The legal and ethical aspects of telemedicine. 2: Data protection, security and European law.

The electronic record may be subject to abuses that can be carried out on a large scale and cause great damage. A wide range of data protection and information security measures will need to be taken to ensure the quality and integrity of such records. A European Union directive was formally adopted in 1995 which sets the obligations of those responsible for data processing as well as a number of important rights for individuals. The responsible teleconsultant or medical officer, as the data controller, must make sure these measures are enforced. In the case of the transmission of medical records to another location, the original data controller may remain liable for abuses. But as different elements of the records are spread throughout the different departments of a hospital or across different geographical locations, it may become difficult to ascertain who is responsible for protecting and controlling what. To this end, the designation of liability by contractual means, between the hospital and remote users of a telemedicine network, would be the clearest and most straightforward way of achieving uniformity and predictability in terms of the distribution of responsibility for data protection and security.