Organization and management of sensitive personal health data in electronic systems in countries with implemented data protection laws, lessons to Brazil: A brief systematic review

Abstract

Personal health data has always been a big challenge for governments and health institutions around the world. Similarly, to Brazil, several countries have data protection laws, thus in this paper, we performed a systematic review to answer the question: what are the actions regarding organization and management of sensitive personal heath data in countries with implemented data protection laws that can serve as examples of effective implementations of the data protection law in health systems? A total of 18 studies were included in this review, on outcomes consent and access. Regarding consent, we highlight processes for consent permission for sharing data with physicians or databases, for entering data in electronic medical records and for accessing data for conducting studies. About access: patient portal data, login/authorization for viewing medical data, database infrastructure and unauthorised access. The results showed that there are countries that are quite developed in terms of data protection in health, as we mentioned in the highlights about access and consent, but still we noticed a lack of documents about the work process involved in the implementations of systems rules, registration and permissions, to help other countries that are still starting in the subject as Brazil.