SIST EN 14485:2004

SLOVENSKI STANDARD
01-maj-2004
=GUDYVWYHQDLQIRUPDWLND±1DYRGLOR]DUDYQDQMH]RVHEQLPL]GUDYVWYHQLPLSRGDWNL
YPHGQDURGQLXSRUDELLQYVNODGX]GRORþLOL'LUHNWLYH(8RYDUVWYXSRGDWNRY
Health informatics - Guidance for handling personal health data in international
applications in the context of the EU data protection directive
Medizinische Informatik - Anleitung zur Verwendung von persönlichen Gesundheitsdaten
in internationalen Anwendungen vor dem Hintergrund der EU-Datenschutzrichtlinie
Informatique de santé - Guide pour manipuler des données personnelles de santé dans
des applications internationales dans le contexte de la directive européenne sur la
protection des données personelles
Ta slovenski standard je istoveten z: EN 14485:2003
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 14485
NORME EUROPÉENNE
EUROPÄISCHE NORM
December 2003
ICS 35.240.80
English version
Health informatics - Guidance for handling personal health data
in international applications in the context of the EU data
protection directive
Informatique de santé - Guide pour manipuler des données Medizinische Informatik - Anleitung zur Verwendung von
personnelles de santé dans des applications persönlichen Gesundheitsdaten in internationalen
internationales dans le contexte de la directive européenne Anwendungen vor dem Hintergrund der EU-
sur la protection des données personelles Datenschutzrichtlinie
This European Standard was approved by CEN on 13 November 2003.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the Management Centre has the same status as the official
versions.
CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal, Slovakia, Spain, Sweden, Switzerland and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36  B-1050 Brussels
© 2003 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 14485:2003 E
worldwide for CEN national Members.

Contents
page
Foreword.5
Introduction .6
1 Scope .9
2 Normative references .9
3 Terms and definitions.9
4 Abbreviated terms .10
5 General solutions to exchanging personal health data between compliant and non-compliant
countries.11
5.1 General approach .11
6 Judging the adequacy of data protection .11
6.1 General.11
6.2 Content Principles.12
6.3 Procedural/Enforcement Mechanisms.14
6.4 Third Countries that have ratified the Council of Europe Convention 108 .14
6.5 Industry self-regulation.15
7 Making adequate provisions.16
7.1 Introduction .16
7.2 Meeting the "Content Principles" .16
7.3 Providing for the "Procedural/Enforcement Mechanisms".16
7.4 Overriding law .18
8 Permissible derogations, Articles 26.1 and 26.2 .19
8.1 Article 26.1 .19
8.1.2 Consent.19
8.2 Article 26.2 .20
9 Anonymisation .20
9.1 Definition of personal data .20
9.2 Rendering personal data anonymous.20
10 Notification to Supervisory Authorities.21
10.1 Introduction .21
10.2 Implementation of Articles 18 to 20 .21
11 Steps in establishing an international application with adequate data protection safeguards
from the view point of an EU data controller .21
11.1 Introduction .21
11.2 Step One: Can the data be non-personal?.22
11.3 Step Two: Is the recipient third country an EEA country? .23
11.4 Step Three: Is the recipient country recognised by the Commission as having adequate data
protection provisions?.23
11.5 Step Four: Is the recipient organisation in compliance with arrangements formally recognised
by the Commission as providing adequate data protection provisions? .23
11.6 Step Five; If the recipient third country is not EEA, has it signed the Council of Europe
Convention 108?.23
11.7 Step Six: Is the recipient country applying to become a member of the EU? .23
11.8 Step Seven: Can adequacy of data protection be established?.24
11.9 Step Eight: If adequacy of data protection cannot be established can the derogations in
Article 26.1 provide a solution?.24
11.10 Step Nine: If adequacy of data protection cannot be established can the derogation in Article
26.2 regarding contractual clauses provide a solution? .26
11.11 Step Ten: If transfer of personal data health data to the recipient third country is permissible
has the recipient implemented adequate security measures and can the application proceed?.26
12 Steps in establishing an international application with adequate data protection safeguards
from the viewpoint of a non-EU data controller .26
12.1 Establishing data protection adequacy in the EU.26
13 Model contract clauses .26
Published models.26
14 Security measures.27
14.1 Introduction .27
