Data Protection Resilience in the Healthcare System in Albania

On 9^th March 2023 ASDO organized the third-round table, in collaboration with the Information and Data Protection Officer, with the representatives from the Health Sector in Albania. The topic of the meeting was “Data Protection Resilience in the Healthcare System in Albania“.

This round table was organized in continuation of our work done to improve the Cyber Security and Personal Data Protection in our country. The project “Awareness on cyber security and protection of personal data” is supported by the Swiss Embassy in Albania.

The healthcare industry adopts new technologies quickly. This is particularly true of information technology, which is used to support both doctors and patients and to improve the delivery of healthcare services. There are different IT systems used by the public and private health care institutions in Albania, where patient information, including protected health information, is stored, and of course, there are some applications that are used by patients to monitor their vital signs and to communicate with doctors via mobile. Thus, it has become important to provide the opportunity to discuss how health care sector will enhance the cyber security processes, policies and procedures and what are the basis of building a strong security culture within their organization. The purpose of the meeting is to exchange perceived threats, to promote interdisciplinary discussion, and to propose practical recommendations for the health sector actors in Albania.

The meeting was hosted by ASDO with the presence of Ms. Besa Velaj, Chief of Staff at the Information and Data Protection Officer in Albania, Mr. Emirjon Marku Personal Data Protection Expert and representatives from the main state and private Healthcare providers in Albania.

The meetings started with an introductory word by Ms. Besa Velaj that presented the role and the work of the Information and Data Protection Officer.

Afterwards it was Mr. Emirjon Marku that introduced the audience with the legal framework that protects personal data in Albania and used real life examples to bring to attention the best practices in protecting and safeguarding the personal data of patients. He introduced the criteria for the correct elaboration of personal data in the healthcare sector such as informed consent, protecting the rights and interest of the subject and more. Another important moment was the introduction to the rights of a patient such as: right to access of personal data, the right for blocking, correction and deletion, the right to revoke consent and the right to complain, and how the rights of a patient translate into obligations for the providers of healthcare services.

The meeting continued with the introduction of the main novelties from the law of the protection of personal data such as the right to be forgotten, the importance of the DPO or Data Protection Officer, Binding Corporate Rules, the buildup of safe and secure information systems etc.

In the last part of the meeting, the round table became an open discussion with questions and answers. Questions arose on the existence on obligation to disclose personal information of people who are deceased, or the disclosure of personal data on the interest of public good and the relevance of the instruction 49 of the Information and Data Protection Officer for the Health Sector.