7
Article 19
Patient’s right to prohibit sharing of information on him/her by
connection of health information system.
A patient or his/her representative can prohibit the sharing of data about him/her by connected health
information systems. The prohibition can apply to sharing of all electronic health data on a patient stored
in a specific health information system. The prohibition may also apply to specific health data in the
electronic health record of a patient at a healthcare facility or the premises of a self-employed healthcare
practitioner, e.g. health data stored at specific departments or units in a healthcare facility or premises, in
so far as this is technically practicable for the guardian of health records in question, cf. regulations issued
by the Minister under Article 24. The patient or his/her representative can also prohibit specified parties
from gathering information on him/her by connected health information systems.
Should a patient or his/her representative prohibit sharing of his/her health data by connected health
information systems in a specific instance, the healthcare practitioner responsible for the patient’s
treatment shall inform him/her, as applicable, that the treatment may be rendered less effective than it
would otherwise be, as comprehensive information on him/her cannot be gathered. A patient’s decision to
prohibit connection in a specific instance shall be recorded in his/her health records.
A patient’s decision to prohibit all sharing of health data under the first paragraph by connected health
information systems shall be communicated to the supervisor of health records. The decision shall be
submitted in writing, and confirmed by a healthcare practitioner, who also confirms, as applicable, that it
has been explained to the patient that, by this decision, treatment which the patient may later require may
become less effective than it would otherwise be, as it will not be possible to gather comprehensive
information on the patient by connection of health information systems. The supervisor of health records
is then responsible for honouring the patient’s prohibition of connection of health information systems and
for health data about the person in question not being accessible by connecting the system with another
health information system. A patient may at any time revoke the prohibition of sharing of health data on
him/her by connected health information systems. A patient’s decision to revoke the prohibition shall be
confirmed by two healthcare practitioners, and submitted to the supervisor of health records.
The Minister may make further provision in regulations for the patient’s right to prohibit sharing of
health data on him/her by connected health information systems.
SECTION VI
Joint health information systems.
Article 20
Joint health information systems.
Two or more healthcare facilities or premises of self-employed healthcare practitioners may, with the
consent of the Minister, enter and store health records of patients treated by them in a joint health
information system.
The Minister’s consent under the first paragraph shall only be granted if a joint health information
system is demonstrated to be conducive to enhancing the security of patients in their treatment. The
Minister may make impose such conditions as he/she deems necessary upon his/her consent under teh first
paragraph, in order to ensure high quality of entry and storage of health records, and protection of health
data. The Minister’s consent shall also be subject to the following conditions:
1. That the conditions of the regulations issued under Article 24 on entry of electronic health records
and health information systems are met.
2. That the Data Protection Authority has confirmed that security of personal data in the shared
health information system is ensured in accord with the Act on the Protection of Privacy as
regards the Processing of Personal Data (Data Protection Act) and with Data Protection Authority
rules on security of personal data.