14.2 General security.27
14.3 Security contracts with processors and with controllers in non-compliant countries.28
14.4 Security policy.28
14.5 Risk analysis.28
14.6 Security organisation and allocation of duties .29
14.7 Reporting of security incidents or breaches .29
14.8 Staff and contractor contracts.29
14.9 Training and awareness .29
14.10 Transmission of data .29
14.11 Limitations of purpose and access .29
14.12 Onward transfers .30
14.13 Audit trails .30
14.14 Loss, damage and destruction.30
14.15 Business Continuity Plans .30
14.16 Network Security.30
14.17 Patients Rights.31
14.18 Compliance.31
14.19 Standards.31
15 Declaration of grounds on which transfers are to take place.31
15.1 Statement of grounds .31
Annex A (informative)  Key primary international documents on data protection.32
A.1 EU Data Protection Directive .32
A.1.3 Rules for lawfulness of processing .32
A.1.4 Special categories of processing.32
A.1.5 Data subject's rights.33
A.1.6 Security of processing .34
A.1.7 Supervisory Authorities.34
A.1.8 Remedies and sanctions .34
A.1.9 Transfer of personal data to third countries.34
A.2 Organisation for Economic Co-operation and Development (OECD) .35
A.3 Council of Europe .35
A.4 United Nations General Assembly.36
A.4.1 General .36
A.4.2 Principles concerning minimum guarantees that should be provided in any national legislation.36
A.4.3 Application of the Guidelines to personal data files kept by governmental international
organisations.37
Annex B (informative)  Text of Articles 25 and 26 of the EU Data Protection Directive.38
B.1 Article 25: Principles .38
B.2 Article 26: Derogations .38
Annex C (informative)  Text of Article 28 of the EU Data Protection Directive .40
Annex D (informative)  Questionnaire for Assessing Data Protection Adequacy .42
Annex E (informative)  Safe harbour privacy principles.48
Annex F (informative)  Standards and sources of advice .51
F.1 EU Security projects .51
F.2 CEN/ISSS .51
F.3 Non-CEN Standards .51
F.4 Selected web sites.52
Annex G (informative)  Model Declaration of Grounds upon which Transfer of Personal Health Data is
Regarded as in Compliance with the EU Data Protection Directive.53
Annex H (informative)  Model contractual clauses for controller to controller transfers to a country
with inadequate data protection provisions .55
H.1 Introduction .55
H.2 Model standard contractual clauses .55
Annex I (informative)  Model contractual clauses for controller to processor transfers to a country
with inadequate data protection provisions .66
I.1 Introduction .66
I.2 Model standard contractual clauses .66
Bibliography .75
Foreword
This document (EN 14485:2003) has been prepared by Technical Committee CEN/TC 251 "European
Standardization of Health Informatics", the secretariat of which is held by SIS.
This European Standard shall be given the status of a national standard, either by publication of an identical text or
by endorsement, at the latest by June 2004, and conflicting national standards shall be withdrawn at the latest by
June 2004.
The annexes A, B, C, D, E, F, G, H and I are informative.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Czech Republic, Denmark, Finland,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal,
Slovakia, Spain, Sweden, Switzerland and the United Kingdom.
Introduction
In the health context, information about individuals needs to be collected, stored and processed for many purposes,
the main being:
• administrative processes e.g. booking appointments;
• direct delivery of care e.g. patient records;
• clinical research;
• statistics.
The data required will depend on the purpose. In the context of identification of individuals, data may be needed:
• to allow an individual to be readily and uniquely identified e.g. a combination of name, address, age, sex,
identification number;
• to confirm that two data sets belong to the same individual without any need to identify the individual himself
e.g. for record linkage and/or longitudinal statistics;
• for statistical purposes with the desire positively to prevent identification of any individual.
In all of these circumstances data about individuals are now, and will increasingly in the future, be transmitted
across national borders or be deliberately made accessible to countries other than where they are collected or
stored. Data may be collected in one country and stored in another, be processed in a third, and be accessible
from many countries or even globally.
