Protection of privacy and cyber risk in healthcare

The topic of e-health is connected to a number of legal issues: the right to protection of personal data, the right to health and the principle of public administration efficiency. In addition, it relates to many other relevant issues, such as the civil liability of healthcare professionals and the control of public spending.

Each of these issues is extremely wide-ranging and finding the right balance between conflicting rights and interests is also a considerably complex operation.

Today all questions which arise must be addressed from an international or at least a European perspective, acknowledging phenomena such as healthcare mobility resulting from the implementation of the principles of free movement of people and data.

European Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) protects personal data, but also promotes the free movement of such data. The free flow of personal data is permitted and actually “the free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data”, provided that data are protected and safe.

The General Data Protection Regulation identifies healthcare purposes as one of the legal bases for the processing of personal data, therefore implicitly classifying consent as superfluous for the legitimate processing of these data. Such consent was already required in Italy, but its usefulness should be carefully evaluated since it clearly represents a necessary consent, which cannot be denied by patients wishing to be treated.

However, when personal health data are used to create an electronic health record with the aim of mapping a patient’s history “from cradle to grave”, the legislator considers this processing to be carried out for different specific purposes, which ultimately concerns the patient’s healthcare, but is not solely related to a single health issue, so much as a general assessment of the patient’s health and so consent becomes a requirement for the legitimate processing of personal data. Further purposes are added to that of healthcare, such as those regarding scientific research and public healthcare management.

It is clear that the legislator considers the processing of personal data concerning a specific single event and the electronic processing of a collection of personal data in a totally different way.

The amount and, above all, the way in which data are processed (by electronic means) lead the legislator to provide for an ad hoc regulation. Processing by electronic means causes greater concern with regard to data access and safety. However, it should not be forgotten that in these cases the most serious problems are above all cultural and organizational and that they remain even if processing is not carried out by electronic means, but analogically.

What is more, the use of information technologies and the creation of data collections create the illusion of dealing with a complete set of information, whereas the legislator rejects such completeness. By providing for the right to block personal data and allowing the patient to conceal such an operation, not only does the legislator not allow the health professional to know whether the electronic health record is complete, but not even to know whether the patient has blocked any personal data. The doctor who relies on the completeness of the information provided will have to take into account the consequences in terms of civil liability, given that the completeness of information is not guaranteed but is simply an illusion. In such a scenario, there is the risk that only limited benefit can be gained from the use of electronic health records in terms of efficiency on the part of public administration, which manages and oversees the majority of the public healthcare system and the relative public expenditure. Any benefit deriving from the use of an electronic health record is therefore influenced by the patient’s personal evaluation and not by either that of public administration, or the healthcare provider. Therefore, the use of such a tool does not appear to create wide-ranging benefit for the system, but is only beneficial on an individual case by case basis. In other words, it is the individual’s perspective which is chosen, even if the system in use is effective and only achieves its set goals when the data collected are fully complete. Effectiveness and speed of treatment, efficiency on the part of public administration, reduction in public spending all in part give way to the principle of self-determination.

The electronic health record certainly remains a useful tool for both private citizens and public administration in a number of ways. For example, documents which the patient has allowed access to are available, the private citizen is also able to obtain information quickly and health databases are created which are useful for patients themselves.

The question which still lurks in the background and remains unanswered is this: “who do personal data belong to?”. In fact it is a question which has been badly framed and should really be split into two different questions, namely, “who controls personal data?” and “who can use them?”. In the intangible world, we should not use an approach based on the concept of ownership, but rather one based on the right to use. By this logic, the focus should not be on “property”, but rather on “license”.

The volume coordinated by Carlo Bottari addresses many of the issues discussed in papers by authors from various countries which recount different experiences. The authors are also different both professionally and in terms of their roles, which lets the reader put together complementary points of view and get a complete overall picture.