Activities of Andreas GLÜCK related to 2022/0140(COD)
Plenary speeches (1)
European Health Data Space (debate)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on European Health Data Space
Amendments (119)
Amendment 72 #
Proposal for a regulation
Recital 40
Recital 40
(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protection which shall be treated accordingly. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
Amendment 78 #
Proposal for a regulation
Recital 43
Recital 43
(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. In this regard, health data access bodies should cooperate cross-border and converge on common definitions and techniques. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.
Amendment 101 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation establishes the European Health Data Space (‘EHDS’) by providing for rules, common and interoperable standards and, practices, and infrastructures and a governance framework for the primary and secondary use of electronic health data.
Amendment 102 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) strengthens the rights of natural persons in relation to the availability, sharing and control of their electronic health data;
Amendment 103 #
Proposal for a regulation
Article 1 – paragraph 3 – point d
Article 1 – paragraph 3 – point d
(d) data recipients and users to whom electronic health data are made available by data holders in the Union.
Amendment 104 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679; and on a case by case basis pseudonymised data according to Article 4(5) of Regulation (EU) 2016/679
Amendment 131 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Where access to electronic health data has been restricted by the natural person according to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. However, health professionals should always be able to distinguish between the case where there is no data and where there is data, but access is restricted. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.
Amendment 146 #
Proposal for a regulation
Article 31 – paragraph 6
Article 31 – paragraph 6
6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device and in the case of software, a digital label. 2D barcodes may also be used to display the label.
Amendment 151 #
Proposal for a regulation
Article 33 – paragraph 1 – point a
Article 33 – paragraph 1 – point a
(a) electronic health data from EHRs;
Amendment 157 #
Proposal for a regulation
Article 33 – paragraph 1 – point f
Article 33 – paragraph 1 – point f
(f) person generated electronic health data, including via medical devices, wellness applications or other digital health applications;
Amendment 160 #
Proposal for a regulation
Article 33 – paragraph 1 – point i
Article 33 – paragraph 1 – point i
(i) electronic health data from medical registries for specific diseases;
Amendment 162 #
Proposal for a regulation
Article 33 – paragraph 1 – point j
Article 33 – paragraph 1 – point j
(j) electronic health data from clinical trials in accordance with Regulation (EU) No 536/2014;
Amendment 168 #
Proposal for a regulation
Article 33 – paragraph 1 – point n
Article 33 – paragraph 1 – point n
(n) electronic data related to insurance status, professional status, and education, lifestyle, wellness and behaviour data relevant to health;
Amendment 177 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailing protected intellectual property and trade secrets from private enterprisehealth data holders shall be made available for secondary use. For data defined under Article 33 (k) (medical devices) where data holder can demonstrate that data are derived or inferred by means of complex proprietary algorithms and can lead to reverse engineering, data holder should be entitled to refer to data coordinator as established under Article 31 of Regulation (Data Act) to request a restriction or limitation of the sharing of data. Where such data is made available for secondary use, all measures necessary to preserve theIP rights and confidentiality of IP rights and trade secrets shall be taken. This regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directive 2001/29/EC, Directive 2004/48/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.
Amendment 195 #
Proposal for a regulation
Article 33 a (new)
Article 33 a (new)
Article 33a Rights of natural persons in relation to the secondary use Natural persons shall have the right to restrict access by health data access bodies to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms.
Amendment 199 #
Proposal for a regulation
Article 34 – paragraph 1 – point a
Article 34 – paragraph 1 – point a
(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices, identification of environmental factors on health, identification of work related risks and evaluation of preventive measure taken;
Amendment 201 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products oractivities for the development, placing on the market, advancement and seurvices contributing to public health or social security, or ensuring high levels of quality and safety ofeillance of products or services related to health or care, of medicinal products or of medical device sectors;
Amendment 201 #
Proposal for a regulation
Recital 7
Recital 7
(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. The implementation cost for connecting healthcare professionals to the EHDS should not be carried by healthcare professionals alone. To this end, Member States should ensure that EU financial incentives as well as national ressources are evenly and fairly distributed.
