In concepts such as connected health, patient data needs to be protected when they are transmitted over the internet to the caregiver. The current letter proposes embedding the QR code of patient data into discrete wavelet transform coefficients of the cover ECG Signal. The imperceptibility of hidden data is estimated by performance metrics such as peak signal-to-noise ratio, percentage residual difference, and Kullback–Leibler distance. The proposed approach is demonstrated on MIT-BIH database. Watermarking in the low coefficient values deteriorate the signal less and results in lower bit errors. It is shown that larger watermarks can be accommodated with a larger version of QR code for more or less the same imperceptibility. It is found that QR code version 40 allows embedding of maximum 2632 bytes of patient data with zero bit errors. Since QR code has an inbuilt error correction code, it provides additional layer of security to patient data and the proposed approach can be used for secure transfer of patient data. © 2019, Springer Nature Singapore Pte Ltd.