Home » News » Coronavirus in Mexico: INAI issued recommendations on the management of patient data to ensure their safety

Coronavirus in Mexico: INAI issued recommendations on the management of patient data to ensure their safety

In the cases of COVID –19 that have arisen in our country, the l National Institute of Transparency, Access to Information and Protection of Personal Data (INAI) has issued a series of recommendations for the treatment of personal data related to possible or confirmed cases of the disease.

These suggestions issued by the institute are intended to prevent security risks and respect privacy of the affected people, as well as their families.

The agency clarifies that it is important to remember the institutions and providers of public and private health services, as well as the general population, that data related to a person’s present or future health status identified or identifiable are considered by data protection laws, such as sensitive personal data.

It is clarified that as a general rule all public and private health institutions they must have strict control over the information of their patients and that any treatment of said data requires the express written consent of the owner, except in exceptional cases such as when there is an emergency situation that could potentially harm the individual.

It is for this reason that those responsible and in charge of the public and private health sector that process personal data related to COVID-19 cases, must have strict administrative, physical and technical security measures to avoid any loss, destruction, theft, loss, use or access, damage, modification or unauthorized alteration; in addition to complying with the principles, duties and obligations established in the laws on the protection of personal data in force, except in the exceptional cases provided.

The recommendations for the responsible Institutions and public health service providers are as follows:

The measures taken in response to COVID-19 that involve the processing of personal data that includes health data, must be necessary and proportional, taking into account the guidance and / or instructions of the Ministry of Health and competent authorities.

Institutions and providers of public and private health services, they should collect only the minimum personal data necessary to achieve the purpose of implementing measures to prevent or contain the spread of COVID-19 and, where appropriate, provide the corresponding medical attention, diagnosis and treatment.

The personal data collected for the purpose of preventing or containing the spread of COVID-19 should not be used for any other purpose.

For managers of the private sector:

Organizations must protect confidentiality about any data personal or sensitive personnel related to any case of COVID-19, to avoid damage or discrimination of the affected person.

Any communication made in the organization about the possible presence of COVID-19 in the workplace, You must not identify any collaborator individually.

The processing of personal data before COVID-19 must be informed and the owner must know at all times the purposes for which his personal data will be collected and processed. Before treatment, the person responsible must make the corresponding privacy notice available to the owner.

The identity of COVID-19 affected persons should not be disclosedIn case a transfer of personal data to the health authorities is required, it must be clearly documented, substantiated and carried out considering security measures that guarantee the protection of personal data.

Those responsible must define the periods of conservation of personal data related to COVID-19 cases, as well as the mechanisms that will be used to safely eliminate them, taking into account the sector regulations in the matter.

For the general population:

Remember that there is a right to the protection of your personal data, therefore, In case of inadequate treatment, they may go to the INAI to file a complaint.

It is indicated that, in order to comply with the legislation on the matter, those responsible and in charge of the public and private sector may consult the Institute on specific doubts related to the processing of personal data they carry out to prevent and mitigate COVID-19, as well as to provide medical care, diagnosis and treatment.

Finally, it must be taken into account that the applicable laws provide that the right to the protection of personal data may only be limited, among other reasons, for reasons of national security, order, security and public health.

Leave a Comment