Amendment 204 #
Proposal for a regulation
Article 34 – paragraph 1 – point g
Article 34 – paragraph 1 – point g
(g) training, testing and evaluidating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices related to health in accordance with the AI Act (COM/2021/206 final);
Amendment 220 #
Proposal for a regulation
Recital 10
Recital 10
(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data until a relevant health professional validates the information, which would then be marked as confirmed by a health professional. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.
Amendment 232 #
Proposal for a regulation
Recital 13
Recital 13
(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported but the restrictions on information should be easily identifiable by health professionals in the EHR in order to take due regard to the fact that the information is incomplete, when treating the patient. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.
Amendment 238 #
Proposal for a regulation
Article 37 – paragraph 1 – point m
Article 37 – paragraph 1 – point m
(m) cooperate at Union and national level to lay down common approach, technical requirements and appropriate measures and requirements for accessing electronic health data in a secure processing environment;
Amendment 246 #
Proposal for a regulation
Recital 17
Recital 17
(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, hospital discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded. The Commission should be empowered to extend the list of priority categories, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general.
Amendment 256 #
Proposal for a regulation
Article 38 – paragraph 1 – point c
Article 38 – paragraph 1 – point c
(c) the applicable rights of natural persons in relation to secondary use of electronic health data including the right to opt out for certain type of data as defined in Article 33a (new);
Amendment 256 #
Proposal for a regulation
Recital 20
Recital 20
(20) While EHR systems are widely spread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare providers that register health data in electronic format. In order to support the implementation of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and according to specific data quality requirements. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data. The Commission should be empowered to adopt implementing acts for determining additional aspects related to the registration of electronic health data, such as categories of healthcare providers that are to register health data electronically, categories of data to be registered electronically, or data quality requirements.
Amendment 270 #
Proposal for a regulation
Recital 22
Recital 22
(22) Regulation (EU) No 910/2014 of the European Parliament and of the Council47lays down the conditions under which Members States perform identification of natural persons in cross- border situations using identification means issued by another Member State, establishing rules for the mutual recognition of such electronic identification means. The EHDS requires a secure access to electronic health data, including in cross-border scenarios where the health professional and the natural person are from different Member States, to avoid cases of unauthorised access. At the same time, the existence of different means of electronic identification should not be a barrier for exercising the rights of natural persons and health professionals. The rollout of interoperable, cross-border identification and authentication mechanisms for natural persons and health professionals across the EHDS requires strengthening cooperation at Union level in the European Health Data Space Board (‘EHDS Board’). In the future, the identification and authentication for access to EHR should be facilitated by the new eID system that will be set up under the revised Regulation (EU) No 910/2014.As the rights of the natural persons in relation to the access and transmission of personal electronic health data should be implemented uniformly across the Union, a strong governance and coordination is necessary at both Union and Member State level. Member States should establish relevant digital health authorities for the planning and implementation of standards for electronic health data access, transmission and enforcement of rights of natural persons and health professionals. In addition, governance elements are needed in Member States to facilitate the participation of national actors in the cooperation at Union level, channelling expertise and advising the design of solutions necessary to achieve the goals of the EHDS. Digital health authorities exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. Digital health authorities should be established in all Member States, as separate organisations or as part of the currently existing authorities. _________________ 47 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).
Amendment 273 #
Proposal for a regulation
Recital 23
Recital 23
(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, and regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems and wellness applications, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.
Amendment 292 #
Proposal for a regulation
Article 46 – paragraph 11
Article 46 – paragraph 11
11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites without compromising on IP and trade secrets defined in relevant union legislation. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
Amendment 353 #
Proposal for a regulation
Recital 40 a (new)
Recital 40 a (new)
(40 a) Clinical trials are of utmost importance for fostering innovation within Europe in the benefit of European patients. In order to incentivise continuous European leadership in this domain, the sharing of the clinical trials data through the EHDS for secondary use should not compromise the scientific integrity of and investment in these clinical trials, in line with Regulation (EU) 536/2014.
