89 Amendments of Ondřej KOVAŘÍK related to 2022/0140(COD)
Amendment 201 #
Proposal for a regulation
Recital 7
Recital 7
(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. The implementation cost for connecting healthcare professionals to the EHDS should not be carried by healthcare professionals alone. To this end, Member States should ensure that EU financial incentives as well as national ressources are evenly and fairly distributed.
Amendment 220 #
Proposal for a regulation
Recital 10
Recital 10
(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data until a relevant health professional validates the information, which would then be marked as confirmed by a health professional. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.
Amendment 232 #
Proposal for a regulation
Recital 13
Recital 13
(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported but the restrictions on information should be easily identifiable by health professionals in the EHR in order to take due regard to the fact that the information is incomplete, when treating the patient. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.
Amendment 316 #
Proposal for a regulation
Recital 36 a (new)
Recital 36 a (new)
(36 a) The uptake of real-world data and real-world evidence, including patient reported outcomes, for evidence-based regulatory and policy purposes as well as for research, health technology assessment and clinical objectives should be encouraged. Real-world data and real- world evidence have the potential to complement randomised clinical trial data and is particularly relevant when assessing safety and medicinal effectiveness of innovative products, such as, but not limited to Advanced Therapies Medicinal Products (ATMPs), particularly in the rare disease domain.
Amendment 349 #
Proposal for a regulation
Recital 40
Recital 40
(40) The data holders in the context of secondary use of electronic health data can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies should be provided by the level of confidentiality protection in accordance with TRIPS and Directive (EU) 2016/943. often enjoy copyright protection or similar types of protection. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
Amendment 353 #
Proposal for a regulation
Recital 40 a (new)
Recital 40 a (new)
(40 a) Clinical trials are of utmost importance for fostering innovation within Europe in the benefit of European patients. In order to incentivise continuous European leadership in this domain, the sharing of the clinical trials data through the EHDS for secondary use should not compromise the scientific integrity of and investment in these clinical trials, in line with Regulation (EU) 536/2014.
Amendment 367 #
Proposal for a regulation
Recital 42
Recital 42
(42) The establishment of one or more health data access bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data. Member States should therefore establish one or more health data access body, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies should be designated as a coordinator in case there are more than one data access body. Where a Member State establishes several bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one health data access body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other health data access bodies, the EHDS Board and the Commission. Health data access bodies may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization) but should have the same functions, responsibilities and capabilities. Health data access bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that the health data access body cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each health data access body should be provided with the financial, technical and human resources, premises and infrastructure necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Given the central role of the health data access bodies in the context of secondary use of electronic health data, and especially the decision-making on granting or refusing a health data permit and preparing the data to make it available to health data users, their members and staff should have the necessary qualifications, experience and skills, in particular in the area of ethics, cybersecurity, protection of intellectual property and trade secrets, healthcare, scientific research, artificial intelligence and other relevant areas, as well as the protection of personal data and specifically data concerning health. In addition, the decision-making process regarding the granting or refusal of the health data permit should involve ethical considerations. Each health data access body should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks to the competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health data.
Amendment 372 #
Proposal for a regulation
Recital 43
Recital 43
(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested state-of-the-art techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. In this regard, health data access bodies should cooperate across borders and converge on common definitions and techniques. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.
Amendment 375 #
Proposal for a regulation
Recital 44
Recital 44
(44) Considering the administrative burden for health data access bodies toHealth data access bodies should comply with the obligations laid down in Article 14 paragraphs (1), (2), (3) and (4) of Regulation (EU) 2016/679 and inform the natural persons whose data are used in data projects within a secure processing environment, t. The exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 shouldmay apply. TWherefore such exceptions are applied, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed, allowing natural persons to understand whether their data are being made available for secondary use pursuant to data permits. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the health data access body, which should inform the data subject or his health professionalhealth professional of the data subject concerned. Natural persons should be able to access the results of different research projects on the website of the health data access body, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.
Amendment 400 #
Proposal for a regulation
Recital 49
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the relevant health professional of the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
Amendment 449 #
Proposal for a regulation
Recital 64 a (new)
Recital 64 a (new)
(64 a) Re-identification of natural persons should be considered a particularly serious breach of this Regulation. Member States should consider criminalising re-identification as well as disclosure of de-anonymised health data by health data users to serve as a deterrent measure.
