|
|
A similar situation may arise, for example, when applying for insurance. Accordingly, the insurance company already processes this information as related to a special category of PD, Denis Lukash noted.
He refers to the position of Roskomnadzor, voiced during a webinar held on March 1, 2023. The agency's specialists noted that medical organizations do not require consent to process patients' PD in the following cases:
providing medical assistance in emergency cases;
making changes to government information systems in the healthcare sector.
In general, the contract concluded content writing service with the patient should provide for cases when the medical organization will process his PD. In such cases, consent to the processing of personal information is not required, the expert emphasized.
– There are situations in which it is difficult at first glance to identify the processing of personal data. For example, an institution cooperates with an IT company that services complex medical equipment and has access to patient identifiers and research results. This would also be considered the processing of special personal data.
Therefore, he stressed,
third party access to databases should be restricted
In the "patient - medical company - contractor" scheme, the first does not have a direct relationship with the contractor, but it has a relationship with the medical company. Therefore, the medical company must have a business agreement on the assignment of processing of patients' personal data with the contractor, the expert noted.
POLITICS IS MORE LIKELY…
Lukash & Partners expert Anastasia Krugova spoke about the main mistakes encountered in personal data processing policies. She reminded that
the operator is obliged to publish a document defining its policy regarding personal data for all personal data subjects whose data it processes
But in practice, this condition is not always met. Of the 14 leading clinics in Moscow and the Moscow region, 10 have posted a document on their websites that describes such a policy, Anastasia Krugova stated. At the same time, two institutions have consent to the processing of personal information. Another two do not have any information on the processing of PD on their information resource.
Medical law expert Angelica Remez called these statistics “quite good.”
Angelica Remez, expert in medical law:
- This information is provided specifically for the leading medical institutions of the capital, which set the tone in the industry. If you look at medium and small clinics, the percentage of lack of information on the processing of personal data will be much higher.
The most common mistakes that medical organizations make when creating a personal data processing policy are: the absence of a list of subjects whose PD is processed, the absence of a list of processed data and operator contacts.
Anastasia Krugova, lukash & Partners:
– For failure by the operator to comply with the obligation stipulated by the legislation of the Russian Federation to publish the operator's policy regarding processing, an administrative fine is provided. For legal entities, its amount may be up to 60 thousand rubles.
|
|
發表於 2024-11-9 11:53:51