International health-related applications will require health-related data to be transmitted from one nation to
another.
That is very evident in telemedicine or when data are electronically dispatched for example in an email or as a data
file to be added to an international database. It also occurs, but less obviously, when a database in one country is
viewed from the other for example over the Internet. That application may appear passive but the very act of
viewing involves disclosure of that data and is deemed ‘processing’. Moreover it requires a download that may be
automatically placed in a cache and held there until 'emptied' - this also is processing.
In all applications involving personal health data there can be a potential threat to the privacy of an individual. That
threat and its extent will depend on:
• the level to which data is protected from unauthorised access in storage or transmission;
• the number of persons who have authorised access;
• the nature of the personal data stored;
• the level of difficulty in identifying an individual if access to the data is obtained.
Wherever health data are collected, stored, processed or published (including electronically on the Internet) the
potential threat to privacy needs to be assessed and appropriate protective measures taken. Some form of risk
analysis should be undertaken to ascertain the required level of security measures.
In addition to the standards bodies CEN, CENELEC, ISO and IEC there are three major trans-national bodies that
have produced internationally authoritative documents relating to security and data protection:
• the European Union (EU);
• the Organisation for Economic Co-operation and Development (OECD);
• the Council of Europe;
• the United Nations (UN).
The primary documents from these bodies are:
• EU Data Protection Directive "on the protection of individuals with regard to the processing of personal
data and free movement of that data" [1];
• OECD "Guidelines on the Protection of Privacy and Trans-border flows of Personal Data" [2];
• OECD "Guidelines for the Security of Information Systems" [3];
• Council of Europe "Convention for the Protection of individuals with regard to Automatic Processing of
Personal Data" No. 108 [4];
• "Council of Europe Recommendation R(97)5 on the Protection of Medical Data" [5];
• UN General Assembly "Guidelines for the Regulation of Computerised Personal Data Files" [6].
Annex A provides a synopsis of the key documents published by these bodies.
The means and extent of the protection afforded to personal health data varies from nation to nation [7]. In some
countries there is nation-wide privacy legislation, in others legislature provisions may be at a state level or
equivalent and in a number no legislation may exist although various codes of practice or equivalent will probably
be in place.
Although privacy legislation in different parts of the world may mention personal health data, frequently there is no
legislation specific to health except perhaps in relation to government agencies and/or medical research.
The EU Directive on Data Protection aims to create uniform legislative data protection provisions throughout the
EU. The Directive also applies to non-community countries of the European Economic Area by virtue of the EEA
Treaty Decision 83/1999 of 25 June 1999.
The passing of personal data from any one of these conforming nations to another ('third') country is controlled by
Articles 25 and 26 of the Directive the full text of which is in annex B. In essence, subject to specific 'derogations',
Article 25 allows transfer of personal data to a third country only if that third country ensures an 'adequate level of
protection'. The 'adequacy of protection' is to be assessed (Article 25.2) in the light of all the circumstances with
'particular consideration' to be given to particular factors including:
• the nature of the data;
• the purpose and duration of the proposed processing operation(s);
• the rules of law applying;
• the professional rules and security measures which are complied with.
In the health context personal health data can be extremely sensitive in nature and is so recognised by the
Directive. However rules of law specific to health are not common with the exception perhaps of medical research.
Nevertheless 'professional rules' applying to the medical and other healthcare professions concerning the
protection of patient confidentiality are present in most countries with significant 'penalties' associated with non-
compliance. There is in addition extensive guidance available both nationally and internationally on 'security
measures' for the protection of personal health data (see annex F and clause 2).
In many countries therefore there is a mix of general and specific legal or quasi-legal requirements covering data
protection plus professional codes covering ethical aspects including safeguarding confidentiality. These two
aspects may not necessarily be consistent and may in some aspects be in conflict. This European Standard,
although referring to both, deals primarily with the context deriving from implementation of the Data Protection
Directive. Ethical codes often contain material that goes beyond formal legal requirements. The guidance in this
standard should not diminish compliance with such more extensive documents. Indeed ensuring conformance with
legal rules is only one aspect of ensuring confidentiality is protected. In that context it should be noted that the
European Group on Ethics in Science and New Technologies to the Commission [8], is of the opinion that
“personal data should be considered in the framework of the rights of personality, even if in some cases they may
be subject transactions” and, “since personal data continue to reflect the data subject’s identity, they cannot be
treated as entirely separate from him/her”. The Group observed that consequently “some countries regard sensitive
personal health data as inalienable to protect the dignity of the individual”.
