1. The obligation to respect medical secrecy is laid down in the Estonian Criminal Code. The Law of Obligations Act 2001 contains the obligation to respect the confidentiality: providers of health care services and persons participating in the provision of health care services shall maintain the confidentiality of information regarding the identity of patients and their state of health which has become known to them in the course of providing health care services or performing their official duties and they shall ensure that the information contained in the patient’s medical file does not become known to other persons unless otherwise prescribed by law or by agreement with the patient.
2. The presence of another person during the provision of health care services is permitted only with the consent of the patient unless it is impossible to provide the health care services without the presence of the other person, it is impossible to obtain the consent of the patient and failure to provide the health services would significantly damage the health of the patient.
3. The processing of personal data is regulated by the Personal Data Protection Act of 12 February 2003. Personal data may only be processed with the permission of the data subject (the person whose personal data are processed), unless otherwise provided by law. At the request of a data subject, the chief processor and the authorized processor shall notify him or her of the personal data relating to him or her. If processing is contrary to the Personal Data Protection Act, other Acts or legislation established on the basis thereof, a chief processor or an authorized processor is, at the request of the data subject, required to terminate the processing of personal data relating to him or her; to rectify inaccurate personal data and to block or erase the collected personal data.