Data protection law and healthcare
To date, several studies have investigated the interaction between data protection law and healthcare. According to the article 4 of the General Data Protection Regulation (GDPR), “data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveals information about his or her health status. Because of its sensitive nature, health data requires an elevated level of protection.
Nowadays public authorities and private companies are using health record systems and e-health mobile applications to process data subject’s health-related information. In the European Union, according to the GDPR, these data must be protected from unauthorized access to safeguard the privacy and the security of the individuals.
The article 25 of the GDPR states
Researchers at the University of Luxembourg, in collaboration with CIRSFID of the University of Bologna, are attempting to evaluate the impact of this Regulation to the healthcare sector and to explore the implementation of the principle of privacy by design in the healthcare context. Most studies in this field have only focused on legal or technical concerns. However, the methodological approach taken in the research is a mixed methodology based on legal analysis, legal comparison and interdisciplinary perspective.
Main contributor(s): Giorgia Bincoletto