GDPR and the eHealth platform

Owned by Thomas Borup (Unlicensed)
Last updated: 05-01-2024 by John Schneider
1 min read

This page describes relevant GDPR issues covered by the eHealth platform.

1) Lawful, fair and transparent processing

Data is treated under the law of sundhedsloven or plejeloven. All access to data is logged. This log covers who accessed data, which action, at what time and on what citizen. The access is also registered in the citizen's MinLog2, giving the possibility of data control by the citizen.

2) Limitation of purpose, data and storage

Only data relevant to the given treatment is stored. Data is only used in connection with the given treatment.

3) Data subject rights

Data subjects can receive a copy of data and have wrong data corrected. As long as data is used in the treatment of the data subject, it cannot be deleted since this might have a negative impact on the treatment.

4) Consent

  • not covered by the platform

5) Personal data breaches

  • not covered by the platform

6) Privacy by Design

Patient data is stored under a pseudonym. Data is encrypted under transport. Access to data is guarded by rules where only certain roles has access. These roles is only granted to personal accounts.

7) Data Protection Impact Assessment

  • not covered by the platform

8) Data transfers

Data can be exported in the FHIR format.

9) Data Protection Officer

  • not covered by the platform

10) Awareness and training

  • not covered by the platform