medical secrecy

Introduction. The collection of information stored in medical information systems is important and often acts as an independent object of law. A specific feature of medical information resources is that they usually include information that falls under the action of various special regimes, which gives rise to a number of specific legal problems. Theoretical analysis. Medical information about a patient’s health at the same time falls into two categories – medical confidentiality and personal data. Russian legislation practically does not provide the operator with the measures of responsibility for the leakage of personal data if all measures stipulated by the legislation for their protection have been formally taken. Meanwhile, the data on the state of health of a nation are of strategic value, and the corresponding information systems should be referred to as the objects of critical information infrastructure (CII). Empirical analysis. At present, the patient’s electronic medical record is a basic information resource in the healthcare sector, while Russian legislation lacks both its recognized official definition and its content requirements, which leads to difficulties in integrating medical data and problems in determining its legal significance. Results. It was proposed to extend the concept of a critical information infrastructure object from information systems to information resources, and to establish criminal liability in case of damage to people’s lives due to an attack on a medical information system (information resource), for which the application for inclusion in CII registry was not filed in a timely manner.