![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
In 2012, the Italian Legislator has provided an appropriate legal framework for the realisation of the national Electronic Health Records (EHR) system, in which the patient plays a pivotal role: with the implementation of the Fascicolo sanitario elettronico (FSE), patients will have access to their EHRs through the online platform, and decide which data to share and with whom. In this perspective, one of the most interesting innovations is the so-called ‘taccuino’, a digital space of patients’ FSE in which they can autonomously record data and information relating to their health. Patients’ ability to access their own health data and EHR at any time and to enter information by themselves in a personal area is a unique form of power at a European level, but their legal consequences are still vague. The aim of this contribution is to offer a first review of the Italian e-health reform, showing the most critical aspects.
Notes
1 The FSE contains all citizen’s health information and clinical documents, generated by the various actors of the National Health System.
2 PE has been described in the medical literature as: ‘a philosophy of health care that proceeds from the perspective that optimal outcomes of health care interventions are achieved when patients become active participants in the healthcare process. Under a patient empowerment philosophy, patients and clinicians jointly set goals, select interventions, and assess outcomes according to mutually-defined parameters. Employing patient empowerment as an information systems design philosophy leads to creation of computerised information resources, management systems and telehealth innovations in a manner that insures patients’ abilities to participate as full partners in health care’ (Brennan and Safran Citation2003). The notion of PE has appeared since the beginning of the 1990s (on ‘Pub Med’ the first article dedicated to such a concept is Feste Citation1992), but only in the last few years, thanks to the spread of ICT and Web 2.0 to the healthcare sector, has it become an everyday reality (see Bos et al. Citation2008; Suter, Suter, and Johnston Citation2011; Househ, Borycki, and Kushniruk Citation2014).
3 As explained in more detail in Section 3.
4 See, among others, the epSOS Project (Smart Open Services for European Patients), which was launched in July 2008 and aimed at achieving an electronic exchange of health data at a European level, in compliance with the regulatory framework and existing information systems in the countries participating in the initiative (www.epsos.eu); or the project NATHCARE (Networking Alpine Health for Continuity of Care), co-funded by the ‘Alpine Space Programme 2007–2013’ (www.nathcareproject.eu), aimed at designing, consolidating and validating a ‘local healthcare community-based’ model embracing all players in the care system with the aim of securing a sustainable and improved organisational adaptation of healthcare services.
5 The issue related to the limitations on the function of a physician with respect to the information gap recalls an evocative reference to the ‘fragmentation and construction of knowledge’ within the regulatory theory: to solve complex problems, regulators do not ever have enough information, if compared with the self-awareness of the regulated (patient, for instance). See Black (Citation2001, 107).
6 Previously, the only regulations relating to the processing of electronic health records were promulgated by the Italian Data Protection Authority (IDPA), which has played a fundamental supplementary role in providing the first recommendations for the protection of fundamental rights before this new technological phenomenon. In particular, the IDPA issued the ‘Guidelines on the Electronic Health Record and the Health File’ (GL EHR) and the ‘Guidelines on Online Examination Records’, both published in 2009. Later, in order to provide a single point of reference for the creation of national systems of EHR, the State-Regions Conference approved the document ‘The Fascicolo sanitario elettronico – National Guidelines’ (NGL) in 2011.
7 It is important to remember that, according to Article 84 of the Italian Data Protection Code, personal data disclosing health may be communicated by health care professionals and health care bodies to the data subject only by the agency of a physician who must have been designated either by the data subject or by the data controller. This rule does not apply to the personal data that had been provided previously by said data subject. In the IT architecture of FSE, this provision is enforced by accompanying the digital availability of the medical record with a communication about the possibility to refer to the physician for further information.
8 As now affirmed by Article 2.2, Decree of the President of the Council of Ministers, 29 September 2015, n. 178 on ‘Regolamento in materia di Fascicolo sanitario elettronico’ (hereinafter referred to as DPCM).
9 The pharmaceutical dossier is a specific part of the FSE, directly updated by the pharmacy, with the purpose to promote the quality, the monitoring, the appropriateness in dispensing of medicines and their adherence to the therapy (Article 1.1.ll).
10 This list, contained in Article 2.3 DPCM, is not exhaustive. The competent authority may implement further contents of the FSE, in addition to the minimum set of data required by law.
11 However, we always need to bear in mind that, despite the strong information autonomy recognised to the patient, the structure that generated the health information remains the data controller of the processing, according to data protection law. This means that in the case the patient decides not to enter specific information into the FSE, the controller can still store and view it in its information system.
12 Article 12.2 bis Legislative Decree no. 179/2012, as amended by Article 17.1.b, Legislative Decree 69/2013.
13 Article 43.1 bis, Legislative Decree no. 69/2013, as introduced by Law no. 98/2013.
14 Article 17, Legislative Decree no. 69/2013.
15 Article 12.5 ter, Legislative Decree no. 179/2012.
16 The DPCM is available at http://www.gazzettaufficiale.it/eli/id/2015/11/11/15G00192/sg (Italian only).
17 Other definitions in: ISO/IEC 14292:2012 – Health informatics — Personal health Records: Definition, scope and context, www.iso.org/iso/catalogue_detail.htm?csnumber=54568; HL7 Electronic Health Record-System (EHR-S) Functional Model (FM), Release 1, (ISO 10781), 2009, www.hl7.org/implement/standards/product_brief.cfm?product_id=18
18 As the proposal for a General Data Protection Regulation COM(2012) 11 finally aims at doing. It will unify the data protection legal framework in Europe, giving a more solid and coherent provision in order to face incoming technological changes.
19 As amended by Legislative Decree of 30 December 2010, no. 235. Together with these rules we need to take into account the discipline contained in the Presidential Decree of 28 December 2000, n. 445 (Consolidated administrative documentation) and in other minor legislative acts.
20 ‘Simple electronic signature’: set of data in electronic form attached to or logically associated with other electronic data, used as a method of electronic identification (Article1.1q DAC).
21 ‘Advanced electronic signature’: set of data in electronic form attached to or associated with an electronic document that allows the identification of the signatory of the document and provides the unique connection to the signatory, created through means on which the signatory can maintain exclusive control, linked to the data to which that signature refers so as to allow detection if the same data have been subsequently modified (Article 1.1q-bis DAC).
22 ‘Qualified electronic signature’: a particular type of advanced electronic signature, which is based on a qualified certificate and created by a secure device for the creation of the signature (Article 1.1r DAC).
23 ‘Digital electronic signature’: a particular type of advanced electronic signature based on a qualified certificate and a system of cryptographic keys, one public and one private, related to each other, which allows the holder using the private key and the recipient using the public key, respectively, to make manifest and verify the origin and integrity of an electronic document or a set of electronic documents (Article 1.1s DAC).
24 Pursuant to Article 20.1 DAC, the electronic document created by anyone, the storage on computer support, and the transmission by electronic means that comply with the technical rules set out in Article 71 are valid and relevant to the effects of the law, pursuant to the provisions of the DAC.
25 Such control systems have been implemented, for example, by the medical app ‘TreC Diabete’, created by the Fondazione Bruno Kessler, and currently in the experimental phase.