Electronic Health Records ' Guidelines by the Italian DPA
Electronic Health Records – Guidelines by the Italian DPA
The "Guidelines for Electronic Health Records and Health Files" were issued by the DPA - pending the enactment of specific legislation - following a public consultation that involved the relevant practitioners; they lay down a first set of rules to ensure the protection of medical data and safeguard individuals.
The "Guidelines" require patients to be enabled to freely decide whether an electronic health record should be set up or not with their medical information and whether it should include all or part of the medical information concerning them. Patients should give their specific consent separately from the one requested for the purposes of medical treatment; additionally, they should be empowered to have certain clinical events and data "blanked" from the electronic record.
Patients should be informed appropriately in order to make informed decisions. Accordingly, information notices should be worded precisely and unambiguously to specify who (physicians, medical doctors from the hospitalization unit, pharmacists, etc. ,) can access what data and what operations may be performed on those data.
Electronic health records may be accessed by patients - via suitable mechanisms (e.g. via smart cards) - as well as by health care practitioners; however, the latter should be authorized specifically to do so and their access may only serve health care purposes. Conversely, technical experts, insurance companies and/or employers are not allowed to access a patient’s health record.
Where a patient does not wish to rely on an electronic health record, this must not prevent him/her from benefiting from NHS health care.
Finally, all accesses to the information must be logged and based on a tiered system; medical data must be protected by high-level security measures to minimize the risks of misuse, theft and/or data loss.
Regions and local health care agencies are required to inform the Italian DPA of any ongoing initiatives related to the introduction of electronic health records, whilst all future initiatives in this area will have to be always notified in advance to the DPA.
11 August 2009