This study investigates the data protection concerns arising in the context of the cross-border interoperability of Electronic Health Records (EHRs) systems in the European Union. The paper first introduces the policies on digital health and examines the related interoperability issues. Secondly, the work analyses the latest Recommendation of the European Commission on this topic. Then, the study discusses the rules and the obligations settled by the GDPR to be taken into account when developing interoperable EHRs. According to the data protection by design and by default provision, EHRs systems should be designed ex ante to guarantee data protection rules.
E-Health-Technologien spielen eine zentrale Rolle bei der Verarbeitung medizinischer Informationen. Dabei sind personenbezogene Gesundheitsdaten äußerst sensible Informationen, die Bedeutung des Datenschutzes in diesem Bereich ist zentral. Der Band untersucht die Möglichkeiten eines E-Health-Systems, das die Datenschutzgrundsätze und -anforderungen bereits in der Planungsphase berücksichtigt ("Privacy by Design"). Die Arbeit schließt damit die Lücke zwischen rechtlichen und technischen Aspekten von Gesundheitsdiensten und Datenschutz.
AbstractThis study investigates the data protection concerns arising in the context of the cross-border interoperability of Electronic Health Record (EHR) systems in the European Union. The article first introduces the policies on digital health and examines the related interoperability issues. Second, the work analyses the latest Recommendation of the European Commission on this topic. Then, the study discusses the rules and the obligations settled by the General Data Protection Regulation to be taken into account when developing interoperable EHRs. According to the data protection by design and by default provision, EHR systems should be designed ex ante to guarantee data protection rules.
The Digital Age brings along some relevant changes for lawyers and jurists. As a matter of fact, modern technologies invention and their diffusion cause specific requirements in order to protect the right of privacy because of the huge collection of individual's information. Today, the concept of privacy is changing: the right to be let alone evolves in personal data protection. The aim of this thesis is to propose and explain the innovative approach of privacy by design. This new methodology for privacy protection may be an efficient solution for technologies challenges and may increase law enforcement. The starting point is certainly the law and his power to conform technology with the regulative system. Privacy by design approach has as a goal to design and develop a system, a product or a service in a way that supports and materializes privacy principles, rules and values. Privacy measures are embedded into the design and the architecture of ICT systems and business practices. Privacy by design is characterized by proactive technical and organizational measures in time for preventing privacy infractions in each situation and for better safeguarding data collection and data security. The concept requires more respect for user privacy, keeping it central. The idea of privacy by design arose in Canada thanks to the Commissioner Ann Cavoukian and then became an international principle for privacy protection. It is even used by Federal Trade Commission and Canadians Commissioners in few procedures. Nowadays some norms explicitly require privacy by design; this is the case of the General Data Protection Regulation of the European Union published in 2016. The main goal of this work is to analyze the principle in a critical, comparative and interdisciplinary way, considering the historical point of view, the regulatory interventions and the case law. The analysis might be useful for understanding and implementing the approach in more countries, taking into account the benefits and the level of criticality. It is necessary to give some guidelines for the real implementation of privacy by design, looking at the future, and to find a norm that can be applied all over the word; in fact, it is urgent to find a global solution for privacy concerns. Privacy by design won't be the unique solution for privacy protection, but it will be essential for his future. This principle will safeguard better individual rights through a coherent and whole method. Designing privacy-friendly the technology means guarantee the other fundamental rights even more
The secondary processing of personal health data for scientific research in the medical field is fundamental for fostering innovation and growing knowledge that improves individual and public health. Personal health data that are primarily processed for healthcare purposes by healthcare providers may be secondarily used by researchers for scientific purposes. However, the data controller shall assess the applicable grounds and conditions and then comply with the data protection framework to safeguard fundamental rights and freedoms. In this paper we analyse the legal requirements laid down on these aspects by the General Data Protection Regulation at the European Union level, which harmonises the general rules, and by two national implementations at the Member State level, Italy and France, which further regulate with specific conditions. After this comparative investigation, we propose a proactive, legal-technical e-health solution that complies with the rules and principles of the legal frameworks and empowers the individual's control over personal health data while promoting medical research. To this end, the data protection by design concept plays a central role, and an interdisciplinary approach is fundamental in combining legal and technical perspectives. ; This paper has also been published in open access in the issue 1/2021 of the Journal Opinio Iuris in Comparatione. Paolo Guarda authored paragraphs 2 and 3. Giorgia Bincoletto authored paragraphs 4 and 5. They co-authored paragraphs 1 and 6. All links to websites were confirmed as of 11 November 2021. They grate-fully acknowledge their debt to the "eHealth" Research Units within Fondazione Bruno Kessler, to the Competence Center on Digital Health "TrentinoSalute4.0" and "Laboratorio congiunto con la Facoltà di Giurisprudenza – Università di Trento" for the support received for our research. They would like to thank Lo-renzo Gios for his valuable contributions and feedback. All errors remain their own.