Amendment 455 #
Proposal for a regulation
Recital 65
Recital 65
(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities and chair it. It. The EHDS Board should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. An advisory forum should be set up to advise the EHDS Board it in the fulfilment of its tasks by providing stakeholder input in matters pertaining to this Regulation. The advisory forum should be composed of representatives of patients, health professionals, industry, scientific researchers and academia, have a balanced composition and represent the views of different relevant stakeholders. Commercial and non-commercial interests should be balanced. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].
Amendment 467 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation establishes the European Health Data Space (‘EHDS’) by providing for rules, interoperable common standards and, practices, and infrastructures and a governance framework for the primary and secondary use of electronic health data.
Amendment 472 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) strengthens the rights of natural persons in relation to the availability, sharing and control of their electronic health data;
Amendment 481 #
Proposal for a regulation
Article 1 – paragraph 3 – point a
Article 1 – paragraph 3 – point a
(a) manufacturers and suppliers of EHR systems and products claiming interoperability with EHR systems, including medical devices, high-risk AI systems and wellness applications placed on the market and put into service in the Union and the users of such products;
Amendment 526 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
Article 2 – paragraph 2 – point e
(e) ‘secondary use of electronic health data’ means: (i) the processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may includewhich was personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use;for purposes set out in Chapter IV of this Regulation, thereby constituting further processing within the meaning of Regulation (EU) 2016/679; or (ii) the processing of electronic health data which does not fall under (i) and was originally collected for the purposes set out in Chapter IV of this Regulation.
Amendment 583 #
Proposal for a regulation
Article 2 – paragraph 2 – point z
Article 2 – paragraph 2 – point z
(z) ‘health data user’ means a natural or legal person who has lawful access toas well as Union institutions, bodies, offices and agencies, who has been granted access, in accordance with this Regulation, to one or more of the categories of personal or non- personal electronic health data for secondary use;
Amendment 602 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)
Article 2 – paragraph 2 – point ae a (new)
(ae a) ‘ real world evidence’ (RWE) means data that are collected outside the constraints of conventional randomised clinical trials.
Amendment 606 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)
Article 2 – paragraph 2 – point ae b (new)
(ae b) ‘real-world data’ (RWD) means routinely collected data relating to patient health status or the delivery of healthcare from a variety of sources other than traditional clinical trials.
Amendment 618 #
Proposal for a regulation
Article -3 (new)
Article -3 (new)
Article -3 Scope For the purpose of this Chapter, health data holder shall be understood only as data holder from health sector providing healthcare.
Amendment 652 #
Proposal for a regulation
Article 3 – paragraph 5 a (new)
Article 3 – paragraph 5 a (new)
5 a. In addition to the electronic services referred to in paragraph 5 point (a), Member States shall also establish easily accessible support services for natural persons with adequately trained staff dedicated to assist them with exercising their rights referred to in this Article.
Amendment 656 #
Proposal for a regulation
Article 3 – paragraph 6
Article 3 – paragraph 6
6. Natural persons may insert their electronic health data in their own EHR or in that of natural persons whose health information they can access, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative until a relevant health professional validates the information, which would then be marked as confirmed by a healthcare professional.
Amendment 667 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1
Article 3 – paragraph 8 – subparagraph 1
Natural persons shall have the right to give access to or request a data holder from the health or social security sectorsector and providing healthcare to transmit their electronic health data to aor only specific part of health data identified by the requesting natural persons or necessary for the purpose at stake to a health data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.
Amendment 671 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1 a (new)
Article 3 – paragraph 8 – subparagraph 1 a (new)
When a natural person makes the request for transmission, the health data holder shall have the obligation to comply with it, in accordance with Articles 6(1) and 9(2) point (a) of the Regulation (EU) 2016/679.
Amendment 679 #
Proposal for a regulation
Article 3 – paragraph 9
Article 3 – paragraph 9
9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of selected health professionals to all or a specific part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms. Such restriction shall be easily identifiable in the EHR. When restricting the information, natural persons shall be made aware that restricting access may impact the provision of healthcare provied to them. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, including the conditions of medical liability, respecting the rules provided for by Article 18 (2) and (3) of the Regulation (EU) 2016/679 concerning the right to restriction of data processing. The Commission shall establish guidelines regarding medical liability when diagnosing and treating patients based on incomplete information.
