Abstract
This chapter critically analyses the legal and regulatory framework for electronic health records in Europe and the US. In both parts of the world, the development of electronic health records is evolving quickly. Various approaches have proven to be possible and they have resulted in different electronic health record solutions and regulatory instruments. In Europe governmental bodies have been the driving force behind the development and implementation of electronic health records. Consequently many European countries established a new legal framework simultaneously with the roll-out of government-initiated eHealth structures. In the US the driving force was—up to now—not so much the government, but rather the private sector, in particular insurance companies and healthcare organisations. This resulted in a strong focus on personal health records. In 2009 however, the US government issued the largest stimulus package ever in order to encourage the adoption of electronic health record solutions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
McCarthy (2010).
- 2.
European Council (2000), Presidency Conclusions. Lisbon European Council. 23–24 March, 2000.
- 3.
Communication from the Commission, e-Health—making healthcare better for European citizens: An action plan for a European e-Health Area, 2004 http://ec.europa.eu/information_society/doc/qualif/health/COM_2004_0356_F_EN_ACTE.pdf (last accessed 9 April 2012).
- 4.
A digital agenda for Europe, 26 August 2010, COM(2010) 245; EUROPE 2020—A strategy for smart, sustainable and inclusive growth, COM (2010) 2020.
- 5.
For more information on the planned actions, see: http://ec.europa.eu/information_society/digital-agenda/index_en.htm (last accessed 9 April 2012).
- 6.
The European working group Member States’ Data Protection Authorities.
- 7.
Working Paper nr 131, 17: with regard to the third alternative, the Art. 29 Working Party refers to the French system.
- 8.
Nat’l Alliance for Health Info. Tech. (2008) Defining Key Health Information Technology Terms 6 http://healthit.hhs.gov (last accessed 9 April 2012).
- 9.
Carl (2010).
- 10.
Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (1996).
- 11.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data: http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012) and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm (last accessed 9 April 2012); Kuner (2007).
- 12.
An overview of the status of implementation of the Directive 95/46/EC is available from the European Commission’s website: http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012).
- 13.
Korff (2001); European Commission, First report on the implementation of the Data Protection Directive (95/46/EC), COM(2003)265final, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52003DC0265:EN:NOT (last accessed 9 April 2012); Dumortier (2009).
- 14.
http://www.notisum.se/rnp/SLS/lag/19980204.HTM (text of the new law in Swedish, last accessed 9 April 2012); A short summary of the governmental proposal is available in English at http://www.sweden.gov.se/content/1/c6/01/55/42/24980a18.pdf (last accessed 9 April 2012).
- 15.
Article 29 Data Protection Working Party, WP 136, Opinion 4/2007 on the concept of personal data http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012).
- 16.
Example 12 in Opinion 4/2007 on the concept of personal data.
- 17.
The requirement of a “written” consent (instead of an “explicit” consent as required in Art. 8.2 a) of the European Directive) is probably not compliant with the Directive. In its judgment of 6 November 2003 in Case C-101/01 (Lindqvist), the European Court of Justice, on the question “Can a Member State provide more extensive protection for personal data or give it a wider scope than the directive”, decided “that measures taken by the Member States to ensure the protection of personal data must be consistent both with the provisions of Directive 95/46 and with its objective of maintaining a balance between freedom of movement of personal data and the protection of private life. However, nothing prevents a Member State from extending the scope of the national legislation implementing the provisions of Directive 95/46 to areas not included in the scope thereof provided that no other provision of Community law precludes it”.
- 18.
Processing of Personal Data Protection of the Person Law of 2001.
- 19.
See art 1, par 2, n°1 as opposed to n°2 Bundesdatenschutzgesetz I 1977, 201; See also Beier B (1982) Prototype of the realization of data protection measures in the field of medicine. IEEE.
- 20.
Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions—“A comprehensive approach on personal data protection in the European Union”, 18 January 2011, available online at: http://www.edps.europa.eu/EDPSWEB/edps/cache/off/EDPS/Publications (last accessed 9 April 2012).
- 21.
Art 16 Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, as ratified on 1 December 2009.
