Nowadays, most healthcare providers have deployed large information systems in order to
automate as much as possible the medical workflow. Besides this, more and more centers share
medical information such as images, test results and so forth in an ongoing attempt to minimize
the time required to make a therapeutic intervention. While the benefits of all these are well
known, a new challenge has to deal with, namely assurance of patient data protection. This is
crucial, especially since we sensitive medical information is shared. The new EU Regulation 679
/ 2016 has specific requirements for personal data protection. Regulators but also accreditation
bodies have to assess if there is an adequate level of privacy for personal medical data. The
paper outlines a novel tool in order to assess the fact just previously mentioned at the most
critical step of data processing: nurses and medical operator. Fulfillment the requirements of
the new General Data Protection Regulation (GDPR) are also important in Romania since the
Hospitals’ Accreditation Body has to assess when performing general hospital quality assurance
assessment. The main focus is at the level of nurses who, in Romania, are also in charge with
patient data input, data dissemination, output, and communication. Therefore, at this level
(nurses) most data leakage might occur. This is especially true since these tasks are side-part of
their main activity: medical assistance and their limited training with data protection concepts
and practice in an electronic in most of the time online environment.


General Data Protection Regulation (GDPR), Nurse, Accreditation, Assessment