Amendment 694 #
Proposal for a regulation
Article 3 – paragraph 10
Article 3 – paragraph 10
10. Natural persons shall have the right to obtain information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcareproviding healthcare, including pursuant to Article 4(4) of this Regulation. The information shall be provided immediately and free of charge through electronic health data access services and stored for at least 3 years.
Amendment 700 #
Proposal for a regulation
Article 3 – paragraph 10 a (new)
Article 3 – paragraph 10 a (new)
10 a. Natural persons shall have the possibility to choose whether to receive notifications about which health professional and when have accessed their personal electronic health data, as well as the periodicity of such notifications. There should be an automatic notification for situations when a health professional accesses the personal electronic health data of a natural person for the first time.
Amendment 701 #
Proposal for a regulation
Article 3 – paragraph 11
Article 3 – paragraph 11
Amendment 726 #
Proposal for a regulation
Article 4 – paragraph 2 a (new)
Article 4 – paragraph 2 a (new)
2 a. Notwithstanding the national rules established pursuant to paragraph 2, natural persons shall be able to easily give acces to their electronic health data to a selected health professional through the health data access services, if they wish so.
Amendment 730 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of chargeshall have access to electronic health data through health professional access services for the sole purpose of providing healthcare treatment, including relevant administration, and only through recognised electronic identification and authentication means, free of charge. The electronic health data in the electronic health records shall be structured in a user-friendly manner to allow for an easy use by health professionals.
Amendment 743 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Where access to electronic health data has been restricted by the natural person, pursuant to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the restricted electronic health data without prior authorisationexplicit consent as defined in Article 9(2)(a) of Regulation (EU) 2016/679 by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data, in line with Article 6(1)(d) of of Regulation (EU) 2016/679. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.
Amendment 789 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. For the purpose of paragraph 1, the Commission shall consult and cooperate with relevant stakeholders, including patients’ representatives, healthcare providers, health professionals, industry associations, national competence centres, as well as other Union and national authorities with competence in relevant areas, to encourage and contribute to the elaboration and adoption of a European electronic health record exchange format.
Amendment 793 #
Proposal for a regulation
Article 6 – paragraph 3 a (new)
Article 6 – paragraph 3 a (new)
3 a. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are available in the language of the patient and the treating health professional.
Amendment 827 #
Proposal for a regulation
Article 8 – paragraph 1
Article 8 – paragraph 1
Where a Member State acceptenables the provision of telemedicine services, it shall, under the same conditions and in a non- discriminatory manner, accept the provision of the services of the same type by healthcare providers located in other Member States.
Amendment 854 #
Proposal for a regulation
Article 10 – paragraph 2 – point k
Article 10 – paragraph 2 – point k
(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible to different groups of natural persons and health professionals, including natural persons with disabilities, dounder the same notn- discriminateory conditions and offer the possibility of choosing between in person and digital services;
Amendment 860 #
Proposal for a regulation
Article 10 – paragraph 2 – point m
Article 10 – paragraph 2 – point m
(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives through relevant associations, including patients’ representatives of patients, healthcare providers, health professionals, industry associations;
Amendment 879 #
Proposal for a regulation
Article 10 – paragraph 4
Article 10 – paragraph 4
4. Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers. Digital health authorities and their members and staff shall have the qualifications, experience and skills required to carry out their duties and exercise their powers.
Amendment 888 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate wiand consult with essential health stakeholders’ representatives, including patients’ representatives, health professionals and healthcare providers. Members of the digital health authority shall avoid any conflicts of interest.
Amendment 1086 #
Proposal for a regulation
Article 29 – paragraph 3 a (new)
Article 29 – paragraph 3 a (new)
3 a. Where a finding of a market surveillance authortiy, or a serious incident it is informed of, concerns personal data protection, the market surveillance authority shall, without undue delay, inform and cooperate with the relevant supervisory authorities under Regulation (EU) 2016/679.
Amendment 1101 #
Proposal for a regulation
Article -31 (new)
Article -31 (new)
Article -31 Interoperability of wellness applications with EHR systems 1. Manufacturers of wellness applications may claim interoperability with an EHR system, after relevant conditions are met. When this is the case, the users of such wellness applications shall be duly informed about such interoperability and its effects. 2. The interoperability of wellness applications with EHR systems shall not mean automatic sharing or transmission of all or part of the health data from the wellness application with the EHR system. The sharing or transmission of such data shall only be possible pursuant to and in line with Article 3(6) of this Regulation and interoperability shall be limited exclusively to this end. The manufacturers of wellness applications claiming interoperability with an EHR system shall ensure that the user is able to choose which part of health data from the wellness application they want to insert in the EHR system. 3. Wellness applications shall not be able to access the information in EHRs nor extract any information from it.
