Legal Regulation of Electronic Identity in eHealth Services in Poland and Estonia: A Comparative Analysis
Krzysztof Świtała
Cardinal Stefan Wyszyński University in Warsaw , Polandhttps://orcid.org/0000-0003-0426-5383
Abstract
The primary aim of the article is to analyze the role of electronic identity in ICT-enabled healthcare in the context of existing legal instruments in these areas, both at the EU level and in the regulations of selected Member States (Poland, Estonia). A basic analysis of eHealth, telemedicine, and EHR systems was conducted, considering the role of electronic identity in data processing within the health care information infrastructure. EU regulations, such as eIDAS, the directive on patients' rights in cross-border healthcare, and the regulation on the European Health Data Space were taken into account. The role of electronic identity management systems in the context of the patient's right to medical services, consent, information about their condition, and the preservation of medical professional confidentiality and privacy is also discussed. Finally, existing electronic identification systems in Poland (Profil Zaufany, Profil Osobisty, mObywatel) and Estonia (e-ID), which are also used to authenticate patients accessing healthcare services in these countries, are presented.
Keywords:
Electronic Identity, eHealth, EHR, eIDAS, healthcareReferences
Acosta-Vargas, Gloria, Patricia Acosta-Vargas, Janio Jadán-Guerrero, Luis Salvador-Ullauri, Mario Gonzalez. “Improvement of Accessibility in Medical and Healthcare Websites.” In Advances in Human Factors and System Interactions: Proceedings of the AHFE 2021 Virtual Conference on Human Factors and Systems Interaction, July 25–29, 2021, USA, edited by Isabel L. Nunes, 266–73. Cham: Springer, 2021. (Crossref)
Bendyk, Edwin. “Web 2.0 – sposób na modernizację administracji z udziałem obywateli.” Elektroniczna Administracja, no. 1 (2008): 53.
Berbecaru, Diana Gratiela, and Antonio Lioy. “An Evaluation of X.509 Certificate Revocation and Related Privacy Issues in the Web PKI Ecosystem.” IEEE Access 11 (2023): 79156–75. https://doi.org/¬ 10.1109/ACCESS.2023.3299357. (Crossref)
Bernatek-Zaguła, Izabela. Prawo pacjenta w Polsce do informacji medycznej. Toruń: Wydawnictwo Adam Marszałek, 2008.
Coggon, John, and José Miola. “Autonomy, Liberty, and Medical Decision-Making.” Cambridge Law Journal 70, no. 3 (2011): 523–47. (Crossref)
Czaplicki, Kamil. Dokumenty tożsamości. Jawność i bezpieczeństwo. Warsaw: C.H. Beck, 2016.
Drozdowska, Urszula, Ewa Kowalewska-Borys, Arkadiusz Bieliński, and Wojciech Wojtal. Dokumentacja medyczna. Warszawa: Eskulap, 2011.
European Commission. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on telemedicine for the benefit of patients, healthcare systems and society. COM(2008) 689 final. Brussels, November 4, 2008.
European Commission. Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity. COM(2021) 281 final. Brussels, June 3, 2021.
European Commission. Proposal for a Regulation of the European Parliament and of the Council on the European Health Data Space. COM(2022) 197 final. Brussels, May 3, 2022.
European eHealth Network. Recommendation Paper on Policies Regarding eIDAS eID and Health Professional Registries. Brussels: European eHealth Network, May 15, 2018. Accessed June 3, 2025. https://health.ec.europa.eu/system/files/2018-09/ev_20180515_co11b_en_0.pdf.
Integrating the Healthcare Enterprise. “Patient Identifier Cross-Referencing HL7 V3 (PIXV3),” August 4, 2023. Accessed February 25, 2025. https://profiles.ihe.net/ITI/TF/Volume1/ch-23.html.
Inza, Julián. “The European Digital Identity Wallet as Defined in the EIDAS 2 Regulation.” In Governance and Control of Data and Digital Economy in the European Single Market: Legal Framework for New Digital Assets, Identities and Data Spaces, edited by Carmen Pastor Sempere, 433–52. Cham: Springer, 2025. (Crossref)
ISO 27799 – Health informatics – Information security controls in health based on ISO/IEC 27002. Geneva: ISO, 2025.
ISO/IEC 24760–1 – Information security, cybersecurity and privacy protection – A framework for identity management – Part 1: Core concepts and terminology. Geneva: ISO, 2025.
ISO/IEC 27001 – Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Geneva: ISO, 2022.
ISO/IEC 27002 – Information security, cybersecurity and privacy protection – Information security controls. Geneva: ISO, 2022.
Jonsson, Marika, Catharina Gustavsson, Jan Gulliksen, and Stefan Johansson. “How Have Public Healthcare Providers in Sweden Conformed to the European Union’s Web Accessibility Directive Regarding Accessibility Statements on Their Websites?.” Universal Access in the Information Society 24 (2025): 449–62. https://doi.org/10.1007/s10209-023-01063-1. (Crossref)
Karkowska, Dorota. “Prawo pacjenta do świadczeń zdrowotnych (art. 6).” In Prawa pacjenta i Rzecznik Praw Pacjenta. Komentarz, edited by Dorota Karkowska, 232–392. Warsaw: Wolters Kluwer, 2021.
