When can you (temporarily) skip the medical data protection?

Health data is by definition and function sensitive data, but as anyone seeing patients knows, it is not always practical to get consent when treating a sick patient.

It is not necessary to encrypt or anonymise patient data if:

  1. The patient as given express consent.
  2. It is in the vital interest of the patient, and the patient is unable to give consent. E.g., an unconscious patient arrives in the ER or if the patient is a minor.
  3. The professional processing the data to provide health care is already under a professional obligation to treat patients according to a code of confidentiality. This is the Hippocratic oath and all other versions which have followed.

When you do find out more information about, for example, an unconscious patient, you are under the obligation to update records immediately. Again standard practise for medical professionals before the GDPR was brought in.

It’s a short article because it’s a short message.

Don’t let the fear of data protection legislation stop you saving lives!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s