The Spanish AEPD has published guidelines on patient health data protection.

The guidelines track the requirements of GDPR as applicable to patient data including the obligation to provide adequate disclosure under Article 12 and data subject rights.

Key Takeaways

  • In the field of health care the right to suppression of clinical history data is very limited. This is because this data is meant to guarantee adequate patient assistance; but it is also necessary for judicial, epidemiological, public health, research or teaching purposes as well as for public interest or compliance with legal obligations.
  • Only the healthcare professional can determine whether the health data can be deleted.
  • Access controls must be strictly observed in a hospital setting.
  • A doctor is not authorized to know confidential information of a patient with whom they don’t have a professional relationship.
  • You may ask that your medical information be rectified. However as it’s medical data, it will be the health administration professional that decides if they are rectified.