Amendment 1110 #
6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device and in the case of software a digital label. 2D barcodes may also be used to display the label.
Amendment 1125 #
Proposal for a regulation
Article -33 (new)
Article -33 (new)
Article -33 Scope This Chapter shall apply to situations of secondary use of electronic health data where a health data user seeks access to such data, as referred to in Article 33, from one or more health data holders as defined in Article 2 (y) of this Regulation.
Amendment 1126 #
Proposal for a regulation
Article -33 a (new)
Article -33 a (new)
Article -33 a Rights of natural persons in relation to the secondary use of electronic health data Natural persons shall have the right to opt-out from sharing their electronic health data for secondary use. A mechanism shall be put in place to allow natural persons the flexibility to determine the categories of electronic health data and/or purposes from which they wish to opt out. Such mechanism shall be easily accessible, comprehensible and actionable.
Amendment 1127 #
Proposal for a regulation
Article 33 – title
Article 33 – title
Minimum categories of electronic health data for secondary use
Amendment 1176 #
Proposal for a regulation
Article 33 – paragraph 1 – point f
Article 33 – paragraph 1 – point f
(f) person generated electronic health data, including from medical devices, wellness applications or other digital health applications;
Amendment 1188 #
Proposal for a regulation
Article 33 – paragraph 1 – point j
Article 33 – paragraph 1 – point j
(j) electronic health data from clinical trialsfully concluded or terminated clinical trials, in accordance with Regulation 536/2014;
Amendment 1224 #
Proposal for a regulation
Article 33 – paragraph 3
Article 33 – paragraph 3
3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, including real-world data and real-world evidence, collected by entities and bodies in the health or care sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies.
Amendment 1235 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailing protected intellectual property and trade secrets from private enterprisehealth data holders shall be made available for secondary use. Where such data is made available for secondary use, all technical and organisational measures necessary to preserve the confidentiality of IP rights and confidentiality of trade secrets shall be taken by the health data access body and in consultation with the data holder. This regulation is without prejudice to existing relevant Union legislation, including Directive 2004/48/EC, Directive 2001/29/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.
Amendment 1247 #
Proposal for a regulation
Article 33 – paragraph 4 d (new)
Article 33 – paragraph 4 d (new)
4 d. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights and trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall take all specific technical and organisational measures necessary to preserve the confidentiality of such data.
Amendment 1302 #
Proposal for a regulation
Article 34 – paragraph 1 – point b
Article 34 – paragraph 1 – point b
(b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates, including optmising patient pathway;
Amendment 1310 #
Proposal for a regulation
Article 34 – paragraph 1 – point d
Article 34 – paragraph 1 – point d
(d) higher education or, continuing proffessional development or higher education teaching activities in health or care sectors;
Amendment 1313 #
Proposal for a regulation
Article 34 – paragraph 1 – point e
Article 34 – paragraph 1 – point e
(e) scientific research related to health or care sectorsdemonstrably linked to health or care sectors, such as prevention, early detection, diagnosis, treatment, rehabilitation or healthcare management, including fundamental, exploratory or applied healthcare research;
Amendment 1324 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products or services demonstrably contributing to public health or social security, or ensuring high levels of quality and safety of health or care, of medicinal products or of medical devices, including scientific research into their efficiency and efficacy and post-market safety monitoring;
Amendment 1350 #
Proposal for a regulation
Article 34 – paragraph 1 – point h
Article 34 – paragraph 1 – point h
(h) improving delivery of care, optimising patient pathway and providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.
Amendment 1367 #
Proposal for a regulation
Article 35 – paragraph 1 – introductory part
Article 35 – paragraph 1 – introductory part
Seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited and subject to effective, proportionate and dissuasive sanctions:
Amendment 1371 #
Proposal for a regulation
Article 35 – paragraph 1 – point a
Article 35 – paragraph 1 – point a
(a) taking decisions detrimental to a natural person or a group of natural persons based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;
Amendment 1389 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
Article 35 – paragraph 1 – point c
(c) advertising or marketing activities towards health professionals, organisations in health or natural persons;
Amendment 1418 #
Proposal for a regulation
Article 35 – paragraph 1 a (new)
Article 35 – paragraph 1 a (new)
Any other misuse of electronic health data, including its use for permissible purposes other than those specified in the data permit or data request, shall also be prohibited and subject to effective, proportionate and dissuasive sanctions.
