On Sat, Sep 01, 2018 at 08:29:33PM +0200, Diego Boscá wrote: > There is in fact that right, the "right to be forgotten" > https://gdpr-info.eu/art-17-gdpr/ > The requirement you say about Germany is backed by sections 3 (b) and (c) > These exceptions do not apply to private providers, so we have the legal > need to support that kind of delete operations to allow openEHR systems to > be GDPR compliant
Whether we like it or not (I do not like it, personally, as a patient, but do like it, professionally, as a GP): in Germany there is the right to keep a record "as long as there is suspicion you might be sued such that you can exercise your right to defend yourself". 30 years is the latest you can be sued in Germany. So that's when a hard delete can be requested (arguably it even becomes mandatory). Period. However, the provider is legally bound to make sure the record is not used after the patient requests that (there's other time limits for other things, but that's the most a patient can *request* after those other deadlines have passed and before 30 years are over). It doesn't matter what anyone thinks. That is the legal situation ATM. Karsten -- GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B _______________________________________________ openEHR-technical mailing list openEHR-technical@lists.openehr.org http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
