Developments in the Protection of Personal Data in Electronic or Digital Prescriptions and Medical Records.

The Decree No. 98/2023 approved the regulation of the Electronic or Digital Prescription Law No. 27553 and included provisions regarding the protection of personal data in electronic or digital prescriptions.

Regarding the protection of personal data, the regulation foresees:

1. The compliance with current security standards to guarantee the security, availability, and inviolability of personal data, as a requirement for the validity of electronic or digital documents.

 

2. The obligation of electronic or digital prescriptions and healthcare tele-assistance platforms to:

 

1. 1. Register as responsible for processing personal data, to ensure the security, privacy, purpose, opportunity, veracity, inviolability, and confidentiality of personal dat
   2. Adopt the necessary measures to comply with the Personal Data Protection Law No. 25326, specially to guarantee the data owner the right to access and update the data, and with the Patient's Rights Law No. 26529.
   3. Implement the necessary security measures to guarantee the security, availability, and unalterability of the personal data processed when issuing electronic or digital prescriptions.

 

Meanwhile, on March 16, 2023, through Law No. 27706 the Argentine Single Federal Program for the Computerization and Digitalization of Medical Records was created. The program aims at gradually establishing the Single System for Registering Electronic Medical Records.

The purpose of the system is to store complete clinical histories of patients, from birth to death, in a clear and graspable manner. In this sense, the national authority in charge of applying Law 27706 -which the Executive Branch has not yet appointed- will have to create a protocol for uploading medical records, and design and implement a medical record software complying with the Data Protection Law and with the Patient's Rights Law.

Said system will have to:

• Implement strict conditions and measures for security, integrity, authenticity, reliability, accuracy, intelligibility, conservation, availability, access, and traceability.

 

• Adopt mechanisms for authenticating persons, agents, and health professionals and auxiliaries intervening in the System.

 

• Provide mechanisms allowing the patient to freely access and monitor the System. The patient, as data subject, has the right to always know the information in the electronic medical record.

Finally, if the patient suffers from an incapacity or inability to understand the information, such information must be provided to their legal representatives or legal guardians, in accordance with the provisions in the Data Protection Law.