The term Connected Health has been coined to encompass various terms that describe different recent advances in ICT-enabled healthcare. In parallel with the efforts to increase availability and quality of the healthcare services while lowering the costs through employing various ICT solutions, special attention should be given to data protection issues in such systems. Naturally, medical data of a person are the most sensitive data, and as such require protection not only by institutions involved in healthcare provision but all the stakeholders in healthcare-related processes. This paper focuses on data protection in Electronic Health Records. We present the legal basis for establishing and maintenance of the EHR in Member States of the European Union. Based on the legislation, we discuss the data protection efforts being done by various Member States, and propose a unified European approach on the protection of personal data in EHRs. As a case study, we present the situation in Croatia, which has recently started the designing phase of EHR implementation. Before the conclusion, we are reviewing challenges that lie ahead in data protection of EHRs and comment suggested workarounds to deal with them.
Data protection, Connected health, Electronic health record, Information security, User privacy