El campo cuenta la necesidad de atender experiencias nuevas, el registro de las

(Kluge 2000) distinguishes the generic nature of ethical principles from the differing and sometimes fallible nature of national legislation. The ethical issues outlined in Section 5.11 have contributed significantly to the FHR requirements presented in 6.4. The legislation summarised below has not contributed many new requirements, but is currently influencing health policy on consent to the disclosure of health records in many countries. In some ways an ethical approach is now being derived retrospectively from the legislation, somewhat inappropriately.

EU legislation

The 1995 European Community Directive 95/46/EC took effect for all new processing on 24 October 1998 (On the Protection of Individuals With Regard to the Processing of Personal Data and on the Free Movement of Such Data 1995). The key security requirement (Article 17) states:

"the controller must implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves transmission over a network, and against all other unlawful forms of processing. Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected."

Personal Health Data (Article 8) is classified as "high risk" and requires strong security measures, taking the costs into account, such as encryption services, digital signatures and a Trusted Third Party for the management and certification of the encryption keys. The Data Subject’s right of access (Article 12) is a cornerstone to the legislation, requiring informed consent for the collection of data and facilities for subjects to view and possibly correct the data that is held.

The principal recommendations of the 1997 Council of Europe Recommendation stress the rights and control of the individual over their data (Council of Europe Recommendation R(97)5 on the Protection of Medical Data 1997).

"The respect of rights and fundamental freedoms, and in particular of the right to privacy, shall be guaranteed during the collection and processing of medical data. In principle, medical data should be collected and processed only by health-care professionals, or by individuals or bodies working on behalf of health-care professionals."

The recommendations specify the purposes applicable to medical data, including the provision of clinical care and compliance with statutory requirements. Protection is given to information provided by or relating to third parties. Specific provisions relate to unborn children and to genetic

Chapter 5: Published contributions to the FHR Design data. It also reinforces the requirement for appropriate security measures to be applied to the data. An authoritative review of the requirements, EU legislation and international standards applicable to the security of electronic healthcare records is provided by (Barber 1998).

Data Protection Act

The national legislation that exists across Europe governing the protection of electronic health records (e.g. the Finnish Personal Data File Act (Tervo-Pellikka 1994)) is anchored on the EU Data Protection Directive.

The UK legislation, (Data Protection Act 1998 1998), came into force in 2001 for all new and legacy data and its processing in paper and electronic form (although there are transitional arrangements for paper records till 2007).

The Act states eight Data Protection principles that largely complement the provisions of the EU Directive, and it covers almost all patient information held by the NHS (unless anonymised). Particularly "sensitive" data include racial or ethnic origin, physical or mental health or condition, and sexual life, which constitute most of the data that would be in an EHR.

"Processing" of data is widely defined and covers all manner of use including obtaining, recording, holding, altering, retrieving, destroying or disclosing data; all of these require patient consent. Processing must be necessary for "medical purposes" and, although not defined exhaustively, this includes preventative medicine, medical diagnosis, medical research, provision of care and treatment and the management of healthcare services - but only if the processing is carried out by a health professional or a person with an equivalent duty of confidentiality. Processing without consent is only permitted in order to protect the vital interests of the data subject or another person. The Act also reinforces subject access rights with the exception of anonymised data held for historical or research purposes.

Clearly the EHR needs to permit compliance with each nation’s data protection legislation. The EU Directive discussed above is considered internationally to be of a very high standard, and has largely shaped European national legislation. The author has found that a rigorous ethical approach to the EHR already encompasses most of what would be needed at the level of the information architecture, to meet legislative requirements.

HIPAA

The US Health Insurance Portability and Accountability Act (HIPAA) of 1996 provides a legal framework for public-private partnerships in health care, standards for the uniformity of health care data used in electronic administrative health transactions and standards for the privacy and security of individually identifiable health information (Report on H.R. 3103 1996). (Fitzmaurice 1998)

Chapter 5: Published contributions to the FHR Design describes HIPAA as a simplification of the diverse electronic and paper transactions between purchasers, providers, social security and other statutory bodies across the US.

A set of HIPAA supporting standards has been defined to facilitate the definition of the above messages, and to enhance interoperability. These include: unique identifiers for each individual, employer, health plan and health care provider; code sets for appropriate message data elements; security policies and the use of electronic signatures (HISB Inventory of Health Care Information Standards Pertaining to the Health Insurance Portability and Accountability Act of 1996 1997). This act has sometimes been regarded as the US equivalent of the EU Directives described above, but in fact it is broader in scope, more concrete and more prescriptive. In relation to data protection and the implications for the EHR, this Act has tended to bring the US closer to Europe and does not itself add significant new requirements to those necessary to meet the ethical issues described in Section 5.11 and the EU legislation outlined above.