Secure Remote Access to Pulmonary Function Test Results: A Clinician's Guide to Reviewing PFTs From Home in 2026
Feb 20, 2026
Reviewing pulmonary function test (PFT) results remotely is now a standard part of clinical practice. With cloud-based reporting platforms and encrypted data pipelines, respiratory clinicians can securely access spirometry data, flow-volume loops, and full PFT reports from any location. The key requirements are role-based access controls, end-to-end encryption, compliance with local health data regulations, and a platform purpose-built for respiratory workflows. Done right, remote PFT review is not just convenient; it is clinically safe and auditable.
TL;DR
Remote PFT review is clinically viable and increasingly standard in 2026, supported by evidence from real-world monitoring studies.
Secure access requires encryption, multi-factor authentication (MFA), and role-based access control (RBAC).
Cloud-based platforms purpose-built for respiratory labs eliminate the security gaps created by workarounds like emailing PDFs.
Standardised reference equations (such as GLI norms) must be accessible within the reporting environment, not just at the lab workstation.
Platforms like Rezibase are designed to make this entire workflow seamless, auditable, and compliant.
Why Are Clinicians Reviewing PFTs Remotely in 2026?
Remote PFT review is the practice of accessing, interpreting, and reporting pulmonary function test data through a secure digital platform from a location outside the clinical lab. This is distinct from telehealth consultations; it refers specifically to the clinician-side workflow of reviewing raw test data and generating formal reports.
Several converging factors have made this the norm:
Workforce distribution: Respiratory physicians and scientists increasingly work across multiple sites or from home.
Growing RPM programs: According to Prevounce's comprehensive guide to Remote Patient Monitoring, RPM allows providers to continue tracking healthcare data after discharge and encourages patients to take greater control of their health.
Home spirometry uptake: A 2025 study published in BMC Pulmonary Medicine by Ng et al. assessed the acceptability and usability of home monitoring in patients with connective tissue disease-related interstitial lung disease, finding the approach feasible and well-tolerated.
Wearable and Bluetooth-enabled devices: A 2023 study in JMIR Formative Research by Althobiani et al. investigated a real-time multimodal remote monitoring program using commercially available wearables and home-based Bluetooth-enabled spirometers, demonstrating the viability of capturing clinical-grade data outside the lab.
The infrastructure now exists. The question is whether the reporting environment is secure enough to match it.
What Are the Core Security Requirements for Remote PFT Access?
Secure remote access to health data is not optional; it is a regulatory and ethical baseline. According to Censinet's best practices guide for remote healthcare access control, the foundational security pillars are:
Security Layer | What It Means in Practice |
|---|---|
Multi-Factor Authentication (MFA) | Clinicians verify identity via two or more methods before accessing patient data |
Role-Based Access Control (RBAC) | Each user sees only the data relevant to their clinical role |
End-to-End Encryption | Data is encrypted in transit and at rest |
Device Management | Only approved, managed devices can access the platform |
Audit Logging | Every access event is recorded for compliance review |
These are not just IT considerations. A clinician reviewing PFTs from home on an unmanaged device, through an unencrypted connection, creates real clinical and legal exposure. Platforms that are not purpose-built for healthcare often lack the audit trail and access controls required by standards like ISO 15189.
What Should a Secure Cloud PFT Reporting Platform Actually Include?
A platform built for remote PFT review needs to go beyond basic security. According to Healthcare Business Outlook's introduction to remote respiratory monitoring, the ability to deliver real-time PFT results securely through a cloud-based dashboard is important, alongside data encryption and adherence to privacy regulations.
A purpose-built respiratory reporting platform should include:
Structured report queues: Clinicians should see a clear, role-specific list of reports awaiting review, not a generic file directory.
Integrated normal values: Reference equations must be embedded in the platform. The Global Lung Function Initiative (GLI), maintained by the European Respiratory Society, provides reference equations used to interpret measured lung function values. These should be pre-configured and automatically applied, not manually looked up.
Flow-volume loop visualisation: Remote review is only clinically meaningful if the full graphical data is accessible, not just numerical outputs.
AI-assisted reporting: Structured interpretation support reduces variability and speeds up turnaround without replacing clinical judgement.