- 22.
- 23.
Finnish Act on Status and Rights of the Patients 1992/785.
- 24.
Law Concerning Medical Treatment, WGBO in Dutch, consisting of artt 7:446-7:468 NBW.
- 25.
Nys and Goffin (2008); For more details see http://europatientrights.eu/general_overview_patient_rights_legislation.html?LAN=E (last accessed 9 April 2012).
- 26.
Nys and Goffin (2008).
- 27.
381 U.S. 479, 484.
- 28.
539 U.S. 558.
- 29.
497 U.S. 261.
- 30.
See Whalen vs Roe, 429 U.S. 589, 599 of 1977 and United States vs Westinghouse Elec. Corp., 638 F.2d 570, 577 (3rd Cir. 1980).
- 31.
Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information, Office of the National Coordination of Health Information Technology U.S. Department of Health and Human Services, 15 December 2008, 2–3.
- 32.
Executive director of the World Privacy Form, a US based nonprofit public interest research group, more information is available on their website: http://www.worldprivacyforum.org/ (last accessed 9 April 2012).
- 33.
Hobson (2009).
- 34.
HIPAA of 1996, 42 U.S.C. §1302d; 45 C.F.R. §146.103.
- 35.
McCarthy (2010).
- 36.
45 C.F.R. §160.102.
- 37.
Beaver and Herold (2004), pp. 50–51.
- 38.
Philips (2010).
- 39.
McCarthy (2010).
- 40.
Caldarella (2010).
- 41.
Federal Trade Commission, Enforcing Privacy Promises: Section 5 of the FTC Act, 15 U.S.C. §45, 2006.
- 42.
See for example CVS Caremark Corp., F.T.C. File No. 072-3119, Comp., 18 February 2009.
- 43.
McCarthy (2010).
- 44.
Google decided to end the Google Health application in 2011.
- 45.
Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services, 15 December 2008, preamble.
- 46.
Law of 21 August 2008 establishing and organizing the eHealth-platform, Moniteur belge (Official Gazette) of 13 October 2008.
- 47.
Verhenneman (2011); F. Robben, “De extramurale zorgkluis”presentation at Interministeriële Conferentie Volksgezondheid, 6 juni 2011, available online in Dutch: http://www.law.kuleuven.be/icri/frobben/wp/index.php/presentations (last accessed 9 April 2012).
- 48.
Robben (2010a).
- 49.
Empfehlungen zur ärztlichen Schweigepflicht, Datenschutz und Datenverarbeitung in der Arztpraxis, published in 105 Deutsches Ärzteblatt (DtÄBl.) 19, p. A1026 of May, 9th 2008, available at http://www.bundesaerztekammer.de/downloads/Empfehlung_Schweigepflicht_Datenschutz.pdf (last accessed 9 April 2012) and technical attachment Technische Anlage, available at http://www.aerzteblatt.de/v4/plus/down.asp?typ=PDF%26;id=2316 (last accessed 9 April 2012).
- 50.
art. 291a SGB V.
- 51.
http://www.heise.de/newsticker/Elektronische-Gesundheitskarte-Befreites-Dokument-wirft-Fragen-auf--/meldung/81575 (last accessed 9 April 2012).
- 52.
article 68 of SGB V.
- 53.
So does BKK Bertelsmann.
- 54.
So does KKH.
- 55.
Client Data Act 2007/159.
- 56.
More information about the eHealth Foundation can be found at: http://www.e-tervis.ee (last accessed 9 April 2012).
- 57.
adopted by the Parliament on 20.12.2007 and entered into force on 01.09.2008.
- 58.
Healthcare Insurance Act n°2004-810 of 13 August 2004.
- 59.
Article L. 161-36-1 of the Social Security Code.
- 60.
The CNIL is the French Data Protection Authority, for the advice see: http://www.cnil.fr/index.php?id=2212; http://www.sante-jeunesse-sports.gouv.fr/IMG//pdf/Rapport_DMP_mission_Gagneux.pdf (last accessed 9 April 2012).
