Abstract
The increasing integration of technology in European healthcare systems, including Romania, has highlighted the critical need for robust data privacy regulations under the General Data Protection Regulation (GDPR). This regulation is crucial for managing patient data and protecting individual rights. However, Romania faces challenges in implementing GDPR due to differing levels of awareness and the rapid advancement of healthcare technologies (e.g., lack of infrastructure or highly trained IT personnel). METHODS: The study uses a privacy-focused survey to assess healthcare professionals' compliance, awareness of GDPR principles, and challenges in implementing GDPR requirements. The survey was distributed to 108 Romanian healthcare professionals during an economics and healthcare management course organized between July and September 2024, ensuring anonymity and informed consent. RESULTS: While many practitioners demonstrate a foundational understanding of GDPR principles, gaps exist in practical applications, particularly in clinical settings. The digitalization of public institutions in Romania has been found to reduce the risk of confidentiality from a GDPR perspective, as evidenced by the responses of 82% of participants. Ethical concerns are cited as a significant rationale for not permitting exceptions. Primary challenges recognized by healthcare professionals in the implementation of GDPR requirements include accountability, communication, high volume of consents, laborious administrative duties, abusive use of GDPR, restricted access to specific health data, and administrative tasks. Healthcare professionals in Romania, compared to professionals in other European Union (EU) member states, face GDPR implementation challenges due to resource constraints and cultural barriers, but opportunities include increasing patient trust, innovation, international collaboration, and raising awareness. CONCLUSIONS: As technology advances and digitalization in Romanian hospitals continues to develop, software developers and cybersecurity experts must establish a secure system for managing medical data, thereby enhancing public trust in telemedicine and facilitating patient adoption of new technologies, with the aim of preventing or detecting certain diseases in their initial stages. Targeted training programs, resource allocation, and international best practices are essential to reduce gaps in GDPR implementation, alignment with EU standards, and integration into the European Health Data Space (EHDS).