Given that privacy of the doctor-patient relationship is at the heart of good health care, and that the
electronic health record (EHR) is at the heart of good eHealth practice, the question arises: Is privacy
legislation at the heart of the EHR? The second global survey on eHealth conducted by the Global
Observatory for eHealth (GOe) set out to answer that question by investigating the extent to which the
legal frameworks in the Member States of the World Health Organization (WHO) address the need to
protect patient privacy in EHRs as health care systems move towards leveraging the power of EHRs to
deliver safer, more efficient, and more accessible health care.
The survey began with a question on the existence of generic privacy legislation followed by questions
to establish if specific rules had been adopted to address privacy in EHRs. A series of questions followed
pertaining to the way in which privacy is addressed in transmittable EHRs and patients rights to access,
correct, and control the use of the EHR. The investigation ended by broaching the issue of privacy
protection in secondary uses of data contained in EHRs, such as for international research purposes.
In the present report the analysis of the survey responses is preceded by an overview of the ethical and
legal roots of privacy protection. Focusing on the ethical concepts of autonomy, beneficence, and justice,
the report reminds the reader of the early recognition of the duty of privacy in the Hippocratic Oath and
goes on to consider how that is reflected in international binding legislation such as the United Nations
Declaration on Human Rights and the European Union Data Protection Directive, as well as non-binding
international codes of practice.
The ability to make wide use of EHRs and other eHealth tools will become increasingly important in both
developed and developing countries. In the former, EHRs and related eHealth tools will play a key role
of providing health care to ageing populations in which social care and health care need to be much
more closely connected and where capacity demands will require that care is delivered outside traditional
settings such as hospitals. The protection of privacy will also be a significant issue in supporting the
changing nature of health care in developing countries, in which mobile eHealth solutions are emerging
as an integral part of the health care infrastructure, as demonstrated in the publication mHealth: new
horizons for health through mobile technologies.