- 61.
eSanté France, “The DMP: a project that is structuring the development of e-health in France”, http://esante.gouv.fr (last accessed 9 April 2012); CNIL, “La CNIL authorise le déploiement du dossier médical personnel sur l’ensemple du territoire”, http://www.cnil.fr; France2, “Le Dossier médical personnel lancé jeudi”, 15 December 2010, http://info.france2.fr/france/le-dossier-medical-personnel-lance-jeudi-66405648.html (last accessed 9 April 2012); for more information see: http://esante.gouv.fr.
- 62.
Robben (2010b).
- 63.
The Citizens Service Number is the unique personal number used by citizens in their contacts with government agencies.
- 64.
AORTA is the nationwide information system for the safe and reliable electronic exchange of medical data in the Netherlands, see Nictiz, “eHealth in the Netherlands”, available at: http://www.nictiz.nl/page/Home/English (last accessed 9 April 2012).
- 65.
See for example: Ashish et al. (2009); Halamka et al. (2008); DesRoches et al. (2008); eHealth Initiative, The State of Health Information Exchange in 2010: Connecting the Nation to Achieve Meaningful Use, www.ehealthinitiative.org (last accessed 9 April 2012).
- 66.
Woodcock (2010).
- 67.
Treumann (2010).
- 68.
Woodcock (2010).
- 69.
Health Information Technology: Initial Set of Standards, Implementation, Specifications and Certification Criteria for Electronic Health Record Technology, Final rule, 2010, available at http://edocket.access.gpo.gov/2010/pdf/2010-17210.pdf (last accessed 9 April 2012).
- 70.
Woodcock (2010).
- 71.
American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, 123 Stat. 115, § 13402 (2009).
- 72.
June 2005.
- 73.
dd 29 May 2008.
- 74.
Article 20 of Healthcare Act.
- 75.
Commission Recommendation on Cross-border interoperability of electronic health record systems, 2 July 2008, COM(2008)3282.
- 76.
like CEN, CENELEC, and ETSI.
- 77.
Mandate M/403, for more details see: http://www.ehealth-interop.nen.nl/publicaties/2860 (last accessed 9 April 2012).
- 78.
NHS Scotland (2006) Your Emergency Care Summary. Available online at: http://www.scotland.gov.uk/Resource/Doc/143714/0036499.pdf (last accessed 9 April 2012).
- 79.
Health Information and Self Care Advice for Scotland, www.nhs24.com.
- 80.
Saluse et al. (2010).
- 81.
Health Services Organization Act and Associated Acts Amendment Act, 20 December 2007.
- 82.
Commission Recommendation on Cross-border interoperability of electronic health record systems, 2 July 2008, COM(2008)3282.
- 83.
Communication from the Commission of the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, “A comprehensive approach on personal data protection in the European Union”, 4 November 2010, COM(2010)609.
- 84.
Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions—“A comprehensive approach on personal data protection in the European Union”, 18 January 2011, available online at: http://www.edps.europa.eu/EDPSWEB/edps/cache/off/EDPS/Publications (last accessed 9 April 2012).
- 85.
- 86.
Kroes (2011).
- 87.
Carl (2010).
- 88.
Annulis (2009).
- 89.
American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, §13402 (a) and (b), 123 Stat. 115, 260.
- 90.
Carl (2010).
- 91.
McCarthy (2010).
- 92.
Federal Trade Commission, Health Breach Notification Rule, 16 C.F.R. §318.1, 2009.
- 93.
Annulis (2009).
- 94.
ARRA, §13405 (a) (1) (A); 45 C.F.R. § 164.514(e) (2).
- 95.
A limited data set is a set of protected health information from which personal identifiers are removed.
- 96.
Carl (2010).
- 97.
Kaler (2010).
- 98.
ARRA, § 13405 (d) (1).
- 99.
Kaler (2010).
- 100.
Annulis (2009).
- 101.
Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions—“A comprehensive approach on personal data protection in the European Union”, 18 January 2011, available online at: http://www.edps.europa.eu/EDPSWEB/edps/cache/off/EDPS/Publications (last accessed 9 April 2012).
