Health care professionals and organizations, in carrying out their activities, consistently handle information related to identified or identifiable (even indirectly) natural persons, therefore "personal data". The application of Legislative Decree 30 June 2003 n. 196--the Code concerning the protection of personal data--as integrated by the pronunciations of the authority tasked with the application of such a complex legislation, the Authority for the Protection of Personal Data, consequently follows. The aforementioned legislation is seldom fully applied even 12 years after its publication, and even so not properly or with the adequate level of care. As a consequence, the data processed is often not adequately safeguarded, and compliance is hindered at an organisational level: this is particularly true with reference to the state of the art in medical technology, which is characterized by the utilization of ICT technologies such as the ones used with clinical registries and the Electronic Health Record. This chapter shows that, even when processing personal data that is of a sensitive nature, and at the same time of great importance, it is possible to reconcile the need to access and manage information with the protection of the individuals to whom such information refers to. This possibility is however closely linked to the awareness of the issues involved, awareness that in turn comes from an indispensable knowledge of the different aspects of that complex legislation.