Christian Dierks‘ contribution to the volume "Cybersecurity at the hospital", the article „Legal framework for IT-security at the hospital“, explains the background of the Act on the Federal Office for Information Security (BSI Act – BSIG) and regulations defining infrastructures as critical for the healthcare system. It focuses on rights and obligations for hospitals, drug and medical devices manufacturers resulting from this framework and describes measures that are to be taken to fulfill existing legal requirements. The work gives hospital managers and other players of the healthcare system an overview of issues that have to be considered to act legally compliant regarding cybersecurity.
The digital application for the registration of corona patients was not included in the legislative package for the protection of the population after all.
Would it be permissible under data protection law?
The legal framework currently in place in the Federal Republic of Germany for the processing of personal data for research purposes is characterized by a network of standards comprising the DS-GVO, the Federal Data Protection Act, the State Data Protection Acts and the State Hospital Acts with independent regulations on research with patient data. In the normal case of a research association with hospitals under different sponsorship across state borders, the legislative patchwork leads to a variety of regulations that is difficult to overlook. This results in considerable legal uncertainties and disadvantages for the attractiveness of Germany as a research location.
Against the background of this problem, the following legal opinion from Dierks+Company discusses potential options for action to simplify the use of health data for research purposes, some of which have already been implemented with the recent law on the protection of the population (“Bevölkerungsschutzgesetz”).
You can read more about the legal opinion in German on our Publications page.
The legal opinion was prepared by Prof. Dr. Dr. Christian Dierks, with the collaboration of Dr. Philipp Kircher, Charlotte Husemann, Dr. Karsten Engelke, Julia Pirk and Dr. Martin Haase, and is publicly available on the official website of the Federal Ministry of Health.
In the recently published blog on the e-health-com online portal, Christian Dierks responds to the question: Which legal requirements should actually be observed for research with patient data in cross-border clinical research projects?
The blog post with the complete answer is available here (German).