Hi Geir,
The information is as you are saying stored in clear text (unencrypted) in the database underlying OpenTele. I have asked around a bit and it has not been an issue as such here in Denmark. As I understand it it is seen as sufficient that data is protected through perimeter security. That is, that all servers are behind firewalls and other mechanisms securing the network from outside intrusions.
I am not aware of DK legislation that specifically what call for encryption or similar. I believe the wording of the legislation is more generic and calls for protection preventing access to the data if you do not have express consent from the patient or you are actively engaged in treating the patient (“behandlerrelation”).
But mind you, I am no expert on the above matters,
Regards,
Michael