Protection of Health Data in Accordance with the GDPR: Selected Issues

Abstract

Patients’ rights are widely commented issue in the medical and legal press. Attempts are being made to analyse issues relating to patient consent, the right to information about the medical procedures performed and the state of health, or the authority of medical personnel to make decisions about the patient’s person and the related procedures or treatments. This results in an increase in the importance of information, which has become one of the most important values in today’s world. Access to information, especially about oneself, means a certain social and legal awareness. Restrictions on access to information deprive people of the right to selfdetermination and, at the same time, the right to satisfy one of their needs, which is particularly important in today's world. Nowadays, it is unavoidable to process the data of any person, which is essential for the proper functioning of society, but above all for the benefit of each individual. This testifies that an individual is present in social, economic or political life. For over a year now, institutions providing medical services have been obliged to implement a number of regulations contained in the Regulation of the Parliament and Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. Personal data relating to health are defined in the preamble of the Act. This Regulation does not indicate the organisational or technical measures to be taken by the data administrator to ensure data protection. These measures should be appropriate to the scope, purpose and risks of the data being processed. Sensitive data shall fall within the category of data for which processing involves the adoption of enhanced security measures. The task of the 99 data administrator is to introduce appropriate guarantees to ensure the implementation of appropriate technical and organizational measures so that the data processing meets the requirements of the GDPR and protects the rights of data subjects. Their task is also to adapt their forms, statements, e-mails or other queries so that they are clear, understandable and readable for the average recipient. For it is the quality that is the essence of information provided in the inquiry, not its number. The EU legislator has introduced several new developments to identify patterns of conduct and interpretations that are new concerning previous regulations. With the introduction of the GDPR, new procedures have been developed in order to exercise the rights of data subjects. However, the existing acquis of literature and judicature, as well as experience in the application of provisions ensuring the full entitlement of the data subjects, is not underestimated. More and more frequent analysis of the consequences of breaching the right to the protection of medical data and of the issue of giving and withdrawing consent to the processing of data may increase the importance of this right for society and thus ensure full protection of privacy and the information autonomy of the patient.

References

1. Fischer, Bogdan, and Marlena Sakowska-Baryła. 2017. Realizacja praw osób, których dane dotyczą, na podstawie rodo. Wrocław: Biblioteka ABI Expert. [Google Scholar]
   
2. Jackowski, Michał. 2011. Ochrona danych medycznych. Warszawa: ABC. [Google Scholar]
   
3. Jackowski, Michał. 2018. Ochrona danych medycznych. RODO w ochronie zdrowia. Warszawa: Wolters Kluwer Polska. [Google Scholar]
   
4. Koenner, Marek. 2018. RODO dla lekarza i podmiotu leczniczego w pytaniach i odpowiedziach. Gdańsk: AsteriaMed. [Google Scholar]
   
5. Kubiak, Rafał. 2015. Tajemnica medyczna. Warszawa: Wydawnictwo C.H. Beck. [Google Scholar]