2Lieutenant RN, Hel. Navy, Athens Naval & Veterans Hospital, MSc Health services management H.O.U, MSc Public Health N.S.P.H- Hygienist, PhD-scholar of the Onassis Foundation, Specialty in Infections & Tropical Diseases.
Introduction: EPR is an evolving idea determined as a long-term collection of health care information of patients and populations. EPR has gained a great value in the healthcare environment. Its contribution to the improvement of the quality of health care provision, to the reduction of health services’ costs, and to the increase of productivity and efficiency of health care professionals, justify its importance. Purpose / Objective: The purpose of this study was to explore the general legislative status in Greece, E.U., and USA for the protection of sensitive personal data in the Electronic Patient Record (EPR). Methodology: In preparation for reviewing the literature on the general legislative status in Greece, E.U., and USA for the protection of sensitive personal data in the EPR, a MEDLINE and a GOOGLE search was conducted. Bibliographic review was made with key words “Electronic patient record, sensitive personal data, legislation, security”. Results: Each country in E.U but in America also tries to protect the people’s right for a safe handling of personal data included in an EPR by setting the minimum necessary requirements for each health organization that uses it and by creating laws for the same purpose. Greece, following the instructions by E.U, has already legislated in order to protect the EPR’s sensitive personal data. Conclusion: The determination of ethic and legal guidelines and criteria relevant to the electronic collection, processing, and communication of personal sensitive health data, is vital. A potential disclosure of patient’s personal data puts in risk the relationship between the patient and the physician or nurse but also the one among the members of the entire society since the patient may be afraid or reluctant to trust to reveal critical information that concern not only his personal health but also the public health.
Electronic patient record, sensitive personal data, legislation, security.
The electronic patient record is the collection of all health information and is created for every patient who receives treatment, care, or services at each institution or health network, and is maintained for the primary purpose of providing patient care. In addition, it is used for financial and other administrative processes, outcome measurement, research, education, patient self-management, disease prevention, and public health activities. The record contains sufficient information to identify the patient, support the diagnosis, justify the treatment, document the course and results of treatments, and facilitate the continuity of each patient’s care . EPRs can offer several advantages and some of them are better legibility , simultaneous access for several physicians at different locations . EPRs can optimize the accuracy, completeness, costs and effects of clinical processes and of their results .Therefore, EPRs can provide patient-centered health care. The increasing use of EPRs has brought to the fore concerns about information security and more specifically about the confidentiality of computerized health care data because the diversity of origin and use of health care data create such problems.
The contribution of the electronic patient record towards a qualitative health care, of the reduction of costs of health services, of the increase of efficiency of the professionals of health but also the rests of users of electronic patient health record leads to the recognition of its value and its application and its use in health environment. The better management of information does not only have economically and functional profits, but it improves the quality level of life, as the right information in health matters has decisive impact on the patient care. The automation of all processes that contribute to the benefit of health services, to research and to the reception of critical decisions for the patient’s life, makes imperative the need of safety of the systems of electronic patient records in order to ensure the validity, the reliability, the availability of medical information but also the patient’s right for secrecy of his personal sensitive data that are concluded in those systems. The application and the operation of safe systems of electronic patient records as long with the suitable measures, the use of safety policies, the application of models, the observation of requirements of laws that are imposed by the international but also by the European community are those that will change the culture of the professional users and those that will lead to a secure management of medical data and of personal sensitive patient data and also those they will diagnose in time the problems that will result from no observation of the above .
The objective of each effort for defense of patient’s right of medical and nursing secrecy is to strengthen the confidence of citizens towards the new possibilities of information technologies and also the need for professionals’ use of safety measures. The value of health information that is in the patient’s record goes far beyond the treatment of patients: the medical research, the public health, the planning of services show the profits from their safe use. The electronic patient record is an evolving idea determined as a long-term collection of medical information for patients and populations. It is evident that the patient’s right for confidentiality of his personal data cannot be degraded because of the use of electronic patient record. The application of security policy into the hospital information systems is demanded under law because it must fulfill the demands of safety of the personal sensitive health data as the law 2472 of 1997 compels. So with the combined use of cryptographic tools (algorithms), suitable software, hardware, infrastructures and procedures, it is possible that solutions are offered in order to satisfy the requirements of laws for safety. The Greek legal frame for the electronic patient record is regulated by the legislation that ensures the confidence of communications and the networks as well as the safety of personal data of patient .
