Poland has recently adopted a new legal
framework for information system in healthcare which aims to fully transform
the healthcare system to introduce the modern e- health solutions. The project which has
received c.a. EUR 200 m funding, mainly from the EU funds, is one of the biggest
challenges not only for the Polish healthcare but as well for the IT industry.
After the project is finished, all information
regarding patients, data about services that were provided to these patients,
financial records and statistics will be stored in several IT registries that
exchange the data. The system is designed to handle all kind of data flows
among the stakeholders e.g. e-prescription as well as on-line access most of
data e.g. to patient’s data by the patient. A telemedicine solutions will also
be implemented.
Among many new concepts that are being
introduced by the reform, the most promising one is an obligation for all
healthcare service providers to implement Electronic Health Record system before August 1, 2014. After this
deadline running medical records in paper-based form will not be possible
anymore. Now, the Ministry of Health and
its branch responsible for the process is at the end of preparations to issue relevant
regulations which will define a detailed specification of standards for
exchange the data among the participants as well as defining the minimal functionalities
that are to be provided by the software. These regulations will cover also requirements
regarding compliance with the appropriate ISO norms regarding IT system’s
security as well as other regulatory technical norms as set out in other legal
acts (e.g. National Rules for Interoperability).
The Act on information systems sets
also some new standards on processing and transmitting personal data in a
secure way, obliging the services providers to achieve compliance with
respective ISO norms.
During the legislation process, Polish DPA raised
several concerns regarding data protection and privacy in the new system. His remarks
were accepted and introduced to the Act, thus at present moment the Act seems
to be compliant with Polish data protection regulations.
The question is wherever outsourcing
or cloud computing will be allowed. According to the Polish DPA, due to the
patient confidentiality regulations by which the medical personnel is bound
with, full outsourcing should not be allowed. However the DPA says, the cloud
computing should be allowed to the provided that rigid safety rules will be
met, e.g. processing will be based on
the written agreement providing adequate level of confidentiality, the data
controller will have full control over data processing, the data will not be
transferred to the non-compliant countries.
Moreover when the Act will be implemented in
2014 there might be a situation when the reform of the Europen data protection
will come into force. The most recent drafts of these regulations impose even
more strict rules regarding processing sensitive data than right now.
The roll out of the new system
brings also many questions about the sources of its financing. For this moment there is no clear answer for
this question. Interested parties may try to obtain funding from the private
sector through the PPP Act or EU grants, however the latter might be difficult,
given that new financing perspective for next few years is still unsure.
Should you have any questions
regarding the topic please email me at Dariusz.czuchaj –at- cms-cmck.com