29 Amendments of István UJHELYI related to 2022/0140(COD)
Amendment 179 #
Proposal for a regulation
Recital 2
Recital 2
(2) The COVID-19 pandemic has highlighted the imperative of having timely access to quality electronic health data for health threats preparedness and response, as well as for prevention, diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, to reduced costs and an improved response to health threats and ultimately would have helped to save more lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural and systemicapproach at Member States and Union level. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).
Amendment 290 #
Proposal for a regulation
Recital 27
Recital 27
(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. At the same time, the EU should invest in and promote the equal development of a basic understanding of digital health/data literacy and skills (e-health, m-health literacy) in the Member States for the public at large to empower the citizen in healthcare and the citizen’s knowledge on their health data. Citizens need to understand that they have the right to give and revoke an approval to use their data. Digital health/data literacy and skills should be promoted in the formation for healthcare professionals and a point of attention in (continued) education. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory self-certification scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this self- certification, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15). If patients engage virtually with their healthcare providers, patients need to understand the privacy and security policies and also how to keep their information private and secure. The staff, working in a healthcare organisation, need to understand the privacy and security policies of the organization. Regular security awareness training is essential to cybersecurity in healthcare so that members of the staff are aware of threats and what to do in case of actual security incidents.
Amendment 418 #
Proposal for a regulation
Recital 53
Recital 53
(53) For requests to access electronic health data from a single data holder in a single Member State and in order to alieviate the administrative burden for heath data access bodies of managing such request, the data user should be able to request this data directly from the data holder and the data holder should be able to issue a data permit while complying with all the requirements and safeguards linked to such request and permit. Multi- country requests and requests requiring combination of datasets from several data holders should always be channelled through health data access bodies. The data holder should report to the health data access bodies about any data permits or data requests they provide.
Amendment 450 #
Proposal for a regulation
Recital 64 a (new)
Recital 64 a (new)
(64 a) Member States should consider criminalising unauthorised re- identification and disclosure of de- identified personal data to serve as a deterrent measure.
Amendment 468 #
Proposal for a regulation
Article 1 – paragraph 2 – introductory part
Article 1 – paragraph 2 – introductory part
2. This Regulation: a) strengthens the rights of natural persons in relation to the availability and control of their electronic health data; b) lays down rules for the placing on the market, making available on the market or putting into service of electronic health records systems (‘EHR systems’) in the Union; c) lays down rules and mechanisms supporting the secondary use of electronic health data; d) establishes a mandatory cross-border infrastructure enabling the primary use of electronic health data across the continuum of care in the Union for patient safety, research and policy- making. e) establishes a mandatory cross-border infrastructure for the secondary use of electronic health data across the health care continuum in the Union for patient safety, research and policy-making.
Amendment 515 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning health and genetic data in electronic formatrelevant for health research in electronic format that have been irreversibly anonymised and data that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;
Amendment 621 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. Natural persons shall have the right to access their personal electronic health data processed in the context of primary use of electronic health data, immediatwithout delay, free of charge and in an easily readable, consolidated and accessible form.
Amendment 634 #
Proposal for a regulation
Article 3 – paragraph 3
Article 3 – paragraph 3
3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of this right whenever necessary for the protection of the natural person based on patient safety and ethics by delayimposing their access to their personal electronic health data for a limited period of time untilbe made only through a health professional canwho will properly communicate and explain to the natural person information that can have a significant impact on his or her health.
Amendment 635 #
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
Amendment 654 #
Proposal for a regulation
Article 3 – paragraph 6
Article 3 – paragraph 6
6. Natural persons may insert, access and export their electronic health data in and from their own EHR or in that of natural persons whose health information they can access, through electronic health data access services orand applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative as non-validated, and information shall only be considered as a clinical fact if validated by an identified, registered health professional with the relevant competence. Natural persons shall not have the possibility to directly change data inserted by healthcare professionals. The process must be secure.
Amendment 655 #
Proposal for a regulation
Article 3 – paragraph 6
Article 3 – paragraph 6
6. Natural persons may insert their electronic health data in their own EHR or in that of natural persons whose health information they can access, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative. These data are not the responsibility of healthcare providers who therefore do not have to ensure that they correspond to the requirements of the Regulation.
Amendment 662 #
Proposal for a regulation
Article 3 – paragraph 7
Article 3 – paragraph 7
7. Member States shall ensure that, when exercising the right to rectification under Article 16 of Regulation (EU) 2016/679, natural persons can easily request rectification online through the electronic health data access services referred to in paragraph 5, point (a), of this Article. The rectification of a clinical fact in the EHR must be validated by an identified, registered health professional with the appropriate competence. The process must be secure.
Amendment 670 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1
Article 3 – paragraph 8 – subparagraph 1
Natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit their electronic health data to a data recipient of their choice from the health or social security sector, immediately,as soon as possible free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.