Since the creation of the Hippocratic Oath about 400 B.C., protecting the privacy of patients has been an important part of physicians' code of conduct. The worries about confidentiality were exemplified in a legal setting by the Hesse Data Protection Act 1970 and the Swedish Data Act 1973 and the US Privacy Act 1974 which covered federal agencies and set out requirements but without a central data protection authority. In the UK, the Younger  and Lindop  committees considered the issues of privacy in general and data protection in particular and a white paper  was developed as a basis for legislation that did not emerge at that time.
The disclosure of patients’ sensitive information about mental health, sexually transmitted diseases, adolescent care , drug addiction and genetic fingerprints creates many ethical problems . Most professional ethical bodies in Europe give the responsibility for protection of patient records to the health care practitioners. For example, in the UK, the General Medical Council states:
Data protection law in most European countries requires that data be held only for a defined purpose, and for no longer than is necessary . Health data can be used for purposes of administration, audit and performance review but patient identifiers should preferably be removed beforehand so that individual's identity is not revealed by unusual combinations of apparently anonymous data.
Each country in E.U and in USA also tries to protect the people’s right for a safe handling of personal data included in an EPR by setting the minimum necessary requirements for each health organization that uses it and by creating laws for the same purpose. Greece, following the E.U instructions, has already legislated in order to protect the EPRs’ sensitive personal data. In preparation for reviewing the literature on the general legislative status in Greece, E.U., and USA for the protection of sensitive personal data in the EPR, a MEDLINE and a GOOGLE search was conducted.
International legal instruments
• Council of Europe Convention 108
In 1976 the Council of Europe started working on the preparation of a convention on privacy in respect of data processing while the Organisation for Economic Co-operation and Development started at about the same time considering similar issues from the economic, technical and legal point of view rather than from the human rights standpoint. The Council of Europe's work started from Article 8 of its Convention on Human Rights . The development of Convention 108 became a reality. This Convention ‘for the protection of individuals with regard to automatic processing of personal data , established the council's view of the appropriate safeguards in respect of the processing of personal data. It drew on the experience of existing national legislation and legislative thinking which has been signed by 22 countries. In a very real sense Convention 108 has set a standard for data protection issues.
• Council of Europe Recommendation R (81)1
Recommendation R(81)1 On Automated Medical Data Banks , did have some special features that required that medical data banks should have a set of regulations governing its operations and the recommendation specified a minimum set of contents for these regulations. It established the concept of selective access to the identification, administrative, medical and social parts of the medical record and it addressed issues of record linkage. It established the exceptions to subject access as being ‘data banks which are used only for statistics or scientific research purposes’. It, also, allowed erroneous data to be kept after it had been corrected ‘so far as knowledge of the error may be relevant to further medical treatment or useful for research purposes'. The only aspect of the recommendation that proved unworkable as computing facilities became much more widely available was the requirement to give advance public notice of the establishment of a medical data bank.
• Council of Europe Recommendation R (97)5
The Council of Europe's work in the area of biomedicine and bioethics led to the belief that there might be some problems between the requirements of genetic counselling and data protection and they revised the Recommendation on Automated Medical Data Banks. There has been an attempt to summarise the desirable situation for health care in Europe and ensure that staff met these standards in their handling of medical data. Their purpose was to ensure patients that their medical data were uniformly protected. Recommendation R (97)5 on the protection of medical data15 now formally replaces the earlier recommendation and it is likely to become the basis for handling personal health information, including personal genetic information, for a generation. This work was adopted on 12 February 1997. The recommendation concerns all processing of personal medical data except where national law provides other appropriate safeguards in a specific area outside the health-care sector. The status of the Council of Europe's conventions is that of an international treaty, although it is not clear what sanctions might be brought against recalcitrant states. Certainly, this recommendation recommends governments to ensure that its principles ‘are reflected in their law and practice' and to ensure wide circulation of its principles ‘among persons professionally involved in the collection and processing of medical data'. In addition the recommendation deals with the security of personal medical data, its long term retention, trans-border data flows and the use of data for scientific research. It also addresses issues relating to the personal data of unborn children, legally incapacitated persons, unexpected findings in genetic analyses and various permitted exemptions from specific requirements. The recommendation sets out categories of protective control where measures are required as access to installations, handling of data media, access to system memory, utilisation of systems, separation of categories of medical data, access to networking facilities, data entry, transport of data media and back up arrangements. The general approach is similar to the approach in other documents but it is much more detailed in its requirements.
