/ Alessandri and MAS Analytics organized a breakfast on patient data and intelligence in the healthcare industry

The breakfast “Patient data and intelligence in the healthcare industry” was developed with great success, organized by Alessandri Abogados and MAS Analytics. Executives from clinics, medical centers, laboratories, and suppliers in this industry attended.

Macarena Gatica, partner at Alessandri, together with Augusto Miquel, founding partner of MAS Analytics, reviewed the most relevant points of personal data protection and data governance in the healthcare industry. During the conference they analyzed critical data protection issues, both from a legal and data governance point of view, with special emphasis on the sensitive nature of patient data.

The topics discussed were governance and protection of patient data, challenges of interoperability of the clinical records, how to obtain business value with the data, opportunities and new regulations such as the Cybersecurity Framework Law, Oncological Forgetfulness Law and the role of data governance in artificial intelligence.

Macarena Gatica commented that in the bill on personal data, health data is broader: “It is no longer just a matter of whether one is healthy or sick. It goes further, like the DNA and genetic profile of a person.”

One of the guests asked how this is linked to the new Economic Crimes Law, for example, databases managed by workers. Macarena explained that this information is an asset of the company and as such it must be protected and avoided behaviors that cause harm and that in some cases, can also be considered economic crimes. For example, when a company hires a sales executive and allows him to manage, within the framework of his duties, databases of unknown origin, this could constitute a computer crime. “We need a cultural change, a company should not let any worker take a database and should not accept personal data entering the systems without a legal basis. It is recommended to have prevention models, have risk management associated with processing of personal data and identifying which data is required and the purpose for which it will be used. It is essential to train and emphasize the personal responsibility of the worker and have  legal experts teams who can carry out this work thoroughly and comply with the requirements.”

They also commented on the destruction of the clinical records. According to the Law, the health institution must keep it for at least 15 years. After this it may be destroyed. Upon mentioning this, doubts arose again among those present. What happens after fifteen years if you want to use that information for studies or another purpose? Here Augusto Miquel, from MAS Analytics, recalled that, if it is effectively anonymized, it is possible to use that information for statistics or research, “It is no use having the data without a name here and there having something that allows you to identify who the data belongs to.” He highlighted that it is increasingly difficult to anonymize definitively, due to the ease of making crosses and identifying the person.

In relation to the interoperability of the clinical record, the speakers commented that progress has been made. “More than anything, we have to work on setting standards and then when bidding, they are required,” Macarena stressed. To this, Augusto added “it is very complex to unify the information, make it uniform and thereby achieve interoperability. Likewise, you have to think about the access that each worker has and ask yourself if it corresponds, according to their functions, to handle all that data.”

In the case of the Oncological Forgetfulness Law, up to 5 years are considered and then this information cannot be considered in simple terms as pre-existence that implies more onerous conditions.”