• Health Is Wealth
  • Posts
  • 3 tips for resident doctors: How to fulfill the GDPR information requirements

3 tips for resident doctors: How to fulfill the GDPR information requirements

January 24, 2020

[ad_1]

Even if the General Data Protection Regulation (GDPR) has been in force since May 25, 2018, there are often still ambiguities in the implementation. Therefore, we have put together 3 tips for medical practices.

Many doctors and practice managers are unsure whether they fully meet the information requirements of the GDPR. Good news first: retrospectively, no information requirements have to be fulfilled.

1. No retroactive information requirements for existing patients 

The doctor's office only has to inform new patients about the new data protection regulations. This is how the Independent State Center for Data Protection Schleswig-Holstein (ULD) writes in its Practical series on the subject of information obligations:

"Towards data subjects who before May 25th, 2018 Status as e.g. Employees, existing customers or association members have no retroactive information obligations under Art. 13 Para. 1 and 2 GDPR, since the original collection of their personal data has been completed and the corresponding legal requirements for compliance with information requirements did not apply at the time of the survey. "

2. The doctor's office is responsible for the specific design of the information requirements

The State Commissioner for Data Protection and the Right to Inspect Brandenburg (LDA Brandenburg) writes in her handout "How do I fulfill my information obligations as the person responsible:

"The GDPR does not prescribe a specific form for the information requirements. (…) Regardless of the form, the information must be communicated in a precise, transparent, understandable and easily accessible form and in a clear and simple language. (…) It is at your discretion whether you as the controller want to make use of the stratification of the information obligations or whether you want to transmit the information bundled using a single medium. A single reference only on your website, without you at least communicating the most important information in advance using the selected communication medium, is not sufficient in offline communication. (…) It would be safest to have the receipt of the information confirmed by the person concerned by signature. In practice, however, this can be very cumbersome. As the person responsible, you can determine the specific form of the evidence yourself. We recommend documenting or completing the fulfillment of the information obligations in order to protect yourself from disputes. "

If you want to be on the safe side, it is best for your patients to confirm receipt of the data protection declaration by signature. Some medical practice management systems such as the Radiology information system eRIS now offer this function.

3. New data protection declaration on the own website

In any case, medical practices have to adapt their data protection declaration to the new General Data Protection Regulation. Templates and samples from lawyers such as this pattern of data protection guru or this template datenschutz-generator.com

Photo: © photodune.net / racorn

[ad_2]

AB SMART HEALTH health home & BUILDING REVIEW