RESUMO
Modern communication and information technologies are rapidly being deployed at health care institutions around the world. Although these technologies offer many benefits, ensuring data protection is a major concern, and implementation of robust data protection measures is essential. In this context, health care providers and medical care facilities must frequently make difficult decisions and compromises between the need to provide effective medical care and the need to ensure data security and patient privacy. In the present paper, we describe and discuss key issues related to data protection systems in the setting of cancer care hospitals in Europe. We provide real-life examples from two European countries-Poland and the Czech Republic-to illustrate data protection issues and the steps being taking to address these questions. More specifically, we discuss the legal framework surrounding data protection and technical aspects related to patient authentication and communication.
RESUMO
Secure communication between patients and health care facilities is especially important In 2016, the European Union (EU) introduced a new regulation - the General Data Protection Regulation (GDPR), applicable in all EU member states - aimed at improving protection of personal data. The GDPR provides broad guidelines on data protection, but generally lacks specific details. Consequently, although member states must comply with the GDPR, there is some flexibility to develop new regulations to suit national characteristics and practices, especially in key economic sectors, such as health care. The aim of the present article is to discuss the benefits and limitations of legal provisions governing the patient identification (both in-person and remotely). This analysis is based on Polish laws that were recently passed to comply with the GDPR. In some cases, these data protection regulations may be unnecessarily strict, making routine care more difficult than intended by the GDPR. National legislation in Poland imposes strict data protection measures, such as prohibiting the public display of patient names or calling out the patient's name in public. However, after health care personnel around the country criticised many of these measures, the law will be modified to address those concerns. For example, the patient's name can be displayed on a wrist band and on containers with the patient's medicines. Nonetheless, numerous questions still need to be resolved to adapt the general data protection rules to ensure the effective operation of the hospital to avoid problems related to accurate patient identification.
