This note was published in the newsletter of the International Society for Telemedicine & eHealth.
Data protection in the eHealth sector: Challenges and Opportunities under GDPR
At the 24th ISfTeH International Conference, held in the frame of the Portugal eHealth Summit in Lisbon, Portugal, the key challenges and opportunities regarding data protection in the eHealth sector were discussed. Cornelius Witt, Senior Manager Public Policy and Privacy at SCOPE Europe, informed the audience on recent developments in privacy regulations and what they mean for digital health solutions, telemedicine and related services.
The General Data Protection Regulation (GDPR) fundamentally changed how personal data must be processed lawfully. The eHealth sector is particularly affected as the new law defines even stricter rules for so-called "special categories" of personal data, including all genetic, biometric and health data. Subsequently, innovative products and business models in the eHealth sector are critical under the new data protection regime and need an appropriate and deep assessment of legal obligations. At the same time, GDPR itself introduces regulatory solutions which enable stakeholders to shape the exact implementation of privacy obligations based on their specific needs. For example, organizations from one specific sector can jointly define and concretize legal requirements in a Code of Conduct, which can serve as a compliance tool if all regulatory obligations are met.
Cornelius Witt outlined the key benefits of Codes of Conduct, especially for an innovation-driven sector such as eHealth and telemedicine and gave insights on best practices and compliance solutions under GDPR for the health ecosystem.