• European Community directive 95/46/EC
The European Community Directive 95/46/EC, ‘On the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data'16 was adopted somewhat earlier than Recommendation R(97)5, on 24 October 1995. Its status is rather different from the convention and the recommendations of the Council of Europe in that the directive is mandatory for all countries within the European Union but its scope is restricted to the legal competence of the European Union law. Member states were required to install legislation implementing the directive by 24 October 1998 but the transition arrangements in Article 32 allowed the full rigor of the national legislation required by the directive to be implemented in stages. The manual ‘personal data filing systems' are allowed until 24 October 2007 to comply fully but the data subject's rights of access, rectification, erasure and blocking appear to start not later than 24 October 2001, assuming that such data are likely to be ‘processing already under way' [17,18,19].
The directive is based on Convention 108 but it goes beyond the requirements of the convention in a number of respects. The convention makes provision for signatory states to extend its scope by applying its requirements to manual information systems or to legal persons but the directive includes manual systems directly by the definition of ‘personal data filing systems'—although with a longer transition period. The security requirements in Article 17 are similar to those required by the recommendation except that the cost of implementing security measures is explicitly included in the process of assessing the appropriate security measures. It allows for the ‘blocking' of personal data ‘which does not comply with the provisions of this directive, in particular because of the incomplete or inaccurate nature of the data'. This provision is a general extension of that established in Recommendation R (81)1 in the second paragraph of section 6.2. Perhaps the most extensive change is the requirement in Article 12(c) that ‘third parties to whom data have been disclosed should be notified of any rectification, erasure or blocking of data' carried out as outlined above ‘unless this proves impossible or involves a disproportionate effort'.
In accordance with the Regulation, personal data have to be:
• processed fairly and lawfully;
• collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
• adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
• accurate and, where necessary, kept up to date (all reasonable steps should be taken to ensure that data which are inaccurate or incomplete in relation to the purposes for which they are collected or for which they are further processed, are erased or rectified);
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are collected or for which they are further processed.
Citizens enjoy legally enforceable rights under the Regulation, such as the right to access, rectify, block or delete personal data relating to them in files held by the Community institutions and bodies.
US courts have found physicians liable for unauthorized release of medical information through the concept of a fiduciary duty of confidentiality in the physician-patient relationship . Physicians who reveal a patient’s personal information to third parties without appropriate justification may be liable for damages if the patient experiences harm as a result of the disclosure. Breach of confidentiality has also been recognized as a malpractice offence because it violates a professional standard of care .
In the United States, a variety of state and federal statutes and common law rules establish legal obligations of physicians to protect patient confidentiality. Many medical licensing statutes include clauses that identify disclosure of medical information as a type of unprofessional conduct. Statutes in a majority of states also grant testamentary privilege to the physician-patient relationship; this privilege allows defendants to constrain physicians from disclosing patient information in a trial or other legal proceeding. In addition to these more general statutory protections, other statutes create special confidentiality protections for specific conditions. Among the conditions granted such protection are alcohol and drug abuse and HIV/AIDS . Federal statutes also provide protection for health information, including information held by federal agencies, by health care institutions operated by the federal government, and by health care institutions participating in Medicare, Medicaid, and other federal health care programs .
