Companies in the pharmaceutical industry generally process health data as part of product development and customer care. Particularly during product tests, surveys, complaints or the creation of statistics, extensive health related information is stored and evaluated. Health data refers to the term of the special categories of personal data, which is considered as particularly worth protecting by the legislator.
The need for protection entails, in particular, increased requirements regarding IT security. Furthermore, it has to be considered that the processing of health data does not breach any confidentiality agreements and disadvantages data subjects. The protection against unauthorized access is in the foreground here.
The extensive processing of health data and the use of various software applications generally make it essential for companies in the pharmaceutical industry to carry out privacy impact assessments. The specific risks for the rights and liberties of data subjects must be determined, assessed and, if necessary, minimized. This new risk-based approach runs through the entire General Data Protection Regulation (GDPR) and is particularly relevant for companies that process special categories of personal data.
MORGENSTERN advises companies in the pharmaceutical industry on the introduction of new software, drafting of consents for processing health data and on the establishment of a sufficiently secure IT infrastructure.