43 Amendments of Paul TANG related to 2022/0140(COD)
Amendment 484 #
Proposal for a regulation
Article 1 – paragraph 3 – point a
Article 1 – paragraph 3 – point a
(a) manufacturers and suppliers of EHR systems and wellness applications placed on the market and put into service in the Union and the users of such products;
Amendment 490 #
Proposal for a regulation
Article 1 – paragraph 3 a (new)
Article 1 – paragraph 3 a (new)
3 a. This Regulation shall not affect the application of Regulations (EU) 2016/679, (EU) 2018/1725, (EU) No 536/2014 and Directive 2002/58/EC.
Amendment 491 #
Proposal for a regulation
Article 1 – paragraph 3 b (new)
Article 1 – paragraph 3 b (new)
3 b. References to the provisions of Regulation (EU) 2016/679 shall be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions and bodies, where relevant.
Amendment 492 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation shall be without prejudice to other Union legal acts regarding access to, sharing of or secondary use of electronic health data, or requirements related to the processing of data in relation to electronic health data, in particular Regulations (EU) 2016/679, (EU) 2018/1725, […] [Data Governance Act COM/2020/767 final] and […] [Data Act COM/2022/68 final] and Directive 2002/58/EC.
Amendment 529 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
Article 2 – paragraph 2 – point e
(e) ‘secondary use of electronic health data’ means the processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use. Secondary use of personal electronic health data shall have Article 9(2) of Regulation (EU) 2016/679 as its legal basis;
Amendment 552 #
Proposal for a regulation
Article 2 – paragraph 2 – point m
Article 2 – paragraph 2 – point m
(m) ‘EHR’ (electronic health record) means a collection of electronic health data related to a natural person and collected in the health system, processed for the purpose of the provision of healthcare purposservices;
Amendment 563 #
Proposal for a regulation
Article 2 – paragraph 2 – point o
Article 2 – paragraph 2 – point o
Amendment 695 #
Proposal for a regulation
Article 3 – paragraph 10
Article 3 – paragraph 10
10. Natural persons shall have the right to obtainreceive automatically information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. All relevant entities shall maintain a record of those who have had access to data. The information shall be provided immediately and free of charge through electronic health data access services.
Amendment 703 #
Proposal for a regulation
Article 3 – paragraph 11
Article 3 – paragraph 11
11. The supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Article, in accordance with the relevant provisions in Chapters VI, VII and VIII of Regulation (EU) 2016/679. They shall be competent to impose administrative fines up to the amount referred to in Article 83(5) of that Regulation. Those supervisory authorities and the digital health authorities referred to in Article 10 of this Regulation shall, where relevant, cooperate in the enforcement of this Regulation, within the remit of their respective competences.
Amendment 707 #
Proposal for a regulation
Article 3 – paragraph 12
Article 3 – paragraph 12
12. The Commission shall, by means of implementingdelegated acts, determine the requirements concerning the technical implementation of the rights set out in this Article. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2), including technical and organisational measures to ensure the process of authentication of the authorised person referred to in point (b) of paragraph 5.
Amendment 716 #
Proposal for a regulation
Article 4 – paragraph 1 – point a
Article 4 – paragraph 1 – point a
(a) have access on a need-to-know basis to the electronic health data of natural persons under their treatment, irrespective of the Member State of affiliation and the Member State of treatment;
Amendment 725 #
Proposal for a regulation
Article 4 – paragraph 2
Article 4 – paragraph 2
2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States mayshall establish rules providing for the categories of personal electronic health data required by different health professions. Such rules shall not be based on the source of electronic health data.
Amendment 734 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services, where the processing of health data is necessary. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge, where the processing of health data is necessary.
Amendment 767 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 3
Article 5 – paragraph 1 – subparagraph 3
Amendment 896 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the digital health authority, where their rights laid down in this Regulation are affected. Where the complaint concerns the rights of natural persons pursuant to Article 3 of this Regulation, the digital health authority shall informsend a copy of the complaint to the supervisory authorities under Regulation (EU) 2016/679. The decision of the digital health authority shall not prejudice any measures taken by the data protection authorities within their competences under Regulation (EU) 2016/679.
