Patient Support Programs increasingly involve the transfer and treatment of highly sensitive personal data with third party service providers.
The services can be the creation of websites and portals which will capture, manage and profile data from patients and health care professionals. The service providers create electronic modules and secured communication portals through which the health care professional is informed about the status and treatment of patient.
This third party cooperation implies more than issues on the basis of data protection laws and the contractual safeguards on that basis. The reality is that professionals who are not in a therapeutic relationship with the patient and not otherwise bound by a medical secrecy obligation, can access to patient and treatment data. Beyond mere contractual obligations, this brings along technical and procedural safeguard obligations. These obligations also arise in relation to other professions bound by professional secrecy obligations.