You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Temi
Lithuania: Patients' relatives' data as personal data
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Temi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
Lithuania: Patients' relatives' data as personal data
Page Content
published on 26 May 2022 | reading time approx. 3 minutes
In a ruling adopted at the beginning of March, the Supreme Administrative Court of Lithuania recognised for the first time that personal data are not only the data referred to in patient's epicrisis about the patient himself/herself, but also the data on patient's relatives, even if the latter are not identified by their names.
The situation in dispute arose when a person of legal age who had been admitted to a medical institution during examinations provided to a doctor and data on his relatives. These data were entered in the patient's medical record – an epicrisis – which was transferred from one medical institution to another together with this young man, without ensuring the protection of patient's relatives' personal data.
After the patient's father brought the dispute to court, it was found that the patient's epicrisis contained data such as the patient's father's occupation, position held, his former marital status, his children, and his state of health.
The Court of First Instance held that the above-mentioned data concerning the applicant (the patient's father) constituted the applicant's personal data, notwithstanding the fact that the epicrisis was not drawn up in respect of the applicant but in respect of the medical condition of his son. According to the Court, the latter does not mean that the data contained in the epicrisis are only personal data of the applicant's son.
The Court stressed that the epicrisis must not contain all data provided by the patient, but only those required by the applicable legislation. The epicrisis must include, inter alia, a history of the disease. The medical history shall be limited to the extent that it is relevant to the patient's state of health. The Court noted that the epicrisis, which is a document containing information on the patient's condition and which is intended to be communicated to third parties, is subject, inter alia, to the requirements of the GDPR. This implies an obligation on the controller to provide only the necessary information related to the patient's state of health, considering the necessity, form, specificity, etc. of the data on third parties referred to in this document. The fact that the patient at his/her discretion provides certain information on third parties to the healthcare institution's staff does not mean that this information must be provided in the epicrisis verbatim in all cases, without any assessment of its relevance and correlation to the patient's medical condition.
Taking into account the facts established in the case, the Court held that the requirements laid down in Articles 4, 6, 9 et seq of the GDPR apply to the applicant's personal data referred to in the epicrisis.
The Supreme Administrative Court of Lithuania, examining the case on appeal, agreed with the conclusions and grounds of the Court of First Instance, including, but not limited to that the data on the applicant in the disputed epicrisis were considered to be the applicant's personal data and that their processing was subject to the requirements laid down in the GDPR, and acknowledged that it was appropriate only to supplement the reasoning of the appealed decision.
On that basis, the Supreme Administrative Court of Lithuania additionally noted that the fact that the healthcare institution has chosen to systemize the information according to the applicant's son (patient), that ensuring the data subject's rights would require additional resources (e.g. to find the data on the data subject for whom the information is not systematized; to decide on his/her requests for access to the data, to rectify the data, etc.), are of no legal significance in deciding whether certain information is to be considered as the personal data of the applicant. By not recognizing the applicant's data as personal data, the applicant would be deprived of the possibility of defending his rights and legitimate interests which could be infringed in cases where data concerning his place of work and duties, previous marriage, family relations with his children, etc., be unlawfully made public or otherwise improperly processed, and the defense of his rights and legitimate interests would be dependent solely on the will of another person, namely, the patient in respect of whom the disputed epicrisis had been written.
Such a situation is incompatible with the requirements of the legislation aimed at protecting the fundamental rights and freedoms of natural persons, in particular their right to the protection of personal data.
DATA PROTECTION BITES
Read all releases »
CONTACT
Laima Nevarauskaitė
+370 52 123590
Invia richiesta
RÖDL & PARTNER LITHUANIA
Discover more about our offices in Lithuania.
Read more »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