Amendment 1427 #
Proposal for a regulation
Article 36 – paragraph 1 a (new)
Article 36 – paragraph 1 a (new)
1 a. Each health data access body shall contribute to the consistent application of this Regulation throughout the Union. For that purpose, the health data access bodies shall cooperate with each other and with the supervisory authorities under Regulation (EU) 2016/679 as well as with the Commission and where relevant with the EDPB and the EDPS.
Amendment 1434 #
Proposal for a regulation
Article 36 – paragraph 2
Article 36 – paragraph 2
2. Member States shall ensure that each health data access body is provided with adequathe human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers, including those related to the participation in the EHDS Board.
Amendment 1477 #
Proposal for a regulation
Article 37 – paragraph 1 – point f
Article 37 – paragraph 1 – point f
(f) take all measures necessary to preserve IP rights and the confidentiality of IP rights and of trade secrets;
Amendment 1537 #
Proposal for a regulation
Article 37 – paragraph 4 a (new)
Article 37 – paragraph 4 a (new)
4 a. The EDPB shall provide health data acces bodies with specific guidelines and minimum standards of anonymisation and pseudonymisation for the purposes in this Regulation in order to ensure the same level of quality of anonymisation and pseudonymisation across Member States. The guidelines shall be based on state-of- the-art technology in this regard, which in turn shall be used by the health data access bodies when carrying out their task of anonymisation or pseudonymisation of electronic health data. The guidelines shall be regularly updated, in line with technological progress in this field.
Amendment 1540 #
Proposal for a regulation
Article 38 – paragraph 1 – introductory part
Article 38 – paragraph 1 – introductory part
1. Health data access bodies shall make publicly available and easily searchable and accessible the conditions under which electronic health data is made available for secondary use, with information concerning:
Amendment 1547 #
Proposal for a regulation
Article 38 – paragraph 1 – point d
Article 38 – paragraph 1 – point d
(d) the arrangementmodalities for natural persons to exercise their rights in accordance with Chapter III of Regulation (EU) 2016/679;
Amendment 1556 #
Proposal for a regulation
Article 38 – paragraph 2
Article 38 – paragraph 2
2. Health data access bodies shall not be obliged to provide the specific information undercomply with the obligations laid down in Article 14(1) to (4) of Regulation (EU) 2016/679. Natural persons shall have the possibility to choose whether to receive notifications when their data are being used for secondary purpose, as well as the periodicity of such notifications.Where, with regards to obligations laid down in Article 14(1) to (4) of Regulation (EU) 2016/679 to eaca health ndatural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issueda access body decides to make use of the exception laid down in Article 14(5), point (b), of the same Regulation, it shall make sure to make the information as referred to in Article 14(1) to (4) of Regulation (EU) 2016/679 publicly available on its website in an aggregated form, allowing natural persons to understand whether their data are being made available for secondary use pursuant to Article 46data permits.
Amendment 1564 #
Proposal for a regulation
Article 38 – paragraph 3
Article 38 – paragraph 3
3. Where a health data access body is informed by a health data user of a clinically significant finding that may impact onnfluence the health status of a natural person, as referred to in Article 41a(5) of this Regulation, the health data access body mayshall inform the natural person and his or , where applicable, the treating health professional of the natural person concerned about that finding. Where relevant, ther treating health professional about that findingshall take due regard to the expressed wish of the natural person not to be informed.
Amendment 1662 #
3. Where health data access bodies find that a data user or data holder does not comply with the requirements of this Chapter, they shall immediately notify the data user or data holder of those findings and shall give it the opportunity to state its views within 2 months.4 weeks. Where the finding of non-compliance concerns personal electronic health data, the health data access body shall immediately inform supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of this finding to ensure application and enforcement of this Regulation and relevant provisions of the aforementioned Regulations, including penalties;
Amendment 1667 #
Proposal for a regulation
Article 43 – paragraph 4
Article 43 – paragraph 4
4. Health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, tThe health data access bodies shall be able, where appropriate, to revoke the data permit and to exclude the data user from any access to electronic health data within the EHDS for a period of up to 5 years.
