The beginning of the effective application of the GDPR has caused a real tsunami in the business world and the Administration, which are facing profound changes to adapt to the new regulations. One of the most affect sectors is healthcare, where very sensitive information such as patient data is manag.
This is how the GDPR affects patient data management
One of the pillars of the European data protection regulation is inform consent . This means that the patient must receive clear and concise information about how their personal data will be process, and explicitly accept this processing.
Among the information that the health professional must contain the following details:
Contact information for the Data Protection Officer mandatory in any company that handles sensitive information, such as clinics.
Legal basis or legitimacy for the treatment
However, there are three exceptions that allow the processing of patient health data without their express consent.
When data processing is necessary to protect the call lists vital interests of the patient.
When data processing is necessary for the purposes of preventive or occupational medicine, evaluation of the worker’s work capacity, medical diagnosis, provision of health or social assistance or treatment, or management of health and social assistance systems and services.
European law considers health-relat personal data to be all data: relating to the physical or mental health of a natural person, including the provision of health care services, that reveals information about their state of health article 4.15.
What is personal data related to health
This was also the case before but now an important nuance is introduced since it includes among personal health data those related to the provision of health care services that reveal some information about the state of health.
The Patient Autonomy Law already included the mandatory nature of high-level treatment of patient data and now with the GDPR, all information that has to do with a person’s health has an even higher level. of protection.
On our blog we have BO Leads dedicated several articles to talking about the GDPR and its consequences. If you have a website for your clinic, pay attention to the changes you must implement.