Article 26 of the Directive details the 'derogations' under which an EU Member State may permit transfer of
personal data to a third country without an adequate level of data protection. The full list is in annex B. They
include where:
• the data subject has given his unambiguous consent;
• it is necessary to protect the data subject's vital interests;
• the "controller adduces adequate safeguards with respect to the privacy and fundamental rights and
freedom of individuals and as regards the exercise of the corresponding rights; such safeguards may in
particular result from appropriate contract clauses".
Under Article 29 of the EU Directive an EU Working Party on the Protection of Individuals with regard to Processing
of Personal Data was created. Its findings provide important interpretations and views on the Directive and these
are frequently referred to in this standard.
This standard provides guidance on measures that should be taken to protect personal data in applications which
involve transfer of personal health data across national boundaries and in particular between EU and other
countries which conform to the EU Directive, and those which may not. In that context it considers the use of
contract clauses to achieve adequate safeguards.
1 Scope
This European Standard provides guidance on data protection for those involved in international informatics
applications which entail transmission of person health data from an EU Member State to a non-EU Member State.
Its purpose is to assist in the application of the EU Directive on Data Protection [1].
The European Standard does not provide definitive legal advice but comprises guidance. When applying the
guidance to a particular application legal advice appropriate to that application should be sought.
2 Normative references
Not applicable.
3 Terms and definitions
For the purposes of this European Standard, the following terms and definitions. Where a term is defined in the EU
Data Protection Directive [1] that definition is used for the purposes of this European Standard. In countries in
which the EU Directive has not been implemented, other definitions for these terms may be in use and may have a
legal status and therefore care should be taken in utilising this standard in those circumstances.
3.1
identifiable person
person who can be identified, directly or indirectly, in particular by reference to an identification number or one or
more factors specific to his physical, physiological, mental, economic, cultural or social identity
3.2
compliant country
country whose legislation complies with the EU Data Protection Directive and is recognised as such by the
European Commission
3.3
controller
natural or legal person, public authority, agency or any other body which alone or jointly with others determines the
purposes and means of the processing of personal data; where the purposes and means of processing are
determined by national or Community laws or regulations, the controller or the specific criteria for his nomination
may be designated by national or Community law
3.4
data subject
identified or identifiable natural person, which is the subject of personal data
3.5
personal data
any information relating to an identified or identifiable natural person
3.6
personal data filing system
any structured set of personal data which are accessible according to specific criteria, whether centralised,
decentralised or dispersed on a functional or geographical basis allowing easy access to the personal data
3.7
personal health data
any information relevant to the health or sex life of an identified or identifiable natural person
3.8
processing of personal data
processing any operation or set of operations which is performed upon personal data, whether or not by automatic
means, such as collection, recording, organisation storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking,
erasure or destruction
3.9
processor
natural or legal person, public authority, agency or any other body which processes personal data on behalf of the
controller
NOTE  In the definition of a third party in 3.15 below, the processor is distinguished from “the persons who under the direct
authority of the controller or processor, are authorised to process the data”. This implies that employees per se are not
processors. This is the approach taken by some implementations of the Directive e.g. in the UK.
3.10
recipient
natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third
party or not; however, authorities which may receive data in the framework of a particular inquiry should not be
regarded as recipients
3.11
data subject's consent
any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to
personal data relating to him being processed
3.12
third country
country not bound by the legal requirements of the EU Data Protection Directive
3.13
third party
any natural or legal person, public authority, agency or any other body other than the data subject, the controller,
the processor and the persons who, under the direct authority of the controller or the processor, are authorised to
process the data
3.14
Commission
the Commission of the European Communities unless obviously otherwise
4 Abbreviated terms
The following abbreviated terms are used:
EEA European Economic Area;
EU European Union;
EU Directive EU Data Protection Directive 95/47/EC [1]
EU WP EU Working Party on the Protection of Individuals with Regard to Processing of
Personal Data set up under Article 29 of the EU Directive.
