[Health privacy in the age of digital networks]

Abstract

Digitization in the health sector embodies opportunities and risks. These consist of patient and data confidentiality. Vulnerability of data concerning integrity and availability can lead to financial losses and to damage of the health of data subjects. Those risks must be tackled by privacy or data protection law. For this purpose we have the European Data Protection Regulation as a comprehensive legal framework and a harmonizing bracket.This framework contains regulations on consent, purpose binding and data transfer, on rights of the data subject, technical and organizational measures and procedural arrangements. Recently, codes of conduct and certification schemes have been added as instruments. The frame of privacy law is completed by the law on medical products and information security regulations.Unfortunately, German legislation did not grip the opportunity of the European regulation to modernize, tighten and harmonize national privacy law in the health sector. This led to a lack of clarity, particularly because of the parallel applicability of privacy law and professional law. Central issues - for instance concerning transparency for data subjects, official supervision, analytics and processing for research purposes - remain dysfunctional. The German legislation should adjust those deficits. Corporations and the chambers for health professionals could and should also be active for this concern.

Keywords: Big data analytics; Certification; Healthdata protection; Patient confidentiality; Technical and organizational measures.