AIHealth
On-premise clinical platform with local LLMs, RAG on FHIR/DICOM data, diagnostic support, remote follow-up. Architecture designed for the MDR pathway.
Discover AIHealth →
Digital Health
Medical software development compliant with CE and MDR regulatory standards. Clinical decision support systems, AI integration in clinical workflows.
Discover →The context
Decree-Law of 18 October 2012, no. 179 — known as Decreto Crescita 2.0 — was published in the Italian Official Gazette no. 245 of 19 October 2012 and introduces measures for the digital development of the country. Article 12, titled “Electronic Health Record and surveillance systems in the health sector”, is the first primary-rank rule that organically defines the Electronic Health Record (Fascicolo Sanitario Elettronico, FSE) at national level.
Before DL 179/2012 the FSE existed de facto in several Regions through pioneering initiatives — SISS in Lombardy, the Tuscany FSE project, the Emilia-Romagna and Trentino records — and a policy framework had been drawn by the National Guidelines on the Electronic Health Record approved by the Italian State-Regions Conference on 11 November 2010, together with the Guidelines of the Italian Data Protection Authority of 16 July 2009 on FSE and clinical dossier. What was missing was a shared national legislative basis.
The definition
Article 12 paragraph 1 defines the FSE as “the set of digital health and socio-health data and documents generated by current and past clinical events concerning the patient”. The definition is intentionally broad and covers both documents produced by National Health Service providers and those generated in the socio-health domain.
The FSE is established by the Regions and Autonomous Provinces, in compliance with data protection legislation. FSE population takes place progressively, with clinical documents generated by NHS providers and regional socio-health services.
Purposes
Paragraph 2 of Article 12 lists the purposes for which the FSE is established:
- Prevention, diagnosis, treatment and rehabilitation (care purposes, strictly linked to care of the individual patient)
- Medical, biomedical and epidemiological research
- Health planning, quality assurance and healthcare assessment
The distinction among these three purposes matters on the consent side: access to FSE data for purposes other than care requires additional safeguards and separate consents, following an architecture that implementing rules would detail in subsequent years.
Relationship with the Digital Administration Code
The FSE fits into the framework of the Digital Administration Code (Legislative Decree 82/2005, CAD), which governs the electronic document, digital signature, long-term preservation and digital identity. The FSE uses CAD-compliant electronic documents — including the obligations of digital signature on clinical reports and long-term preservation.
National digital governance had been redesigned the same year by DL 83/2012 (converted into Law 134/2012), which established the Agency for Digital Italy (AgID) in place of DigitPA. AgID, together with the Ministry of Health, is designated by Article 12 as a technical hub in shaping FSE rules.
The DPCM referral
Paragraph 7 of Article 12 provides that the FSE contents, the safeguards and security measures, the access modalities, the definition and management of consent and the interoperability criteria shall be governed by a Decree of the President of the Council of Ministers (DPCM), after consultation with the permanent Conference for relations between the State and the Regions, the Data Protection Authority and AgID.
This DPCM — which introduces the operational technical rules and designates the National Interoperability Infrastructure (INI) managed by the Ministry of Economy and Finance through Sogei — would be adopted as DPCM 29 September 2015, no. 178, almost three years after the primary rule came into force. The delay in implementation is one of the defining features of the first phase of the Italian FSE.
Consent
Data processing in the FSE is subject to the patient’s consent, differentiated by type of processing (care purposes vs. research/planning purposes). The model derives directly from the Data Protection Authority Guidelines of 16 July 2009, which had already introduced the principle of dual consent: a consent to populate the Record and a consent to access by each treating healthcare professional, with the possibility of masking specific documents (a granular opt-out right).
Article 12 confirms this design and anchors it to primary legislation, referring to the implementing DPCM for operational detail.
Surveillance systems
Article 12 paragraph 10 and following, alongside the FSE, provides for the establishment of surveillance systems and registries in the healthcare domain, for prevention, diagnosis, treatment and rehabilitation, health planning, quality assurance, and medical and epidemiological research. Registries are established by DPCM and include, among others, tumour registries and disease registries.
This part of the rule — less visible than the FSE in a narrow sense — has important structural effects on the system of regional and national health information flows, and on their coordination with Agenas and the Ministry of Health’s NSIS (Nuovo Sistema Informativo Sanitario).
What changes from 2012
With Article 12 of DL 179/2012 the FSE moves from regional experience to a systemic right: adoption becomes mandatory, the framework becomes national, the level of technical rules is referred to implementing measures. The legal model remains however strongly decentralised — Regions establish and run their own FSEs, interoperability is still to be built.
The following years bring the missing pieces: the technical rules (DPCM 178/2015), the National Interoperability Infrastructure, the Italian document profiles based on HL7 CDA R2, and — in the second half of the decade — the reflection on moving from a document-centric model to a structured model based on modern standards.
Legislative references: Decree-Law 18 October 2012, no. 179 (converted into Law 17 December 2012, no. 221), Article 12. Legislative Decree 7 March 2005, no. 82 (CAD). Decree-Law 22 June 2012, no. 83 (converted into Law 7 August 2012, no. 134), Articles 19-22 (AgID establishment). National Guidelines on the Electronic Health Record, Italian State-Regions Conference, 11 November 2010. Data Protection Authority Guidelines on the Electronic Health Record and clinical dossier, 16 July 2009.