Amendment 683 #
Proposal for a regulation
Article 3 – paragraph 9
Article 3 – paragraph 9
9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, Member States may grant natural persons shall have the right to restrict access of health professionals to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, including the conditions of medical liability and whether such restrictions apply to health data for research or quality development purposes. The restricted information must be easily identified in the EHR.
Amendment 693 #
Proposal for a regulation
Article 3 – paragraph 10
Article 3 – paragraph 10
10. Natural persons shall have the right to obtain information on theknow if healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. The information shall be provided immediately and free of charge through electronic health data access services. Member States may provide that the right to obtain information does not apply whenever necessary for reasons related to the protection and safety of healthcare providers and health professionals.
Amendment 731 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals lawfully exercising their activities through health professional access services and that health professionals can easily select specific relevant information in the EHR. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. To this end, they may cooperate, where appropriate, with professional associations under the terms provided for by national rules.
Amendment 741 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. 4) Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. The existence of a restriction must be clearly indicated in the EHR. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.
Amendment 751 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – introductory part
Article 5 – paragraph 1 – subparagraph 1 – introductory part
Where data is processed in electronic format, Member States shall implement access to and exchange of personal electronic health data for primary use fully or partially falling under the following categories: (a) patient summaries including medication treatment information at hospital and ambulatory/day hospitals. (b) electronic prescriptions across the continuum of care, including hospital and ambulatory/day hospitals. (c) electronic dispensations across the continuum of care, including hospital and ambulatory/day care hospital (d) medical images and image reports; (e) laboratory results; (f) discharge reports.
Amendment 792 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are processed in electronic format across the continuum of care and are issued in the format referred to in paragraph 1 and such data shall be read and accepted by the data recipient.
Amendment 921 #
Proposal for a regulation
Article 12 – paragraph 5
Article 12 – paragraph 5
5. Member States shall support and ensure connection of all regional and local healthcare providers to their national contact points for digital health and shall ensure that those connected are enabled to perform two-way exchange of electronic health data with the national contact point for digital health.
Amendment 922 #
Proposal for a regulation
Article 12 – paragraph 6
Article 12 – paragraph 6
6. Member States shall ensure that pharmacies across the continuum of care operating on their territories, including online, hospital and ambulatory/day hospital pharmacies, are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, all pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU.
Amendment 1220 #
Proposal for a regulation
Article 33 – paragraph 2
Article 33 – paragraph 2
2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro and small enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59in the context of healthcare provision. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).
Amendment 1263 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national law, health data access bodies shall relyHealth data access bodies shall ensure that national requirements for access to electronic health data, such as the consent of natural persons, a right to object to the disclosure onf the obligations laid down in ir health data or the involvement of ethics Chapter tocommittees, are met before provideing access to electronic health data.
Amendment 1314 #
Proposal for a regulation
Article 34 – paragraph 1 – point e
Article 34 – paragraph 1 – point e
(e) scientific research related to health or care sectors for prevention, early detection, diagnosis, treatment, rehabilitation or healthcare management, including fundamental, exploratory or applied healthcare research;
Amendment 1393 #
Proposal for a regulation
Article 35 – paragraph 1 – point e
Article 35 – paragraph 1 – point e
(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco and nicotine products, weaponries or products, or goods or services which are designed or modified in such a way that they incite chemical, behavioural or any other type of addiction or that they contravene public order or morality.
Amendment 1790 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary, adequate, and proportionate for the purpose listed in the application, if it received a favourable opinion from an authorised ethics committee, where applicable, or after conducting a data protection impact assessment, and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the health data access body shall issue a data permit.
Amendment 1813 #
Proposal for a regulation
Article 46 – paragraph 3
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 26 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.
Amendment 1890 #
Proposal for a regulation
Article 49
Article 49
Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder
Amendment 2126 #
Proposal for a regulation
Annex I – subheading 1
Annex I – subheading 1
Main characteristics of electronic health data categories Electronic health data that includes important clinical facts related to an identified person and that is essential for the provision of safe and efficient healthcare to that person. The following information is part of a patient summary: 1. Personal details 2. Contact information 3. Allergies 4. Medical alerts 5.Vaccination/prophylaxis information, possibly in the form of a vaccination card 6. Current, resolved, closed or inactive problems 7. Medical devices and implants 8. Medical Procedures 9. Functional status 10. Current and relevant past medicines 11. Social history observations related to health on which the healthcare provider/ health professional bases their care or which are useful for the continuity of care or the management of the patient by another healthcare professional 12. Pregnancy history 13. Observation results pertaining to the health condition on which the /healthcare provider/ health professional bases his care or which are useful for the continuity of care or the management of the patient by another healthcare professional. 14. Plan of care 15. Information on a rare disease such as details about the impact or characteristics of the disease