Amendment 905 #
Proposal for a regulation
Article 11 a (new)
Article 11 a (new)
Article 11 a Right to an effective remedy against a digital health authority 1. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a digital health authority concerning them. 2. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy where the digital health authority which is competent pursuant to Article 10 does not handle a complaint or does not inform the natural or legal person within three months on the progress or outcome of the complaint lodged pursuant to Article 11. 3. Proceedings against a digital health authority shall be brought before the courts of the Member States where the digital health authority is established.
Amendment 917 #
Proposal for a regulation
Article 12 – paragraph 4
Article 12 – paragraph 4
4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The European Union Agency for Cyber Security shall be consulted and closely involved in all steps of the procedure. Any measures adopted shall meet the highest technical standards in terms of security, confidentiality and protection of electronic health data.
Amendment 940 #
Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1
Article 13 – paragraph 3 – subparagraph 1
Member States and the Commission shall seek to ensure interoperability of MyHealth@EU with technological systems established at international level for the exchange of electronic health data. The Commission may adopt an implementing delegated act establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of MyHealth@EU for the purposes of the electronic health data exchange. Before adopting such an implementing delegated act, a compliance check of the national contact point of the third country or of the system established at an international level shall be performed under the control of the Commission, including on whether the health data transfer stemming from such exchange complies with the rules in Chapter V of Regulation (EU) 2016/679.
Amendment 955 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. EHR systems may be placed on the market or put into service only ifafter a notified body has confirmed that they comply with the provisions laid down in this Chapter.
Amendment 1053 #
Proposal for a regulation
Article 26 a (new)
Article 26 a (new)
Amendment 1081 #
Proposal for a regulation
Article 29 – paragraph 1
Article 29 – paragraph 1
1. Where a market surveillance authority, or, in cases involving personal data, a supervisory authority under Regulation (EU) 2016/679, finds that an EHR system presents a risk to the health or safety of natural persons, to the protection of personal data or to other aspects of public interest protection, it shall require the manufacturer of the EHR system concerned, its authorised representative and all other relevant economic operators to take all appropriate measures to ensure that the EHR system concerned no longer presents that risk when placed on the market to withdraw the EHR system from the market or to recall it within a reasonable period.
Amendment 1085 #
Proposal for a regulation
Article 29 – paragraph 3
Article 29 – paragraph 3
3. The market surveillance authority shall immediately inform the Commission and the market surveillance authorities, or, where applicable, the supervisory authority under Regulation (EU) 2016/679, shall immediately inform the Commission and the market surveillance authorities, or, if applicable, the supervisory authorities under Regulation (EU) 2016/679, of other Member States of the measures ordered pursuant to paragraph 1. That information shall include all available details, in particular the data necessary for the identification of the EHR system concerned, the origin and the supply chain of the EHR system, the nature of the risk involved and the nature and duration of the national measures taken.
Amendment 1087 #
Proposal for a regulation
Article 29 – paragraph 4 – subparagraph 1
Article 29 – paragraph 4 – subparagraph 1
Manufacturers of EHR systems placed on the market shall report any serious incident involving an EHR system to the market surveillance authorities, or, in cases involving personal data, the supervisory authorities under Regulation (EU) 2016/679 of the Member States where such serious incident occurred and the corrective actions taken or envisaged by the manufacturer.
Amendment 1089 #
Proposal for a regulation
Article 29 – paragraph 5
Article 29 – paragraph 5
5. The market surveillance authorities referred to in paragraph 4 shall inform the other market surveillance authorities, without delay, of the serious incident and the corrective action taken or envisaged by the manufacturer or required of it to minimise the risk of recurrence of the serious incident.
Amendment 1102 #
Proposal for a regulation
Article 31
Article 31
Amendment 1491 #
Proposal for a regulation
Article 37 – paragraph 1 – point j
Article 37 – paragraph 1 – point j
(j) cooperate with and supervise data holders to, assist them in order to ensure respect of data subjects' consent as referred to in Article 33(5), and ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;
Amendment 1545 #
Proposal for a regulation
Article 38 – paragraph 1 – point c
Article 38 – paragraph 1 – point c
(c) the applicable rights of natural persons in relation to secondary use of electronic health data, including the rights laid down in Chapter III of Regulation (EU) 2016/679;
Amendment 1549 #
Proposal for a regulation
Article 38 – paragraph 1 – point d a (new)
Article 38 – paragraph 1 – point d a (new)
(d a) the identity and the contact details of the health data access body and, where applicable, other information required pursuant to Article 13(1), point (a), of Regulation (EU) 2016/679.
