GDPR COMPLIANCE IN TELEMEDICINE
DOI:
https://doi.org/10.7220/2029-4239.26.4Keywords:
Remote healRemote healthcare services (telemedicine), GDPR, personal consent, confidentialityAbstract
Personal healthcare is one of the most important areas of the society that involves highly sensitive and personal information about an individual. The introduction of remote healthcare services (telemedicine) during the pandemic revealed that remote provision of the services of such type in Lithuania was a relatively new area that had not been adequately addressed in the scientific literature. The main issue encountered in the analysis of the compliance of telemedicine services with the General Data Protection Regulation (GDPR) is the security of personal data and other confidential health-related information.
The article analyses the ways to prevent breaches of the requirements set by the General Data Protection Regulation in the context of provision of the telemedicine services. The concept, features, and legal regulation of telemedicine services in Lithuania and selected foreign countries are assessed to achieve the goal of the study. In addition, the concept and features of personal health data are examined with a view to revealing what exactly falls within these areas and how the protection of such data is regulated.
The analysis of legislation, case-law, scientific literature, legal framework applicable in Lithuania, the assessment of the concepts of telemedical services and personal data and the examination of the requirements for the protection of personal data revealed that the legal framework in Lithuania fundamentally complies with the requirements of personal data protection, however, the legal acts do not specify the requirements for the patients consent form, which in individual cases may break the requirements of personal data protection. The legal framework leaves considerable discretion for health care institutions to choose methods of personal identification, which creates the risk of improper identification of a person and violate the security and confidentiality of the personal data. The procedure of at least one health care institution states that remote consultations must be recorded when such actions are prohibited by the order of the Ministry of Health of the Republic of Lithuania - the procedure should be adjusted.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Law Review
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Unless otherwise specified, copyright is shared by both the contributor and LR.
LR has a strict policy against any forms of plagiarism, including self-plagiarism. Any quotation—even a short one—from a separate source shall be followed by the required corresponding reference. Any literal quotation—i.e. word-by-word—shall be provided in quotation marks or separated into a distinct paragraph.