The Personal Data Protection Office conducted training for doctors from the District Medical Chamber

On March 11, at the Personal Data Protection Office’s headquarter a training was held for doctors from the Warsaw District Medical Chamber entitled: ‘Medical sector – contemporary challenges for the protection of personal data’. Its aim was to present good practices facilitating data protection in the daily activities of doctors and to draw attention to the right to privacy in the context of patients' rights.

The training session was opened by the President of the Personal Data Protection Office - Mirosław Wróblewski, and the main legal framework for the protection of personal data in medical practice was discussed by Monika Krasińska, Director of the Law and New Technologies Department.

From this perspective, Director Krasińska pointed to the fundamental issue which is the role of the doctor issuing medical certificates and prescriptions (and therefore using, among others, the Electronic Services Platform of The Social Insurance Institution) as a data controller who must comply with the obligations arising primarily from the provisions of General Data Protection Regulation, including those relating to the processing of special categories of data to which information about health belongs.

The Director of the Law and New Technologies Department also explained the importance of other legal acts regulating the processing of data by doctors: the Patients’ Rights Act 2008, he Regulation of the Minister of Health of 6 April 2020 on the types, scope and templates of medical documentation and the method of its processing (including the issue of consent to make the documentation available to other entities, other databases and for the purposes of scientific research).

As pointed out by Monika Krasińska, ‘approaching the access to data contained in medical records, databases and other registers with due care should be the standard in the development of medical services’.

The Personal Data Protection Office’s expert also referred to the issue of increasingly popular codes of conduct for sectoral industries and pointed out that they are a guarantee of increasing the level of personal data protection also in medical institutions (two codes of conduct for the health sector were already adopted in 2022 and 2023).

During the second – more workshop-like – part of the training, the specialists from the Personal Data Protection Office: Maciej Rączka from the Department of Complaints and Piotr Popielewicz and Andrzej Zieliński from the Inspections and Breaches Department, analysed the basic dependencies and specific issues related to the work of doctors in the light of the protection of patients’ personal data – such as access to PUE ZUS in medical institutions, definitions and types of violations of the rules most frequently reported to the Personal Data Protection Office, sources and causes of incidents (and easy methods of preventing them), implementation of the principle of confidentiality, analysis and risk assessment in data processing, reporting violations and obligations resulting therefrom, tasks of the data controller and processor in the health sector.

Participants in the training expressed hope that this event will contribute to increasing the legal awareness and competence of doctors in the field of patient data protection.