GDPR COMPLIANCE IN TELEMEDICINE

Authors

  • Edita Gruodytė
  • Ineta Ligeikaitė

DOI:

https://doi.org/10.7220/2029-4239.26.4

Keywords:

Remote healRemote healthcare services (telemedicine), GDPR, personal consent, confidentiality

Abstract

Personal healthcare is one of the most important areas of the society that involves highly sensitive and personal information about an individual. The introduction of remote healthcare services (telemedicine) during the pandemic revealed that remote provision of the services of such type in Lithuania was a relatively new area that had not been adequately addressed in the scientific literature. The main issue encountered in the analysis of the compliance of telemedicine services with the General Data Protection Regulation (GDPR) is the security of personal data and other confidential health-related information.

The article analyses the ways to prevent breaches of the requirements set by the General Data Protection Regulation in the context of provision of the telemedicine services. The concept, features, and legal regulation of telemedicine services in Lithuania and selected foreign countries are assessed to achieve the goal of the study. In addition, the concept and features of personal health data are examined with a view to revealing what exactly falls within these areas and how the protection of such data is regulated.

The analysis of legislation, case-law, scientific literature, legal framework applicable in Lithuania, the assessment of the concepts of telemedical services and personal data and the examination of the requirements for the protection of personal data revealed that the legal framework in Lithuania fundamentally complies with the requirements of personal data protection, however, the legal acts do not specify the requirements for the patients consent form, which in individual cases may break the requirements of personal data protection. The legal framework leaves considerable discretion for health care institutions to choose methods of personal identification, which creates the risk of improper identification of a person and violate the security and confidentiality of the personal data. The procedure of at least one health care institution states that remote consultations must be recorded when such actions are prohibited by the order of the Ministry of Health of the Republic of Lithuania - the procedure should be adjusted.

Downloads

Download data is not yet available.

Published

2023-10-25

How to Cite

Gruodytė, E., & Ligeikaitė, I. (2023). GDPR COMPLIANCE IN TELEMEDICINE. Teisės apžvalga / Law Review, 2(26), 84–110. https://doi.org/10.7220/2029-4239.26.4

Issue

Section

ARTICLES