The conviction that the development of information systems makes it possible to infringe privacy by facilitating access to personal data. Citizens become reconciled to the fact that data collection is necessary for public institutions to operate, but they do not want unauthorized persons to gain access to their data.

A doctor, delivering health services, broadens his/her knowledge, acquiring more and more information. Sometimes this information is necessary for others to continue the treatment process, sometimes they become teaching or research materials. All information concerning the patient, obtained both from him/her and from other sources, are confidential, and the duty of confidentiality concerns medical and administrative staff.

A response to the risk of privacy infringement, related to information technologies development, are legal regulations designed to guarantee the protection of privacy.

A good organization of the access to medical information is also necessary. Impossible or difficult access may become a threat to the patient’s health and life. Therefore, on the one hand, mechanisms to limit the data access should be introduced, on the other, the access to the data needed in a particular situation should be guaranteed. The use of electronic processor cards seems, at the present stage of information technology development, the solution of choice.

Activities, undertaken by medical and administrative staff and involving information on the patient, are a resultant of benefits, risks and costs. Adherence to ethical principles, which require to obtain benefits greater than potential risks, to avoid inflicting harm and respect personal rights, should be the condition to use of medical personal data.

Irrespective of the adopted legal, organizational and technical solutions, the weakest link in the data safety system is the system user who, deliberately or unintentionally, infringes privacy of the patient. Thus, the fundamental issue is staff selection and training, and the use of appropriate monitoring supervision methods to monitor precisely all the events related to the use of medical data.