The technological and regulatory revolution in the healthcare industry, combined with the disorderly passage from paper to digital, has accentuated the fragility of healthcare organizations from the point of view of compliance and security. 

The Electronic Health Record, defined as “the collection of health and social data and digital documents generated by current and past clinical events involving the patient, within the scope of all national healthcare structures (including private ones), set up by regional/local authorities” is a fundamental tool for protecting citizens’ health.

EHRs can, indeed, contain important information for optimizing the care given, such as medical and pharmaceutical prescriptions, bookings, medical records, medical reports, discharge forms, and medical certificates issued by any healthcare structure (regional or national), and can be updated by medical personnel throughout Italy.

It is a set of health data processed electronically, which involves significant responsibilities for healthcare organizations: while from a security point of view it will be necessary to ensure the confidentiality, integrity and availability of the information, from a privacy compliance perspective it will be necessary to take into consideration all the new regulatory aspects from the point of view of protection of personal data, such as correct management of data subject consent (required to populate the EHR) and policies.

What security measures are required to protect the information contained in the EHR? And what privacy measures are required to manage it?