Analysis of GDPR Compliance in Utilizing Personal Data for Public Health Purposes in Romania

Maedica (Bucur). 2024 Jun;19(2):2982024-2982029. doi: 10.26574/maedica.2024.19.2.2982024;.

ABSTRACT

OBJECTIVE: The General Data Protection Regulation (GDPR), which became effective on May 25, 2016, underscored the significance of confidentiality across various economic and social domains. Within the medical sector, confidentiality of patient health information is meticulously governed by laws, e.g., no. 95/2006 and no. 46/2003. While these laws address numerous privacy aspects within the doctor-patient relationship, it becomes necessary to update them to align with the latest advancements in emerging technologies, particularly in the context of telemedicine.

MATERIAL AND METHODS: Upon reviewing the overview of rules pertaining to health data processing in Romania, as published by the European Data Protection Board (EDPB) in 2021, and comparing it with the current public health and research laws in Romania, it becomes apparent that there is a regulatory gap concerning the secondary use of health data.

RESULTS: This gap is particularly notable in terms of planning, managing and enhancing the healthcare system, as well as utilizing such data for scientific and historical research purposes, leading to the necessity of developing and regulating the European Health Data Space.

CONCLUSION: Although steps have been taken to align the GDPR legislation in Romania, there is still a disproportionality in the regulation of privacy and cyber security with the implementation of new technologies that will collect, process and store sensitive medical data.

PMID:39188846 | PMC:PMC11345071 | DOI:10.26574/maedica.2024.19.2.2982024;