The Italian Data Protection Authority publishes Frequently Asked Questions and Infographic on the Electronic Health Record
Firstly, the Garante refers to the relevant provisions that regulate the EHR – namely Article 12 of Law Decree No. 179/2012, Presidential Decree No. 178/2015, and Article 11 of Law Decree No. 34/2020 – and defines the EHR, which is a set of health and social-health data and digital documents generated by present and past clinical events concerning the patient. The EHR pursues the purposes of care, research, and governance (i.e., health planning, quality of care verification, and evaluation of health care).
Secondly, the Garante focuses on the information to be provided to the patient and his/her consent. The patient shall receive information on data processing carried out in the framework of the EHR according to Article 13 of the General Data Protection Regulation (Regulation (EU) No. 2016/679, “GDPR”). In particular, it has to be made clear that the data included in the EHR are related to the present and past health status of the patient. Furthermore, the right to know about access to the EHR should be covered.
With regard to consent, the patient shall express his/her consent to having the record consulted on one-off basis and can always withdraw it. Once provided, the patient’s consent allows healthcare personnel who are treating him/her to access the EHR. Furthermore, data generated by health facilities located outside the patient’s Region are automatically fed into the EHR, thanks to the interoperability ensured by the Social Security Card System. In any case, healthcare service is guaranteed to be provided even if the patient does not provide the above-mentioned consent.
Thirdly, the Garante lists the subjects who can access the EHR:
- The patient, who can consult both clinical and administrative health documents. He/she can also add personal information and documents related to the course of treatment in the “patient’s personal notebook” (taccuino personale dell’assistito), a specific section of the EHR;
- The public and private healthcare professionals who treat the patient, provided that the patient gave his/her consent. In particular, general practitioners and/or pediatricians of free choice draft the “patient summary” (profilo sanitario sintetico); and
- The health governance bodies that access pseudonymized data in the EHR to perform their institutional functions (g., care planning, management of health emergencies), regardless of the patient’s consent.
Experts, insurance companies, employers, scientific associations, and administrative bodies – even those operating in the health sector – and any unauthorized third parties cannot access the EHR.
Finally, the patient has the right to request that documents and data be redacted, both before and after they are fed into the EHR. Only the patient and the party that generated the redacted information can consult it. Moreover, redaction shall be handled in such a way that other subjects entitled to access the EHR for the purposes of care cannot automatically see that the patient has made that choice and that there are redacted data or documents. The redaction may be revoked by the patient at any time.