 National Electronic Health Record Systems and Consent to Processing of Health Data in the European Union and AustraliaDanuta Mendelson ()
A chapter in Legal Tech and the New Sharing Economy, 2020, pp 115-131 from Springer Abstract: Abstract This study focuses on the single most important regulatory aspect of data processingData processing, namely consentConsent to data processingData processing. It compares approaches to consentConsent under the General Data ProtectionData protection Regulation (EU 2016/679) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal dataData (and on the free movement of such) (GDPR) in the context of European Union (EU) national electronic health record (NEHRNational Electronic Record Schemes (NEHR)) schemes (also referred to as “national digital health networks”) with the approach of the Australian national health record scheme called My Health Record (MHR)My Health Record (MHR). The GDPR, subject to derogation in limited circumstances, is binding on all 27 EU member countries. Under Articles 168 (2) and (7) of the Treaty on the Functioning of the European Union (2007), while the EU has a duty to “encourage cooperation between the Member States…to improve the complementarity of their health services in cross-border areas,” the European Union Member States retain the power to manage their own health services. However, in doing so, subject to narrow derogations, the management of their NEHRNational Electronic Record Schemes (NEHR) systems must conform to the GDPR. The GDPR governs the processing of dataData in any form including dataData contained in national electronic health systems (European Commission Recommendation on a European Electronic Health Record exchange format (C(2019)800) of 6 February 2019. Available at: https://ec.europa.eu/digital-single-market/en/news/recommendation-european-electronic-health-record-exchange-format . Accessed 13 May 2019). Given that, unlike the Australian MHRMy Health Record (MHR) scheme, national electronic medical/health records systems of EU Member States are at different stages of development, and that derogations enable a measure of variance in compliance, individual European systems will not be discussed. AustraliaAustralia is a non-EU jurisdiction, and does not have the European Commission’s certificate of adequate level of data protectionData protection (GDPR Article 45 empowers the European Commission to determine whether a country outside the EU offers an adequate level of data protectionData protection, whether by its domestic legislation or of the international commitments it has entered into. For further discussion, see below). One of the reasons for the absence of certification might be the effectively non-consensual nature of the My Health RecordMy Health Record (MHR) system that administers, collects, stores, and provides access to health and clinical dataData of Australians. Keywords: General data protection regulation (GDPR); My health record; Consent; Data processing; Electronic health records (search for similar items in EconPapers) There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it. Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:spr:perchp:978-981-15-1350-3_7 Ordering information: This item can be ordered from DOI: 10.1007/978-981-15-1350-3_6 Access Statistics for this chapter More chapters in Perspectives in Law, Business and Innovation from Springer |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.