E-health is closer to becoming a reality in Italy with the Data Protection Authority's approval of a decree which sets out the requirements for electronic health records systems.
The authority previously set out stringent requirements for electronic health records and health file systems in terms of the information to be provided to patients and necessary consent and security measures. However, the implementation of this system required technical specifications to be issued in a decree of the Council of Ministers, which the authority has now approved. Among other things, the decree categorises electronic health records according to the reason for processing the collected data, as follows:
- for the treatment of patients, with the hospital acting as data controller;
- for research purposes, with the regions, provinces and the Ministry of Health acting as data controllers; or
- for public purposes, with the Ministry of Labour acting as controller of the data collected in order to comply with applicable laws.
Strict requirements have been set out in terms of:
- the privacy information notice to be provided to patients;
- the consent to be given by patients for the inclusion in electronic health records of sensitive personal data;
- the identification of entities that can access stored data; and
- security measures to be adopted, with an express notification obligation for data controllers in case of data breach.
The requirements are also relevant to private companies – not only since they might contribute to the creation of the electronic health records infrastructure in Italy, but also because the requirements give instructions on how to set up e-health and remote patient monitoring systems, as well as privately run telemedicine systems (for further details please see "Remote patient monitoring systems: potential regulatory hurdles" and "Top five takeaways on telemedicine and e-health").
For further information on this topic please contact Giulio Coraggio at DLA Piper Italy by telephone (+39 02 80 61 81), fax (+39 02 80 61 82 01) or email (email@example.com). The DLA Piper website can be accessed at www.dlapiper.com.