Amendment 367 #
Proposal for a regulation
Recital 42
Recital 42
(42) The establishment of one or more health data access bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data. Member States should therefore establish one or more health data access body, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies should be designated as a coordinator in case there are more than one data access body. Where a Member State establishes several bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one health data access body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other health data access bodies, the EHDS Board and the Commission. Health data access bodies may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization) but should have the same functions, responsibilities and capabilities. Health data access bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that the health data access body cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each health data access body should be provided with the financial, technical and human resources, premises and infrastructure necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Given the central role of the health data access bodies in the context of secondary use of electronic health data, and especially the decision-making on granting or refusing a health data permit and preparing the data to make it available to health data users, their members and staff should have the necessary qualifications, experience and skills, in particular in the area of ethics, cybersecurity, protection of intellectual property and trade secrets, healthcare, scientific research, artificial intelligence and other relevant areas, as well as the protection of personal data and specifically data concerning health. In addition, the decision-making process regarding the granting or refusal of the health data permit should involve ethical considerations. Each health data access body should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks to the competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health data.
Amendment 372 #
Proposal for a regulation
Recital 43
Recital 43
(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested state-of-the-art techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. In this regard, health data access bodies should cooperate across borders and converge on common definitions and techniques. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.
Amendment 375 #
Proposal for a regulation
Recital 44
Recital 44
(44) Considering the administrative burden for health data access bodies toHealth data access bodies should comply with the obligations laid down in Article 14 paragraphs (1), (2), (3) and (4) of Regulation (EU) 2016/679 and inform the natural persons whose data are used in data projects within a secure processing environment, t. The exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 shouldmay apply. TWherefore such exceptions are applied, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed, allowing natural persons to understand whether their data are being made available for secondary use pursuant to data permits. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the health data access body, which should inform the data subject or his health professionalhealth professional of the data subject concerned. Natural persons should be able to access the results of different research projects on the website of the health data access body, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.
Amendment 400 #
Proposal for a regulation
Recital 49
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the relevant health professional of the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
Amendment 416 #
Proposal for a regulation
Recital 53
Recital 53
Amendment 424 #
Proposal for a regulation
Recital 54
Recital 54
(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.
Amendment 426 #
Proposal for a regulation
Recital 55
Recital 55
(55) For the processing of electronic health data in the scope of a granted permit, the health data holders, the health data access bodies and the health data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter intoshould each, in their turn, be deemed a controller for a specific part of the process and according to their respective roles in it, meaning that the health data holder should be considered a controller for the processing of personal electronic health data while carrying out its obligation under Article 41 (1) and (1a), health data access body should be considered a controller for the processing of personal electronic health data while carrying out its task referred to in Article 37(1) (d) of this Regulation and health data user, including Union institutions, bodies, offices and agencies, should be deemed a controller for the processing of personal electronic health data in the secure processing environment pursuant to a data permit. In this case, the health data access body should be deemed a processor. In order to achieve an inclusive and sustainable framework for multi- country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social, etc.. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).
Amendment 455 #
Proposal for a regulation
Recital 65
Recital 65
(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities and chair it. It. The EHDS Board should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. An advisory forum should be set up to advise the EHDS Board it in the fulfilment of its tasks by providing stakeholder input in matters pertaining to this Regulation. The advisory forum should be composed of representatives of patients, health professionals, industry, scientific researchers and academia, have a balanced composition and represent the views of different relevant stakeholders. Commercial and non-commercial interests should be balanced. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].
Amendment 467 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation establishes the European Health Data Space (‘EHDS’) by providing for rules, interoperable common standards and, practices, and infrastructures and a governance framework for the primary and secondary use of electronic health data.
