Poland has recently adopted a new legal framework for information system in healthcare which aims to fully transform the healthcare system to introduce the modern e- health solutions. The project which has received c.a. EUR 200 m funding, mainly from the EU funds, is one of the biggest challenges not only for the Polish healthcare but as well for the IT industry.
After the project is finished, all information regarding patients, data about services that were provided to these patients, financial records and statistics will be stored in several IT registries that exchange the data. The system is designed to handle all kind of data flows among the stakeholders e.g. e-prescription as well as on-line access most of data e.g. to patient’s data by the patient. A telemedicine solutions will also be implemented.
Among many new concepts that are being introduced by the reform, the most promising one is an obligation for all healthcare service providers to implement Electronic Health Record system before August 1, 2014. After this deadline running medical records in paper-based form will not be possible anymore. Now, the Ministry of Health and its branch responsible for the process is at the end of preparations to issue relevant regulations which will define a detailed specification of standards for exchange the data among the participants as well as defining the minimal functionalities that are to be provided by the software. These regulations will cover also requirements regarding compliance with the appropriate ISO norms regarding IT system’s security as well as other regulatory technical norms as set out in other legal acts (e.g. National Rules for Interoperability).
The Act on information systems sets also some new standards on processing and transmitting personal data in a secure way, obliging the services providers to achieve compliance with respective ISO norms.
During the legislation process, Polish DPA raised several concerns regarding data protection and privacy in the new system. His remarks were accepted and introduced to the Act, thus at present moment the Act seems to be compliant with Polish data protection regulations.
The question is wherever outsourcing or cloud computing will be allowed. According to the Polish DPA, due to the patient confidentiality regulations by which the medical personnel is bound with, full outsourcing should not be allowed. However the DPA says, the cloud computing should be allowed to the provided that rigid safety rules will be met, e.g. processing will be based on the written agreement providing adequate level of confidentiality, the data controller will have full control over data processing, the data will not be transferred to the non-compliant countries.
Moreover when the Act will be implemented in 2014 there might be a situation when the reform of the Europen data protection will come into force. The most recent drafts of these regulations impose even more strict rules regarding processing sensitive data than right now.
The roll out of the new system brings also many questions about the sources of its financing. For this moment there is no clear answer for this question. Interested parties may try to obtain funding from the private sector through the PPP Act or EU grants, however the latter might be difficult, given that new financing perspective for next few years is still unsure.
Should you have any questions regarding the topic please email me at Dariusz.czuchaj –at- cms-cmck.com