Regulatory and legal framework for personal data processing in Ukraine: legal and sectoral aspects
DOI:
https://doi.org/10.5281/zenodo.15374641Keywords:
data, personal data protection, healthcare, patientAbstract
The article examines the legal regulation of personal data in Ukraine, particularly focusing on its processing in the healthcare sector. The study highlights the key regulatory acts governing this sphere and analyzes the legal provisions of the Law of Ukraine "On Personal Data Protection". The criteria for processing personal data, including legality, transparency, accuracy, confidentiality, and security, are explored, alongside considerations for data subjects' rights.
Special attention is given to the national electronic healthcare system (EHS), its regulatory framework, and the Resolution of the Cabinet of Ministers No. 411 (25.04.2018). The article identifies significant legal gaps in personal data processing within the EHS, particularly regarding the Helsi.me system, which serves as a patient account management tool but lacks explicit legislative support. The risks associated with the absence of a proper legal mechanism for such digital services are emphasized.
The study underscores the importance of aligning Ukrainian legislation with European data protection standards, particularly the GDPR, and adapting best international practices to ensure enhanced data security in the healthcare sector. It examines the legal obligations of healthcare institutions concerning data storage, access control, and responsibilities of data controllers and processors, as well as the challenges in achieving full compliance. The role of digitalization in modern healthcare is explored, emphasizing the increasing reliance on electronic medical records (EMRs) and automated patient data management systems. The article highlights the risks associated with cyber threats, unauthorized access, and data breaches, stressing the necessity for strong security measures, technical safeguards, and updated legal provisions to mitigate such risks.
The conclusions suggest continuous legislative improvements to strengthen personal data protection in Ukraine. Recommendations include stricter penalties for data breaches, enhanced oversight mechanisms, and initiatives to raise awareness among medical personnel and patients. The development of an effective regulatory framework is crucial for maintaining public trust and ensuring the secure handling of personal data in Ukraine’s healthcare sector.
