Article
EU data protection in health care and eHealth environments
Search Medline for
Authors
-
Jürgen Hohmann
- Inspection générale de la sécurité sociale, Luxembourg
| Published: | September 20, 2011 |
|---|
Outline
Text
Background: With the development of communication technologies, new forms of collection storage and exchange of information have also gained importance in the field of health care. Additional to the individual health file being kept by each health professional or ward we will find commonly used electronic health records (EHR) provided by the interdisciplinary and intersectoral health staff that takes care of a given patient. The processing of health data among different health care professionals, its secondary use for statistical and research purposes, and even transfers to different sites worldwide have become a matter of course. Unsurprisingly, privacy today has become one of the fundamental issues in health care. Being considered as sensitive, personal health data enjoy the highest level of protection, which by various international conventions is furthermore enshrined as fundamental human right.
Method: The presentation exemplifies the scope and relevance of the European Data Protection Directive 95/46/EC with regard to the field of health care as well as medical and statistical research. The presentation further provides an analysis of the impact of eHealth on the current data protection legislation. Overall, the non-harmonized transposition of the Directive has led to high dissatisfaction about the cumbersome obstacles put on cross-border data exchange.
Results and discussion: The new information and communication technologies in health care make the specific requirement of what is meant by informed IT-consent, still the pivotal issue to legitimize the exceptional processing, subject to ongoing disputes. They further nourish the issue of whether the regulatory data protection framework can still keep pace. In view of the announced revision of the current Data Protection Directive 95/46/EC, the European Commission envisages to simplify the current system of notification and to promote a data protection at highest technical standard, also known as “privacy by design” (COM (2010) 609). Thus, in the future, a more pragmatic guidance will bring specific data protection settings for the processing of personal health data in line internationally, and make the application of the respective law more predictable. It also requires new technical solutions for the ex-post detection of data protection infringement as well as effective security break operations in case of non-compliance.
References
- 1.
- Art. 29 WP. WP 131 – Working Document on the processing of personal data relating to health in electronic health records (EHR). Brussels; 2007.
- 2.
- Art. 29 WP. WP 136 – Opinion 4/2007 on the concept of personal data. Brussels; 2007.
- 3.
- European Commission, European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions. A comprehensive approach on personal data protection in the European Union. COM. 2010;609 final.
- 4.
- European Data Protection Supervisor (EDPS). Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy. Brussels; 2010.
- 5.
- Hijmans H, Scirocco A. Shortcomings in EU Data Protection in the Third and the Second Pillars, can the Lisbon Treaty be Expected to Help? Common Market Law Review. 2009;46:1485-525.
- 6.
- Kuner C. European Data Protection Law: Corporate Compliance and Regulation. 2nd ed. Oxford, New York: University Press; 2007.
- 7.
- Nouwt S. Towards a Common European Approach to Data Protection: A Critical Analysis of Data Protection Perspective of the Council of Europe and the European Union. In: Guthwirth S, et al, eds. Reinventing Data Protection? Springer Science + Business Media B.V.; 2009. p. 275-292.
