Are online medical consultations secure? Encryption, EU servers, and your rights
What you discuss with a clinic is medical data. Here is what a secure consultation platform must do — and the questions that expose one that doesn't.
What secure looks like
Calls should be encrypted in transit, run on servers in a jurisdiction with strong medical-privacy law, and recorded only with your explicit consent — ideally not at all. GetClinic consultations run on our own EU servers with no third-party video vendor in the middle.
Entry should be controlled: invited participants verify their email or phone, wait in a lobby, and are admitted by the clinic. Nobody joins a consultation by guessing a link.
Your rights under GDPR
In the EU, health data has the highest protection class. You have the right to know what is stored, where, and for how long — and the right to have it deleted. A clinic operating legally can answer these questions in one email.
Consultations with clinics outside the EU still fall under GDPR when the platform or the patient is in the EU. The platform, not you, carries the burden of compliance.
Three questions that test any platform
Where do the video streams run — your own servers or a third party's? Is anything recorded, and who can consent to that? Can an uninvited person join with only the link? A trustworthy answer to all three is short, specific, and boring.