Potential threats to patient confidentiality from electronic health care transactions were implemented under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The American "Health Insurance Portability and Accountability Act" of 1996 mandated the development of standards to protect the confidentiality and security of patient medical records . Health Insurance Portability and Accountability Act, was the first national legislation to assure every patient across the nation protection of their health insurance information. Hospitals and providers may use this information only for treatment, obtaining payment for care, and for specified operational purposes like improving quality of care. They must inform patients in writing of how their health data will be used; establish systems to track disclosure; and allow patients to review, obtain copies, and amend their own health information. HIPAA established standards and requirements for the electronic transmission of certain health information (eligibility requirements, referrals to other physicians, and health claims)  HIPAA protects a patient’s rights to the confidentiality of his/her medical information and, for the first time, creates federal civil and criminal penalties for improper use or disclosure of protected health information.
Basic identifiers of the patient’s past, present, or future physical or mental health conditions, including the provision of health services and payment for those services must be confidential. Patients may understand and control how their health information and insurance is used or shared [23,24].
Healthcare providers who transmit health information electronically and even paper format, health plans, and healthcare clearinghouses are required to have a contract with the agencies they do business with so that they would comply with HIPAA regulations. According to Waldo  HIPAA regulations outline four general compliance issues that require organizations to have:
1. Policies and procedures to govern confidentiality, data integrity, and access.
2. Physical safeguards to control access and protect computers system against fire and other disaster.
3. Technical security measures to protect data held in information systems.
4. Technical security measures that protect and prevent interception and access to information sent via network.
HIPAA regulations, require providers to protect the confidentiality, integrity, and availability to patients of ‘‘individually identifiable personal health information’’ in any form, whether electronic, written, or oral. Personal health information includes information that relates to a person’s physical or mental health, the provision of health care, or the payment for health care. The regulations apply to all health care organizations, including hospitals, physicians’ offices, health care plans, employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems, and ‘‘any person or organization who furnishes, bills or is paid for health care in the normal course of business.’’
For disclosures made in error, the HIPAA regulations assess civil penalties of US$100 per violation up to a maximum of US$25,000 per year. Although patients cannot sue privately for a HIPAA privacy violation, the Office of Civil Rights of the Department of Heath and Human Services is responsible for overseeing and enforcing the privacy regulations. Maximum criminal penalties for egregious violations include US$5,000 and 1 year’s imprisonment for wrongful disclosure, US$100,000 and 5 years’ imprisonment for disclosure under false pretences, and US$250,000 and 10 years’ imprisonment for disclosure for profit or malice. In the first year of implementation of the HIPAA privacy rule, the Office of Civil Rights received more than 5,000 complaints of infractions and referred several dozen cases to the Department of Justice for prosecution .
The Joint Commission on Accreditation of Healthcare Organizations (JCAHO), the recognized accreditation agency for US hospitals, has adopted explicit standards requiring respect for patient confidentiality and privacy. Although not legally required, JCAHO accreditation is a practical necessity for most hospitals. Failure to meet established JCAHO standards may jeopardize a hospital’s accreditation. The 2003 JCAHO standards on Patient Rights and Organization Ethics include this statement: ‘‘The hospital demonstrates respect for the following patient needs: confidentiality; privacy;’’ 
Greek institutional frame of safety - The constitutional consolidation of protection of personal data
At the last revision of Constitution was imposed the consolidation of a new, special right of protection of personal data. The new article 9[A] of Greek Constitution 1975/86/01 that was included in the Constitution in the last revision in 2001 defines that «everybody has the right of protection of its personal data from the collection, treatment and use, particularly when done with electronic means ». In the new provision it is described however the intensity of dangers that includes the process of data with electronic means. The protection of personal data belongs in the category of new rights that guarantee the revised Constitution. As this right is corruptible in offences from private individuals, the state cannot be satisfied by the dissuasion of these offences from his bodies, but it should take measures for this aim. The foundation of independent bodies is impressed as innate characteristic of system for the protection of personal data in international texts, binding or not [28,29].
Law 2472/97 on the protection of personal data
Greek law 2472/97 establishes the Community Directive in the internal right and it simultaneously achieves the obligation of Greece that arises from the Constitution of 108 Council of Europe to establish special provisions on the protection of personal data. According to the European Directive 95/46/EK - and Greek law 2472/97- the use of medical data must be made under special regulations. According to the law 2472/97, when the sensitive personal data o each patient is used, the patient has the right:
• To be informed for the information from his file that are going to be used
• To be informed for the purpose of their use and which are going to have access and for how long.