Amendment 1551 #
Proposal for a regulation
Article 38 – paragraph 1 – point e a (new)
Article 38 – paragraph 1 – point e a (new)
(e a) the record on who has been granted access to which sets of electronic health data and a justification regarding the purposes for processing them as referred to in Article 34(1), Union and national law.
Amendment 1555 #
Proposal for a regulation
Article 38 – paragraph 2
Article 38 – paragraph 2
Amendment 1581 #
Proposal for a regulation
Article 38 a (new)
Article 38 a (new)
Article 38 a Right to lodge a complaint with a health data access body 1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the health data access body, where their rights laid down in this Regulation are affected. Where the complaint concerns the rights of natural persons pursuant to Article 38(1), point (d), of this Regulation, the health data access body shall inform and send a copy of the complaint to the supervisory authorities under Regulation (EU) 2016/679. 2. The health data access body with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken. 3. Health data access body shall cooperate to handle and resolve complaints, including by exchanging all relevant information by electronic means, without undue delay.
Amendment 1585 #
Proposal for a regulation
Article 38 b (new)
Article 38 b (new)
Amendment 1602 #
Proposal for a regulation
Article 39 – paragraph 3
Article 39 – paragraph 3
Amendment 1693 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. The health data access body shall ensure that access is only provided to requested electronic health data that is necessary and relevant for the purpose of processing indicated in the data access application by the data user and in line with the data permit granted.
Amendment 1714 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring anonymisation and pseudonymisation shall be subject to appropriate penalties.
Amendment 1717 #
Proposal for a regulation
Article 44 – paragraph 3 a (new)
Article 44 – paragraph 3 a (new)
3 a. Taking into account the state of the art and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the health data access body shall apply appropriate anonymisation or pseudonymisation techniques to ensure a high level of security, appropriate to the risk of re-identification.
Amendment 1728 #
Proposal for a regulation
Article 45 – paragraph 2 – point -a (new)
Article 45 – paragraph 2 – point -a (new)
(-a) a description of the applicant's identity, professional function and operation, including the identity of who will have access to the electronic health data;
Amendment 1729 #
Proposal for a regulation
Article 45 – paragraph 2 – point -a a (new)
Article 45 – paragraph 2 – point -a a (new)
(-a a) a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, unless the data access application only concerns aggregated data that makes the re- identification of a natural person impossible;
Amendment 1730 #
Proposal for a regulation
Article 45 – paragraph 2 – point a
Article 45 – paragraph 2 – point a
(a) a detailed explanation of the intended use of the electronic health data, including for which of: (i) the purposes referred to in Article 34(1) access is sought; 9(2), points (i) and (j), of Regulation (EU) 2016/679, combined with Article 34(1); (ii) demonstrable evidence that the stated purpose is of public interest.
Amendment 2094 #
Proposal for a regulation
Article 69 a (new)
Article 69 a (new)
Article 69a Right to an effective judicial remedy against a controller or processor In accordance with Article 79 of Regulation (EU) 2016/679, without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a digital health authority pursuant to Article 11 or with a health data access body pursuant to Article 38a, each natural person shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with the Regulation.
Amendment 2097 #
Proposal for a regulation
Article 69 b (new)
Article 69 b (new)
Article 69b Right to receive compensation Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation, in accordance with national and Union law.
Amendment 2101 #
Proposal for a regulation
Article 70 – paragraph 1
Article 70 – paragraph 1
1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapters III and IV, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.
Amendment 2108 #
Proposal for a regulation
Article 70 a (new)
Article 70 a (new)
Article 70a Amendments to Directive 2020/1828/EC In the Annex of Directive (EU) 2020/1828, the following point is added: (XX) Regulation (EU) XXX of the European Parliament and of the Council on the European Health Data Space.