Legal protection of personal data in healthcare
BRACE Law Firm within the framework of the practice “Healthcare and Pharmaceutics”, provides legal services to manufacturers and distributors of drugs, medical devices, food additives, and other healthcare organizations on issues of Russian and international law. We provide legal assistance in the areas of business support, dispute resolution and litigation, state and corporate procurement, antitrust laws, international trade, and real estate law.
One of the important areas of legal services in the framework of the practice “Health and Pharmaceutics” of BRACE Law Firm is the protection of personal data in the field of healthcare.
Personal data protection in healthcare
As a rule, health information systems collect, store, process and provide information on bodies, organizations of the state, municipal and private health systems and on the implementation of medical and other health care activities. The processing of personal data in information systems in the field of healthcare is carried out in compliance with the requirements established by the legislation of the Russian Federation in the field of personal data, as well as in compliance with medical confidentiality.
Healthcare organizations, including pharmaceutical companies, organizations dealing with the circulation of medical devices and medical organizations, are required to observe medical confidentiality and confidentiality of personal data used in medical information systems. By order of the head of the organization, a circle of persons having access to personal data is determined.
When extending the validity of the exclusive right to an invention and a patent certifying this right (including medicines), consent is required for the processing of the applicant’s personal data. Similar documents are required when providing other public services in the field of circulation of medicines and medical devices. For non-compliance with the legislation on the protection of personal data, administrative liability is provided in the form of a fine.
Also, non-pecuniary damage shall be compensated for non-pecuniary damage caused as a result of the violation of his rights, violation of the rules for processing personal data.
In addition, criminal liability is provided for a number of violations in the field of personal data processing. In particular, the illegal collection or dissemination of information about the private life of a person who constitutes his personal or family secret without his consent or the dissemination of this information entails a fine of up to two hundred thousand rubles or in the amount of the salary of a convicted person or other income for a period of up to eighteen months or forced labor for up to three hundred and sixty hours, or correctional labor for up to one year, or forced labor for up to two years with deprivation of the right to hold a certain position and whether to engage in certain activities for up to three years or without it, or imprisonment for up to four months, or imprisonment for up to two years with the deprivation of the right to occupy certain positions or engage in certain activities for up to three years. Illegal access to legally protected computer information if this act entailed the destruction, blocking, alteration or copying of computer information is punishable by a fine in the amount of up to two hundred thousand rubles or in the amount of the convict's salary or other income for up to eighteen months or correctional labor for up to eighteen months a year, or restriction of liberty for up to two years, or forced labor for up to two years, or imprisonment for the same period.
Therefore, the issue of protecting personal data is relevant in the field of healthcare. Any omissions regarding accounting for the requirements of applicable law can result in severe fines.
- Legal advice on the protection of personal data based on legal analysis of special legislation governing the protection of personal data in the field of healthcare
- Preparation of legal opinions on the information security of pharmaceutical companies and organizations in the field of medical devices, with detailed and timely notifications of legislative innovations in the field of personal data protection
- Preparation of documentation necessary for working with personal data
- Legal support in informing and training employees authorized to work with personal data