October 14, 2020

The Italian Data Protection Authority publishes Frequently Asked Questions and Infographic on the Electronic Health Record

On September 14, 2020, the Italian Data Protection Authority (“Garante”) published on its website a set of Frequently Asked Questions (“FAQ”) and an Infographic on the main characteristics of the Electronic Health Record (“EHR”).

Firstly, the Garante refers to the relevant provisions that regulate the EHR – namely Article 12 of Law Decree No. 179/2012, Presidential Decree No. 178/2015, and Article 11 of Law Decree No. 34/2020 – and defines the EHR, which is a set of health and social-health data and digital documents generated by present and past clinical events concerning the patient. The EHR pursues the purposes of care, research, and governance (i.e., health planning, quality of care verification, and evaluation of health care).

Secondly, the Garante focuses on the information to be provided to the patient and his/her consent. The patient shall receive information on data processing carried out in the framework of the EHR according to Article 13 of the General Data Protection Regulation (Regulation (EU) No. 2016/679, “GDPR”). In particular, it has to be made clear that the data included in the EHR are related to the present and past health status of the patient. Furthermore, the right to know about access to the EHR should be covered.

With regard to consent, the patient shall express his/her consent to having the record consulted on one-off basis and can always withdraw it. Once provided, the patient’s consent allows healthcare personnel who are treating him/her to access the EHR. Furthermore, data generated by health facilities located outside the patient’s Region are automatically fed into the EHR, thanks to the interoperability ensured by the Social Security Card System. In any case, healthcare service is guaranteed to be provided even if the patient does not provide the above-mentioned consent.

Thirdly, the Garante lists the subjects who can access the EHR:

  • The patient, who can consult both clinical and administrative health documents. He/she can also add personal information and documents related to the course of treatment in the “patient’s personal notebook” (taccuino personale dell’assistito), a specific section of the EHR;
  • The public and private healthcare professionals who treat the patient, provided that the patient gave his/her consent. In particular, general practitioners and/or pediatricians of free choice draft the “patient summary” (profilo sanitario sintetico); and
  • The health governance bodies that access pseudonymized data in the EHR to perform their institutional functions (g., care planning, management of health emergencies), regardless of the patient’s consent.

Experts, insurance companies, employers, scientific associations, and administrative bodies – even those operating in the health sector – and any unauthorized third parties cannot access the EHR.

Finally, the patient has the right to request that documents and data be redacted, both before and after they are fed into the EHR. Only the patient and the party that generated the redacted information can consult it. Moreover, redaction shall be handled in such a way that other subjects entitled to access the EHR for the purposes of care cannot automatically see that the patient has made that choice and that there are redacted data or documents. The redaction may be revoked by the patient at any time.

< Back to blog
Welcome to the Portolano Cavallo Life Sciences blog focusing on legal development and key legal issues affecting the life sciences and healthcare industry.
Read more
Our highly-ranked team of professionals will provide news, insights and multidisciplinary commentary on the hottest and most recent regulatory, transactional and contentious aspects of the pharmaceutical, bio-tech, med-tech, food supplement and healthcare world with an eye on its digital transformation and technological developments.

This blog will be a place for focusing on digital health, telemedicine and artificial intelligence, as well as more traditional topics: from the protection of intellectual properties to performance of clinical trials, from the market access to advertising and competition issues, from internal and criminal investigations to M&A and venture capital transactions.

March 20, 2023
Today, Regulation (EU) 2023/607 extending the transitional provisions for the placing on the market and putting into service of certain medical devices and in vitro diagnostic medical device...
January 31, 2023
Clinical trials: Ministry of Health signed off on decrees that (i) reorganize ethics committees and coordinate their activities, (ii) determine the single tariff for the authorization proced...
December 19, 2022
On 13 December 2022, EMA, European Commission and HMA jointly adopted a recommendation paper on the introduction of decentralised elements in the conduct of Clinical Trials in the EU/EEA
September 21, 2022
Payback for medical devices: Decree quantifying the exceeding of the expenditure ceiling for medical devices at national and regional level for the years 2015, 2016, 2017 and 2018 published ...
September 1, 2022
The 2021 annual law for market and competition addressing, as to the healthcare sector, reimbursement of drugs, intermediate distribution, patent linkage and institutional accreditation of p...
Search by...
Follow us on
Follow us on