Modern requirements for the protection of personal data in medical institutions

personal data stored in medical institutions can be divided into two groups.

personal details , provided at the time of entering into an employment contract with the employer in accordance with the requirements of the Labor Code.

Personal patient data , which are provided at the conclusion of a contract for the provision of paid medical services.

personal information must be secure

currently providing confidential information, holders of personal information necessary to know and remember that they have transmitted information must be secure.This was spelled out in the law of the Russian Federation "On Personal Data» № 152-FZ.At the same time, meeting the requirements of the law "On Personal Data» № 152-FZ, is mandatory for all organizations.

One of the requirements of the Act - the development of the "Regulations on the Protection of Personal Data."From the current practice in medical institutions is desirable to develop two of these "Regulations".One - "The protection of personal data of employees of medical organizations, others -" The protection of personal data of patients. "

employer is obliged to inform the medical staff organization developed the provisions of the protection of personal data by hand, to establish strict control over the execution of their claims, appoint persons responsible for processing the information received, to take measures necessary for the storage and protection of personal data.

When processing personal data of patients should be taken from each patient or his legal representative (parents, grandparents, and so on. D.) Consent to the processing of personal data.Be sure to explain to the patient that his personal data can not be transferred elsewhere without his consent, except in the cases listed in the law "On personal data".

Do I need to notify Roskomnadzor?

consider the question whether or not a medical organization to notify Roskomnadzor (special Fed. Service) of themselves as operators?Some people believe that if the notification, it is thus possible to incur the planned inspection Roskomnadzor.This view is erroneous.

Also, do not be fooled arguments that can not notify Roskomnadzor of themselves, if the personal data received by the employee as a party to the employment contract, processed medical organization to fulfill its obligations entered into an employment contract, a personal card worker, otherpersonnel and documentation are not available anywhere.

Usually, all medical organizations on its website on the Internet spread information about your employee with a photo, but it is dissemination of personal data to which it is necessary to obtain the consent of the employee.In addition, in accordance with Art.79 of the Law on Health all medical institutions are required to provide information on health professionals to inform the public.
These data allow us to identify a particular healthcare professional.Therefore, information about the worker on the site of the medical organization, relates to personal data, which, in accordance with the requirements of the law "On personal data" should be treated and protected, etc., and medical organization, as an operator of personal data before processing should benotify Roskomnadzor.

Remember that for violation of the law "On Personal Data» № 152-FZ provided;

-distsiplinarnaya responsibility (the Labour Code);

-administrativnaya responsibility (Code of Administrative Offences of the Russian Federation "- the criminal liability (Clause 1, Article. 137 of the Criminal Code).

first department of children's medical center" Markushka ».