient or treating physician requests a second assessment, in which the complete record goes to a third provider.
- Patient transfers. On relocation, referral or transfer between institutions, the complete medical record is handed over to a new treating physician.
The risk of unsecured email and consumer tools
Regular email and general file-sharing services are not designed for the requirements healthcare imposes. An email attachment can end up with the wrong recipient through autocomplete; a shared download link can be forwarded to someone for whom the record was never intended. In both cases there is no proof whatsoever of who actually received the file, while it is precisely that proof which is indispensable for accountability in healthcare.
In addition, the encryption of many consumer tools falls short: the provider often retains access to the keys itself, so the data are not truly shielded. For health data that is an unacceptable starting point.
How TransferGuard secures medical transfers
TransferGuard is built on a number of pillars that map directly onto the requirements of healthcare. Encryption is performed with AES-256-GCM in the sender's browser: the data is encrypted before it leaves the device, and the decryption key is only released to verified recipients after successful identity or email verification. Transport runs over TLS 1.3 and storage is in the EU, on ISO 27001-certified infrastructure in the EU.
Biometric identity verification
In healthcare it is crucial that only the intended provider or patient gains access to a record. TransferGuard offers biometric identity verification through a specialist identity verification provider: the recipient scans a passport or ID document, takes a live selfie and completes a liveness check. Only after successful verification is the record unlocked. This makes it demonstrable that the right individual, and no one else, has been granted access. See how this works step by step in the verified identity demo.
Large files without compromise
Medical imaging is often sizeable: a CT or MRI series easily runs to several gigabytes. TransferGuard supports transfers of up to 100 GB per shipment, so complete image sets can travel in a single secure transfer, without resorting to insecure alternatives because an attachment is "too large" for email.
Verifiable audit report for accountability
Every transfer can be concluded with a verifiable PDF audit report with SHA-256 integrity check and an independent verified timestamp. The SHA-256 hash proves that the received file is exactly identical to the file that was sent (integrity); the independent timestamp records when the transfer took place. This report is the basis for accountability towards a regulator, a patient or a fellow provider.
Proof tailored to each transfer
Not every transfer calls for the same level of proof. You decide per transfer how extensive the identity verification and the evidence file must be, matched to the sensitivity of the record. For a routine internal exchange a light verification may suffice; for sharing a complete record with an external party or in a second opinion, full biometric identity verification with a verifiable audit report including integrity check is appropriate.
Practical example
The example below is anonymised and illustrative. A hospital outpatient clinic must share a complete MRI series with an accompanying report with a specialist centre for a second opinion. The file runs to well over eight gigabytes. Via regular email that is impossible; a shared download link would give no certainty about who ultimately views the images.
The clinic sends the series via TransferGuard with fully verifiable proof. The receiving specialist completes a biometric identity verification before the images are unlocked. After receipt the platform generates a verifiable audit report with the SHA-256 hash and an independent verified timestamp, which the clinic archives with the record. Should the question later arise whether, when and to whom the images were provided, that is demonstrable from the report, without any unsecured channel ever having been involved.
Conclusion
Medical data deserve the strictest security class within the GDPR. End-to-end encryption, EU storage on ISO 27001-certified infrastructure, biometric identity verification and a verifiable audit report together form a transfer procedure that both protects the patient and lets the provider account for their actions, and that meets the requirements of GDPR art. 9 and 32.
View the full overview of evidence and security features on the features page or the pricing options on the pricing page. For the broader GDPR context, see our article on GDPR requirements for file transfer.