Amendment 472 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) strengthens the rights of natural persons in relation to the availability, sharing and control of their electronic health data;
Amendment 481 #
Proposal for a regulation
Article 1 – paragraph 3 – point a
Article 1 – paragraph 3 – point a
(a) manufacturers and suppliers of EHR systems and products claiming interoperability with EHR systems, including medical devices, high-risk AI systems and wellness applications placed on the market and put into service in the Union and the users of such products;
Amendment 501 #
Proposal for a regulation
Article 2 – paragraph 1 – point a
Article 2 – paragraph 1 – point a
(a) the definitions inof ‘personal data’, ‘processing’, ‘pseudonymisation’, ‘controller’, ‘processor’, ‘genetic data’, ‘data concerning health’, ‘cross-border processing’, ‘international organisation’ pursuant to Article 4 (1), (2), (5), (7), (8), (13), (15), (23), and (26) of Regulation (EU) 2016/679;
Amendment 509 #
Proposal for a regulation
Article 2 – paragraph 2 – point a
Article 2 – paragraph 2 – point a
(a) ‘personal electronic health data’ means data concerning health and genetic data as defined in Regulation (EU) 2016/679, as well as data referring to determinants of health, or data processed in relation to the provision of healthcare services,that are processed in an electronic form;
Amendment 513 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679; and on a case by case basis pseudonymised data according to Article 4(5) of Regulation (EU) 2016/679;
Amendment 536 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
Article 2 – paragraph 2 – point f
(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals, involving the exchange of information and knowledgeprocess, exchange and use data in order to perform their functions in an accurate, effective and consistent manner without changing the content of the data between these organisations, software applications or devices, through the processes they support;
Amendment 544 #
Proposal for a regulation
Article 2 – paragraph 2 – point k
Article 2 – paragraph 2 – point k
(k) ‘health data recipient’ means a natural or legal person that receives data from another controllerrecipient as defined in Article 4(9) of Regulation (EU) 2016/679, in the context of the primary use of electronic health data;
Amendment 550 #
Proposal for a regulation
Article 2 – paragraph 2 – point m
Article 2 – paragraph 2 – point m
(m) ‘EHR’ (electronic health record) means a collection of electronic health data related to a natural person and collected in the health system, processed for the purpose of the provision of healthcare purposservices;
Amendment 556 #
Proposal for a regulation
Article 2 – paragraph 2 – point n
Article 2 – paragraph 2 – point n
(n) ‘EHR system’ (electronic health record system) means any appliance or software the primary purpose of which, intended by the manufacturer to be used for, is storing, intermediating, importing, exporting, converting, editing or viewing electronic health records between health professionals;
Amendment 578 #
Proposal for a regulation
Article 2 – paragraph 2 – point y
Article 2 – paragraph 2 – point y
(y) ‘health data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies, whoich: (i) has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data, through control of the technical design of a product and related services, the ability to make available, including to register, provide, restrict access or exchange certain data; to process electronic health data; or (ii) the ability to make available, including to register, provide, restrict access or exchange non-personal electronic health data through control of the technical design of a product and related services.
Amendment 583 #
Proposal for a regulation
Article 2 – paragraph 2 – point z
Article 2 – paragraph 2 – point z
(z) ‘health data user’ means a natural or legal person who has lawful access toas well as Union institutions, bodies, offices and agencies, who has been granted access, in accordance with this Regulation, to one or more of the categories of personal or non- personal electronic health data for secondary use;
Amendment 602 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)
Article 2 – paragraph 2 – point ae a (new)
(ae a) ‘ real world evidence’ (RWE) means data that are collected outside the constraints of conventional randomised clinical trials.
Amendment 606 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)
Article 2 – paragraph 2 – point ae b (new)
(ae b) ‘real-world data’ (RWD) means routinely collected data relating to patient health status or the delivery of healthcare from a variety of sources other than traditional clinical trials.
Amendment 618 #
Proposal for a regulation
Article -3 (new)
Article -3 (new)
Article -3 Scope For the purpose of this Chapter, health data holder shall be understood only as data holder from health sector providing healthcare.
Amendment 629 #
Proposal for a regulation
Article 3 – paragraph 3
Article 3 – paragraph 3
3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of this righte rights referred to in paragraphs 1 and 2 whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.
Amendment 636 #
Proposal for a regulation
Article 3 – paragraph 4
Article 3 – paragraph 4
Amendment 652 #
Proposal for a regulation
Article 3 – paragraph 5 a (new)
Article 3 – paragraph 5 a (new)
5 a. In addition to the electronic services referred to in paragraph 5 point (a), Member States shall also establish easily accessible support services for natural persons with adequately trained staff dedicated to assist them with exercising their rights referred to in this Article.
