Data concerning your health (medical data) is a part of your private life and protected by the right to private life. This data is considered sensitive and thus requires special protective measures.
Medical data contains information on a person’s state of health and the medical treatment that they have received. The processing of your health data is a restriction of your right to private life and, therefore, must be done only in accordance with the requirements of law.
Important aspects in the context of the protection of your health data are your right to access your medical records and your right to the confidentiality of your health data.
Read more about what medical data is in this Guide.
Access to one’s health data
Every person has the right to receive information about their state of health and the medical treatment they have received.
The Estonian Law of Obligations Act allows patients to review documentation regarding healthcare services they have received. The Health Services Organisation Act allows the patients to access their personal data on the Health Information System.
example If a person is not allowed to take a copy of the results of their diagnostic examination, this is a breach of their right to private life.
Patients have the right to forward data to the Health Information System and request corrections or erasure.
Confidentiality and disclosure of one’s health data
Your health data must be kept confidential. This means that it cannot be unlawfully disclosed to other persons and authorities. Generally, data concerning your health is only allowed to be disclosed with your written consent.
example After a meeting with a patient, namely, you, a doctor entered a crowded elevator and began to study your medical documents in such a way that the contents including your name, surname and diagnosis could be seen by other persons in the elevator. This action does not respect the confidentiality of your health data and may result in a violation of your right to private life.
Article 59-3(3) of the Estonian Health Services Organisation Act allows patients to prohibit access to their health data.
Health data may be disclosed to other persons and authorities in cases specifically allowed by the law.
example The police or a court may access and use individual’s health data for the prevention of crime or to conduct an investigation, etc.
Read more about the disclosure & communication of medical data in this Guide.