The e-health revolution in Poland

Poland has recently adopted a new legal framework for information system in healthcare which aims to fully transform the healthcare system to introduce the modern e- health solutions. The project which has received c.a. EUR 200 m funding, mainly from the EU funds, is one of the biggest challenges not only for the Polish healthcare but as well for the IT industry.

After the project is finished, all information regarding patients, data about services that were provided to these patients, financial records and statistics will be stored in several IT registries that exchange the data. The system is designed to handle all kind of data flows among the stakeholders e.g. e-prescription as well as on-line access most of data e.g. to patient’s data by the patient. A telemedicine solutions will also be implemented.

Among many new concepts that are being introduced by the reform, the most promising one is an obligation for all healthcare service providers to implement Electronic Health Record system before August 1, 2014. After this deadline running medical records in paper-based form will not be possible anymore.  Now, the Ministry of Health and its branch responsible for the process is at the end of preparations to issue relevant regulations which will define a detailed specification of standards for exchange the data among the participants as well as defining the minimal functionalities that are to be provided by the software. These  regulations will cover also requirements regarding compliance with the appropriate ISO norms regarding IT system’s security as well as other regulatory technical norms as set out in other legal acts (e.g. National Rules for Interoperability).

The Act on information systems sets also some new standards on processing and transmitting personal data in a secure way, obliging the services providers to achieve compliance with respective ISO norms.

During  the legislation process, Polish DPA raised several concerns regarding data protection and privacy in the new system. His remarks were accepted and introduced to the Act, thus at present moment the Act seems to be compliant with Polish data protection regulations.

The question is wherever outsourcing or cloud computing will be allowed. According to the Polish DPA, due to the patient confidentiality regulations by which the medical personnel is bound with, full outsourcing should not be allowed. However the DPA says, the cloud computing should be allowed to the provided that rigid safety rules will be met, e.g.  processing will be based on the written agreement providing adequate level of confidentiality, the data controller will have full control over data processing, the data will not be transferred to the non-compliant countries.

Moreover when the Act will be implemented in 2014 there might be a situation when the reform of the Europen data protection will come into force. The most recent drafts of these regulations impose even more strict rules regarding processing sensitive data than right now.

The roll out of the new system brings also many questions about the sources of its financing.  For this moment there is no clear answer for this question. Interested parties may try to obtain funding from the private sector through the PPP Act or EU grants, however the latter might be difficult, given that new financing perspective for next few years is still unsure.

  

Should you have any questions regarding the topic please email me at Dariusz.czuchaj –at- cms-cmck.com

Back To Blogging, What A.D. 2013 Will Bring to Polish IT Laywers

So... I decided to start blogging in English, becoming again a prudent chef of the IP Law Poland Blog. Since my last blogging activity a lot of things change in my life including “hello  - world” from my two lovely kids, Robert (4) and Aleksandra (2). Moreover after pursuing for many years my solo legal practice which was more devoted to the business transactions, I came back to the roots, the IT/IP law which was always the area of my top personal interest and fascination. It was also a good decision to join almost a year ago to the Warsaw IP/TMT team of CMS Cameron McKenna, led by talented Tomasz Koryzma. Ladies and Gents, let’s have a cookin’ session tonight, the bar is open !  

One 2012 cocktail please ! What happened in 2012... 

Among IT projects the most interesting seems to be the start of the implementation of the complex e - health system, that will be implemented in the healthcare sector. The project, worth c.a. $ 300 million has been co-funded by the European cohesion funds.  Go – live of the whole project is envisaged for August 2014 when all healthcare providers will have to run electronic health record systems (ERH) and exchange the documentation by electronic means. This is a great challenge for all participants with respect to the data management and data protection and the clock is already ticking…    

The IT wind went also through energy industry which has been a subject of legislative changes aimed at introducing more competition to the energy sector. There were several public tenders for billing systems for energy providers of a quite big value, some of them are still undergoing.

Many legal changes resulted from the EU law obligations, including Act on re – use of public information which was brought into force with a huge delay and after receiving of many bitter words from the European Commission and the NGO’s.

An important change for Polish telecom clients is a thick amendment to the Telecommunication Act, aimed at providing better protection of a telecom customer. The new law is binding since December 2012. This change included also a new “cookie law”.  According to the new rules, the cookies for the Polish cookie – eaters should be served by a prior acceptance of browser user, however such user may express his or her consent by setting up a browser “properly”.  How this will work in practice - we will see. 

After fierce reaction of the society for governmental talks-behind-the-closed-doors when negotiating international agreements (just to mention thousands of protesters on anti-ACTA marches in the major Polish cities) the Government become more open for public control. 

A strong shake for 2013?

I believe that 2013 will bring several important changes to the Polish law  including a new regulation of notice and takedown procedure under Act on providing services by electronic means. This change may have important consequences for the whole e-industry running business in Poland. The Government declared that the idea behind the change is to provide full protection to  the online service providers against claims resulting from the IPR infringements.  Some of the market players said however, that this protection may lead to the increased Internet piracy rate.

In regard of personal data protection, the adoption of FATCA agreement by the US government will probably be the most challenging issue for Polish financial institutions. According to Polish Data Protection Act in such case a consent of the data subject will be required to send data to U.S. based recipient. Due to the fact, that data subject will be forced in fact to express his or her consent on data transfer, the matter will bring a lot of controversy. Bearing in mind the anti – ACTA protests the chance of concluding the international treaty between Poland and the US Gov seems to be unrealistic.

Apart of that all privacy lawyers will wait for a final draft of the new European regulation on data protection. In Poland the common opinion is that Polish Data Protection Act does not provide answers for many important questions resulting from progress and changes of technology used for data processing. The rumors say that if the Regulation will not become a binding act there will be a change of Polish regulations in order to modernize them. It must noted also that Polish privacy laws are painfully restrictive in regard of the cloud computing, especially when personal data are being transferred aboard to non-EEA countries.

There are many more interesting projects and law changes for 2013, however the idea behind this first in 2013 post was different – to say hello after many years of silence to the blog readers and to give them a short update from snowy Poland J

Ministry of Culture has just published five instructions on the ACTA negotiations dated on 2008 . The government declares a publication of all ACTA-related documents within few weeks.

No to ACTA says Polish Prime Minister

Prime Minister Donald Tusk decided to suspend the ratification process of ACTA. The document was signed January 26, 2012 by the Polish ambassador to Japan, Jadwiga Rodowicz.

Data Protection Commisioner will keep an eye on Google Street View Service

GIODO, the Polish authority responsible for protecting our personal data has published a short opinion on Google Street View service. In the opinion of the Commissioner the service cannot be prohibited a limine, but Google will be observed by GIODO. Some commentators viciously noted that GIODO is observed by Google by itself - the new web page of this governmental agenda uses Google Analytics script to monitor the traffic on the page ... Apart of that GIODO uses Google search bar on the front page with the Google logo on it. Personally I share the opinion that GIODO has no formal competences to act in this case. The Act on the protection of personal data limits the scope of GIODO’s power to the personal data protection, which does not cover the privacy issues. The latter may be the subject of protection given under civil code which defines privacy as a legal right, protected through civil remedies.

Polish privacy and data protection guidance

If you are looking for some advice on Polish priacy and data protection laws, please visit website about data protection in Poland.

Before you copy "some" code or "some" macros

What constitutes software copyright infringement ? How much can you copy from other programs ? Can you copy 50 lines out of 500.000 ? Get more information how this matter was handled by the US courts from the post written by Tomasz Rychlicki on his blog.