Amendment 1686 #
Proposal for a regulation
Article 43 – paragraph 10
Article 43 – paragraph 10
10. The Commission mayshall issues guidelines on penalties to be applied by the health data access bodies.
Amendment 1707 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Where the purpose of the data user’sdata user has demonstrated that the purpose of processing cannot be achieved with anonymised data, taking into account the information provided by the data userin line with Article 46(1c), the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriatconsidered a particularly serious breach of this Regulation and shall be subject to effective, proportionate and dissuasive penalties.
Amendment 1727 #
Proposal for a regulation
Article 45 – paragraph 2 – point -a (new)
Article 45 – paragraph 2 – point -a (new)
(-a) the applicant´s identity, description of professional functions and operations, including the identity of the concrete persons who will have access to electronic health data, if a data permit is granted;
Amendment 1732 #
Proposal for a regulation
Article 45 – paragraph 2 – point a
Article 45 – paragraph 2 – point a
(a) a detailed plan and explanation of the intended use of the electronic health data, including for which of the purposes referred to in Article 34(1) access is sought;
Amendment 1736 #
Proposal for a regulation
Article 45 – paragraph 2 – point a a (new)
Article 45 – paragraph 2 – point a a (new)
(a a) a declaration that the applicant has sufficient experience to manage the intended uses of the data requested, consistent with ethical practice and applicable laws and regulations;
Amendment 1740 #
Proposal for a regulation
Article 45 – paragraph 2 – point a b (new)
Article 45 – paragraph 2 – point a b (new)
(a b) a detailed explanation of the expected benefits related to the use;
Amendment 1741 #
Proposal for a regulation
Article 45 – paragraph 2 – point b
Article 45 – paragraph 2 – point b
(b) a description of the requested electronic health data, their timeframe, format and data sources, where possible, including geographical coverage where data is requested from several Member States;
Amendment 1744 #
Proposal for a regulation
Article 45 – paragraph 2 – point c
Article 45 – paragraph 2 – point c
(c) an indication whether electronic health data shouldneed to be made available in an an pseudonymised format;
Amendment 1746 #
Proposal for a regulation
Article 45 – paragraph 2 – point e
Article 45 – paragraph 2 – point e
(e) a description of the safeguards planned to prevent any other use or misuse of the electronic health data, including attempts to re-identify natural persons whose data are part of the dataset;
Amendment 1754 #
Proposal for a regulation
Article 45 – paragraph 2 – point h a (new)
Article 45 – paragraph 2 – point h a (new)
(h a) where applicable, information on the assessment of ethical aspects of the processing and evidence of ethics approval obtained by the competent ethics committee in line with national law;
Amendment 1759 #
Proposal for a regulation
Article 45 – paragraph 2 – point h b (new)
Article 45 – paragraph 2 – point h b (new)
(h b) a declaration that the intended uses of the data requested do not pose a risk of stigmatisation or dignitary harm to both individuals and the groups implicated in the dataset requested;
Amendment 1814 #
Proposal for a regulation
Article 46 – paragraph 3
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final](EU) 2022/868, the health data access body may extend the period for responding to a data access application by 2a maximum of 3 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.
Amendment 1884 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. When carrying out those tasks under Article 37 (1), points (b) and (c), tby the European Medicines Agency (EMA), European Centre for Disease Prevention and Control (ECDC) and Health Emergency Preparedness and Response Authority (HERA) to access the electronic health data under this Chapter. The health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]EMA, ECDC, or HERA about the availability of data within 2 months of the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.
Amendment 1914 #
Proposal for a regulation
Article 50 – paragraph 4
Article 50 – paragraph 4
4. The Commission shall, by means of implementing acts, provide for the technical, information security, confidentiality, data protection and interoperability requirements for the secure processing environments, in consultation with ENISA. Those implementing acts shall be adopted in accordance with the advisoryexamination procedure referred to in Article 68(2a).
