Electronic Health Record in Italy and Personal Data Protection

The present article deals with the Italian Electronic Health Record (hereinafter ehr), recently introduced by Act 221/2012, with a specific focus on personal data protection. Privacy issues — e.g., informed consent, data processing, patients’ rights and minors’ will — are discussed within the framework of recent e-Health legislation, national Data Protection Code, the related Data Protection Authority pronouncements and eu law. The paper is aimed at discussing the problems arising from a complex, fragmentary and sometimes uncertain legal framework on e-Health.

Download Full-text

The Electronic Health Record (EHR): Legal framework and issues about personal data protection

Pharmaceuticals Policy and Law ◽

10.3233/ppl-180454 ◽

2018 ◽

Vol 19 (3-4) ◽

pp. 141-159

Author(s):

Licia Califano

Keyword(s):

Electronic Health Record ◽

Data Protection ◽

Personal Data ◽

Legal Framework ◽

Health Record ◽

Personal Data Protection ◽

Electronic Health

Download Full-text

The use of data from electronic health records in times of a pandemic—a legal and ethical assessment

Journal of Law and the Biosciences ◽

10.1093/jlb/lsaa041 ◽

2020 ◽

Vol 7 (1) ◽

Author(s):

Karl Stoeger ◽

Martina Schmidhuber

Keyword(s):

Electronic Health Record ◽

Personal Data ◽

Legal Framework ◽

Unintended Consequences ◽

Point Of View ◽

Health Record ◽

Record System ◽

Health Records ◽

Ethical Assessment ◽

Electronic Health

Abstract National electronic health record systems controlled (at least in parts) by the patient are becoming increasingly common. During a pandemic, data stored in such records could be used by health authorities to identify persons with a particular health risk. In this contribution, the authors focus-from the perspective of law and medical ethics-on the question whether such state access to data could, under certain circumstances, be disadvantageous to a person’s state of health in the long run. This may be the case if the data extracted is not only used for the purpose of informing persons, but serves as a basis for measures taken against the will of the individual concerned. This might be perceived as a “breach of trust” and could result in persons opting out of or not opting into an electronic health record system. Such unintended consequences raise concerns from an ethical and a legal point of view. It follows that, even in times of a pandemic, access to personal data stored in patient-controlled health records should be used as a last resort only. While this contribution deals with the legal framework within the EU, its considerations are transferable to other national electronic health record systems.

Download Full-text

ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

Dereito revista xurídica da Universidade de Santiago de Compostela ◽

10.15304/dereito.29.1.6519 ◽

2020 ◽

Vol 29 (1) ◽

Author(s):

Rita De Sousa Costa

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Case Law ◽

Legal Framework ◽

The European Union ◽

Personal Data Protection ◽

Court Of Justice ◽

European Data ◽

Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

Download Full-text

A Review of Personal Data Protection Law in Indonesia

10.31219/osf.io/tmnwg ◽

2020 ◽

Author(s):

Muhammad Firdaus

Keyword(s):

Data Protection ◽

House Of Representatives ◽

Personal Data ◽

Privacy Rights ◽

Legal Rules ◽

Personal Data Protection ◽

Personal Dignity ◽

Data Protection Authority ◽

Individual Ability ◽

Protection Authority

The importance of protecting personal data issue starts strengthened along with the increasing number of telephone user mobile and internet in Indonesia. Several cases were sticking out, especially those that have a connection with the leak of personal data and leads to fraud or crime, strengthen the discourse on the importance of making legal rules to protect personal data. In Indonesia, the protection of personal data is related to the concept of privacy, which is the idea of safeguarding the integrity and personal dignity. Privacy rights are also an individual ability to determine who is holding their information and how the information is used. Currently, Indonesia’s long-awaited comprehensive draft Law on the Protection of Personal Data has been submitted by President Joko Widodo to the Chairperson of the Indonesian House of Representatives on January 24th, 2020. When passed, it will be the first framework legislation on personal data protection in Indonesia. This paper discusses and summarizes the progress of personal data protection based on the law and the regulatory authority in Indonesia. The result shows that there is a lack of explanation of the term data protection authority (DPA) in the final Bill submitted.

Download Full-text

A Platform for Health Record Management of the Conscripts in the Hellenic Navy

Studies in Health Technology and Informatics - Public Health and Informatics ◽

10.3233/shti210181 ◽

2021 ◽

Author(s):

Olympia Giannakopoulou ◽

Petros Toumpaniaris ◽

Ioannis Kouris ◽

Konstantia Moirogiorgou ◽

Nansy Karanasiou ◽

...

