Do QR Codes provide effective data security of personal health information?

Do QR Codes provide effective data security of personal health information?

Harmen Brenninkmeijer, Founder, Q Services, discusses why QR Codes provide effective data security and privacy in the transfer of personal health information.

First created in 1994 by the Japanese car company Toyota, Quick Response (QR) Codes are commonly used to represent data in a pictorial form and contain a lot more data than barcodes.  Like many other technologies, QR Codes come with some danger if misrepresented.

Unlike a barcode, the data that a QR Code represents is not provided in a human-readable form so the individual doesn’t know what the QR Code is showing.  This can be a problem if the QR Code is pointing to a URL that is taking someone to an incorrect website.

Hacked URLs are a common point of discussion when examining the safety of QR Codes.  It’s important to remember that QR Codes do not have to represent a URL. They can be an encrypted lookup code that points an authorised reader to a location from where they can pick up the information that is being shared.

A lookup code can have a limited lifetime, generally thirty seconds, and can be invalidated after being read so it cannot be used again. The technology to handle lookup codes with QR Code representation is readily available and many of them are based on the same techniques as used by Google Authenticator, which makes them pretty challenging to circumvent.

Trust in QR Codes

Digital health technology solutions are becoming increasingly important as the world adjusts to living with COVID-19 and beyond.  One of the biggest challenges facing the industry is trust in the solution providers who manage data.

It’s important that personal data is squarely in the hands of the owner and that health technology providers build solutions that allow for self-sovereign identity.  This is where the secure QR Code can play a vital role in the transfer of personal health information between multiple parties.

For example, when a Doctor uploads a medical certificate, it can be hashed and temporarily stored on the technology provider’s server. A person can then open their digital wallet and download the certificate directly to their app, whereupon it will be deleted from the server. The information can then be shared to an authenticator, where it’s again temporarily stored in a hashed format on the solution provider’s server until the authenticator has finished with it.

Essentially, it is a temporary, dynamic QR Code that is facilitating the transfer of personal health data in a secure manner utilising cryptographic hashing.


A Deloitte study found that during the pandemic, more consumers are willing to share personal health information as a result of the crisis.  Trust will come from empathy and the reliability that a company can provide through their solutions with 65 percent of consumers agreeing that they should own their own health data.

Digital Health Apps

Q-Servi-SAFE-RELIABLE_FASTFor healthcare apps, there has to be a guaranteed ‘trust chain’ so that test certificates leaving a medical establishment can make their way securely to a person’s digital health wallet.  It’s important that people can choose digital health wallets that are built with encrypted security and have been approved for medical record-keeping.

This means choosing apps that have gone through rigorous validation and regulatory approvals and will be listed in the app stores under the medical record-keeping or healthcare categories.

For digital health apps, QR Codes offer a very different proposition as they can be used to represent a one-time code that cannot be forged or faked because it is only valid for several seconds.

By 2022, 1 billion smartphones will access QR Codes (Juniper Research) and so this form of data representation is likely to penetrate many more industry verticals, including the healthcare and wellbeing sectors.

Interoperability and Convenience

QR Codes create a frictionless experience for us all. They are quick and they are convenient. As we see their adoption increase in healthcare, it’s not unreasonable to think that security will be monitored closely due to the regulatory nature of the industry.

People will want convenience from their digital health apps and are more likely to consider providers who are interoperable with other organisations.  These are the companies that will be able to provide seamless access to health information and ensure that the individual is the custodian of their own data.

The interoperability of QR Codes has provided benefits for many industries, and these benefits are needed in the healthcare industry where the demand for modernisation has dramatically increased.

QR Codes will deliver security and peace of mind as more people start to embrace them as part of their digital health journey.  2021 could well be the year the QR Code demonstrates itself as a trusted technology for the digitisation of healthcare.

This article first appeared in InfoSecurity Magazine.

Other articles you may like

Share this story...

Share this story...

Learn more:

To learn more about how Q Services can help your organisation, get in touch via the contact form:

Go to Top