New guidelines by the Council of Europe on health-related data protection
On March 27th, 2019, the Council of Europe issued a set of guidelines addressed to its 47 Member States. These principles aim at ensuring, both at legal level as well as in practice, a full compatibility of health-related data processing with human rights, especially with privacy and data protection.
The ever-increasing potential of new technologies has led to a substantial growth in data processing, which have become a valuable source material for developing knowledge and a key product for multiple sectors in many countries.
This development has also affected healthcare systems; these were also transformed by digitisation and new technologies, which became tools used by professionals for prevention, research and administration. The number of individuals concerned by healthcare has also grown substantially.
It is always worthy to keep in mind that health-related data contain most intimate and personal information on patients, which might potentially expose them to discrimination: therefore a special status should be given to this kind of data. This issue also points to a discussion towards developing new guidelines for healthcare professionals.
In the Recommendation, applicable to both the public and private sector, the Council of Europe’s Committee of Ministers calls upon the governments to transmit these guidelines to health-care systems and various actors dealing with data processing, in particular to health-care professionals and data protection officers.
The Recommendation contains a set of principles on health-care data protection and includes novelties introduced by the updated Council of Europe’s Convention on personal data protection, known as the Convention 108+, opened for signature in October 2018.
The Committee of Ministers underlines the fact that health-related data should be protected using adequate security measures which take into account the current stage of technological development, the sensitivity of the data as well as proper risk assessment related to data processing.
The Recommendation also includes guidelines as to the legal basis for the processing of health-related data, in particular with the consent for the processing given by the data subject, data concerning unborn children, genetic health-related data, sharing health-related data by professionals of the sector, and data storage.
The guidelines enumerate the rights of data subjects, especially transparency of data processing. They also contain a set of principles that should be kept with regard to data processing for scientific research purposes, collected using mobile devices or transferred across borders.
Full text of the Recommendation is available at the CoE website.