Personal data consists of any information that allows identification of a person. Every operation carried out by using personal data of a patient, including collection, recording, organisation, safekeeping, amendment and disclosure of personal data, granting access to personal data, making inquiries and extracts, use, communication, cross-use, combination, closure, deletion or destruction of personal data, irrespective of the manner the operation is carried out and the means used constitute the processing of personal data of the patient.
Processing of personal data is regulated by the Personal Data Protection Act.
Protection of data of the patient in the field of healthcare
A health service provider, who is subject to the obligation to maintain secrecy pursuant to law, has a right to process personal data that is necessary for the provision of health services, including sensitive personal data, without the consent of a person.
It is allowed to communicate information or grant access to the information reflecting the health of a hospitalised person to their relatives, unless the person themselves has prohibited access to the information or the communication thereof.
The health service provider is obligated to enter data concerning health services provided to the patient in the health information system. The health information system is a database in the state’s information system, where data in the field of healthcare is processed for operations related to the provision of health services.