Article Israel: Privacy Protection Authority Issues Guidelines on Telehealth and Privacy Protection

On August 2, 2022, Israel’s Privacy Protection Authority (PPA) published a document containing guidance on the protection of privacy in providing telemedicine services. The PPA is the Israeli regulatory and enforcement authority for personal digital information, in accordance with the Privacy Protection Law, 5741-1981, as amended.

The document highlights the privacy challenges involved in the use of telemedicine services and presents key recommendations regarding the use of telemedicine services. Telemedicine may be defined as “medical care provided remotely to a patient in a separate location using two-way voice and visual communication (as by computer or cell phone).”

Background to the Guidelines

According to the PPA press release:

In recent years, the healthcare system has been offering an innovative medical service that includes telemedicine services through technological means and through electronic communication, in order to provide health services in a more accessible manner to patients. These services include, but are not limited to, a virtual meeting between patient and therapist in real time, self-examination on an online medical device for consultation, diagnosis or treatment at a later date, continuous medical monitoring and monitoring using wearable or implantable devices, and an initial AI-based diagnostic service.

The document published by the PPA maps the remote medical services, reviews the relevant provisions of the law, presents the risks inherent in them to the privacy of patients, details the obligations imposed on health organizations, external providers, and caregivers, and includes key recommendations for maintaining privacy when using these services. …

The PPA emphasizes that medical information is sensitive personal information and its leakage may have severe consequences, both at the patient level and at the level of public trust in the country’s health institutions. Failure to secure information as required may also lead to its disruption, in a way that may serve as a basis for erroneous medical decisions, and hence even harm the health of patients [emphasis in original].

Main Recommendations

The document lists a number of recommendations for hospitals, clinics and healthcare companies (healthcare organizations), telemedicine service providers, and patients.

Healthcare Organizations

Healthcare organizations should receive patients’ informed consent for remote medical services, and avoid collecting and retaining information from patients that is not necessary for providing remote medical services or fulfilling the purpose of the database in which this information is used.

Healthcare organizations that contract with a third-party provider to provide telehealth services, including providing and operating the technological platform and online medical devices, should supervise the third party’s handling of privacy and information security.

In general, health organizations that provide telemedicine services own the databases in which patients’ information is stored. As such they must verify the identity of both patient and caregiver through a sound identification mechanism that utilizes degrees of identification and means adapted to the circumstances and type of action performed. As database owners, health organizations must also ensure that the access to the database is restricted to authorized persons. The PPA document clarifies that the same security requirements apply to online medical devices because they enable remote connection to the database.

Telehealth Care Providers

Care providers should act cautiously and refrain from unnecessarily exposing patients’ photos and video recordings obtained through telehealth beyond what is needed for medical treatment. Care providers must also strictly adhere to rules of information security in the software and technological devices that are used as part of providing remote care, which include keeping them in a protected place and under a password that prevents access to them without proper permission.

Public Wi-Fi networks must not be used while providing telehealth care. Remote treatment may be given only through a private network that is protected by a password and software protection such as antivirus and a firewall. Patients must be informed at the beginning of their remote treatment that the session will be filmed and recorded, and they must be advised to refrain from disclosing excess information that is not required for the treatment. Care providers should also alert patients’ when they expose themselves or their household members unnecessarily.

About this Item


  • Israel: Privacy Protection Authority Issues Guidelines on Telehealth and Privacy Protection

Online Format

  • web page

Rights & Access

Publications of the Library of Congress are works of the United States Government as defined in the United States Code 17 U.S.C. §105 and therefore are not subject to copyright and are free to use and reuse.  The Library of Congress has no objection to the international use and reuse of Library U.S. Government works on These works are also available for worldwide use and reuse under CC0 1.0 Universal. 

More about Copyright and other Restrictions.

For guidance about compiling full citations consult Citing Primary Sources.

Credit Line: Law Library of Congress

Cite This Item

Citations are generated automatically from bibliographic data as a convenience, and may not be complete or accurate.

Chicago citation style:

Israel: Privacy Protection Authority Issues Guidelines on Telehealth and Privacy Protection. 2022. Web Page.

APA citation style:

(2022) Israel: Privacy Protection Authority Issues Guidelines on Telehealth and Privacy Protection. [Web Page] Retrieved from the Library of Congress,

MLA citation style:

Israel: Privacy Protection Authority Issues Guidelines on Telehealth and Privacy Protection. 2022. Web Page. Retrieved from the Library of Congress, <>.