- 102.
Digital Agenda: Commission signs eHealth agreement with US Department of Health, 17 December 2010, IP/10/1744.
- 103.
Kroes (2011).
- 104.
Digital Agenda: Commission signs eHealth agreement with US Department of Health, 17 December 2010, IP/10/1744.
References
Annulis B (2009) The American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions - Here We Go Again. www.mondaq.com; http://www.mondaq.com/unitedstates/article.asp?articleid=75306 (last accessed 9 April 2012)
Ashish K et al. (2009) Use of electronic health records in U.S. hospitals. New Engl J Med 16, http://www.nejm.org/doi/full/10.1056/NEJMsa0900592#t=article (last accessed 9 April 2012)
Beaver K, Herold R (2011) The practical guide to HIPAA privacy and security compliance. Second Edition, Auerbach Publications, 2011, p. 496
Caldarella J (2010) Privacy and security of personal health records maintained by online health services. Albany Law J Sci Technol 20:203–228, http://www.albanylawjournal.org/articles/Caldarella.pdf (last accessed 9 April 2012)
Carl K (2010) It’s personal: privacy concerns associated with the personal health records. Journal of Law and Policy for the Information Society, Vol.5, 2010, p. 533–603
DesRoches C et al (2008) Electronic health records in ambulatory care – a national survey of physicians. New Engl J Med 359:50–60
Dumortier J (2009) Study on the legal framework for interoperable eHealth in Europe. http://ec.europa.eu/information_society/activities/health/studies/published/index_en.htm#Legal_framework_of_Interoperable_eHealth_in_Europe (last accessed 9 April 2012)
Halamka J, Mandl K, Tang C (2008) Early experiences with personal health records. J Am Med Inform Assoc 15:1–7
Hobson K (2009) Time to switch to an online personal health record? U.S. News & World Report LP (16 September 2009)
Kaler O (2010) Healthcare information privacy, security and technology bulletin, http://www.jdsupra.com/profile/oberkaler_docs/ (last accessed 9 April 2012)
Korff D (2001) Study on the implementation of the data protection directive. Comparative summary of national laws. (Study Contract ETD/2001/B5-3001/A/49), http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012)
Kroes N (2011) eHealth – empowering citizens and improving care. Continua personal connected health European symposium, Brussels (17 January 2011), http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/19%26;format=HTML%26;aged=0%26;language=EN%26;guiLanguage=en (last accessed 9 April 2012)
Kuner C (2007) European data protection law, 2nd edn. Oxford University Press, p 460
McCarthy C (2010) Paging Dr. Google: personal health records and patient privacy. William and Mary Law Rev 51(6):2243–68
Nys H, Goffin T (2008) Mapping national practices and strategies on patients’ rights. In: Vismar M et al. (eds) Cross-border healthcare: mapping and analyzing health systems diversity. European Observatory on Health Systems and Policies. http://www.euro.who.int/__data/assets/pdf_file/0004/135994/e94875.pdf (last accessed 9 April 2012)
Philips S (2010) A legal research guide to HIPAA. J Health Life Sci Law 3(4):134
Robben F (2010a) The eHealth platform as support of high quality healthcare and administrative simplification. International conference on privacy and research - from obstruction to construction, Brussels (22 November 2010). For more information see also www.ehealth.fgov.be
Robben F (2010b) Korte stand van zaken en prioriteiten voor de komende periode. Agoria eHealth Congress, Brussels (in Dutch) (25 November 2010). http://www.law.kuleuven.be/icri/frobben/presentations.htm (last accessed 9 April 2012)
Saluse J et al (2010) Assessing the economic impact/net benefits of the estonian electronic health record system. http://www.praxis.ee/fileadmin/tarmo/Projektid/Tervishoid/Digimoju/Digimpact.pdf (last accessed 9 April 2012)
Treumann J (2010) United States HITECH incentives for electronic health records. www.mondaq.com
Verhenneman G (2011) Personalized healthcare and the exploration of individual health data. J Inst Telecom Prof 5:4
Woodcock E (2010) Understanding the “Meaningful Use” regulations, Sage Software healthcare. www.sagehealth.com
Documents
