Introduction The Danish Health Law of October 2007 dictates a number of guidelines for the collection and sharing of health information of patients in contact with health care providers. In Denmark, there is a major focus on the use and reuse of patient related information across various IT systems. With this report we want to investigate whether the patient's legal position will be executed under the provision of data processing in clinical IT systems. The patient's ability to enter consent is different in relation to which system is used. The patient's consent is not continued when the data exchanges between systems. We also want to examine the con-sequences of this. Moreover, we want to focus on a modified version of a survey that is not traditionally used within the field of health informatics. Methods The empirical collection was done using triangulation. It used a combination phone / mail interview for an initial appraisal of the problem. This was followed by a literature study. The emphasis on empirical data collection is placed on a modified version of an online focus group interview, which was carried out as a qualitative discus-sion interview with 7 participants. The site http://www.patientdatasikkerhed.dk is established for this purpose.The discussion interview was opinion condensated, and the focus is on four areas of interest within the informants’ discussion: law, ethics, technology and organization / management. These areas are analyzed based on related theories. Konklusion Based on our analysis of the four areas of law, ethics, technology and organiza-tion / management, we conclude that: -- The current legislation is not adapted to the clinical reality, so that the treatment of patients can be carried out under optimal conditions. -- The interests of the patient's privacy are misunderstood, when data is shared between different computer systems in Denmark. The patient's legal position may not be fully supported in the IT systems which are currently available. -- Health professionals, as well as patients should have clear guidelines and standards for the treatment of data in IT-systems, provided by management. -- Patients' are “kept in the dark”, because they assume they have privacy rights, but these cannot be enforced in all IT systems in Denmark. Korrespondance Jan Rosenbjerg Albertsen janrosenbjerg@gmail.com Henrik Sønderholm Larsen henriksonderholm@gmail.com info@patiendatasikkerhed.dk www.patientdatasikkerhed.dk