Information technologies are a group of technologies harnessed to solve a broad range of therapeutic, diagnostic, rehabilitation and management challenges in public health, both locally and nationwide. To patients, information technologies that are directly incorporated into the therapeutic, diagnostic, rehabilitation or other processes forming the substance of medical care or those bearing a close relation to medical services (electronic workflow, including electronic health records and electronic prescribing, medical devices or other health care products) matter the most.

Information technologies were introduced into clinical practice in the second half of the 20^th century. At that time, their use was limited to space medicine, air ambulance, medical consultations for patients and advisory services for health care practitioners residing or working in remote regions. Although the experience was overall positive, the spread of information technologies in the medical field was obstructed by the underdeveloped and expensive telecommunication infrastructure and equipment, inadequate quality of information services and medical care (signal quality was low, affected by distortion, etc.), organizational, financial, administrative, legal and other barriers.

Over time, the majority of constraints holding back the implementation of digital health were overcome through the advancements of information- and telecommunication- enabled services and active digitalization of socioeconomic activities. Those that remain until today are mostly organizational. Besides, there are some legal, ethical, moral and other issues associated with the current social reality, familial, cultural, and religious traditions.

The Federal Law No.242 (dated July 29, 2017) on the Amendments to Some Legislative Acts of the Russian Federation Regulating the Use of Information Technologies in Health Care made some amendments to the Federal Law No.323 (dated November 21, 2011) on the Fundamental Principles of Public Health Protection in the Russian Federation in the attempt to address statutory obstacles to the development of new technologies in health care. For example, the term telehealth was introduced and some algorithms of delivering medical care by means of telehealth technologies were legally established. However, this was not enough to solve even the basic legal issues related to the use of information technologies in health care. Besides, some collateral ethical and ethico-l egal issues associated with the emergence of new and supplantation of old forms of relationships were overlooked.

The Federal Law No.323 requires health care providers to comply with the norms of ethics while delivering any type of medical care (medical service) to the patient, including care that involves the use of new technologies. Apart from delivering an effective, safe and adequate treatment, it is important to safeguard a patient’s physical and mental health [1] without violating their legally protected interests. Otherwise, despite the seemingly good quality of medical care, an ethical dilemma or an ethico-legal conflict may arise that will almost inevitably have ramifications for the involved health care provider [2]. The risks increase if a combination of technologies is used. For example, genetic testing generates important data, which, apart from its clinical significance for the case, has prognostic significance for the patient, indicating health risks, predisposition to certain diseases, etc. This data can be digitized, stored and used not only for medical purposes, including implementation of a personalized preventive health care strategy, a personalized screening program or a checkup schedule, but also for nonmedical purposes by other parties (law enforcement agencies, banks, insurance companies, employers). In other words, ethical risks associated with the use of new technologies in health care are increasing, raising the need to identify ethical challenges associated with digital health and find adequate solutions.

The comprehensive analysis of such risks, the associated problems and misconceptions are beyond the scope of this publication. This article seeks to outline the key problematic areas in health care digitalization, looking through the lens of the existing paradigm of bioethics and the principles of law, which are becoming increasingly important not only for the theoretical framework but also for medical practice and the application of law in a rule-of-law-based state.

The principle of non-maleficence is pivotal to bioethics and law. For years, it has been the basis of doctor- patient relationships. Today, there is a possibility of its exclusion from the normative principles and other legal norms established by the Federal Law No.323, such as the primacy of the patient’s interests, respect for personal freedoms and medical liability.

The principle of personal data and privacy protection in information systems established by the Federal Law No.149 on Information, Information Technologies and Protection of Information (dated July 27, 2006) is especially interesting for our analysis.

The general rule is that the use of information technologies should not threaten a person’s life or health. However, due to poor organization of medical care, wrong diagnostic or therapeutic decisions and the breach of medical ethics, the patient may sustain physical, emotional or pecuniary damage. Besides, negligence or noncompliance with the guidelines for handling privileged and confidential data may also result in, most commonly, emotional damage to the patient. In some cases, information about the patient’s personality and other characteristics can be used for nonmedical purposes or without authorization. The threats of biohacking and biocrime, which were impossible to imagine just a few decades ago, are now a subject of active discussion [3]. Consequently, patients may lose their trust in doctors, medical organizations, public healthcare systems and the state in general.

