October 14, 2020

The Italian Data Protection Authority publishes Frequently Asked Questions and Infographic on the Electronic Health Record

On September 14, 2020, the Italian Data Protection Authority (“Garante”) published on its website a set of Frequently Asked Questions (“FAQ”) and an Infographic on the main characteristics of the Electronic Health Record (“EHR”).

Firstly, the Garante refers to the relevant provisions that regulate the EHR – namely Article 12 of Law Decree No. 179/2012, Presidential Decree No. 178/2015, and Article 11 of Law Decree No. 34/2020 – and defines the EHR, which is a set of health and social-health data and digital documents generated by present and past clinical events concerning the patient. The EHR pursues the purposes of care, research, and governance (i.e., health planning, quality of care verification, and evaluation of health care).

Secondly, the Garante focuses on the information to be provided to the patient and his/her consent. The patient shall receive information on data processing carried out in the framework of the EHR according to Article 13 of the General Data Protection Regulation (Regulation (EU) No. 2016/679, “GDPR”). In particular, it has to be made clear that the data included in the EHR are related to the present and past health status of the patient. Furthermore, the right to know about access to the EHR should be covered.

With regard to consent, the patient shall express his/her consent to having the record consulted on one-off basis and can always withdraw it. Once provided, the patient’s consent allows healthcare personnel who are treating him/her to access the EHR. Furthermore, data generated by health facilities located outside the patient’s Region are automatically fed into the EHR, thanks to the interoperability ensured by the Social Security Card System. In any case, healthcare service is guaranteed to be provided even if the patient does not provide the above-mentioned consent.

Thirdly, the Garante lists the subjects who can access the EHR:

  • The patient, who can consult both clinical and administrative health documents. He/she can also add personal information and documents related to the course of treatment in the “patient’s personal notebook” (taccuino personale dell’assistito), a specific section of the EHR;
  • The public and private healthcare professionals who treat the patient, provided that the patient gave his/her consent. In particular, general practitioners and/or pediatricians of free choice draft the “patient summary” (profilo sanitario sintetico); and
  • The health governance bodies that access pseudonymized data in the EHR to perform their institutional functions (g., care planning, management of health emergencies), regardless of the patient’s consent.

Experts, insurance companies, employers, scientific associations, and administrative bodies – even those operating in the health sector – and any unauthorized third parties cannot access the EHR.

Finally, the patient has the right to request that documents and data be redacted, both before and after they are fed into the EHR. Only the patient and the party that generated the redacted information can consult it. Moreover, redaction shall be handled in such a way that other subjects entitled to access the EHR for the purposes of care cannot automatically see that the patient has made that choice and that there are redacted data or documents. The redaction may be revoked by the patient at any time.

< Back to blog
Welcome to the Portolano Cavallo Life Sciences blog focusing on legal development and key legal issues affecting the life sciences and healthcare industry.
...
Read more
Our highly-ranked team of professionals will provide news, insights and multidisciplinary commentary on the hottest and most recent regulatory, transactional and contentious aspects of the pharmaceutical, bio-tech, med-tech, food supplement and healthcare world with an eye on its digital transformation and technological developments.

This blog will be a place for focusing on digital health, telemedicine and artificial intelligence, as well as more traditional topics: from the protection of intellectual properties to performance of clinical trials, from the market access to advertising and competition issues, from internal and criminal investigations to M&A and venture capital transactions.

Close
September 21, 2023
CBS products: from September 20th, compositions for oral administration of cannabidiol obtained from Cannabis sativa extracts shall be considered as narcotic drugs in Italy, as they have bee...
July 27, 2023
Payback on medical devices: Italian government announces extension of payment deadline to October 30, 2023
July 21, 2023
On July 21, 2023, the Italian Ministry of Health published new guidelines on health advertising of self-medication drugs (OTC) and non-prescription drugs (SOP), including advertising on new ...
June 30, 2023
Payback for medical devices: on June 28 Italian parliament approved the Law which, among other things, extends the deadline for the payment of the amount reduced by 52% from June 30th to Jul...
June 20, 2023
Clinical investigations on medical devices: four ministerial decrees setting out procedures for submitting applications/notifications and requirements for facilities and assessing persons, i...
Search by...
Search
Follow us on
Follow us on