Dumitrescu [Abstract]

Processing of personal and medical data by judicial institutions in the context of the enforcement of Regulation EU 2016/679 – General Data Protection Regulation (GDPR)
[Full text]

Radu-Mihai Dumitrescu [1]

Abstract: The protection of patients’ personal and medical data has always been an important subject for medical practice, with explicit regulations being implemented. Whether we are talking about civil and criminal codes or laws governing the medical profession, they all seek to protect fundamental human rights. The confidentiality of medical data is maintained even after the death of the patient, this aspect being governed since the profiling of the physician profession through the Hippocratic Oath. Discussions on privacy and confidentiality occupy an important place in sociological, medical, legal, ethical and anthropological literature.

There are references to the benefits gained by improving accessibility to data as they migrate to computer environments. Along with the technological evolution, all of this data has been transferred to electronic systems. A major concern with the trend towards electronic health records focuses on protecting privacy and patient confidentiality (Vanderminden and Potter, 2016). Data transfer, as well as their processing through many computer systems belonging to different public and private entities, brings new challenges at the individual and social level. Under the protection afforded by the right of individuals to access to information and the current tendency to ease access to information, a number of institutions have created online portals that manage a huge amount of data. The way these data are processed in accordance with the rights of the individual remains an issue that is not fully resolved.
On the occasion of a doctoral research on medical malpractice, I conducted the interrogation of the portal of Romanian courts (http://portal.just.ro). A huge amount of data can be obtained easily in a short time. In the context of the expected impact of the implementation of the GDPR (General Data Protection Regulation) in relation to the functioning of the public institutions, I conducted a qualitative research looking at how medical data and personal data are managed by the courts. Decisions of the courts published in the jurisprudence section have been analyzed.

The paper analyzes the compliance of the judicial public institutions with the data protection legislation considered in the paradigm of institutional logic. We can assume that the individualistic principle exercised by the professional institution (the medical profession) can conflict and require a balancing with the utilitarian, collective principle, which can explain some of the state institution’s actions (courts of justice).

GDPR aims to reinforce existing legal provisions. GDPR does not seem to bring about changes in the substance of laws or doctrines on data confidentiality, but appears to be a form of supra-state control. The way in which GDPR will influence policies and practices regarding the processing of personal and medical data will be analyzed with the passage of time.

Keywords: Personal data, medical data, medical malpractice, privacy, GDPR

[1] Faculty of Sociology and Social Work, University of Bucharest, Bucharest, Romania, dum_mihu@yahoo.com