Communication from the Commission, e-Health - making healthcare better for European citizens: an action plan for a European e-Health Area, 2004. http://ec.europa.eu/information_society/doc/qualif/health/COM_2004_0356_F_EN_ACTE.pdf (last accessed 9 April 2012)
European Council (2000) Presidency conclusions. Lisbon European Council. 23-24 March, 2000
A digital agenda for Europe, 26 August 2010, COM(2010) 245; EUROPE 2020 – A strategy for smart, sustainable and inclusive growth, COM (2010) 2020. see: http://ec.europa.eu/information_society/digital-agenda/index_en.htm (last accessed 9 April 2012)
Working Paper nr 131, 17: with regard to the third alternative, the Art. 29 Working Party refers to the French system
Nat’l Allicance for Health Info. Tech. (2008) Defining Key Health Information Technology Terms 6. http://healthit.hhs.gov (last accessed 9 April 2012)
Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (1996)
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data: http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012)
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm (last accessed 9 April 2012)
The status of implementation of the Directive 95/46/EC is available from the European Commission’s website: http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012)
European Commission, First report on the implementation of the Data Protection Directive (95/46/EC), COM(2003)265final, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52003DC0265:EN:NOT (last accessed 9 April 2012); http://www.notisum.se/rnp/SLS/lag/19980204.HTM (text of the new law in Swedish, last accessed 9 April 2012); A short summary of the governmental proposal is available in English at http://www.sweden.gov.se/content/1/c6/01/55/42/24980a18.pdf (last accessed 9 April 2012)
Article 29 Data Protection Working Party, WP 136, Opinion 4/2007 on the concept of personal data. http://ec.europa.eu/justice_home/fsj/privacy (last accessed 9 April 2012)
See art 1, par 2, n°1 as opposed to n°2 Bundesdatenschutzgesetz I 1977, 201; See also Beier B (1982) Prototype of the realization of data protection measures in the field of medicine. IEEE
Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions - "A comprehensive approach on personal data protection in the European Union", 18 January 2011, available online at: http://www.edps.europa.eu/EDPSWEB/edps/cache/off/EDPS/Publications (last accessed 9 April 2012)
Art 16 Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, as ratified on 1 December 2009
Finnish Act on Status and Rights of the Patients 1992/785
Law Concerning Medical Treatment, WGBO in Dutch, consisting of artt 7:446-7:468 NBW
Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information, Office of the National Coordination of Health Information Technology U.S. Department of Health and Human Services, 15 December 2008, 2-3
Executive director of the World Privacy Form, a US based nonprofit public interest research group, more information is available on their website: http://www.worldprivacyforum.org/ (last accessed 9 April 2012)
HIPAA of 1996, 42 U.S.C. §1302d; 45C.F.R. §146.103
Federal Trade Commission, Enforcing Privacy Promises: Section 5 of the FTC Act, 15 U.S.C. §45, 2006
CVS Caremark Corp., F.T.C. File No. 072-3119, Comp., 18 February 2009
Google, Privacy Policy, available at www.google.com/privacypolicy.html (last accessed 9 April 2012)
Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services, 15 December 2008, preamble
Law of 21 August 2008 establishing and organizing the eHealth-platform, Moniteur belge (Official Gazette) of 13 October 2008
“eHealth in the Netherlands”, available at: http://www.nictiz.nl/page/Home/English (last accessed 9 April 2012)
Nictiz - Dutch national knowledge centre for ICT and innovation in healthcare. http://www.nictiz.nl/
Empfehlungen zur ärztlichen Schweigepflicht, Datenschutz und Datenverarbeitung in der Arztpraxis, published in 105 Deutsches Ärzteblatt (DtÄBl.) 19, p. A1026 of May, 9th 2008, available at http://www.bundesaerztekammer.de/downloads/Empfehlung_Schweigepflicht_Datenschutz.pdf and technical attachment Technische Anlage, available at http://www.aerzteblatt.de/v4/plus/down.asp?typ=PDF%26;id=2316. http://www.heise.de/newsticker/Elektronische-Gesundheitskarte-Befreites-Dokument-wirft-Fragen-auf--/meldung/81575 (last accessed 9 April 2012)
