GDPR and the eHealth platform
- Thomas Borup (Unlicensed)
- John Schneider
This page describes relevant GDPR issues covered by the eHealth platform.
1) Lawful, fair and transparent processing
Data is treated under the law of sundhedsloven or plejeloven. All access to data is logged. This log covers who accessed data, which action, at what time and on what citizen. The access is also registered in the citizen's MinLog2, giving the possibility of data control by the citizen.
2) Limitation of purpose, data and storage
Only data relevant to the given treatment is stored. Data is only used in connection with the given treatment.
3) Data subject rights
Data subjects can receive a copy of data and have wrong data corrected. As long as data is used in the treatment of the data subject, it cannot be deleted since this might have a negative impact on the treatment.
4) Consent
not covered by the platform
5) Personal data breaches
not covered by the platform
6) Privacy by Design
Patient data is stored under a pseudonym. Data is encrypted under transport. Access to data is guarded by rules where only certain roles has access. These roles is only granted to personal accounts.
7) Data Protection Impact Assessment
not covered by the platform
8) Data transfers
Data can be exported in the FHIR format.
9) Data Protection Officer
not covered by the platform
10) Awareness and training
not covered by the platform