Health and data protection in the EU institutions

30 Gennaio 2018
Redazione DIMT

In 2017 the EDPS addressed several complaints concerning the processing of medical data. The rules that EU institutions and bodies must follow when dealing with such data are set out in Article 10 of Regulation 45/2001.

The EDPS also issued Guidelines on the topic in September 2009, designed to help the EU institutions comply with their obligations under the Regulation.

One such complaint concerned the processing of medical data to facilitate disciplinary proceedings relating to suspected fraud. It involved analysing whether, under Regulation 45/2001, the EU body concerned had the right to access medical data linked to the reimbursement of medical expenses, stored by a third party, and transfer it to the State Prosecutor.

We concluded that, under the right to information, the EU body should have informed the relevant staff members of both actions and could not claim that doing so would have involved a disproportionate level of effort.

We stressed that, for fraud investigations involving medical data, only the relevant medical advisers should have access to this data. Data protection officers (DPOs) should also be involved in internal disciplinary procedures, especially when they involve the special categories of personal data outlined in Article 10 of the Regulation.

Another case concerned a breach of confidentiality. The EU body concerned disclosed medical data to a third party in order to check the validity of a medical certificate.

Though the EU Staff Regulations may justify this action, they also specify that the individuals concerned must be informed of the relevant legal basis under which this data will be processed and that the validity of a medical certificate might be checked. Changing the purpose for which medical data is processed, as occurred in this case, also constitutes a breach of Article 6 of the Regulation, which specifies that this is only possible if expressly provided for in the internal rules of the relevant EU body.

(For more info e datails read www.edps.europa.eu)

Health and data protection in the EU institutions

Redazione DIMT

Ultimi articoli

Via libera dalla Commissione UE a 612 milioni di euro di aiuti di Stato del Portogallo per le imprese ad alta intensità energetica

La Commissione UE aggiorna le norme per strade più sicure, meno inquinamento e documenti digitali dei veicoli

UE multa Apple e Meta per violazioni alla legge sui mercati digitali

UE: Apple promossa su browser e app predefinite, ma sotto osservazione per gli store alternativi

Prossimi eventi

TFDI Connect @ Token2049 – Dubai

Le tutele dei diritti d’autore. Arti contemporanee ed età digitale

La sanità digitale e il trattamento dei dati dei pazienti fra teoria e prassi applicative

Intelligenza artificiale e responsabilità civile. Problema, Sistema, Funzioni

Condividi