Keyword(s):

Cardiovascular Risk ◽

Electronic Health Record ◽

Assessment Tool ◽

Personal Data ◽

Record Management ◽

Health Record ◽

Electronic Health Record Data ◽

Recruitment Procedure ◽

Electronic Health ◽

Medical Examinations

eMass project aims to digitalize the medical examination procedure of recruitment phase of conscripts in the Hellenic Navy. eMass integrates recruits’ Electronic Health Record (EHR), while allows a pre-screening test, through portable telemedicine equipment. The data will be exploited to assess the individual’s cardiovascular risk through appropriate digital tools and algorithms. The eMass digital platform, will be accessible to health experts involved in the recruitment procedure for further assessment and processing. Recruits’ personal data is stored in the database encrypted using Advanced Encryption Standard (AES). eMass solution contributes to beneficial management and medical data analysis, preventing inessential physical or medical examinations minimizing danger of possible errors and reducing time-consuming processes. Moreover, eMass exploits Electronic Health Record data through a machine-learning based cardiovascular risk assessment tool.

Download Full-text

Personal Data Protection in Russia

The Palgrave Handbook of Digital Russia Studies ◽

10.1007/978-3-030-42855-6_6 ◽

2020 ◽

pp. 95-113

Author(s):

Alexander Gurkov

Keyword(s):

Data Protection ◽

Personal Data ◽

Legal Framework ◽

Fundamental Rights ◽

Special Role ◽

State Control ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

Download Full-text

The Impact of the GDPR on Extra-EU Legal Systems

Personal Data Protection and Legal Developments in the European Union - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9489-5.ch011 ◽

2020 ◽

pp. 224-237

Author(s):

Maria Casoria ◽

Eman Mahmood AlSarraf

Keyword(s):

United Arab Emirates ◽

Data Protection ◽

Arabian Gulf ◽

Personal Data ◽

Legal Framework ◽

Legal Systems ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Data Protection Law ◽

Regional Organisation

The chapter discusses the influence of the General Data Protection Regulation (GDPR) on legal systems extra-EU and particularly the Kingdom of Bahrain, country member to a regional organisation located in the Arabian Gulf denominated Gulf Cooperation Council (GCC), which is exclusive to six states (i.e., Saudi Arabia, United Arab Emirates, Oman, Qatar, and Kuwait in addition to Bahrain). Amongst these countries, Bahrain is the only one that has recently enacted its own separate Personal Data Protection Law (PDPL) mostly resembling the GDPR due to the ever-increasing commercial relationship with business undertakings in Europe. Moreover, the adoption of the data protection law counts as a huge leap forward taken by the kingdom in reforming its legal framework, since it is the state's striving strategy to grow into a midpoint for data centre, just on time for the launch of data centres opening in Bahrain that are endorsed by Amazon Web Services.

Download Full-text

PERSONAL DATA PROTECTION AND RESEARCH ACTIVITIES: EU LEGAL REGULATION EXPERIENCE

Actual Problems of Russian Law ◽

10.17803/1994-1471.2019.103.6.186-194 ◽

2019 ◽

pp. 186-194

Author(s):

A. G. Barabashev ◽

D. V. Ponomareva

Keyword(s):

Data Processing ◽

Data Protection ◽

Personal Data ◽

Legal Framework ◽

Legal Regulation ◽

The European Union ◽

Personal Data Protection ◽

Research Activities ◽

Special Rules ◽

Biometric Information

Legal regulation of the use of personal data is essential in ensuring the quality of scientific research. Regulation of the European Parliament and of the Council of the European Union No. 2016/679 of April 27, 2016 «On the protection of natural persons with regard to the processing of personal data and on the free movement of such data», repealing Directive 95/46/EC, aims to unify the standards governing the protection of human rights to privacy, certain conditions beyond. This novel, introduced by the Regulation in the EU legal framework, complements and updates the acquis communautaire achieved within the framework of Directive 95/46/EC on personal data protection. The Regulation establishes both general rules applicable to any type of personal data processing and special rules applicable to the analysis of certain categories of personal data, such as information obtained during clinical trials. This paper provides an overview of new standards (in force since May 2018) that regulate aspects of personal data processing in the context of research activities (personal health data, genetic, biometric information, etc.)

Download Full-text