Amendment 656 #
Proposal for a regulation
Article 3 – paragraph 6
Article 3 – paragraph 6
6. Natural persons may insert their electronic health data in their own EHR or in that of natural persons whose health information they can access, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative until a relevant health professional validates the information, which would then be marked as confirmed by a healthcare professional.
Amendment 663 #
Proposal for a regulation
Article 3 – paragraph 7
Article 3 – paragraph 7
7. Member States shall ensure that, when exercising the right to rectification under Article 16 of Regulation (EU) 2016/679, natural persons can easily request rectification online through the electronic health data access services referred to in paragraph 5, point (a), of this Article. Data rectification requests shall be assessed and, where relevant, implemented by the data controllers on a case by case basis, if necessary involving health professionals.
Amendment 667 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1
Article 3 – paragraph 8 – subparagraph 1
Natural persons shall have the right to give access to or request a data holder from the health or social security sectorsector and providing healthcare to transmit their electronic health data to aor only specific part of health data identified by the requesting natural persons or necessary for the purpose at stake to a health data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.
Amendment 671 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1 a (new)
Article 3 – paragraph 8 – subparagraph 1 a (new)
When a natural person makes the request for transmission, the health data holder shall have the obligation to comply with it, in accordance with Articles 6(1) and 9(2) point (a) of the Regulation (EU) 2016/679.
Amendment 726 #
Proposal for a regulation
Article 4 – paragraph 2 a (new)
Article 4 – paragraph 2 a (new)
2 a. Notwithstanding the national rules established pursuant to paragraph 2, natural persons shall be able to easily give acces to their electronic health data to a selected health professional through the health data access services, if they wish so.
Amendment 742 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Where access to electronic health data has been restricted by the natural person according to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. However, health professionals should always be able to distinguish between the case where there is no data, and where there is data but access is restricted. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.
Amendment 755 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point a a (new)
Article 5 – paragraph 1 – subparagraph 1 – point a a (new)
(a a) information about consent for SoHO and organ donations as well as respective donation history;
Amendment 757 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point b
Article 5 – paragraph 1 – subparagraph 1 – point b
(b) electronic prescriptions and medication plans;
Amendment 787 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) harmonised datasets containing electronic health data and defining structures, such as minimum data fields and data groups for the content representation of clinical content and other parts of the electronic health data that may be enlarged to include disease specific data;
Amendment 788 #
Proposal for a regulation
Article 6 – paragraph 1 a (new)
Article 6 – paragraph 1 a (new)
1 a. The Commisssion shall ensure that those implementing acts contain the latest versions of healthcare coding systems and nomenclatures and that they are updated regularly in order to keep up with the revisions of the healthcare coding systems and nomenclatures.
Amendment 789 #
Proposal for a regulation
Article 6 – paragraph 2 a (new)
Article 6 – paragraph 2 a (new)
2 a. For the purpose of paragraph 1, the Commission shall consult and cooperate with relevant stakeholders, including patients’ representatives, healthcare providers, health professionals, industry associations, national competence centres, as well as other Union and national authorities with competence in relevant areas, to encourage and contribute to the elaboration and adoption of a European electronic health record exchange format.
Amendment 793 #
Proposal for a regulation
Article 6 – paragraph 3 a (new)
Article 6 – paragraph 3 a (new)
3 a. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are available in the language of the patient and the treating health professional.
