eHealth closer with electronic health privacy rules


eHealth is closer to become a reality in Italy with the approval by the Italian Data Protection of the decree providing the requirements for electronic health records systems.

We had already discussed in this post about the stringent requirements that had been set out by the Italian data protection authority in relation to electronic health records and health file systems in terms of information to be provided to patients, consents to be given and security measures to be adopted.

However, the implementation in Italy of this system required some technical specifications to be issued in a decree of the Council of Ministries to which the Italian data protection authority has now granted its approval. The decree is interesting as among others it distinguishes the electronic health records in subsections according to the purposes of processing of collected data that are:

  1. for the treatment of patients with hospitals acting as data controller;
  2. for research purposes with Regions, Provinces and the Italian Ministry of Health acting as controllers and
  3. for public purposes with the Ministry of Labour acting as controller of data collected to comply with applicable laws.

Also very stringent requirements have been set out in terms of

  • privacy information notice to be provided to patients
  • consent to be given by them for the inclusion in the electrinc health records of very sensitive data concerning them
  • identification of entities that can access to stored data and
  • security measures to be adopted with an express notification obligation on data controllers in case of data breach events.

The above is relevant also for private companies not only since they might contribute to the creation of the electronic health records infrastructure in Italy, but also because it provides interesting instructions on how to set up eHealth and remote patient monitoring systems as well as telemedicine systems privately run by them.

The growth of the Internet of Things will increasing raise the issues above that I will also thoroughly cover in the following posts.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.