The Reason Why About Personal Data Processing:
- creating the conditions for guaranteeing the rights of citizens to receive medical care in accordance with the requirements of federal laws and regulations;
- creating the conditions for guaranteeing the rights of citizens in employment, jobs, training, the provision of various types of benefits in accordance with the requirements of the Labor Code of the Russian Federation, federal laws and regulations.
Principles of personal data processing:
- implementation of the processing of personal data is done legitimate and with equitable manner;
- implementation of the processing of personal data with the consent of the personal data subject to the processing of the patient’s personal data, except for the cases stipulated by federal law;
- strict implementation of requirements to ensure the security of personal data and information constituting professional confidentiality;
- restriction of the personal data the achievement of specific, pre-defined and legitimate purposes;
- exception of handling personal data which is incompatible with the personal data collection and processing purposes;
- exclusion of combining databases containing personal data that are processed for purposes that are incompatible with each other;
- ensuring the reliability of the processed personal data, their sufficiency and, where appropriate and relevant in relation to the stated objectives of processing personal data;
- mandatory publication or disclosure of personal data, if it is provided by federal law;
- Obligatory cancellation or update incomplete or inaccurate data;
- storage of personal data in the forms, allowing to define the subject of personal data no longer than is required by the purpose of processing personal data if personal data storage period is established by federal law, treaties to which, a beneficiary or a guarantor under which is the subject of personal data;
- depersonalization or destruction of personal data for achieving the purpose of processing or in case of loss necessary to achieve these goals unless otherwise provided by federal law;
- informing citizens in an accessible form, including via the Internet, about the ongoing activities of medical and health professionals about the level of their education and their qualifications;
- making a direct contact with patients by means of communication only with the prior consent of patients’ registration.
Measures to ensure the security of personal data:
- Ensuring the security of personal data is achieved by: the appointment of officials responsible for organizing and ensuring the security of personal data;
- publication of policy documents regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
- identification of threats to the security of personal data when they are processed in personal data information systems;
- the use of legal, organizational and technical measures to ensure the security of personal data in accordance with Article 19 of the Federal Law “On Personal Data” and the requirements of other regulations;
- depersonalization use of personal data;
- implementation of internal control compliance of personal data processing and the federal law adopted in accordance with the normative legal acts, the requirements for personal data protection policy in relation to personal data processing, local acts;
- familiarization of employees directly involved in the processing of personal data with the provisions of the Russian legislation on personal data, including requirements for the protection of personal data, documents defining the policy regarding the personal data processing, local acts on the processing of personal data;
- certification of information systems of personal data on information security requirements;
- continuous improvement of methods and ways to ensure the security of personal data.
Rights and obligations of the operator:
- to defend their interests in court;
- provide personal data subjects to third parties if this is required by applicable law (tax, law enforcement, etc.);
- to refuse to provide personal data in cases stipulated by law;
- use personal data subject without his consent, in cases stipulated by law.
Rights and obligations of the subject of personal data:
- personal data subject has the right: to require clarification of their personal data, block them or destroyed if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of the processing, as well as take legal to protect their rights measures;
- to demand a list of their personal data processed by the Operator and their source;
- to obtain information about the timing of the processing of their personal data, including the timing of their storage;
- to require notification of all people who have been previously reported it incorrect or incomplete personal data, all produced in these exceptions, revisions or additions;
- to appeal to the authorized body for the protection of the rights of personal data subjects or in the courts of unlawful actions or omissions in the processing of their personal data.