Where Your Medical Data Actually Goes During a Telehealth Call
When people ask whether a telehealth call is private, they usually picture one threat: someone "listening in" on the video. That's the part most systems already handle well, and it's the least of it. The interesting questions are about the data that persists after the call ends. Let's reason from first principles: enumerate the data, then follow each item.
First, enumerate. What data does one consultation actually create?
A single online consultation generates at least five distinct kinds of data, and they behave very differently:
| Data | Nature | Lifetime |
|---|---|---|
| Account & identity (name, contact) | Stored record | Long-lived |
| Questionnaire answers | Stored record | Long-lived (part of file) |
| The live audio/video stream | Transient in transit | Ephemeral — flows, isn't a file |
| Doctor's notes & prescription | Stored record | Long-lived (medical record) |
| Payment details | Handled by payment gateway | Held by the processor, not the clinic |
Already this is more useful than "is it safe?" Each row has a different home and a different risk profile. Let's walk the two most misunderstood rows: the live stream, and the stored record.
The live stream: encryption in transit, and what "encrypted" buys you
During the call, your audio and video are encrypted in transit. Concretely, that means the bytes
leaving your device are scrambled such that an intermediary on the network — your ISP, someone on the same
café Wi-Fi, a router in between — sees ciphertext, not your face or voice. This is the same class of protection
(TLS/SRTP-style transport encryption) that secures online banking.
What encryption-in-transit specifically protects against is interception. What it does not automatically do is decide who, at the legitimate endpoints, is allowed to keep a copy. That's a policy question, not a cryptography question — and it's where PDPA comes in.
Useful mental model: encryption protects data in motion and at rest; governance decides what is allowed to come to rest in the first place. You need both. Neither substitutes for the other.
The stored record: this is the part that actually matters long-term
The video stream is gone the moment the call ends. The record — your questionnaire answers, the doctor's notes, your prescription — is what persists, and it's the asset worth protecting. Three principles govern how a responsible clinic should treat it, and all three are PDPA principles:
- Purpose limitation. Data collected to treat you should be used to treat you — not quietly repurposed. Under PDPA, processing is tied to the purpose you consented to.
- Access control / confidentiality. Your record should be readable by the people in your care loop, not by everyone in the organisation. "Confidential across our online and physical clinics" is a specific claim about who can open the file.
- Security safeguards. The data at rest must be protected against loss, misuse, and unauthorised access — encryption, backups, and controlled infrastructure.
The one that surprises people: the synced record across online and physical clinics
Because Hello PrimerCherang shares records between the online service and the physical Primer Cherang branches, a natural worry is "now my data is in more places." It's worth being precise about the trade-off. A shared record is not the same as a scattered one. One governed record that both your online doctor and your in-person doctor can see is generally safer than several disconnected copies emailed around — because there's a single thing to secure, audit, and control access to. The risk to manage is access scope, and that's exactly what purpose limitation and access control above are for.
What about payments?
Payment card details are typically the one category a clinic deliberately doesn't want to store. They flow to a dedicated payment gateway whose entire job is handling them under stricter standards. Less data you hold = less data you can lose. That's privacy by subtraction, and it's a feature, not a gap.
So, how should you reason about it?
Next time you evaluate any telehealth service — ours or anyone's — don't ask "is it private?" Ask the four questions that actually decompose it:
- Is the live call encrypted in transit? (It should be, always.)
- What exactly is stored afterwards, and for what stated purpose?
- Who can read the stored record, and is that scope as narrow as the care actually requires?
- What law governs it, and does the provider commit to it? In Malaysia, that's the PDPA.
Hello PrimerCherang is built to answer all four: encrypted consultations, records used for your care and kept confidential across our online and physical clinics, and PDPA compliance as the baseline rather than the marketing line.
Care you can actually see the inside of.
Consult a licensed Malaysian doctor on Hello PrimerCherang — PDPA-compliant, encrypted, and backed by 30+ physical Primer Cherang branches.
This article is general information, not legal or medical advice. PDPA obligations depend on specifics; for authoritative guidance consult the relevant regulations or a qualified professional. In a medical emergency, call 999 or go to the nearest emergency department.