In Italy, access to medical documents and records, such as prescriptions, held by the Public Health Authority, the Azienda Sanitaria Locale (a local health agency) or other similar public bodies is subject to control limitations in connection with the laws concerning the right of privacy. Italian Law No. 241/90 (article 25) states that there is a general right for individuals and/or companies to have access to administrative documents collected by the Public Administration in carrying out its duties.
In order to view or obtain a copy of these documents or records, the interested party must submit a request in writing, which specifies the type of document or records needed, to the Public Administration office where the record originated or is being maintained. The Public Administration has 30 days to respond to a written request. If the 30 days pass with no notification, the request is considered to be rejected. It is possible to challenge a rejection before the TAR (the Regional Administrative Court) by way of a special and quick judicial procedure which normally takes two months.
In Italy, there is a general right of access to public documents and data for any interested party. Concerning the specific matter of medical documents and data, the general right of access is counterbalanced by the right of privacy.
The new recent Italian Code of Privacy (Legislative Decree No. 196/2003) provides a specific regulation for the processing of sensitive data, including health and medical data. Articles 59 and 60 of the Privacy Code, respectively, stipulate that the access to data is governed by the aforementioned Law 241/90, with the exception of sensitive data. In the case of sensitive data, access is permitted only if the interest of the person who needs the data is equal or superior to the interest of the person involved in the data, or if it corresponds to an inviolable right or principle of freedom guaranteed by the constitution. If these regulations are not met, then access to the documents and data requested will be denied. The Italian judge, in decisions involving sensitive data, usually compares the interest of the applicant with the interest of the person who the sensitive data refers to, in order to decide if the rejection of the request is legitimate.
The Administrative Regional Court of Lombardy’s Decision No. 3263 Dated 31 July 2002
The Law No. 675 dated 1996 (the previous data protection code) is applicable to the access request proposed to the Local Health Authority for obtaining the case history of an under age person and his/her mother (this request was proposed in order to have the right of fatherhood asserted). This law, jointly with the Privacy Authority’s decisions, states that access to the abovementioned documents is admitted only if the documents are to be used for safeguarding, before a court, rights equivalent to the protected right.
The Administrative Regional Court of Lombardy’s Decision No. 261 Dated 21 March 2000
The right of access to administrative documents, provided by Law No. 241 of 1990, prevails on the need for privacy of a third party whenever access is required in order to safeguard and to defend the legal interests of the applicant, except if the request concerns personal data (so-called sensitive data) suitable to disclose ethnic racial origins, religious, political …beliefs, health or sexual orientation of the third party. In this case, article 16.2 of Legislative Decree No. 135 of 1999, states that access is admitted only if the right of the applicant, which should be asserted or defended, is at least equivalent to the right of the person who the information is referred to.
The content of this article is intended to provide a general guide
to the subject matter. Specialist advice should be sought about your
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).