SWEDEN Law and Practice Contributed by: Anders Bergsten and Victoria Nordenberg, Mannheimer Swartling
6.3 Cybersecurity in the Healthcare Sector The Patient Data Act and the Patient Data Regulation The healthcare sector must systematically address the security of healthcare information management. Cybersecurity in healthcare focus - es on safeguarding electronic information and assets against unauthorised access, use, and disclosure. The Patient Data Act contains explicit provi - sions to prevent unauthorised dissemination by electronic means of data relating to patients undergoing treatment. It contains the provisions specifically needed for the processing of patient data by healthcare providers in relation to other personal data processing. Otherwise, the provi - sions of the GDPR apply to the processing of patient data and other personal data by health - care providers. The Patient Data Act governs several aspects, including: • the ability of healthcare personnel involved in a patient’s care to access necessary medical records, even if those records were created by a different healthcare organisation; • the regulations determining which individuals are permitted to access patient data as part of their duties within the healthcare system; and • the patient’s right to restrict access to infor - mation in their medical records within an elec - tronic records system.
measures for transparency and oversight, with the final report due by 30 September 2025. The AI Act, effective from 1 August 2024, estab - lishes a unified framework for AI development and use within the EU. It categorises AI systems based on risk levels, imposing stricter require - ments on high-risk applications, such as those in critical infrastructure, healthcare, and law enforcement. For Sweden, this means adapting national regulations to comply with EU stand - ards, ensuring AI systems are human-centred, reliable, and aligned with fundamental rights. This includes mechanisms for oversight and enforcement to maintain high protection levels for health, safety, and fundamental rights. The AI Act imposes obligations primarily on AI providers, developers, and commercial users to ensure compliance with its standards. Such obli - gations include: • classifying AI systems by risk levels, with stricter requirements for high-risk applica - tions; • ensuring AI systems are transparent and understandable to users; • implementing mechanisms for oversight and accountability; • meeting safety standards; and • ensuring high-quality data management and protection.
265 CHAMBERS.COM
Powered by FlippingBook