OECD Organisation for Economic Co-operation and Development
UN United Nations;
5 General solutions to exchanging personal health data between compliant and non-
compliant countries
5.1 General approach
Article 25.1 of the EU Directive prohibits the transfer of personal data from an EU Member State to a third country
unless the latter ensures an adequate level of protection. Article 25.6 provides that the Commission may find that a
third country does ensure an adequate level of protection but meanwhile decisions on the adequacy of protection
must be made by the data controller taking advice from his Supervisory Authority.
This clause considers the general approach for reaching a position whereby transfer of personal health data from
an EU Member State to a non-EU country would be permissible.
Article 25 defines the 'derogations' (exemptions) within which an EU Member State may transfer personal data to
third country which is judged not to ensure an adequate level of protection. The full text of these derogations is in
annex B. Each of them may be very relevant to personal health data including in particular the conditions that:
• the data subject has given his consent unambiguously to the proposed transfer (26.1(a));
• the transfer is necessary in order to protect the vital interests of the data subject (26.1(e)).
Additionally Article 26.2 provides that a Member State may authorise such transfers if the controller adduces
adequate safeguards through 'appropriate contract clauses'.
The general solutions to exchanging personal health data between nations are therefore as follows.
If the exchange is between EU Member States or other compliant country transfers are permitted.
If the exchange is between an EU Member State and a non-EU Member State the controller in the EU Member
State should first establish whether the Commission has determined, through Article 26.6, that the data protection
provisions in the non-EU State are adequate. If that is not the case then the following steps should be taken.
1 Determine whether the Commission has made any findings.
2 Determine whether the appropriate Supervisory Authority has made any findings.
3 Assess whether the protection in the non-EU State could be considered as adequate.
4 Assess whether a solution exists in the permissible derogations (exemptions) in Article 26.1.
5 Assess whether a solution can be found in the derogation allowed in Article 26.2 i.e. a contractual solution.
In practice a combination of 1, 2 3 and 4 may be the most appropriate solution.
6 Judging the adequacy of data protection
6.1 General
The EU Working Party (EU WP) has taken a view on assessing the adequacy of data protection of third countries
[9]. The underlying principles, which the EU WP expounds for judging adequacy can be applied both to the third
country as a whole and to the particular institution such as a hospital involved in the international application. Thus
it may be possible to address any deficiencies in a country's data protection provisions through Article 26
derogations applied to the application itself, for example through contract clauses. Indeed even where a third
country's data protection provisions in a particular aspect appear satisfactory, it may still be wise to reinforce the
provisions through contract clauses.
These are two essential elements of adequacy:
• the adequacy of the data protection provisions in the storage and processing of the personal health
data within a recipient’s institution and the obligations placed on those responsible for them;
• the means for ensuring that such provisions are followed in practice and for ensuring the rights of data
subjects.
The EU WP refers to these as "Content Principles" and the "Procedural/Enforcement" Requirements.
6.2 Content Principles
An examination of a range of international laws, rules, Codes of Practice and Guidelines reveals a high degree of
consensus on the essential rules which should be applied in protecting personal health data within and between
institutions. Clause 14 of this Standard deals with such content rules and procedures. The EU WP "Content
Principles” are:
1 the purpose limitation principle - data should be processed for a specific purpose and
subsequently used or further communicated only insofar as this is not incompatible with the
purpose of the transfer. The only exemptions to this rule would be those necessary in a democratic
society on one of the grounds listed in Article 13 of the EU Directive (see below).
2 the data quality and proportionality principle - data should be accurate and, where necessary,
kept up to date. The data should be adequate, relevant and not excessive in relation to the
purposes for which they are transferred or further processed (subject to exemptions in Article 13).
3 the transparency principle - individuals should be provided with information as to the purpose of
the processing and the identity of the data controller in the third country, and other information
insofar as this is necessary to ensure fairness. The only exemptions permitted should be in line
with Articles 11.2 and 13 of the EU Directive (see below).