Full audit trail: Every action on a report should be logged, timestamped, and attributable to a specific user.
This is precisely the gap that platforms like Rezibase were designed to close. Built by respiratory scientists, Rezibase delivers all of the above in a cloud-based environment accessible from any location, with no local software installation required.
How Do You Migrate From a Legacy System Without Disrupting Clinical Workflows?
Transitioning from a legacy system like Respiro to a cloud platform is more straightforward than most labs expect. The process does not require a "big bang" cutover or extended downtime.
A typical migration path looks like this:
Data export from the legacy system: Most legacy platforms can export patient records and historical reports in standard formats.
Structured import into the new platform: Rezibase's Magic Import function handles the direct import of device reports, automatically extracting discrete data including flow-volume loops.
Configuration of normal values and workflows: Reference libraries, reporting templates, and user roles are configured before go-live.
Parallel running (optional): Some sites run both systems briefly to validate data integrity before full cutover.
Training and onboarding: Because Rezibase is designed around actual lab workflows, the learning curve is minimal for experienced respiratory scientists.
Historical data remains accessible throughout, and the cloud architecture means there is no server migration to manage. For labs moving away from Respiro, this process is well-supported and does not require a lengthy IT project.
Frequently Asked Questions
Is it clinically safe to review PFTs remotely?
Yes, provided the platform includes encrypted access, full data fidelity (including flow-volume loops), and integrated reference equations. Several published studies support the clinical validity of remote respiratory monitoring.
What regulations apply to remote PFT access in Australia and the UK?
In Australia, the Privacy Act and Australian Privacy Principles apply. In the UK, NHS platforms must comply with DSPT (Data Security and Protection Toolkit) standards. Platforms like Rezibase are designed with these requirements in mind.
Do GLI reference equations work correctly in a cloud environment?
Yes. GLI equations are software-agnostic and can be pre-configured into any compliant platform. Rezibase includes a regularly updated Normal Values Library that incorporates GLI standards.
What happens to historical data when switching platforms?
Historical data is migrated during onboarding. Rezibase's import tools are designed to handle this cleanly, preserving discrete data and report history.
Can multiple clinicians access the same report simultaneously?
Cloud platforms support concurrent access with role-based permissions, so a scientist and a reporting physician can both interact with a report without conflict.
Is a VPN required to access Rezibase remotely?
Rezibase is a cloud-based SaaS platform with built-in security controls. Access is managed through authenticated sessions rather than requiring a separate VPN, though individual hospital IT policies may vary.
How long does onboarding typically take?
Most sites are operational within a few weeks. The timeline depends on integration complexity with existing hospital systems such as PAS or EMR.
About Rezibase
Rezibase is Australia's most advanced cloud-based respiratory and sleep reporting platform, built by respiratory scientists for respiratory scientists. Trusted by over 35 sites including NHS and NSW Health, it offers a vendor-neutral, fully integrated solution covering reporting, accreditation, and complete lab administration. Rezibase operates on a transparent monthly pricing model with no lock-in contracts and a 30-day free trial.
Explore what secure, cloud-based PFT reporting looks like in practice. Visit rezibase.com to learn more or start your free trial.
References
Althobiani MA et al. Evaluating a Remote Monitoring Program for Respiratory Patients. https://formative.jmir.org/2023/1/e51507
Ng WL et al. Remote monitoring of spirometry and oximetry in patients with connective tissue disease related interstitial lung disease. https://link.springer.com/article/10.1186/s12890-025-03966-6
Healthcare Business Outlook. An Introduction to Remote Respiratory Monitoring. https://apac.healthcarebusinessoutlook.com/an-introduction-to-remote-respiratory-monitoring/
Prevounce. Remote Patient Monitoring: A Comprehensive Guide. https://www.prevounce.com/a-comprehensive-guide-to-remote-patient-monitoring
European Respiratory Society. The Global Lung Function Initiative. https://www.ersnet.org/science-and-research/ongoing-clinical-research-collaborations/the-global-lung-function-initiative/
Censinet, Inc. Best Practices for Remote Healthcare Access Control. https://censinet.com/perspectives/best-practices-for-remote-healthcare-access-control