• Ask the correction, or not to use part or all data.
While the obligations of persons in charge for the treatments of data of personal character are the following:
• Notify the Body of Protection of Data of Personal Character about the constitution and operation of such files that have sensitive personal data while in certain cases relative authorization is required.
The twentieth century is characterized by a revolution in provision of health care services. Advances in medical science and management have created an entirely new system of health care. People are not cared for by a single physician any longer. Instead, it is a collective process that includes nurses, many consulting physicians, laboratory technicians, diagnostic technologists and administrative staff. Moreover, a patient is no longer treated by one organization. A person can be admitted to one facility, transferred to another for treatment, and then require extended or home care. Therefore, it is necessary to uniquely identify patients across multiple providers and be able to access their information from multiple locations in order to support continuity of care .
It is well known that EPR is indicative of the advances in medical informatics and allows providers, patients and payers to interact more efficiently. It offers new methods of storing, manipulating and communicating medical information of all kinds, including text, images, sound, video and tactile senses, which are more powerful and flexible than paper based systems but it poses moral and ethical dilemmas to the health care providers by the improper use of personal sensitive data of their patients . In the healthcare environment privacy is particularly important since it enables collaboration between different data owners . Clinicians in all European countries share the view that their responsibility to protect personal data in the health record extends to both manual and electronic records. By any chance revelation of this data places at risk the relationship between the health care provider and the patient which may be critical to the maintenance of public health [33,34,35]. Attention must also be given to how national laws are to be applied in situations where health data are processed in, or transferred between, more than one state. A code of conduct for the protection of personal health data, taking into account the E.U Directive and national laws, as well as ethical codes in each E.U country should be published widely among the health professions in order to encourage local enforcement and further harmonisation between countries. Research on breach incidents in health departments that are under the HIPAA rule found that during the previous year the names, birth dates, Social Security numbers, and disability ratings in some cases of as many as 26.5 million veterans were stolen recently from the home of a Department of Veterans Affairs employee. This theft represents the biggest unauthorized disclosure of Social Security data ever . In 2005 a national Consumer Health Privacy Survey was conducted to unveil the impact of HIPAA Privacy Rules on consumers’ attitudes towards and behaviours around personal health information. 2100 US adults responded to this research and the results showed that despite new federal protections, consumers were still anxious about the privacy of their personal health information and misinformed about their rights under HIPAA . In another 2005 (P&AB and Harris Interactive) survey, the results indicate that the serious concern almost suppresses the benefits of EPR :
- 70% of the people surveyed are concerned that personal health information could be disclosed because of weak data security
- 69% concerned that an EPR system could lead to more sharing of health information without patients’ knowledge
- 47% report that privacy risks outweigh the benefits of EPR
The TA-SWISS study  on computer based Patients’ Records mentioned that their uptake might result in the patients losing trust in health professionals, because they might feel that their privacy has been compromised.
The protection of electronically stored health data is important for Danish citizens also, as shown by the results of a Danish citizen’s conference being held in 2002 for the EPR. The citizens approved that data in EPR is used for research and statistics, but it should be rendered anonymous. And they argue for a code of ethics and discipline in the use of EPR data in research. In Denmark, the citizens who participated in conference under the same theme, mentioned that existing legislation concerning patients’ legal status and protection of personal data maintained in an EPR should be respected, and that he rules for informed consent and the legislation for protection of patient rights . As we have seen above most European countries have relevant legislation, which guarantee data protection and data safety of patients. These, must certainly be maintained, if not reinforced . While technological developments related to EPR have moved rapidly, and countries in E.U but in USA as well have legislated problems are still faced and EPR face a slow and sometimes difficult implementation. It is essential that governments develop compatible policy responses to ensure public confidence in the adoption of EPRs and interoperable EPR systems . It is obvious that patients’ right for the protection of his personal data can not be undermined by the use of an EPR. Vigilance, continuous control, sensitization of users and the reception of suitable, efficient, reasonable and economically bearable measures can ensure the confidential use of personal sensitive data . The citizens prefer services and information adapted to their needs and their requirements, knowing that their right for privacy of their personal life is protected .