About PsyCare and GDPR

Personal data protection and full compliance with the new European General Data Protection Regulation (GDPR) are PsyCare’s top priorities. To adequately care for those who rely on us, it is necessary to acquire and exchange certain personal information during use of the service. This information must be managed with the highest levels of security and in compliance with current regulations. To achieve this goal, PsyCare has enlisted the support of professionals and invested in creating a service that complies with the new European General Data Protection Regulation (GDPR). It has also adopted the latest technologies for data storage and encryption. Some of the key actions undertaken by the PsyCare team include the following:

Data masking and encryption – health data is visible only to the doctor conducting the consultation with the patient.

– Masking personal data through the use of alphanumeric codes. This technique allows separating patient identities from related information, thus ensuring their privacy at all times. This process is known in the medical jargon as “de-identification.”

Data encryption algorithms are used and stored on servers located within the European Union and compliant with the highest international standards (e.g., ISO 27001, ISO 27017, ISO 27018, etc.). Technically, the algorithms used are AES 256-bit.

Maximum transparency regarding consent given and the methods of processing sensitive data.

The Ministry of Health recommends obtaining double consent for the processing of personal data for all users upon registration and use of the service. This recommendation has been fully met. Furthermore, users can request at any time both the withdrawal of consent to data processing and the deletion of all personal data, as well as, of course, its modification.

Publication of information on the processing of personal data on the website

At any time the user can ask for further clarifications regarding the processing of data simply by writing tosupporto@psycare.it

PsyCare follows the Ministry of Health’s national guidelines (2012), identifying itself as a “Technological Support Service Center.” Below are excerpts from the national guidelines, with a view to user training on telemedicine.

ACTORS INVOLVED IN TELEMEDICINE

The actors involved in a healthcare act performed via Telemedicine are:

Users

Those who use a telemedicine service. These may include:

– a patient/caregiver (televisit, telehealth)

– a doctor in the patient’s absence (teleconsultation)

– a doctor or other healthcare professional in the presence of the patient (televisit, telehealth cooperation)

The user transmits health information (video, audio, data, signals, images, etc.) and receives the service results (diagnosis, treatment recommendations).

Health care provider

It could be:

– National Health Service facilities, authorized or accredited, public or private,

– NHS workers such as psychologists or psychotherapists who provide healthcare services through a telecommunications network.

The Provider Center receives health information from the user and transmits the results of the service to the user.

Technology Support Services Center

A Service Center is a structure responsible for managing and maintaining an information system through which the Provider Center provides telemedicine services, installs and maintains equipment at remote sites (the patient’s home or specially designated sites), and provides, manages, and maintains communication between patients and doctors or other healthcare professionals.

PsyCare is therefore a technological center that allows timely and easy access to healthcare services.

RELEVANT ASPECTS FOR THE USE OF TELEMEDICINE IN THE NHS

In accordance with the relational organizational model described above, it is possible to identify some relevant aspects for the purposes of systematization and widespread use of telemedicine in the National Health Service;

a) Information and Training Aspects. Information aspects concern the User, who must be appropriately informed about the methods of telemedicine delivery of the service, and doctors or other healthcare professionals, in order to increase acceptance of telemedicine methods. Training aspects concern the User, Service Center, and Provider Center, in order to ensure adequate quality of service. See a more in-depth discussion of these aspects in the following Chapter 4.

b) Procedures for integrating Telemedicine into the National Health Service. These include: i) the criteria for Authorization and Accreditation of the Provider Center for the provision of Telemedicine services privately and/or on behalf of the National Health Service; ii) contractual agreements with the National Health Service. c) Ethical aspects, processing of personal data using electronic means, and professional liability.

INFORMATION

With a view to engaging users participating in the PsyCare portal, the information that the Ministry of Health indicates as necessary for patients and doctors/other healthcare professionals is also explained.

INFORMATION FOR PATIENTS

Healthcare procedures requiring telemedicine must comply with the rights and obligations inherent in any healthcare procedure, but must also take into account the specific requirements associated with them, including patient information. Patients must be informed of the appropriateness and scope of the procedure, as well as the means used and the methods of data storage and processing, in compliance with current legislation (see the information on the processing of personal data on the PsyCare website). The wider diffusion of telemedicine services, and telemonitoring in particular, raises new ethical concerns, especially due to the changing relationships between patients and doctors. Therefore, to ensure acceptance of these innovative service modalities, it is essential that the relationship between providers and recipients of healthcare be defined to take into account the needs of patients who require human warmth and comprehensible, accurate, and reassuring information. In the relationship between healthcare professionals and patients, it is important to ensure that the questions asked and the answers given by the healthcare professional are comprehensible to the patient. To address user concerns and strengthen their confidence, information programs should be implemented to familiarize patients with these new methods and tools, especially since they often involve older people. Such information programs could be developed with the support of the European Commission and the involvement of representative patient, consumer, and healthcare professional organizations, as well as voluntary organizations.

