Medical personal data in secure information systems

Abstract

Between secure information systems (IS) are also medical IS which support work of different medical institutions as well as pharmacies and insurance companies. All of them have to work with medical personal data which should take into account the privacy. The privacy is the individual's right to determine if, when and how data about them will be collected, stored, used and shared with others. According to this definition medical personal data are treated as sensitive data, which can only be gathered and processed under particular conditions. In this contribution we will concentrate on personal medical data saved in medical records. Namely there are numerous message flows between medical staff and medical records that are often completely unprotected and can be accessed easier than might be expected. We will study the guidelines for medical staff regarding the protection of personal data, the corresponding Slovenian legislation, and the recommendations of a particular institution. © 2009 Springer Berlin Heidelberg.