Personal Data Protection in Telemedicine
Abstract
The relevance of personal data protection in telemedicine is predetermined by the rapid developmentof information technologies in different spheres, including health care. The key issue is that currentlegal framework for personal data protection does not adequately meet the needs of telemedicine.Rather than facilitating technological development the law creates unreasonable barriers for introducinginnovations in health care. Modern information and communication technologies require a free,secure and legitimate information exchange among all actors of telemedicine relationships. The article contains recommendations on improving legislation on personal data for facilitating telemedicinedevelopment. The paper mainly focuses on the principles of personal data protection in telemedicine(requirements for informed consent, purposes of processing, special rules for data controllers and dataprocessors, obligations to ensure confidentiality and security etc.). In particular, it is proposed to eliminatethe mandatory requirement of written consent for processing special categories of personal data;to establish special grounds for personal data processing in telemedicine purposes; to differentiate theprocessing of personal data in telemedicine depending on the consent requirement (“without consent”“without consent, but with option to refuse processing”, “with consent”). It is necessary to set the legalstatus of telemedicine entities and possibly impose special obligations for personal data processingperformed by these entities. In addition, it is important to establish industry standards for security ofhealth information systems taking into account specific threats typical to telemedicine technologies.The article also focuses on the Russian legislative approach to health information systems that arecrucial for telemedicine. The thesis is supported that legislation in this area should facilitate integrationand interoperability of health information systems, expand applicability of these systems and increasethe role of patients in management of personal electronic health records. The methodological basis ofthe research includes analysis of legislation and draft laws on corresponding issues, comparative legalmethod (in some aspects Russian experience is considered in comparison with experience of the EUand USA) and method of legal modeling (amendments to Russian legislation are proposed).
Published
2016-02-24
How to Cite
ZhuravlevM. (2016). Personal Data Protection in Telemedicine. Law Journal of the Higher School of Economics, (3), 72-84. https://doi.org/10.17323/2072-8166.2016.3.72.84
Section
Russian Law: Condition, Perspectives, Commentaries