Legislative issues in the processing of sensitive personal data in the electronic patient record

Abstract

Introduction: EPR is an evolving idea determined as a long-term collection of health care information of patients and populations. EPR has gained a great value in the healthcare environment. Its contribution to the improvement of the quality of health care provision, to the reduction of health services’ costs, and to the increase of productivity and efficiency of health care professionals, justify its importance. Purpose / Objective: The purpose of this study was to explore the general legislative status in Greece, E.U., and USA for the protection of sensitive personal data in the Electronic Patient Record (EPR). Methodology: In preparation for reviewing the literature on the general legislative status in Greece, E.U., and USA for the protection of sensitive personal data in the EPR, a MEDLINE and a GOOGLE search was conducted. Bibliographic review was made with key words “Electronic patient record, sensitive personal data, legislation, security”. Results: Each country in E.U but in America also tries to protect the people’s right for a safe handling of personal data included in an EPR by setting the minimum necessary requirements for each health organization that uses it and by creating laws for the same purpose. Greece, following the instructions by E.U, has already legislated in order to protect the EPR’s sensitive personal data. Conclusion: The determination of ethic and legal guidelines and criteria relevant to the electronic collection, processing, and communication of personal sensitive health data, is vital. A potential disclosure of patient’s personal data puts in risk the relationship between the patient and the physician or nurse but also the one among the members of the entire society since the patient may be afraid or reluctant to trust to reveal critical information that concern not only his personal health but also the public health.