This information is provided, in compliance with Articles 13 and 14 of the European Privacy Regulation no. 679/2016 (hereinafter the “Regulation”), to users (hereinafter referred to as: “Users”) of the website in both desktop and mobile versions (hereinafter referred to as: “Site”) and of any mobile application relating to the service (hereinafter referred to as: “App”) owned by Punto Exe Srl, with registered office in Campobasso at Via Altobello, 3 and with VAT number IT00900060708, which is the legal entity responsible for the processing of personal data (hereinafter referred to as: “Controller”), and is intended to describe the methods of management of the Website and App with reference to the processing of personal data, as well as to allow Users of the Website and App to understand the purposes and methods of processing of personal data by the Data Controller in the event of their provision.

Punto Exe Srl places the protection of personal data as its top priority. Therefore, to adequately care for those who rely on us, it is necessary to acquire and exchange certain personal information during use of the service. This information must be managed with the highest levels of security and in compliance with current regulations. For this reason, Punto Exe Srl has created a service that complies with the rules imposed by the new European General Data Protection Regulation (also known as GDPR) and has adopted the latest technologies for data storage and encryption. The company has implemented the following measures to achieve this:

1. Masking and encryption of health data: data relating to the patient’s health status are visible only to the doctor who carries out the consultation with the patient.

2. Masking personal data through de-identification, i.e., the use of alphanumeric codes in place of the first and last name. This technology allows separating patient identities from related information, thus ensuring their privacy at all times.

3. Data encryption with algorithms and storage on servers owned by Microsoft, which provides them through the Azure service; these servers are located exclusively within the European Union and comply with the highest international standards (e.g., ISO 27001, ISO 27017, ISO 27018, etc.). From a technical standpoint, the algorithms used are AES 256-bit.

Transparency on consent given and on the methods of processing sensitive data

– Double consent to the processing of personal data for all users during registration and use of the service (as recommended by the Ministry of Health). Users can also request at any time both the withdrawal of consent to data processing and the deletion of all personal data.

– Publication of information on the processing of personal data on the website

-At any time the user (both patient and professional) can ask for further clarifications, or the immediate cancellation of his/her data, regarding the data processing simply by writing to support@psycare.it

The sessions were organized in accordance with the guidelines of the Ministry of Health and the directives of the National Order of Psychologists. The following describes the actors involved.

ACTORS INVOLVED

The actors involved within the Psycare.it portal are:

Users

Those who use a telemedicine service. These may include:

– a patient, possibly assisted by a caregiver, or a group of patients

– a doctor in the absence of the patient (teleconsultation)

– a doctor or other healthcare professional in the presence of the patient

The user transmits health information (data, signals, images, etc.) and receives service results (diagnosis, treatment recommendations); it is also possible to exchange (in any direction) documents such as questionnaires, assessments, tests, etc.

Service center

A Service Center is a structure responsible for managing and maintaining an information system through which the Provider Center performs telemedicine services, installs and maintains equipment at remote sites (the patient’s home or specially designated sites), provides, manages, and maintains communication channels (including alert management) between patients and doctors or other healthcare providers, and trains patients and family members in the use of the equipment. For example, at a minimum, the Service Center manages the health information generated by the User that must be sent to the Provider Center for the healthcare service, and the service results that must be transmitted from the Provider Center to the User.

The Psycare.it portal is therefore a technological hub that provides IT support for the provision of services, including healthcare.

RELEVANT ASPECTS FOR THE USE OF TELEMEDICINE IN THE NHS

In accordance with the relational Organizational Model described above, it is possible to identify some relevant aspects for the purposes of systematization and widespread use of Telemedicine in the National Health Service;

a) Information and Training Aspects. Information aspects concern the User, who must be appropriately informed about the methods of telemedicine delivery of the service, and doctors or other healthcare professionals, in order to increase acceptance of telemedicine methods. Training aspects concern the User, Service Center, and Provider Center, in order to ensure adequate quality of service. See a more in-depth discussion of these aspects in the next chapter.

b) Procedures for integrating telemedicine into the National Health Service. These include: i) the criteria for authorizing and accrediting the provider center for the provision of telemedicine services privately and/or on behalf of the National Health Service; ii) contractual agreements with the National Health Service. c) Ethical aspects, processing of personal data using electronic means, and professional liability.

INFORMATION

The Ministry of Health indicates that it is desirable, if not necessary, to provide correct information to patients and doctors/other healthcare workers.

