CONFEDERAÇÃO NACIONAL DE SAÚDE PRESENTS BEST PRACTICE CODE FOR HEALTH SERVICE PROVIDERS

17 Mar CONFEDERAÇÃO NACIONAL DE SAÚDE PRESENTS BEST PRACTICE CODE FOR HEALTH SERVICE PROVIDERS

Last Friday (March 12, 2021), the Confederação Nacional de Saúde (“CNSáude“) was a pioneer in launching, through its YouTube channel, the Best Practice Code on Data Protection for Private Providers of Health Services (“Code”).

During the event, CNSaúde presented to the National Personal Data Protection Authority (“ANPD“) the Code, prepared with the participation of the National Supplementary Health Agency (“ANS“), hospitals and laboratories, under the academic coordination of Laura Schertel and Danilo Doneda, authors of one of the bills that created the LGPD, and Executive Coordination of Marcos Vinícius Ottoni, General Legal Coordinator of CNSaúde.

The Code is divided into two (2) parts. In its first part, the Code addresses some general aspects related to the LGPD, such as:

(i) General aspects about CNSaúde and the purpose of the Code;

(ii) The LGPD, its principles, legal bases, data subjects’ rights, data processing agents, duties of the data processing agents, information security, best practices and governance;

(iii) Regulatory frameworks on data protection, technology, and health;

(iv) Sectorial regulation of health services (ANS, ANVISA and CFM);

(v) Scope of enforcement of the Law in the health sector; and

(vi) Data life cycle in the health sector.

In the second part, the Code addresses protocols and provides guidance on the conduct to be practiced by private hospitals and laboratories, in order to allow the correct use of patient data and avoid the application of fines due to the non-compliance with the rules foreseen in the LGPD.

The chapters include:

(i) Service protocols on activities involving registration data, medical records, laboratory tests, and telemedicine;

(ii) Protocols related to the sharing of data between healthcare professionals, healthcare facilities, ANS, operators, and other third parties;

(iii) Protocols related to the personal data processed during clinical trials and model form for exercising the data subject’s rights; and

(iv) Information Security Protocol.

The Best Practice Code on Data Protection for Private Healthcare Providers is available here.

This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from Kestener & Vieira Advogados concerning the matters herein addressed. Copyrights are reserved to Kestener & Vieira Advogados.