The collection of medical personal data relating to health conditions of patients in cloud databases is recently becoming more and more frequent, but relevant privacy issues are triggered.
In particular, the Italian Data Protection Authority issued Guidelines on the Electronic Health Record and the Health File
and Guidelines on Online Examination Records
that set out considerable restrictions in terms of (among others) types of personal data that can be processed and purposes for which they are processed (which cannot determined at mere discretion!), information to the given to patients and consent to be collected from them and security measures to be adopted to preserve the corruption of data collected in the cloud database i.e. databases that remotely store data either uploaded by healthcare institutions or patients themselves.
Same principles are applicable throughout Europe because of the recommendations
issued by the European Working Party (an European data protection advisory body) on electronic health records. Given the potential sanctions applicable to the breach of privacy regulations in the different European countries, a thorough legal review of cloud medical databases is recommendable.
Need to discuss the above? Feel free to contact me, Giulio Coraggio
(firstname.lastname@example.org) to discuss or partecipate to the consultation. Also follow us on Google+
, in our IPTitaly group on LinkedIn
and on Twitter