4 the security principle - technical and organisational security measures should be taken by the
data controller that are appropriate to the risks presented by the processing. Any person acting
under the authority of the data controller, including a processor, must not process data except on
instructions from the controller.
- the data subject should have a right to
5 the rights of access, rectification and opposition
obtain a copy of all data relating to him/her that are processed, and a right to rectification of those
data where they are shown to be inaccurate. In certain situations he/she should also be able to
object to the processing of the data relating to him/her. The only exemptions to these rights should
be in line with Article 13 of the EU Directive (see below).
6 restrictions on onward transfers - further transfers of the personal data by the recipient of the
original data transfer should be permitted only where the second recipient (i.e. the recipient of the
onward transfer) is also subject to rules affording an adequate level of protection. The only
exceptions permitted should be in line with Article 26.1 of the EU Directive.
Additional principles applying to specific applications are:
• sensitive data - where "sensitive" categories of data are involved (those listed in Article 8 of the EU
Directive and which include health: see below) additional safeguards should be in place, such as a
requirement that the data subject gives his/her explicit consent for the processing;
• direct marketing - where data are transferred for the purposes of direct marketing, the data subject
must be given the opportunity to prevent his data being used for such purposes at any stage;
• automated decisions in the sense of Article 15 of the EU Directive (see below): in general the
individual should have the right to prevent decisions being taken about him which have legal effects
concerning him or have significant effects on him based solely on automated processing of data.
There are some exceptions in relation to contracts where there are safeguards. Where such decisions
are involved, individuals have the right to know the logic involved in these decisions.
The essence of the Articles referred to above are:
• Article 13 permits Member States to adopt legislative measures to restrict the scope of the obligations and
rights provided for in a number of the Directive’s Articles which bear on almost all of the ‘Content
Principles’. This is permitted if such a restriction constitutes a necessary measure to safeguard national
security, defence, public security, the prevention, investigation, detection and prosecution of criminal
offences or of breaches of ethics for the regulated professions, and important economic or financial
interest, or the protection of the data subject or the rights and freedoms of others;
• Article 11.2 stipulates that when data are collected from one other than the data subject, information need
not be provided to the data subject if this proves impossible, involves a disproportionate effort, or if the
recording or disclosure of the data is expressly required by law;
• The sensitive categories of data in Article 8 are data revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs or trade-union membership, data concerning health or sex life, and data
relating to offences, criminal conviction or security measures;
• Article 15 states that "Member States shall grant the right to every person not to be subject to a decision
which produces legal effects concerning him or significantly affects him and which is based solely on
automated processing of data intended to evaluate certain personal aspects relating to him, such as his
performance at work, creditworthiness, reliability, conduct, etc.”
The EU WP makes clear that the "Content Principles" are regarded as a minimum list and 'not set in stone'. The
degree of risk to the data subject will determine the precise requirements in a particular case and may require
additions to the list or even a reduction.
In the context of personal health data it should be noted that Article 8 regards health as "sensitive" data. Also in
applying Principle (4) Security, some applications such as telemedicine may require sender and recipient to have
both "controller" and "processor" roles, for example when sharing an electronic patient record.
The Directive is silent on the question of requirements to safeguard the confidentiality of personal data on the death
of the data subject. The manner in which this aspect is handled in national legislation varies e.g. in the UK Data
Protection it applies only to living persons.
However there are many circumstances where the health records of a dead individual could reveal personal health
data relevant to some other individual and be of detriment to them. The records may refer explicitly to other
individuals e.g. members of the dead person’s family. If an individual died of a condition deriving from an
inheritable genetic deficiency, his records may reveal matters relevant to his offspring.
Partners in an international application will need to come to an explicit agreement about what to do in
circumstances of death. That agreement may depend on the countries involved and how they treat health records
e.g. laws or rules which may apply to length of time health records must be retained after death. Different property
rights may also apply e.g. if a patient is the legal owner of his records then on death such records may be part of
his estate and subject to probate.
Since a patient’s permission to allow his personal health data to be processed and passed to a third party, may
depend on what would happen to such data should he die, patients should be informed of any arrangements made
concerning the handling of such data on his death.
Whereas the list in this clause was compiled with a
...