Personal health information security - Regulatory framework
Personal health information is regarded by many as being among the most confidential of all types of personal information. Due to violation of the right to privacy the European Court of Human Rights issued large number verdicts against EU countries, for failure to protect citizens' medical records and confidential data that they contain. Many data protection laws and the EU Data Protection Directive require that the data controller must implement appropriate technical and organizational measures to protect personal data. Personal health information is considered a special category of personal data, for which an extra level of protection is required under data protection rules. Taking into account increasing use of automatic processing of medical data by information systems, this paper presents issue of personal health information protection and the situation in this matter in Bosnia and Herzegovina.