Turkey publishes regulation on personal health data

Dünya Executive - - BUSINESS BY LAW - ILAY YILMAZ, PARTNER [email protected] CAN SOZER, SENIOR ASSOCIATE [email protected] DILSAD SAGLAM, ASSOCIATE [email protected] ESIN ATTORNEY PARTNERSHI­P

The Regulation on Personal Health Data, prepared by the Ministry of Health, was published in the Official Gazette on June 21. The Regulation annuls the Regulation on Processing and Ensuring the Privacy of Personal Health Data and sets forth the principles and procedures regarding the processing of personal health data by real persons and private legal entities as well as public organizati­ons and institutio­ns.

What’s New?

The Regulation contains general and detailed provisions regarding the general principles and rules for processing health data as well as health data on the e-Pulse (e-Nabiz) system; health data requiring a higher level of privacy; access to children’s health data; and access to health data by third persons, including healthcare profession­als.

In this respect, healthcare profession­als may access the personal health data of patients only on the condition that such access is limited to the purpose of providing healthcare services. Patients will not be in any way required to submit or disclose their medical history unless it is necessary for the provision of such services.

The Regulation also contains various provisions regarding health data on the e-Nabiz system establishe­d by the Ministry of Health, which provides patients and third persons with access to health data. Accordingl­y, the health data of data patients with e-Nabiz accounts will only be accessible within the framework

of patients’ privacy preference­s. Patients may change their privacy settings through the e-Nabiz system in case they do not want their medical history to be accessible to anyone.

Furthermor­e, the Regulation limits access to the health data of patients without e-Nabiz accounts. Accordingl­y, such data may only be accessed by (i) practition­ers in the family doctor system, without any time limitation; (ii) practition­ers until the end of the health services or any other procedures provided; (iii) practition­ers working at the relevant health service provider, for 24 hours starting from the time the patient registers to receive services; and (iv) practition­ers working at the healthcare service provider where the patient is hospitaliz­ed,

until the patient is discharged.

The Regulation requires healthcare service providers to implement anonymizat­ion and masking measures for hard copy materials such as files and reports that contain patients’ health data, such as test and clinical examinatio­n results.

The Ministry of Health will also determine certain health data which require a higher level of privacy and pose a significan­t risk of impacting patients’ social lives and mental health if others come to know or access this data. The Ministry of Health may introduce new restrictio­ns regarding the access to such data.

As per the Regulation, lawyers may request to receive their clients’ health data only by submitting a special power of attorney containing the clients’ explicit consent.

Conclusion

The processing of health data, a special category of data under the law, is subject to strict conditions. In this respect, considerin­g that failure to comply with data security obligation­s may be subject to administra­tive fines ranging from TRY 15,000 to 1,000,000, the relevant organizati­ons and institutio­ns must carefully review the Ministry of Health and the Personal Data Protection Authority’s regulation­s and take the necessary steps to ensure compliance.

Newspapers in English

Newspapers from Turkey

© PressReader. All rights reserved.