INFORMATION FOR PATIENTS

Healthcare procedures requiring telemedicine must comply with the rights and obligations inherent in any healthcare procedure, but must also take into account the specific requirements associated with such procedures, including patient information. Patients must be informed of the appropriateness and scope of the procedure, as well as the means used and the methods of data storage and processing, in compliance with applicable legislation (for this purpose, please refer to the information on personal data protection available on the Psycare.it portal). The wider diffusion of telemedicine services raises new ethical concerns, especially due to the changing relationships between patients and doctors. Therefore, to ensure acceptance of these innovative service modalities, it is essential that the relationship between providers and recipients of healthcare be defined to take into account the needs of patients who require human warmth and comprehensible, accurate, and reassuring information. In the relationship between healthcare professionals and patients, it is important to ensure that the questions asked and the answers given by the healthcare professional are comprehensible to the patient. To address user concerns and strengthen their confidence, information programs should be implemented to familiarize patients with these new methods and tools, especially since they often involve older people. Such information programs could be developed with the support of the European Commission and the involvement of representative patient, consumer, and healthcare professional organizations, as well as voluntary organizations.

INFORMATION FOR DOCTORS AND OTHER HEALTHCARE PROFESSIONALS

Many doctors and other healthcare professionals still suspect that telemedicine could hinder or impact their relationships with their patients. It is therefore necessary to provide doctors with more information about telemedicine, which is seen as a system for simplifying and improving healthcare procedures, especially those aimed at monitoring chronic conditions and making patients’ lives easier, without detracting from the medical process or the doctor-patient relationship.

HEALTH INFORMATION

The health information and results transmitted can be of different types:

• Texts: which usually accompany any other type of data in the form of patient medical history, personal data, etc. – Images: both digitized from analog sources and directly digital

• Video and audio: images and sounds related to videoconferencing in patient consultation

Information can be static, which does not change over time (text, images, etc.), or dynamic, which changes over time (audio, video, etc.). The quality of the information transmitted and received must be guaranteed to ensure the quality of services provided through telemedicine compared to those provided through conventional methods.

ETHICAL AND REGULATORY ASPECTS

Ethical Aspects

Telemedicine has significant implications in the delicate ethical sphere, as this different approach to managing interaction and communication between patient and doctor (or, more generally, the healthcare professionals involved) impacts a particular situation for citizens in need of healthcare, the way they establish a relationship with the doctor, and the perception of safeguarding the patient’s dignity. It therefore seems necessary to ensure that the doctor-patient bond of trust can also develop in this new context, including by dedicating the necessary time to meeting the patient’s information needs, well beyond informed consent, which today is sometimes interpreted as defensive rather than engaging in dialogue and sharing with the patient. From the perspective of telemedicine, this trend might seem the opposite, as telemedicine tends to “bring” doctor and patient closer together, even if it appears—at first glance—to “distance” the two main centers of interest (doctor and patient). In truth, the reality is far more complex, and this must also be taken into account when applying mediation to telemedicine practices, given that there are many more than two centers of interest, including the healthcare facility and the insurance company, which often have different concerns than those of both the doctor and the patient. Finally, interesting prospects arise from the so-called “ethical certification” of the quality and professionalism of doctors and healthcare facilities (both public and private).

PROCESSING OF PERSONAL DATA AND CLINICAL DATA WITH ELECTRONIC TOOLS

The operations on citizens’ personal and health data required for the provision of Telemedicine services fall within the scope of sensitive data processing carried out using electronic means, which are governed by the provisions of Legislative Decree 196/2003. The methods and solutions required to ensure data confidentiality, integrity, and availability must, therefore, in any case be adopted in accordance with the security measures expressly provided for in Legislative Decree no. 196/2003 and the related Annex B (Technical Specifications for Minimum Security Measures).

In terms of obligations towards patients, the following aspects are particularly important, also in line with the ethical aspects highlighted above:

a. Information on treatments (examinations, remote transmission, use, etc.) and their purposes/guarantees, as well as, in the case of specific diagnostic and therapeutic pathways, on protocols. It is necessary to develop precise and as uniform (in content) as possible information templates at the national level, as remote services may also be performed in different regions and, potentially, also at the European level.

b. Informed patient consent. Patients must be clearly informed of the information needed to make an informed decision. In the specific case of remote services, it is necessary to assess whether or not repeating consent is necessary for each service, and whether the risks involved should be specifically explained (such as the risks associated with the lack of physical contact and the doctor’s clinical gaze, the impossibility of a complete examination, and immediate intervention in emergencies).

c. Patient Rights Over Their Personal Data. It is essential to develop increasingly clear and simple methods to respect and guarantee rights over personal data, especially in the context of telemedicine, which by its very nature involves greater technological complexity and the potential interaction of multiple data processing entities. Furthermore, it is particularly important to analyze and design healthcare processes so as to accurately define responsibilities, tasks, and functions, in accordance with current legislation, and identify appropriate organizational and technological solutions that allow for accountability and access to information only to those authorized to use it.