Sometimes, the patient is not ready to comprehend information about their condition, does not know what to do with it or worries about its disclosure to third parties or potential leaks from the databases (registries, medical records, etc.) where such data is submitted as required by law or in accordance with the rules of the medical organization the patient has signed an agreement with. In light of this, the usual doctor- patient communication practices and the use of information resources should be rethought to reduce the risk of conflict. It is important that the patient clearly understand the significance of information about their health for themselves and for the entire medical community today and in the future (if such information is subject to long-term storage). Besides, the patient must be informed in plain words about the data security measures, tools,

mechanisms and warranties. The healthcare provider may find this procedure time-consuming; however, it is a necessary and even mandatory component of digital health. Today, informed consent forms that inform the patient about the procedures of collecting, storing, using, or sharing patient data by medical personnel as part of their work are gaining importance.

Ethics is becoming a ubiquitous trend in digitalized sectors, and the dynamically developing medical service market abounding with new technologies is not an exception. Currently, the Russian information legislation does not contain requirements for ethical collection and processing of patient data, including health- related information; however, increasing attention is being paid to this problem in the information law doctrine [4].

Certainly, it is impossible to build and maintain trust with patients without adhering to the ethico- legal medical privacy principle. In the era of personalized preventive medicine and the expanding diversity of biomedical trials (clinical trials of drugs, medical products, clinical testing, etc.), the role of ethical and legal principles cannot be underestimated. Legal practitioners are witnessing a rise in litigations stemming from patient data breaches. Despite 25 years of history of medical privacy in contemporary Russia, amendments are still being made to health legislation, expanding the range of legal grounds for disclosing confidential information and the scope of persons and entities this information can be disclosed to (family members, in-laws, heirs, law enforcement agencies, etc).

As the legislation on information, personal data, medical and other privacy is transforming at a fast pace, it is becoming increasingly important to inform the patient about the future of their personal health-r elated data in an ethical way.

The beneficence principle (do no harm, do good) is very difficult to translate into practice. The evaluation of new biological, medical, information and other technologies is now almost exclusively performed by scientists and experts, as opposed to clinical practitioners. Chapter 37 of the Federal Law No.323 maintains that medical care must be delivered in accordance with the established procedures, clinical recommendations and standards of medical care. Not much is left at the clinician’s discretion. The choice of medications approved for use in a given therapeutic situation is limited, which may result in a so-called iatrogenic injury. The clinician should have more freedom in decision making, finding guidance in the beneficence principle and the knowledge of the patient’s age, sex, genetic, psychophysiological or other characteristics.

For instance, drugs, medical devices, other medical products or treatments prescribed to a professional athlete should not contain ingredients and/or be based on the methods included in the list of substances and methods prohibited in sport. Russian athletes must abide by the Russian Antidoping Rules^[1], otherwise they will be sanctioned, possibly with disqualification. The Order No. 927 of the Russian Ministry of Sport dated December 16, 2020 on the Approval of the List of Substances and/or Methods Prohibited in Sport contains an extensive list of substances and methods that cannot be used by athletes during and/or between competitions. A lot of medications routinely used in clinical practice cannot be prescribed to athletes or the athlete should apply for a therapeutic use exemption prior to taking such medications. In some cases, it may be reasonable to prescribe a medication that can produce the desired effect but is not on the prohibited list. So, treating a professional athlete poses a certain challenge to the clinician. Ignoring the legal status of the athlete may result in disqualification, pecuniary or moral damage.

Therefore, development and implementation of clinical guidelines should account for both typical and atypical yet not extremely rare clinical cases and the legal status of different patient categories (groups of populations).

