Activities of Lukas MANDL related to 2022/0140(COD)
Plenary speeches (3)
European Health Data Space (debate)
European Health Data Space (debate)
European Health Data Space (debate)
Amendments (13)
Amendment 454 #
Proposal for a regulation
Recital 65
Recital 65
(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Board should consist of representatives from digital health authorities, European Data Protection Board, European Data Protection Supervisor, European Medicines Agency, European Centre for Disease Prevention and Control, healthcare professionals, patient organizations, social security institutions and the health industry. All Board members have the same rights and responsibilities. Furthermore, experts of the European Parliament should be invited to attend the meetings of the EHDS Board. The EHDS Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].
Amendment 573 #
Proposal for a regulation
Article 2 – paragraph 2 – point y
Article 2 – paragraph 2 – point y
(y) ‘health data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has either: (i) the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the, to process personal electronic health data for the provision of health or casre of non-personal data, through control of the technical design of a product and related services,r for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, in its capacity as a controller; or (ii) the ability to make available, including to register, provide, restrict access or exchange cerelectronic health data that do not constitute personal data in datathe meaning of Article 4 (1) of Regulation (EU) 2016/679, through control of the technical design of a product and related services;
Amendment 704 #
Proposal for a regulation
Article 3 – paragraph 11
Article 3 – paragraph 11
11. The supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Article, in accordance with the relevant provisions in Chapters VI, VII and VIII of Regulation (EU) 2016/679. They shall be competent to impose administrative fines up to the amount referred to in Article 83(5) of that Regulation. Those supervisory authorities and the digital health authorities referred to in Article 10 of this Regulation shall, where relevant, cooperate in the enforcement of this Regulation, within the remit of their respective competences. Each Member State may lay down the rules on whether and to what extent administrative fines may be imposed on public authorities and bodies established in that Member State.
Amendment 782 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format. The exchange format must be chosen in accordance with the feasibility of technical and organisational measures pursuant to Article 32 of Regulation (EU) 2016/679. The format shall include the following elements:
Amendment 857 #
Proposal for a regulation
Article 10 – paragraph 2 – point m
Article 10 – paragraph 2 – point m
(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ representatives, healthcare providers, health professionals, including professional associations representing them, social security institutions, industry associations;
Amendment 884 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
5. Essential health stakeholders representatives on national level, including patient organisations, social security institutions and healthcare professionals, shall be present in the governance and decision-making structures of the digital health authority. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest.
Amendment 1611 #
Proposal for a regulation
Article 41 – paragraph 1
Article 41 – paragraph 1
1. Where a health data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate, in compliance with the requirements set out in Article 32 of Regulation (EU) 2016/679, and in good faith with the health data access bodies, where relevant.
Amendment 1674 #
Proposal for a regulation
Article 43 – paragraph 5
Article 43 – paragraph 5
5. Where data holders withhold the electronic health data from health data access bodies with the manifest intention of obstructing the use of electronic health data, or do not respect the deadlines set out in Article 41, the health data access body shall have the power to fine the data holder with fines for each day of delay, which shall be transparent and proportionate. The amount of the fines shall be established by the health data access body. In case of repeated breaches by the data holder of the obligation of loyal cooperation with the health data access body, that body can exclude the data holder from participation in the EHDS for a period of up to 5 years. Where a data holder has been excluded from the participation in the EHDS pursuant to this Article, following manifest intention of obstructing the secondary use of electronic health data, it shall not have the right to provide access to health data in accordance with Article 49. Each Member State may lay down the rules on whether and to what extent fines may be imposed on public authorities and bodies established in that Member State.
Amendment 1706 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. For that purpose, health data access points shall verify in advance the compliance of the pseudonymisation of the data for processing by the data user with Article 6 or Article 9 of Regulation (EU) 2016/679. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.
Amendment 1749 #
Proposal for a regulation
Article 45 – paragraph 2 – point f
Article 45 – paragraph 2 – point f
(f) a description of the safeguards planned to protect the rights and interests of the data holder and of the natural persons concernednecessary technical and organizational measures pursuant to Article 32 of Regulation (EU) 2016/679;
Amendment 1766 #
Proposal for a regulation
Article 45 – paragraph 3
Article 45 – paragraph 3
3. Data users seeking access to electronic health data from more than one Member State shall submit a single application to one of the concerned health data access bodies of their choice which shall be responsible for sharing the request with other health data access bodies and authorised participants in HealthData@EU referred to in Article 52, which have been identified in the data access application. For requests to access electronic health data from more than one Member States, the health data access body shall notify the other relevant health data access bodies of the receipt of an application relevant to them within 1530 days from the date of receipt of the data access application.
Amendment 1773 #
Proposal for a regulation
Article 45 – paragraph 4 – point a
Article 45 – paragraph 4 – point a
(a) a description of how the processing would comply with Article 6(1) or Article 9 of Regulation (EU) 2016/679;
Amendment 1811 #
Proposal for a regulation
Article 46 – paragraph 3
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. If the health data access body finds that the data access application is incomplete, it shall notify the data user and indicate the documents to be filed subsequently. If the data user does not fullfill this request within 4 weeks, a permit will not be granted. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.