Where does personal information have to be stored and for how long?
During her presentation on the legal aspects of medical archiving, Griet Verhenneman, a researcher at KU Leuven ICRI, advised users to keep medical files, in any case, for thirty years. Although the legal provisions concerning the retention period diverge, this is required by medical professional ethics. The fact that physical archiving does not necessarily have to take place in the hospital is also important. The Royal Decrees literally require that the medical nursing file is stored ‘in’ the hospital. However, according to the National Council of the Medical Association and the Commission for Telematics there is no objection to interpreting this as ‘by’ the hospital. Files can be archived outside the hospital, provided that patient rights and other legal requirements are respected.
In case archiving occurs outside the hospital in cooperation with an external partner, the hospital remains ultimately responsible. The Law on Data Protection considers the external party as ‘processor’ and the hospital as ‘controller’. Contractual agreements relating to the integrity, confidentiality and availability of the archive are required.
