1. We consult a local hospital regarding issues pertaining to GDPR. Does the hospital administration need to sign a confidentiality agreement with the doctors? Or theoretically, doctors are covered by their code of ethics?
Answer: Although doctors have a statutory requirement to keep patient data confidential, they may also have access on a daily basis to data belonging, for example, to other medical staff within the hospital or even patients' next of kin data. Since this is not covered by the statutory requirement, I would suggest that the doctors have a confidentiality agreement signed.
2. What about if the hospital insists on signing such an agreement emphasizing on the code of contact of the hospital?