Защита персональных данных в телемедицине
The relevance of personal data protection in telemedicine is predetermined by rapid development of information technologies in different spheres, including health care. The key issue is that current legal framework for personal data protection does not adequately meet the needs of telemedicine. Rather than facilitating technological development the law creates unreasonable barriers for introducing innovations in health care. Modern information and communication technologies require a free, secure and legitimate information exchange among all actors of telemedicine relationships.
The article contains recommendations on improving legislation on personal data for facilitating telemedicine development. The paper mainly focuses on the principles of personal data protection in telemedicine (requirements for informed consent, purposes of processing, special rules for data controllers and data processors, obligations to ensure confidentiality and security, etc.).
In particular, it is proposed to eliminate the mandatory requirement of written consent for processing special categories of personal data; to establish special grounds for personal data processing in telemedicine purposes; to differentiate the processing of personal data in telemedicine depending on the consent requirement ("without consent" "without consent, but with option to refuse processing", "with consent"). It is necessary to set the legal status of telemedicine entities and possibly impose special obligations for personal data processing performed by these entities. In addition, it is important to establish industry standards for security of health information systems taking into account specific threats typical to telemedicine technologies.
The article also focuses on the Russian legislative approach to health information systems that are crucial for telemedicine. The thesis is supported that legislation in this area should facilitate integration and interoperability of health information systems, expand applicability of these systems and increase the role of patients in management of personal electronic health records.
Methodological basis of research includes analysis of legislation and draft laws on corresponding issues, comparative legal method (in some aspects Russian experience is considered in comparison with experience of the EU and USA) and method of legal modeling (amendments to Russian legislation are proposed).