After having requested and obtained greater guarantees to protect the data processed, the Privacy Guarantor has given the green light to the draft decree of the Ministry of Health that regulates the processing of personal data within the National Telemedicine Platform (PNT) provided for by the PNRR. The draft decree has accepted the numerous changes requested by the Guarantor. In particular, compared to the first draft of the decree transmitted by the Ministry, the obligation of a preventive impact assessment has been introduced, also in consideration of the nature, object, purposes and high number of people involved.

The draft decree, among other things, specifies the type of data processed and the operations that can be performed, the reasons of significant public interest and the specific and appropriate measures to protect the rights of the interested parties. The services made available by the PNT for treatment and governance purposes, the changes to the regulations of the Health Data Ecosystem (EDS), the roles of the processing and the specific purposes and tasks assigned to the various subjects involved have been identified.

At the request of the Guarantor, particular attention has been paid to technical and organizational security measures to offer guarantees appropriate to the risk. The draft decree provides, among other things, the adoption of suitable measures to mitigate the risk of fraudulent use of digital identities, data encryption using robust algorithms, the introduction of IPS (Intrusion Prevention System), monitoring of security events, management of possible incidents and traceability of operations.

Finally, the Authority highlighted the need to update the “Guidelines for telemedicine services – functional requirements and service levels” approved by decree of the Ministry of Health in 2022 in accordance with the new regulations on FSE 2.0 and the provisions of the European Regulation.

https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/10106920