Genetic research generates new robust data that will significantly affect clinical decision making. Patient data accumulated in special databases (electronic health records, etc.) provides the clinician with a wealth of information about the patient, facilitating a personalized approach to therapy and prophylaxis and allowing the patient to be in control of their life trajectory. However, the benefits of health care technologies should indeed outweigh the potential risks. In our opinion, risk reduction is one of the primary goals of modern medical ethics that extends beyond the rigid organizational and legal framework of contemporary medicine.

Private autonomy is one of the fundamental ethical and legal principles actively developing in the Western world. In Russia, it is articulated in the Basic Principles of Legislation on Health Protection (Order 5487-I dated July 22, 1993). Today, it is derived from Chapters 5, 6 and some other chapters of the Federal Law No. 323. At the same time, advances in health care, the growing controlling potential of medicine, and the expansion of boundaries of the pursued biopolicy (new technologies open up new possibilities and help in solving large-s cale tasks) have exacerbated a problem of balance between private, public and the state’s interests.

Chapter 27 of the Federal Law No.323 specifies the duties of Russian citizens with regard to health care. At first, such duties were perceived as non-specific, not associated with any legal sanctions. However, the COVID-19 pandemic has sparked heated debate about the responsibilities of patients (citizens) to self-isolate and get vaccinated. Apart from the ethical and legal issues associated with the doctor-p atient relationship, a number of problems surrounding the relationship between the doctor and the medical community have come to light. Owing to digitalization, we now have access to a tremendous variety of information sources encouraging us to make “the right choice” or “the right decision” and engage in “the best possible practice”. Patients are becoming more aware but there are risks: loss of trust in doctors, refusal from therapy or engagement in self-treatment. The patient can share information about their health, results of laboratory and instrumental tests in real time with other specialists not involved in the patient’s case, which may negatively affect the diagnostic and therapeutic processes because it is the treating physician who knows their patients best. There is a reason why Chapter 70 of the Federal Law No.323 has a provision that it is the treating physician who timely orders all necessary diagnostic procedures, prescribes therapy for the patient and provides comprehensive information about their health. Consultations with other specialists should be implemented after a discussion with the treating physician. Otherwise, the patient may follow different recommendations obtained from different sources (consultations with other trustworthy specialists, chats, web-sites containing information on medical products provided by their manufacturers). As a result, the patient may ignore recommendations of the treating physician and the desired outcome may not be achieved.

It has always been an ethical requirement that the doctor should perceive health care as a duty, not a business, refrain from advertising themselves, be accountable for their medical advice to patients and colleagues. The doctor should refrain from activities that can disrupt the authority of and respect for the medical profession.

Any deviation from the ethical norms should be decisively dealt with by the medical community and its institutions of selfregulation. In Russia, medical ethics, bioethics and professional ethics have not been fully institutionalized yet. There are no well-established mechanisms for managing ethical conflicts and holding medical professionals accountable for a breach of ethics. It might be necessary to establish sanctions in federal laws to prevent ethical breaches associated with health care digitalization.

The relatively recent ethico-l egal vulnerability principle became widely recognized due to the popularity of some types of medical services (medical care) for certain groups of patients. Digitalization of health care and advances in information and other technologies used in medicine increase vulnerability risks for some groups of patients.

Access to personal data or information about the psychophysiological and genetic characteristics of the patient by the medical community or other parties may result in the discrimination of the patient (in health care, education, employment, sports and other fields). Some data can be “dormant” for decades but comes to light when a person enters into a certain relationship (seeks employment or is employed by the government, undergoes medical assessment, crosses the state border, applies for a resident permit, etc). Currently, biological samples, materials, information about individuals are being actively collected. There is no ironclad guarantee that such data will be used strictly for the purposes specified by law or the corresponding agreement. Improving such guarantees is a crucial challenge facing society and the state. Its resolution largely depends on the development of health and information legislation and ethics.

Higher standards of data security for vulnerable groups of patients should be established in federal laws and ethical guidelines.

Technological progress is accompanied by the transformation of medical ethics. The long-standing ethical principles used as a guidance by the medical community are subjected to the pressure of the new technological reality and legislation, which drives their development and the development of their regulatory potential.

[1] Approved by the Russian Ministry of Sport (December 11, 2020)