IT Get in touch

DPCM 178/2015: technical rules for the Italian Electronic Health Record

DPCM 29 September 2015, no. 178 implements Article 12 of DL 179/2012 and governs the Italian Electronic Health Record (FSE): contents, consent, the National Interoperability Infrastructure (INI), document profiles.

Digital HealthCompliance
Digital HealthCompliance FSEDPCM 178/2015INISogeiAgIDMinistry of HealthCDA R2Digital Health
AIHealth

AIHealth

On-premise clinical platform with local LLMs, RAG on FHIR/DICOM data, diagnostic support, remote follow-up. Architecture designed for the MDR pathway.

Discover AIHealth →Digital Health

Digital Health

Medical software development compliant with CE and MDR regulatory standards. Clinical decision support systems, AI integration in clinical workflows.

Discover →

Three years later, the technical rules

Three years after the Electronic Health Record was introduced into Italian law by Article 12 of Decree-Law 18 October 2012, no. 179, the government adopted the implementing measure: DPCM 29 September 2015, no. 178Regulation on the Electronic Health Record — was published in the Italian Official Gazette no. 263 of 11 November 2015 and entered into force after the usual fifteen-day vacatio legis.

DPCM 178/2015 is the first normative text to address the operational substance of FSE construction: contents, consent, access, safeguards, interoperability, the relationship between regional FSEs and the national infrastructure.

The frame: regional FSEs plus national infrastructure

The DPCM confirms the decentralised architecture: the FSE is established by each Region and Autonomous Province (Article 3), which defines additional contents beyond the national minimum core, governs access and manages operation. At the national level the National Interoperability Infrastructure (INI) is established and entrusted to the Ministry of Economy and Finance — implemented through Sogei — with the task of ensuring interoperability between regional FSEs when a patient moves or receives care outside his or her Region of residence.

INI does not replicate regional FSEs: it is their interoperability gateway. Documents remain with the regional FSEs; INI runs the localisation and routing services between the Region of care and the Region of residence.

FSE contents

Article 2 lists the contents of the FSE, distinguishing:

  • National minimum core, mandatory for all Regions: identification and administrative data, reports, emergency department records, discharge letters, patient summary, pharmaceutical dossier, consent or denial of organ and tissue donation
  • Additional data and documents, whose inclusion is left to the patient’s choice and regional specifications: prescriptions, bookings, clinical records, outpatient specialist care, medical certificates, personal patient notebook

The structure of the minimum-core documents is anchored to the Italian HL7 CDA R2 profiles developed with HL7 Italia; the technical specifications are referenced through annexes and through subsequent implementing decrees of the Ministry of Economy and Finance.

Purposes and consents

The DPCM distinguishes four processing purposes, each with its own consent regime (Article 8):

  • Prevention, diagnosis, treatment and rehabilitation (care purposes): the patient gives a general consent to the population of his or her FSE and may revoke it; access by a healthcare professional in the context of a care relationship is allowed on the basis of the necessity principle
  • Medical and scientific research: requires a specific consent from the patient, and operations take place on pseudonymised or anonymised data
  • Health planning, management, control and assessment: access to data in anonymous form or, where justified, pseudonymous form, by institutionally designated parties
  • Administrative purposes connected to the delivery of care

The patient retains the right to mask specific documents (granular opt-out) and to receive notice of population and access; both mechanisms derive directly from the Data Protection Authority Guidelines of 16 July 2009.

Access

Article 9 governs FSE access by distinguishing:

  • Patient access, authenticated via SPID where operational, with Region-issued credentials in the transitional phase
  • Healthcare professional access, authenticated through a regional operator card or equivalent strong credential, confined to the care relationship
  • Institutional access (ISS, Agenas, etc.) for planning and research purposes

Every access is recorded in a detailed log kept for at least ten years, consultable by the patient through his or her personal area.

Security, pseudonymisation and transport

Article 23 of the DPCM and the technical annexes set mandatory security measures: TLS transport, management of patient identifiers through a pseudonymised unique code in inter-FSE communications, digital signature on published documents, timestamping of access logs, long-term preservation under the Digital Administration Code.

Data processing is governed by the data protection rules in force — in 2015 still Legislative Decree 196/2003 — with specific extensions for the healthcare sector. Regulation (EU) 2016/679 (GDPR), already approved at the time of the DPCM but not yet applicable, will amend the framework in 2018 with direct consequences for operational implementation.

Interoperability: the IHE frame

DPCM 178 does not specify interoperability profiles in detail but anchors them to international reference standards. In implementation practice, regional FSEs adopt the IHE XDS.b framework for document sharing:

  • Document Registry — regional registry of document metadata
  • Document Repository — physical archive of documents (typically at the provider’s premises)
  • Document Consumer — client that queries and retrieves documents
  • XCA (Cross Community Access) for communication between regional FSEs via INI

The document layer is HL7 CDA R2 in the Italian profiles, with transmission over SOAP/WSDL in conformance with IHE profiles.

Subsequent implementing decrees

DPCM 178/2015 further defers to ministerial decrees for operational detail. Among these, the Decree of the Ministry of Economy and Finance of 4 August 2017Technical modalities and telematic services made available by INI — specifies the services exposed by Sogei, the authentication modes between regional FSEs and INI, and the exchange formats. Together these measures define the operational status of the first-generation FSE.

What remains open

DPCM 178 closes a nearly decade-long legislative phase, but leaves open nodes that the coming years will have to address:

  • Real regional adoption is very uneven: some Regions (Lombardy, Emilia-Romagna, Tuscany, Trentino) are well ahead, others lag structurally
  • Content completeness depends on individual providers’ ability to produce conformant CDA R2 documents; the gap between claimed and actual population is significant
  • Effective use by professionals is slowed by tool usability and gaps in integration with enterprise clinical records
  • Clinical semantics remain largely documentary; use of coded terminologies (SNOMED CT, LOINC) is partial

These are the themes that will shape the debate on the second generation of the FSE, when it becomes clear that the document-centric model needs to be paired with modern formats — FHIR above all — to support use cases beyond document viewing.

Legislative references: DPCM 29 September 2015, no. 178. DL 18 October 2012, no. 179, Article 12 (converted into Law 221/2012). Legislative Decree 82/2005 (CAD). MEF Decree 4 August 2017. Data Protection Authority Guidelines 16 July 2009. HL7 Italia CDA R2 Profiles. IHE XDS.b, XCA.

Need support? Under attack? Service Status
Need support? Under attack? Service Status