The President of the Polish SA approved the Code of conduct for the healthcare sector

The President of the Personal Data Protection Office approved the „Code of conduct for the healthcare sector” prepared by the Polish Hospital Federation. The signed document is the first code in Europe covering public and private entities from the medical sector.

The document provides for separate mechanisms for monitoring compliance with its provisions for public medical facilities. Adhering to the code does entail membership of any organisation.

"Data protection and cyber security are becoming key aspects for the healthcare sector. The code is an important step in ensuring this security. I am proud that it was in Poland that the first code was established, which also covers the monitoring of both private and public healthcare facilities. As the Polish Hospital Federation we are constantly working to support hospitals and the code is a tangible benefit for the entire sector. The code is also an expression of the Polish Hospital Federation’s strategy emphasising the promotion of good practice in Polish hospitals." - said Jarosław J. Fedorowski, President of the Polish Hospital Federation.

The approved code is a comprehensive tool for controllers and processors of personal data in the healthcare industry. Already at the draft stage, it has become a reference point for many medical entities. We are confident that it will now, with full force, provide a new impetus to further improve standards in the protection of patients' personal data. We are pleased that solutions have been worked out to enable public entities to join the code as well. We are prepared to receive and handle applications and provide information to all interested parties. We invite you to visit our website and contact us directly." - said Piotr Burzyk, Senior Manager in the Cyber Security Team in the Consulting Department at KPMG in Poland.

In the opinion of the supervisory authority, the code of conduct presented by the Polish Hospital Federation complies with the provisions of the General Data Protection Regulation (GDPR) and provides an appropriate data protection safeguard stipulated in the Regulation. An important aspect was the development of monitoring solutions for public entities. This is the first such code for the medical sector allowing public hospitals to confirm data processing compliance with the GDPR.

The decision of the President of the Personal Data Protection Office concludes the period of work on the content of the code and gives medical facilities the opportunity to start preparations for its implementation.

The code that has just been approved is the second code designed for the medical industry, the code for small medical facilities was approved on 4 December 2022. The division of the industry is due to the provisions of Article 41(6) of the GDPR, this approach has clear advantages as the way small medical facilities and hospitals comply with their obligations under the GDPR differs significantly. Creating such mechanisms is a very complicated process. The signed document is the first code in Europe covering public and private entities in the medical sector." - said Jakub Groszkowski, Deputy President of the Personal Data Protection Office.

Adhering to the code of conduct entails a number of benefits. First of all, the facilities which will apply it may be guaranteed that certain solutions approved by the supervisory authority are correctly used. They can also count on supervision over the processing of personal data by an independent monitoring body of the code. It is also important that, according to the GDPR, a supervisory authority, when considering imposing a fine on a given entity, must take into account in each case whether the entity correctly adheres to approved code of conduct.

The supervisory authority granted accreditation to KPMG Advisory sp. z o.o. sp. k., which will act as a monitoring body for the application of the code among its private sector members.