Electronic Health Records: Privacy and Security Issues in a Comparative Perspective
20 Pages Posted: 26 Dec 2009 Last revised: 30 Aug 2012
Date Written: December 26, 2009
Before the digital age, health data processing was not such a problematic issue. It was based on a strictly fiduciary relationship between the patient (rectius: data subject) and the physician, who in most cases was the so-called “General Practitioner (GP).” Everything was then set on paper, when not in an oral form. The advent and the widespread diffusion of computers has caused the upsurge of new problems and needs of protection. Digital technology provided the extraordinary ability to access very quickly to large amounts of aggregated data, but from the other hand it has made also possible the creation of big databases to which more and more people - even if limited in number and specifically identified - may have access. This has greatly increased the risks associated with the treatment of these data, their unlawful circulation and dissemination, the capability to affect the dignity and the fundamental freedoms and rights of the individual data subject. For these reasons, the European legislator - with the famed Directives 95/46/EC (protection of individuals with regard to the processing of personal data and on the free movement of such data) and 2002/58/EC (the processing of data personal and the protection of privacy in the electronic communications sector) - intervened, devoting to the problem of health data processing an ad hoc regulation, thus highlighting the specificity and the dangers that the operations relating to this particular category of data may show.
Article 4, co. 1, lett. d) of Legislative Decree 30 June 2003, n. 196 (Code for protection of personal data - henceforth Privacy Code) defines the so called “sensitive data” as follows: “personal data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life.” In order to process such kind of information it has been provided a more strictly and protective discipline, since their collection, communication and dissemination may present the data subject to which they pertain with several serious risks of discrimination. The so-called “Electronic Health Record” (henceforth, EHR) represents a pivotal moment in the digitalization of the health data processing. The definition of this new legal concept has encountered many difficulties; anyway it consists of two basic elements: the storage moment, by means of the digital technologies, of all the data and information that until now have been collected and managed in a paper mode; the sharing moment of data collected by all the actors of the system, entitled to their communication and processing.
Unlike the traditional electronic platforms of health data management, which privileges the role of health-service providers and gives to the patient a very marginal and limited role, the new approach underlying the concept of EHR is characterized by a patient who becomes the crucial point of information management system fit for revealing his state of health. From this point of view, any interaction between the patient and the new system involves the creation of new data. The first e-health data revolution - the introduction of information technology and Electronic Health Records (EHRs) - concerned the digitizing and rationalization of the flow of data. The second step is represented by the so called Project Health Design (PHD): it means that patients will increasingly create health data (or links to other data) without the intermediation of any “qualified person.”
At the International level we found several documents that are pushing to the implementation of EHR. Above all, it is needed to be cited the “Working Document on the processing of personal data relating to health in electronic health records (EHR)” adopted on 15 February 2007 by the Working Group Party on the Protection of individuals with regard of the Processing of Personal Data. This document is aimed to provide guidance on the interpretation of the applicable data protection legal framework for electronic health record (EHR) systems and to establish some general principles. It also aims at setting out the data protection preconditions for establishing a nation-wide EHR system, as well as the applicable safeguards. A definition of this new instrument has been proposed by the already mentioned Working Group. “A comprehensive medical record or similar documentation of the past and present physical and mental state of health of an individual in electronic form and providing for ready availability of these data for medical treatment and other closely related purposes”. Also the Italian Garante per la protezione dei dati personali (hereinafter: Privacy Authority) enacted by a General Provision some Guide Lines on the implementation of an EHR system (Provvedimento a carattere generale 16 luglio 2009 del Garante per la protezione dei dati personali - Linee guida in tema di Fascicolo sanitario elettronico (Fse) e di dossier sanitario) (hereinafter: LG). All these documents demonstrate a real interest on this matter.
During this paper, I will focus on the main problematic issues of the implementation of EHR systems, as they arise through reading Italian Privacy Authority LG. Then, many issues will be taken into consideration: scope of a EHR system, responsibilities and expectations with respect to data entered, self-determination principle, consent, access to EHR, data controllers and data processors, data communication to data subject (art. 84 Privacy Code), and Security Measures. In the final part a comparative analysis will be provided with the English and the French e-health systems.
Keywords: Electronic Health Record, Privacy, Data Protection, Security, Health Data, e-Health
Suggested Citation: Suggested Citation