Client Data Act 2007/159
eHealth Foundation: http://www.e-tervis.ee (last accessed 9 April 2012)
Healthcare Insurance Act n°2004-810 of 13 August 2004
Article L. 161-36-1 of the Social Security Code
The CNIL is the French Data Protection Authority, for the advice see: http://www.cnil.fr/index.php?id=2212; http://www.sante-jeunesse-sports.gouv.fr/IMG//pdf/Rapport_DMP_mission_Gagneux.pdf (last accessed 9 April 2012)
eSanté France, “The DMP: a project that is structuring the development of e-health in France”, http://esante.gouv.fr
CNIL, “La CNIL authorise le déploiement du dossier médical personnel sur l’ensemple du territoire”, http://www.cnil.fr
France2, “Le Dossier médical personnel lancé jeudi”, 15 December 2010, http://info.france2.fr/france/le-dossier-medical-personnel-lance-jeudi-66405648.html (last accessed 9 April 2012); http://esante.gouv.fr (last accessed 9 April 2012)
eHealth Initiative, The State of Health Information Exchange in 2010: Connecting the Nation to Achieve Meaningful Use, www.ehealthinitiative.org (last accessed 9 April 2012)
Health Information Technology: Initial Set of Standards, Implementation, Specifications and Certification Criteria for Electronic Health Record Technology, Final rule, 2010, available at http://edocket.access.gpo.gov/2010/pdf/2010-17210.pdf (last accessed 9 April 2012)
American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, 123 Stat. 115, § 13402 (2009)
Commission Recommendation on Cross-border interoperability of electronic health record systems, 2 July 2008, COM(2008)3282
Mandate M/403, for more details see: http://www.ehealth-interop.nen.nl/publicaties/2860
NHS Scotland (2006) Your Emergency Care Summary. Available online at: http://www.scotland.gov.uk/Resource/Doc/143714/0036499.pdf (last accessed 9 April 2012)
Health Information and Self Care Advice for Scotland, www.nhs24.com (last accessed 9 April 2012)
Health Services Organization Act and Associated Acts Amendment Act, 20 December 2007
Commission Recommendation on Cross-border interoperability of electronic health record systems, 2 July 2008, COM(2008)3282
Communication from the Commission of the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, “A comprehensive approach on personal data protection in the European Union”, 4 November 2010, COM(2010)609
Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions - "A comprehensive approach on personal data protection in the European Union", 18 January 2011, available online at: http://www.edps.europa.eu/EDPSWEB/edps/cache/off/EDPS/Publications. www.epsos.eu (last accessed 9 April 2012)
American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, §13402 (a) and (b), 123 Stat. 115, 260
Federal Trade Commission, Health Breach Notification Rule, 16C.F.R. §318.1, 2009
ARRA, §13405 (a) (1) (A); 45C.F.R. § 164.514(e) (2)
A limited data set is a set of protected health information from which personal identifiers are removed
Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions - "A comprehensive approach on personal data protection in the European Union", 18 January 2011, available online at: http://www.edps.europa.eu/EDPSWEB/edps/cache/off/EDPS/Publications (last accessed 9 April 2012)
Digital Agenda: Commission signs eHealth agreement with US Department of Health, 17 December 2010, IP/10/1744
Digital Agenda: Commission signs eHealth agreement with US Department of Health, 17 December 2010, IP/10/1744
Whalen vs Roe, 429 U.S. 589, 599 of 1977 and United States vs Westinghouse Elec. Corp., 638F.2d 570, 577 (3rd Cir. 1980)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Dumortier, J., Verhenneman, G. (2013). Legal Regulation of Electronic Health Records: A Comparative Analysis of Europe and the US. In: George, C., Whitehouse, D., Duquenoy, P. (eds) eHealth: Legal, Ethical and Governance Challenges. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22474-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-22474-4_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22473-7
Online ISBN: 978-3-642-22474-4
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)