Kasekamp, Kaija, Triin Habicht, Andres Võrk, Kristina Köhler, Marge Reinap, Kristiina Kahur, Heli Laarmann, and Yulia Litvinova. “Estonia: Health System Review.” Health Systems in Transition 25, no. 5 (2023): 1–236.
Lai, Taavi, Triin Habicht, Kristiina Kahur, Marge Reinap, Raul Kiivet, Ewout van Ginneken. “Estonia: Health System Review.” Health Systems in Transition 14, no. 6 (2013): 1–196.
Liżewski, Bartosz. “The Personal Identity of the Human Being and the Right to Privacy from the Perspective of Standards of the European Court of Human Rights: Theoretical Legal Reflections.” Bialystok Legal Studies 29, no. 3 (2024): 77–90. https://doi.org/10.15290/bsp.2024.29.03.05. (Crossref)
Maj, Zuzanna. “Elektroniczna dokumentacja medyczna – wybrane aspekty prawne.” Przegląd Prawa Medycznego 4, no. 1 (2022): 121–22. https://doi.org/10.70537/14y42909. (Crossref)
Michalowski, Sabine. Medical Confidentality and Crime. Aldershot: Ashgate, 2003.
Muzaik, Suhail, and Nadia Davoody. “Exploring the Operational and Technical Changes in the Healthcare Sector During the COVID-19 Pandemic.” In Telehealth Ecosystems in Practice, edited by Mauro Giacomini et al., 277–81. Amsterdam: IOS Press, 2023. (Crossref)
Page, Martin, and Puck de Waal. 2025 Digital Decade eHealth Indicator Study: Executive Summary. Luxembourg: Publications Office of the European Union, 2025. https://data.europa.eu/ doi/10.2759/0682933.
Paide, Karoline, Ingrid Pappel, Heiko Vainsalu, and Dirk Draheim. “On the Systematic Exploitation of the Estonian Data Exchange Layer X-Road for Strengthening Public-Private Partnerships.” In ICEGOV ‘18: Proceedings of the 11th International Conference on Theory and Practice of Electronic Governance, edited by Atreyi Kankanhalli, Adegboyega Ojo, and Delfina Soares, 34–41. New York: ACM, 2018. (Crossref)
Pietrzykowski, Tomasz, and Katarzyna Smilowska. “The Reality of Informed Consent: Empirical Studies on Patient Comprehension – Systematic Review.” Trials 22, no. 57 (2021): 7–8. https://doi.org/10.1186/s13063-020-04969-w. (Crossref)
Pudlo, Robert, Małgorzata Pudlo, and Marcin Burdzik. “Medical Confidentiality in the Polish Legal System: A Real or Illusory Instrument of Patient Privacy Protection?.” Psychiatria Polska 58, no. 5 (2024): 895–907. https://doi.org/10.12740/pp/onlinefirst/166174. (Crossref)
“Raport z badania satysfakcji pacjentów korzystających z teleporad u lekarza podstawowej opieki zdrowotnej w okresie epidemii COVID-19” (2020). Accessed June 4, 2025. https://www.gov.pl/attachment/a702e12b-8b16-44f1-92b5-73aaef6c165c.
Robles-Carrillo, Margarita. “Digital Identity: An Approach to Its Nature, Concept, and Functionalities.” International Journal of Law and Information Technology 32, no. 321 (2024): eaae019. https://doi.org/10.1093/ijlit/eaae019. (Crossref)
Sidorko, Andrzej. “Karta ubezpieczenia zdrowotnego i inne dokumenty potwierdzające prawo do świadczeń (art. 49).” In Ustawa o świadczeniach opieki zdrowotnej finansowanych ze środków publicznych. Komentarz, edited by Agnieszka Pietraszewska-Macheta, 4th ed., 491–93. Warsaw: Wolters Kluwer, 2023. LEX/el.
Skubis, Bożena. “Ochrona danych medycznych w okresie pandemii COVID-19. Działania Rzecznika Praw Pacjenta dotyczące prawa do dokumentacji medycznej i tajemnicy informacji w latach 2020–2022.” Przegląd Prawa Medycznego 6, no. 3 (2024): 50–74. https://doi.org/10.70537/vmgpq521. (Crossref)
Świderska, Małgorzata. Zgoda Pacjenta na zabieg medyczny. Toruń: Dom Organizatora TNOiK, 2007.
Tammpuu, Piia, Anu Masso, Mergime Ibrahimi, and Tam Abaku. “Estonian e-Residency and Conceptions of Platform-Based State Individual Relationship.” Trames Journal of the Humanities and Social Sciences 26, no. 1 (2022): 3–21. https://doi.org/10.3176/tr.2022.1.01. (Crossref)
World Health Organization. Eastern Mediterranean Region. “eHealth.” Accessed June 4, 2025. https://www.emro.who.int/health-topics/ehealth/.
Cardinal Stefan Wyszyński University in Warsaw https://orcid.org/0000-0003-0426-5383