Amendment 803 #
Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – introductory part
Article 7 – paragraph 3 – subparagraph 1 – introductory part
The Commission shall, by means of implementing acts, determine the requirements for the registration of electronic health data by healthcare providers and natural persons, as relevant. Those implementing acts shall establish the following:
Amendment 808 #
Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point a
Article 7 – paragraph 3 – subparagraph 1 – point a
Amendment 811 #
Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point b
Article 7 – paragraph 3 – subparagraph 1 – point b
Amendment 832 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. The Commission shall, by means of implementing acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the transferability of electronic health data in a cross-border context and allow natural persons to easily access their electronic health record by identification and authentication under the new eID system. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
Amendment 842 #
Proposal for a regulation
Article 10 – paragraph 2 – point a
Article 10 – paragraph 2 – point a
(a) ensure the implementation of the rights and obligations provided for in Chapters II and III by adopting necessary national, or regional or local technical solutions and by establishing relevant rules and mechanisms;
Amendment 854 #
Proposal for a regulation
Article 10 – paragraph 2 – point k
Article 10 – paragraph 2 – point k
(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible to different groups of natural persons and health professionals, including natural persons with disabilities, dounder the same notn- discriminateory conditions and offer the possibility of choosing between in person and digital services;
Amendment 860 #
Proposal for a regulation
Article 10 – paragraph 2 – point m
Article 10 – paragraph 2 – point m
(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives through relevant associations, including patients’ representatives of patients, healthcare providers, health professionals, industry associations;
Amendment 879 #
Proposal for a regulation
Article 10 – paragraph 4
Article 10 – paragraph 4
4. Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers. Digital health authorities and their members and staff shall have the qualifications, experience and skills required to carry out their duties and exercise their powers.
Amendment 888 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate wiand consult with essential health stakeholders’ representatives, including patients’ representatives, health professionals and healthcare providers. Members of the digital health authority shall avoid any conflicts of interest.
Amendment 1110 #
6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device and in the case of software a digital label. 2D barcodes may also be used to display the label.
Amendment 1125 #
Proposal for a regulation
Article -33 (new)
Article -33 (new)
Article -33 Scope This Chapter shall apply to situations of secondary use of electronic health data where a health data user seeks access to such data, as referred to in Article 33, from one or more health data holders as defined in Article 2 (y) of this Regulation.
Amendment 1126 #
Proposal for a regulation
Article -33 a (new)
Article -33 a (new)
Article -33 a Rights of natural persons in relation to the secondary use of electronic health data Natural persons shall have the right to opt-out from sharing their electronic health data for secondary use. A mechanism shall be put in place to allow natural persons the flexibility to determine the categories of electronic health data and/or purposes from which they wish to opt out. Such mechanism shall be easily accessible, comprehensible and actionable.
Amendment 1172 #
Proposal for a regulation
Article 33 – paragraph 1 – point f
Article 33 – paragraph 1 – point f
(f) person generated electronic health data, including via medical devices, wellness applications or other digital health applications;
Amendment 1181 #
Proposal for a regulation
Article 33 – paragraph 1 – point h
Article 33 – paragraph 1 – point h
(h) population wide health data registries (public health registries) and patient demographic data;
Amendment 1183 #
Proposal for a regulation
Article 33 – paragraph 1 – point i
Article 33 – paragraph 1 – point i
(i) electronic health data from medical registries for specific diseases;
Amendment 1188 #
Proposal for a regulation
Article 33 – paragraph 1 – point j
Article 33 – paragraph 1 – point j
(j) electronic health data from clinical trialsfully concluded or terminated clinical trials, in accordance with Regulation 536/2014;
Amendment 1208 #
Proposal for a regulation
Article 33 – paragraph 1 – point n
Article 33 – paragraph 1 – point n
(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;
Amendment 1216 #
Proposal for a regulation
Article 33 – paragraph 2
Article 33 – paragraph 2
Amendment 1232 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailing protected intellectual property and trade secrets from private enterprisehealth data holders shall be made available for secondary use. For data defined under Article 33 (k) (medical devices) where data holder can demonstrate that data are derived or inferred by means of complex proprietary algorithms and can lead to reverse engineering, data holder should be entitled to refer to data coordinator as established under Article 31 of Regulation (Data Act) to request a restriction or limitation of the sharing of data. Where such data is made available for secondary use, all measures necessary to preserve theIP rights and confidentiality of IP rights and trade secrets shall be taken. This regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directive 2001/29/EC, Directive 2004/48/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.
Amendment 1235 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailing protected intellectual property and trade secrets from private enterprisehealth data holders shall be made available for secondary use. Where such data is made available for secondary use, all technical and organisational measures necessary to preserve the confidentiality of IP rights and confidentiality of trade secrets shall be taken by the health data access body and in consultation with the data holder. This regulation is without prejudice to existing relevant Union legislation, including Directive 2004/48/EC, Directive 2001/29/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.
Amendment 1241 #
Proposal for a regulation
Article 33 – paragraph 4 a (new)
Article 33 – paragraph 4 a (new)
4 a. Health data holders shall, when making available to health data access bodies relevant electronic health data pursuant to Article 41(1) which contains intellectual property or trade secrets, inform the data access body that this is the case and indicate which parts of the datasets are concerned.
Amendment 1244 #
Proposal for a regulation
Article 33 – paragraph 4 b (new)
Article 33 – paragraph 4 b (new)
4 b. Should the health data access body be in no position to ensure the protection of IP rights and the confidentiality of trade secrets, it shall refuse the granting of the relevant health data access permit to the health data user.
Amendment 1246 #
Proposal for a regulation
Article 33 – paragraph 4 c (new)
Article 33 – paragraph 4 c (new)
4 c. Health data holders and health data users may conclude data sharing agreements with regards to the exchange of data containing IP and trade secrets. Such negotiations shall be overseen by the relevant health data access body.
Amendment 1247 #
Proposal for a regulation
Article 33 – paragraph 4 d (new)
Article 33 – paragraph 4 d (new)
4 d. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights and trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall take all specific technical and organisational measures necessary to preserve the confidentiality of such data.
Amendment 1250 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
Amendment 1273 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
Amendment 1279 #
Proposal for a regulation
Article 33 – paragraph 8
Article 33 – paragraph 8
Amendment 1290 #
Proposal for a regulation
Article 34 – paragraph 1 – introductory part
Article 34 – paragraph 1 – introductory part
1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 to a health data user where the intended purpose of processing pursued by the applicant complies withis one or more of the following:
Amendment 1293 #
Proposal for a regulation
Article 34 – paragraph 1 – point a
Article 34 – paragraph 1 – point a
(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices, identification of environmental factors on health, identification of work related risks and evaluation of preventive measure taken;
Amendment 1297 #
Proposal for a regulation
Article 34 – paragraph 1 – point a
Article 34 – paragraph 1 – point a
(a) activities for reasons of public interest in the area of public and occupational health, such as: protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices;
Amendment 1302 #
Proposal for a regulation
Article 34 – paragraph 1 – point b
Article 34 – paragraph 1 – point b
(b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates, including optmising patient pathway;
Amendment 1310 #
Proposal for a regulation
Article 34 – paragraph 1 – point d
Article 34 – paragraph 1 – point d
(d) higher education or, continuing proffessional development or higher education teaching activities in health or care sectors;
Amendment 1313 #
Proposal for a regulation
Article 34 – paragraph 1 – point e
Article 34 – paragraph 1 – point e
(e) scientific research related to health or care sectorsdemonstrably linked to health or care sectors, such as prevention, early detection, diagnosis, treatment, rehabilitation or healthcare management, including fundamental, exploratory or applied healthcare research;
Amendment 1324 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products or services demonstrably contributing to public health or social security, or ensuring high levels of quality and safety of health or care, of medicinal products or of medical devices, including scientific research into their efficiency and efficacy and post-market safety monitoring;
Amendment 1327 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products oracitivities for the development, placing on the market, advancement and seurvices contributing to public health or social security, or ensuring high levels of quality and safety ofeillance of products or services related to health or care, of medicinal products or of medical device sectors;
Amendment 1338 #
Proposal for a regulation
Article 34 – paragraph 1 – point g
Article 34 – paragraph 1 – point g
(g) training, testing and evaluidating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices related to health in accordance with the AI Act (COM/2021/206 final);
Amendment 1340 #
Proposal for a regulation
Article 34 – paragraph 1 – point g
Article 34 – paragraph 1 – point g
(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, demonstrably contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;
Amendment 1350 #
Proposal for a regulation
Article 34 – paragraph 1 – point h
Article 34 – paragraph 1 – point h
(h) improving delivery of care, optimising patient pathway and providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.
Amendment 1352 #
Proposal for a regulation
Article 34 – paragraph 1 a (new)
Article 34 – paragraph 1 a (new)
1 a. The purposes referred to in paragraph 1 shall be compatible with the purposes for which data were originally collected pursuant to Article 6(4) of Regulation (EU) 2016/679.
Amendment 1353 #
Proposal for a regulation
Article 34 – paragraph 2
Article 34 – paragraph 2
2. Access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant fulfils one of tThe purposes referred to in points (a) to (c) of paragraph 1 shall only be granted tobe reserved for public sector bodies and Union institutions, bodies, offices and agencies exercising their tasks conferred to them by Union or national law, including where processing of data for carrying out these tasks is done by a third party on behalf of that public sector body or of Union institutions, agencies and bodies.
Amendment 1358 #
Proposal for a regulation
Article 34 – paragraph 4
Article 34 – paragraph 4
Amendment 1364 #
Proposal for a regulation
Article 35 – title
Article 35 – title
Prohibited purposes of secondary use of electronic health data
Amendment 1367 #
Proposal for a regulation
Article 35 – paragraph 1 – introductory part
Article 35 – paragraph 1 – introductory part
Seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited and subject to effective, proportionate and dissuasive sanctions:
Amendment 1371 #
Proposal for a regulation
Article 35 – paragraph 1 – point a
Article 35 – paragraph 1 – point a
(a) taking decisions detrimental to a natural person or a group of natural persons based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;
Amendment 1418 #
Proposal for a regulation
Article 35 – paragraph 1 a (new)
Article 35 – paragraph 1 a (new)
Any other misuse of electronic health data, including its use for permissible purposes other than those specified in the data permit or data request, shall also be prohibited and subject to effective, proportionate and dissuasive sanctions.
Amendment 1425 #
Proposal for a regulation
Article 36 – paragraph 1
Article 36 – paragraph 1
1. Member States shall designate one or more health data access bodies responsible for granting access to electronic health data for secondary usecarrying out the tasks referred to in Articles 37, 38 and 39 of this Regulation. Member States may either establish one or more new public sector bodies or rely on existing public sector bodies or on internal services of public sector bodies that fulfil the conditions set out in this Article. Where a Member State designates several health data access bodies, it shall designate one health data access body to act as coordinator, with responsibility for coordinating data access applications and requests with the other health data access bodies.
Amendment 1427 #
Proposal for a regulation
Article 36 – paragraph 1 a (new)
Article 36 – paragraph 1 a (new)
1 a. Each health data access body shall contribute to the consistent application of this Regulation throughout the Union. For that purpose, the health data access bodies shall cooperate with each other and with the supervisory authorities under Regulation (EU) 2016/679 as well as with the Commission and where relevant with the EDPB and the EDPS.
Amendment 1434 #
Proposal for a regulation
Article 36 – paragraph 2
Article 36 – paragraph 2
2. Member States shall ensure that each health data access body is provided with adequathe human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers, including those related to the participation in the EHDS Board.
Amendment 1629 #
Proposal for a regulation
Article 41 – paragraph 7 a (new)
Article 41 – paragraph 7 a (new)
7 a. This Article shall not apply to health data holders that qualify as microenterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC.Microentreprises may, however, notify the relevant data access body about their wish to voluntarily contribute to the secondary use of health data. This Article shall apply to small enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC 1 year from entry into force of this Regulation.
Amendment 1850 #
Proposal for a regulation
Article 46 – paragraph 11
Article 46 – paragraph 11
11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites without compromising on IP rights and trade secrets defined in relevant Union legislation. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
Amendment 2022 #
Proposal for a regulation
Article 64 – paragraph 1
Article 64 – paragraph 1
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of th: (a) one high level representatives of digital health authorities andof all the Member States; and (b) one high level representative of health data access bodies of all the Member States. OtWhere a Member State has designated several health data access bodies, the coordinating health data access body shall be part of the EHDS Board; and (c) EDPB and EDPS. The EHDS Board shall be aided by an advisory forum as referred to in Article 65a. EMA, ECDC, ENISA shall be invited by the Board to join the meeting where the issues discussed are of relevance to their respective mandates or tasks. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.
Amendment 2034 #
Proposal for a regulation
Article 64 – paragraph 4
Article 64 – paragraph 4