INFORMATION FOR DOCTORS AND OTHER HEALTHCARE PROFESSIONALS

Among doctors and other healthcare professionals (especially physicians), many still suspect that telemedicine could hinder or impact their relationships with their patients. It is therefore necessary to provide doctors with more information about telemedicine, which is seen as a system for simplifying and improving healthcare procedures, especially those aimed at monitoring chronic conditions and making patients’ lives easier, without detracting from the medical process or the doctor-patient relationship.

HEALTH INFORMATION

The health information and outcomes transmitted can be of different types:

• Texts: which usually accompany any other type of data in the form of the patient’s medical history, personal data, etc. – Images: both digitized from analog sources and directly digital, they concern many disciplines (radiology, dermatology, pathological anatomy, etc.)

• Other one-dimensional data: ECG signals and other signals from physiological parameter monitoring

• Video and audio: images from endoscopy, ultrasound, videoconference in patient consultations

Information can be static, which does not change over time (text, images, etc.), or dynamic, which changes over time (audio, video, etc.). The quality of the information transmitted and received must be guaranteed to ensure the quality of services provided through telemedicine compared to those provided through conventional methods.

ETHICAL AND REGULATORY ASPECTS

Ethical Aspects

Telemedicine has significant implications in the delicate ethical sphere, as this different approach to managing interaction and communication between patient and doctor (or, more generally, the healthcare professionals involved) impacts a particular situation for citizens in need of healthcare, the way they establish a relationship with the doctor, and the perception of safeguarding the patient’s dignity. It therefore appears necessary to ensure that the doctor-patient bond of trust can also develop in this new context, including by dedicating the necessary time to meeting the patient’s information needs, well beyond informed consent, which today is sometimes interpreted as defensive rather than engaging in dialogue and sharing with the patient (for example, according to research by the Journal of the American Medical Record Association, if visits last less than 15 minutes, litigation levels are at a certain level, based on the ratio of visit duration to number of cases, while if they last more than 18 minutes, litigation declines dramatically). From the perspective of Telemedicine, this trend might seem the opposite, as Telemedicine tends to “bring” doctors and patients closer together, even if it appears—at first glance—to “distance” the two main centers of interest (doctor and patient). In truth, the reality is much more complex, and this must also be taken into account when applying mediation to Telemedicine practices, given that there are many more centers of interest and that they also include the healthcare facility and the insurance company, which often have different interests from both the doctor and the patient. Finally, interesting prospects arise from the so-called “ethical certification” of the quality and professionalism of doctors and healthcare facilities (public and private). This project is still in its infancy but lends itself to application, especially in Telemedicine, to provide the greatest possible guarantees of reliability to those who, using a remote service, may have greater difficulty ascertaining the professionalism of the provider.

PROCESSING OF PERSONAL DATA AND CLINICAL DATA WITH ELECTRONIC TOOLS

The operations on citizens’ personal and health data required for the provision of Telemedicine services fall within the scope of sensitive data processing carried out using electronic means, which are regulated by the provisions of Legislative Decree 196/2003. The methods and solutions required to ensure data confidentiality, integrity, and availability must, therefore, in any case be adopted in accordance with the security measures expressly provided for in Legislative Decree no. 196/2003 and the related Annex B (Technical Specifications for Minimum Security Measures).

In terms of obligations towards patients, the following aspects are particularly important, also in line with the ethical aspects highlighted above:

a. Information on treatments (examinations, remote transmission, use, etc.) and their purposes/guarantees, as well as, in the case of specific diagnostic-therapeutic pathways, on protocols. It is necessary to develop precise and as uniform (in content) as possible information templates at the national level, as remote services may also be performed in different regions and, potentially, also at the European level.

b. Informed patient consent. Patients must be clearly informed of the information needed to make an informed decision. In the specific case of remote services, it is necessary to assess whether or not repeating consent is necessary for each service, and whether the risks involved should be specifically explained (such as the risks associated with the lack of physical contact and the doctor’s clinical gaze, the impossibility of a complete examination, and immediate intervention in emergencies).

c. Patient rights over their personal data. It is essential to develop increasingly clear and simple methods to respect and guarantee the rights to personal data, especially in the context of telemedicine, which by its very nature involves greater technological complexity and the potential interaction of multiple data processing entities. Furthermore, it is particularly important to analyze and design healthcare processes so as to accurately define responsibilities, tasks, and functions, in accordance with current legislation, and identify appropriate organizational and technological solutions that allow for accountability and access to information only to those authorized to use it.