Article Preview
TopIntroduction
The fundamental right to data protection unlike the right to respect for privacy, although both aim at offering an effective constitutional protection of both personal and family private life, ascribe a range of competences to the owner. These consist of legal power to impose to someone else the execution or omission of certain behaviours whose specific regulation must be set by law, either by developing the fundamental right to data protection, either by controlling its exercise. The peculiarity of the fundamental right to data protection with regard to the right to respect for privacy is its different function, therefore, meaning that both its objective and content also differ (Spanish Constitutional Court, 2000).
Therefore, it is not enough to establish an obligation of secrecy to the health professionals who have access to the patients’ medical records, nor is it to establish measures in order to keep the anonymity of the owner of the data that they use in their many welfare or research works. When processing personal data contained in the clinical documentation, we must be able to provide their owner with the effective exercise of that controlling power regarding its use by those professionals that need it in performing their duties.
Besides, it is important to consider that the data used within health activities belong to particularly sensitive data categories (EU, 1995), which must have a special protection. The processing of health data shall generally require the explicit consent of the owner with evidence in writing, as well as introducing special security measures to prevent the change, loss or non-authorised access.
The Spanish law provides that the essential use of clinical documentation is to guarantee an adequate attention to the patient, thus the access to it should be available to those health professionals that diagnose or treat such patient (Requejo, 2003).
The analysis of the previous legal requirement can be made from very different angles:
- 1.
It triggers the obligation to have medical records of each patient as well as gathering all the relevant information about their health condition. The existence and content of the medical records are not arbitrary, nor are they left to subjective opinions of professionals, who take part in their preparation.
- 2.
The fact that the records must be available to those health professionals that take part in the diagnosis or treatment of the patient triggers new obligations of very different kind:
- a.
Professionals cannot reserve information to their sole knowledge. If a piece of information is relevant to acknowledge the patient’s health condition, this shall be reflected in the medical records and available to any health professional that has a care relationship with such patient.
- b.
Medical records must focus on unification, avoiding the existence of information scattered in different healthcare institutions where the patient may go, or even within the same institution. All the relevant information about a patient’s health condition, independently of where and when it has been gathered, must be integrated in a single medical history.
- c.
The fact that medical records are available to those health professionals that take part in a patient’s treatment triggers the obligation to establish procedures and guarantees which prevent anyone (health professional or not) not taking part in the diagnosis or treatment from accessing it.
- d.
From the patient’s point of view, the command of availability of medical records to those professionals in charge of the treatment triggers the right to oblige them to access the medical records, independently of when and where the information contained in them was gathered.
Section 2 of the analyzed legal requirement establishes that every healthcare institution shall lay down the methods that enable access to every patient’s medical record by the professionals treating them at any moment.