MEDICAL RECORD SECURITY SYSTEM
The platform complies with the requirements relating to the security of personal data, including encryption and two-factor authentication.
Two additional factors must be added for the use of the Medical Record
For patients, access takes place with 5 security levels.1) Username
3) Professional Selection or Registered Structure
4) Professional Authorization or Registered Facility
5) Access by the professional or health facility to the medical record is governed by a PIN (Personal Identification Number) which is issued only after the profession or the head of the facility has been certified and documented by the Pharmamedic administration.
Family members or other operators who are always registered Pharmamedic can also be selected and CAN ONLY VIEW THE MEDICAL RECORD
ONLY DOCTORS WITH THE PIN CAN EDIT THE MEDICAL RECORD and view the results of instrumental or laboratory tests of their patients.
Doctors who want to add their patients must ask them for authorization that takes place FROM THE TERMINAL and only on the page for managing medical records in the reserved area.
PATIENTS AND THEIR AUTHORIZED FAMILIES CANNOT EDIT THE MEDICAL RECORD but can upload files or reports of instrumental or laboratory tests.
Pharmamedic has no relationship with patients to administer the medical records since it does not check any database of the same and never has access to them. As well as for the reports of instrumental or laboratory tests or any file.
In the phase of authorization of access to the medical record, the user must first authorize and give consent to the professional and / or to the Healthcare Manager and legal representative of the selected facility based on the 2016/679 European Regulation
And to the substitute doctors, of the network or group association, the trainee doctors of the CFSMG, as well as any collaborators authorized by him.
This consent and authorization is also extended to external care groups (Specialists, hospital departments, Emergency) activated by the
I authorize the data controller and the persons authorized to process, according to the respective competences, to deliver the health documentation to the delegated persons and indicated below:
This for the purposes of:
1. Collect data on health conditions in addition to personal and personal data
2. To be able to process information with electronic tools for purposes related to prevention, diagnosis, treatment and rehabilitation activities to protect health.
3. To have the possibility for the treatment of personal data for scientific purposes (scientific research and / or controlled clinical experimentation of medicines), in the context of remote assistance or telemedicine, to provide other goods and services through an electronic communication network;
4. Receipt and sickness certificates, in compliance with the law, will be sent electronically to the various subjects identified by the legislator, subjects who become the owners of the safety of their systems;
5. the possibility that such information is available for consultation by doctors appointed for the replacement in case of absence by the secretary for updating and maintenance of the visit diary, as well as by doctors in association in the network or in groups and by trainee doctors of the Specific Training Course in General Medicine (CFSMG);
6. To have the possibility that the personal data may be communicated to the Accountant Consultant for the registration of the tax documentation.
7. To have the possibility that such information may be provided anonymously to third parties to carry out epidemiological research and statistical analyzes; such information may be reprocessed, in aggregate and anonymous form and therefore without any reference to persons.
8. Have the possibility that the data can be viewed by the staff in charge of the assistance and maintenance of the IT systems.
9. To be able, if it is necessary to provide a service and / or a service in the interest of the patient, be communicated to:
• public health organizations (local health authorities, hospitals, etc.);
• private health organizations (clinics, analysis laboratories, etc.) or those exercising the health professions (medical specialists, pharmacists, ADI staff etc.);
• assistance and social security institutions (INPS, INAIL, etc.);
limited to those data and operations essential to pursue the purposes referred to in paragraph 1).
10. Being able to have the possibility that the computer data will be processed by third parties for the synchronization of the same from / to a single Data Center, also with the CLOUD COMPUTING system, to make it possible to exchange the file with medical colleagues on the network or in groups, during the outpatient visit.
11. Being able to manage the measures to guarantee the confidentiality of information.