Amendment 1960 #
Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 a (new)
Article 52 – paragraph 13 – subparagraph 1 a (new)
Amendment 1986 #
Proposal for a regulation
Article 59 a (new)
Article 59 a (new)
Article 59 a Digital health literacy and digital health access 1. In order to ensure successful implementation of the EHDS, Member States shall put in place educational programmes aimed at increasing digital health literacy and relevant competences and skills. Those programmes shall be tailored to the needs of specific groups, including patients and health professionals, and shall be developed and reviewed, and where necessary updated, on a regular basis in consultation and cooperation with relevant experts and stakeholders. 2. Member States shall measure, on a regular basis, the digital health literacy of health professionals, patients as well as persons in general. 3. Member States shall organise awareness-raising campaigns to ensure that all specific groups are informed about the importance of digital health literacy as well as educational programmes available to them pursuant to paragraph 1. 4. Member States as well as the Commission shall take all the necessary measures to ensure that natural persons, and specifically patients and health professionals, are informed about the EHDS, its primary and secondary components, functionalities and conditions as well as their rights within EHDS. 5. Member States shall ensure that all natural persons have access to the infrastructure necessary for the effective management of their electronic health data, both within primary and secondary use.
Amendment 2022 #
Proposal for a regulation
Article 64 – paragraph 1
Article 64 – paragraph 1
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of th: (a) one high level representatives of digital health authorities andof all the Member States; and (b) one high level representative of health data access bodies of all the Member States. OtWhere a Member State has designated several health data access bodies, the coordinating health data access body shall be part of the EHDS Board; and (c) EDPB and EDPS. The EHDS Board shall be aided by an advisory forum as referred to in Article 65a. EMA, ECDC, ENISA shall be invited by the Board to join the meeting where the issues discussed are of relevance to their respective mandates or tasks. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.
Amendment 2044 #
Proposal for a regulation
Article 64 a (new)
Article 64 a (new)
Article 64a Advisory forum 1. An advisory forum shall be established by the EHDS Board to advise it in the fulfilment of its tasks by providing stakeholder input in matters pertaining to this Regulation. 2. EMA, ECDC, JRC shall be permanent members of the advisory forum. 3. The advisory forum shall be composed of representatives of patients, health professionals, industry, scientific researchers and academia. The advisory forum shall have a balanced composition and represent the views of different relevant stakeholders. The composition of the advisory forum shall be balanced between commercial and non-commercial interests and, within the commercial interests, it shall be balanced between large companies, SMEs and start-ups. Focus on primary and secondary use of electronic health data shall also be balanced. 4. Members of the advisory forum shall be appointed by the Commission following a public call for interest and a transparent selection procedure, in consultation with the European Parliament. 5. The term of office of the members of the advisory forum shall be two years and it shall not be renewable more than twice consecutively. 6. The advisory forum may establish standing or temporary subgroups as appropriate for the purpose of examining specific questions related to the objectives of this Regulation. 7. The advisory forum shall draw up its rules of procedure and elect two co- Chairs from among its members, one of them being from its permanent members. Their term of office shall be two years, renewable once. 8. The advisory forum shall hold regular meetings. The advisory forum can invite relevant experts and other relevant stakeholders to its meetings. The Chair of the EHDS Board may attend, ex officio, the meetings of the advisory forum. 9. In fulfilling its role as set out in paragraph 1, the advisory forum may prepare opinions, recommendations or written contributions. 10. The advisory forum shall prepare an annual report of its activities. That report shall be made publicly available.
Amendment 2088 #
Proposal for a regulation
Article 69 – paragraph 1
Article 69 – paragraph 1
1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties shall be effective, proportionate and dissuasive. Specific attention shall be given to penalties for serious breaches of this Regulation, as referred to in Article 41a(3) and Article 44(3). Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them. 2. Penalties referred to in paragraph 1 shall be without prejudice to the penalties established pursuant to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. 3. The Commission shall provide Member States with guidelines and recommendations on the types and levels of penalties in order to prevent forum shopping and ensure fair enforcement, especially in cross-border cases. 4. Member States are encouraged to consider criminalising re-identification of anonymised data.
Amendment 2098 #
Proposal for a regulation
Article 70 – paragraph 1
Article 70 – paragraph 1
1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, including the need to extend interoperability possibilities between EHR systems and electronic health data access services other than those established by the Member States, the possibility to expand the access to MyHealth@EU infrastructure to third countries and international organisations, the implementation and use by natural persons of the opt-out mechanism in secondary use as referred to in Article - 33a, the use and implementation of the right referred to in Article 3(9), the implementation of Articles 33 and 34 as well as the application of fees as referred to in Article 42, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.
Amendment 2106 #
Proposal for a regulation
Article 70 – paragraph 1 a (new)
Article 70 – paragraph 1 a (new)
1a. After 2 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of the Union funding made available for the setting up of the European Health Data Space as well as an evaluation of funding allocated to this end by Member States, and where appropriate, consider further measures in this regard.