IT Outsourcing and Medical Secrecy Abstract. When medical practices outsource IT work, the requirements of data protection laws and professional secrecy in particular must be taken into account. In terms of data protection laws, outsourcing to third parties requires, among other things, that an agreement is concluded, and that the outsourcing provider only processes the data in the way that the doctor himself is permitted to do. Furthermore, outsourcing must not be prohibited by a legal or contractual obligation to maintain secrecy, such as medical professional secrecy. Professional secrecy has been widely discussed in recent years in connection with the outsourcing of services by physicians. Despite other restrictive positions, however, IT outsourcing should continue to be regarded as permissible if it can be justified on objective grounds, if it remains within the scope of what is customary and necessary for physicians and if appropriate measures are taken to avoid disclosure of personal data.