Data protection in the health sector

7.10.2011

Question for written answer E-009296/2011
to the Commission
Rule 117
Carlos Coelho (PPE) and Regina Bastos (PPE)

Under Article 7(4) of Law 67/98 of the Assembly of the Republic (transposing Directive 95/46/EC into Portuguese law), health-related data, including genetic data, may be processed only where required for the purposes of preventive medicine or medical diagnosis, or in order to deliver medical care or administer medical treatment, or in connection with health service management, provided that the processing is carried out by a health professional bound by professional secrecy, and subject to mandatory notification of the national data protection authority and the proviso that the necessary steps must be taken as regards information security.

In some hospitals, however, there have been problems regarding the security of health information, as managers are passing on patients’ clinical data without consulting doctors, ignoring the opinion of the national data protection authority (CNPD).

What this situation amounts to is a breach of the relationship of trust between doctor and patient and of the obligation of confidentiality, as well as a clear violation of the fundamental rights of those patients whose personal data (no matter how sensitive these might be) are being handed over to insurance companies and other outsiders.

Is the Commission aware of the above facts? As the guardian of the Treaties, what will it do to stop this manifest violation of the rights, freedoms, and safeguards that citizens enjoy?

OJ C 154 E, 31/05/2012