欧盟GDPR的健康数据保护及对我国的启示

Protection of health data of EU GDPR and its enlightenment to China

2018年欧盟《通用数据保护条例》(GDPR)的出台,为欧盟境内的健康数据保护建立了全新的框架。通过“与健康有关的数据”“基因数据”“生物识别数据”等敏感数据的界定,GDPR为健康数据提出了高于一般个人数据的处理规则,并规定了医疗机构处理健康数据时应履行的基本义务。分析GDPR具体条文及执法案例对我国医疗机构的个人信息保护实践有重要的借鉴意义。

In 2018,due to the promulgation of the General Data Protection Regulation(GDPR)of EU,a new framework for protection of health data was established within the EU.By defining sensitive data such as"health-related data","genetic data"and"biometric data",in the GDPR,rules for processing health data higher than general personal data are proposed,and basic obligations of medical institutions when processing health data are defined.The analysis of specific provisions of GDPR and law enforcement cases has important reference significance for the practice of personal information protection in medical institutions in China.