Pulsantiera di navigazione Home Page
Pagina Facebook Pagina Linkedin Canale Youtube Italian version
News
Legal news

DATA PROTECTION

Italian Data Protection Authority: proceedings started against 18 Regions and 2 Autonomous Provinces for corrective actions regarding the Electronic Health Record – FSE 2.0.


There is an urgent need to take action to protect the rights of all Italian patients involved in the processing of health data carried out through the Electronic Health Record 2.0.

With this motivation, the Italian Data Protection Authority has notified 18 Regions and the Autonomous Provinces of Bolzano and Trento of the initiation of corrective and sanctioning procedures for the numerous violations found in the implementation of the new rules on the FSE 2.0, introduced with the Ministry of Health decree of 7 September 2023.

In the previous days, the serious situation and the urgency of corrective action had been reported to the Prime Minister and the Minister of Health.

The results of the investigative activity on the ESF, which had begun at the end of January, showed that 18 Regions and the two Autonomous Provinces of Trentino Alto Adige - not being in line with the contents of the decree of 7 September 2023 - had modified, even significantly, the information model prepared by the Ministry, subject to the opinion of the Italian Data Protection Authority, which should have been adopted throughout the country.

The discrepancies found have made it clear that certain rights (e.g. blackout, proxy, specific consent) and measures (e.g. security measures, differentiated levels of access, data quality) introduced by the decree, precisely for the protection of patients, are not guaranteed uniformly throughout the country. Or they are only exercisable and enforceable by patients in certain Regions and Autonomous Provinces, with a potentially significant discriminatory effect on patients.

This lack of homogeneity also contradicts the spirit of the ESF 2.0 reform aimed at introducing homogeneous measures, guarantees, and responsibilities throughout the country, thus also risking compromising the functionality, interoperability, and efficiency of the ESF 2.0 system.

The violations committed by the Regions and Autonomous Provinces, with different levels of seriousness and responsibility, may lead to the application of the sanctions provided for by the GDPR.
 
Stampa la pagina