6 Rules for the correct processing of personal data of patients in the medical record


Adapt the solutions to the local conditions. You should guarantee anonymity, but also keep in mind that the solutions used should not endanger the patient’s health or life. You might say: use common sense!

Think about your right (as a medical unit) to establish or verify a patient’s identity. You have the right to request an identity card!   

Clearly identify the area where the patient may be (or the patient in care provision). For example, stick an adhesive tape in front of the check-in station or separate the room with a partition / plexiglass (in case of different check-in locations).

Inform patients about this: provide clear information about the registration rules next to the “window”. Write in friendly language, for example: For the protection of personal data, we require that only one person be present at the registration office. Thank you for following the rules.

Provide a comfortable place for others. Place armchairs or chairs away from the recording. This way, you limit the number of people who are close to enrolling.   

Apply these rules. Don’t count on your patients to follow the new rules right away. Especially when they were used to other solutions – in most of the records I know, there was usually a table around the counter or counter. One thing is to build new habits. The change will only be possible if you prepare the registration staff for this, for example, by teaching them new behaviors.

In practice, this means that it can be difficult at first and there can even be conflicts. Therefore, in addition to introducing procedures, think about employee training. Then you both care about the protection of personal data and the high quality of patient service.

Medical facilities should pay particular attention to the security of their patients’ personal data due to the processing of sensitive data, ie a specific category. Unfortunately, such entities have often not adopted adequate procedures to increase data security, as well as an adequate training system for employees and associations, which are the weakest link in the security system.

Both large hospitals and small clinics provide daily services to many people, which means that they become administrators of their sensitive data. The responsibility for the processing of this data, as well as for the fact that it is not leaked anywhere, lies primarily with the administrator of personal data. However, on the first line of data protection is the doctor, but also the one who orders the processing of data within the facility (for example, a secretary).