October 14, 2020

The Italian Data Protection Authority publishes Frequently Asked Questions and Infographic on the Electronic Health Record

On September 14, 2020, the Italian Data Protection Authority (“Garante”) published on its website a set of Frequently Asked Questions (“FAQ”) and an Infographic on the main characteristics of the Electronic Health Record (“EHR”).

Firstly, the Garante refers to the relevant provisions that regulate the EHR – namely Article 12 of Law Decree No. 179/2012, Presidential Decree No. 178/2015, and Article 11 of Law Decree No. 34/2020 – and defines the EHR, which is a set of health and social-health data and digital documents generated by present and past clinical events concerning the patient. The EHR pursues the purposes of care, research, and governance (i.e., health planning, quality of care verification, and evaluation of health care).

Secondly, the Garante focuses on the information to be provided to the patient and his/her consent. The patient shall receive information on data processing carried out in the framework of the EHR according to Article 13 of the General Data Protection Regulation (Regulation (EU) No. 2016/679, “GDPR”). In particular, it has to be made clear that the data included in the EHR are related to the present and past health status of the patient. Furthermore, the right to know about access to the EHR should be covered.

With regard to consent, the patient shall express his/her consent to having the record consulted on one-off basis and can always withdraw it. Once provided, the patient’s consent allows healthcare personnel who are treating him/her to access the EHR. Furthermore, data generated by health facilities located outside the patient’s Region are automatically fed into the EHR, thanks to the interoperability ensured by the Social Security Card System. In any case, healthcare service is guaranteed to be provided even if the patient does not provide the above-mentioned consent.

Thirdly, the Garante lists the subjects who can access the EHR:

  • The patient, who can consult both clinical and administrative health documents. He/she can also add personal information and documents related to the course of treatment in the “patient’s personal notebook” (taccuino personale dell’assistito), a specific section of the EHR;
  • The public and private healthcare professionals who treat the patient, provided that the patient gave his/her consent. In particular, general practitioners and/or pediatricians of free choice draft the “patient summary” (profilo sanitario sintetico); and
  • The health governance bodies that access pseudonymized data in the EHR to perform their institutional functions (g., care planning, management of health emergencies), regardless of the patient’s consent.

Experts, insurance companies, employers, scientific associations, and administrative bodies – even those operating in the health sector – and any unauthorized third parties cannot access the EHR.

Finally, the patient has the right to request that documents and data be redacted, both before and after they are fed into the EHR. Only the patient and the party that generated the redacted information can consult it. Moreover, redaction shall be handled in such a way that other subjects entitled to access the EHR for the purposes of care cannot automatically see that the patient has made that choice and that there are redacted data or documents. The redaction may be revoked by the patient at any time.

< Back to blog
Welcome to the Portolano Cavallo Life Sciences blog focusing on legal development and key legal issues affecting the life sciences and healthcare industry.
Read more
Our highly-ranked team of professionals will provide news, insights and multidisciplinary commentary on the hottest and most recent regulatory, transactional and contentious aspects of the pharmaceutical, bio-tech, med-tech, food supplement and healthcare world with an eye on its digital transformation and technological developments.

This blog will be a place for focusing on digital health, telemedicine and artificial intelligence, as well as more traditional topics: from the protection of intellectual properties to performance of clinical trials, from the market access to advertising and competition issues, from internal and criminal investigations to M&A and venture capital transactions.

October 6, 2023
CBD products: the Administrative Court suspended until October 24 the recent Decree of the Italian Ministry of Health listing cannabidiol for oral use among narcotic drugs, due to the lack o...
October 4, 2023
The Guidelines for regulating contractual relations between universities and research institutes and private sponsors were adopted by the relevant Italian Ministries following the amendment ...
September 21, 2023
CBS products: from September 20th, compositions for oral administration of cannabidiol obtained from Cannabis sativa extracts shall be considered as narcotic drugs in Italy, as they have bee...
July 27, 2023
Payback on medical devices: Italian government announces extension of payment deadline to October 30, 2023
July 21, 2023
On July 21, 2023, the Italian Ministry of Health published new guidelines on health advertising of self-medication drugs (OTC) and non-prescription drugs (SOP), including advertising on new ...
Search by...
Follow us on
Follow us on