The secondary processing of personal health data for scientific research in the medical field is fundamental for fostering innovation and growing knowledge that improves individual and public health. Personal health data that are primarily processed for healthcare purposes by healthcare providers may be secondarily used by researchers for scientific purposes. However, the data controller shall assess the applicable grounds and conditions and then comply with the data protection framework to safeguard fundamental rights and freedoms. In this paper we analyse the legal requirements laid down on these aspects by the General Data Protection Regulation at the European Union level, which harmonises the general rules, and by two national implementations at the Member State level, Italy and France, which further regulate with specific conditions. After this comparative investigation, we propose a proactive, legal-technical e-health solution that complies with the rules and principles of the legal frameworks and empowers the individual’s control over personal health data while promoting medical research. To this end, the data protection by design concept plays a central role, and an interdisciplinary approach is fundamental in combining legal and technical perspectives.

A proactive GDPR-compliant solution for fostering medical scientific research as a secondary use of personal health data / Bincoletto, Giorgia; Guarda, Paolo. - In: OPINIO JURIS IN COMPARATIONE. - ISSN 2281-5147. - 2021, 1:1(2021), pp. 43-76.

A proactive GDPR-compliant solution for fostering medical scientific research as a secondary use of personal health data

Bincoletto, Giorgia;Guarda, Paolo
2021-01-01

Abstract

The secondary processing of personal health data for scientific research in the medical field is fundamental for fostering innovation and growing knowledge that improves individual and public health. Personal health data that are primarily processed for healthcare purposes by healthcare providers may be secondarily used by researchers for scientific purposes. However, the data controller shall assess the applicable grounds and conditions and then comply with the data protection framework to safeguard fundamental rights and freedoms. In this paper we analyse the legal requirements laid down on these aspects by the General Data Protection Regulation at the European Union level, which harmonises the general rules, and by two national implementations at the Member State level, Italy and France, which further regulate with specific conditions. After this comparative investigation, we propose a proactive, legal-technical e-health solution that complies with the rules and principles of the legal frameworks and empowers the individual’s control over personal health data while promoting medical research. To this end, the data protection by design concept plays a central role, and an interdisciplinary approach is fundamental in combining legal and technical perspectives.
2021
1
Bincoletto, Giorgia; Guarda, Paolo
A proactive GDPR-compliant solution for fostering medical scientific research as a secondary use of personal health data / Bincoletto, Giorgia; Guarda, Paolo. - In: OPINIO JURIS IN COMPARATIONE. - ISSN 2281-5147. - 2021, 1:1(2021), pp. 43-76.
File in questo prodotto:
File Dimensione Formato  
Bincoletto-Guarda_OnlineFirst_43_76.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Creative commons
Dimensione 568.92 kB
Formato Adobe PDF
568.92 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/321643
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact