This page describe relevant GDPR issues covered by the eHealth platform.
1) Lawful, fair and transparent processing
Data is treated under the law of sundhedsloven or plejeloven.All access to data is logged. This log covers who accessed data, which action, at what time and on what citizen.The access is also registered the citizen's MinLog, giving possibility of self control.
2) Limitation of purpose, data and storage
Only data relevant to the given treatment is stored. Data is only used in connection with the given treatment.Only data relevant for the treatment is stored.
3) Data subject rights
Data subjects can receive a copy of data and have wrong data corrected. As log as data is used in the treatment of the data subject it cannot be deleted since this might have a negative impact on the treatment.
4) Consent
not covered by the platform
5) Personal data breaches
not covered by the platform
6) Privacy by Design
Patient data is stored under a pseudonym. Data is encrypted under transport.
7) Data Protection Impact Assessment
not covered by the platform
8) Data transfers
Data can be exported in FHIR format.
9) Data Protection Officer
not covered by the platform
10) Awareness and training
not covered by the platform