39 Amendments of Pernille WEISS related to 2022/0140(COD)
Amendment 64 #
Proposal for a regulation
Recital 27 a (new)
Recital 27 a (new)
(27a) Highlights that the national and European electronic health record systems, databases and registries, where health data is processed and stored, provide the foundation on which the European Health Data Space rests. Recognises that static minimum requirements are not sufficient for meeting demands of data recipients and data users, notably in regard to creating a future-proof framework for European health data. Calls in this regard for support for research into the technology on which electronic health record systems, databases and registries are built in order to promote innovation in this field. Stresses that such research and innovation is essential for securing and preserving the position of Europe as a global frontrunner on health data usage, including the benefits this brings to citizens, industrial competiveness and other relevant interests.
Amendment 98 #
Proposal for a regulation
Recital 64
Recital 64
(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. This underlines the need for a harmonized interpretation of anonymisation and pseudonymisation across Member States. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].
Amendment 189 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
7. The Commission shall periodically review the list in paragraph 1. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data. The EHDS board shall be consulted as part of the periodical review.
Amendment 251 #
Proposal for a regulation
Article 37 – paragraph 2 – point c
Article 37 – paragraph 2 – point c
(c) cooperate with all relevant stakeholders, including patient organisations, representatives from natural persons, health professionals, researchers, industry representatives and ethical committees, where applicable in accordance with Union and national law;
Amendment 289 #
Proposal for a regulation
Article 46 – paragraph 4
Article 46 – paragraph 4
4. Following the issuance of the data permit, the health data access body shall immediately request the electronic health data from the data holder. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unlessexcept where the health data access body specifies that it will provide the data withincan duly justify the need for an extension. In this case, a longer specified timeframe shall be decided.
Amendment 291 #
Proposal for a regulation
Article 46 – paragraph 11
Article 46 – paragraph 11
11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. Data users shall not be obliged to make public results or output in a way which compromises intellectual property rights contained therein. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
Amendment 297 #
Proposal for a regulation
Recital 27 a (new)
Recital 27 a (new)
(27 a) EHDS relies on national and European electronic health record systems, databases, and registries. In this regard, obligations are set out in Chapter III of this Regulation. It should however be recognized, that setting up obligations is not sufficient for creating a future- proof framework, which supports Europe's leadership position in health data usage and reap its benefits for citizens, industry, and other interests. As a supplement to obligations, there should be more research into the digital technology on which electronic health record systems, databases and registries are built in order to foster innovation.
Amendment 323 #
Proposal for a regulation
Article 64 – paragraph 1
Article 64 – paragraph 1
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of the high level representatives of digital health authorities and health data access bodies of all the Member States. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observshall, where relevant, invite experts and other relevant stakeholders to attend its meetings, and mayto cooperate with other external experts as appropriateon aspects of its work. Such stakeholders may include actors of the public and private sector, patients, health professionals, and researchers. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.
Amendment 333 #
Proposal for a regulation
Article 65 – paragraph 2 – point b – point iii
Article 65 – paragraph 2 – point b – point iii
(iii) incentives policy for promoting data quality and interoperability improvement, including facilitating the development of harmonised guidance for anonymisation and pseudonymisation of health data;
Amendment 334 #
Proposal for a regulation
Article 65 – paragraph 2 – point c a (new)
Article 65 – paragraph 2 – point c a (new)
(ca) to provide expertise on the amending of the list of minimum categories of electronic data for secondary use in accordance with Article 33(7);
Amendment 335 #
Proposal for a regulation
Article 65 – paragraph 2 – point f
Article 65 – paragraph 2 – point f
(f) to facilitate the exchange of views on the secondary use of electronic health data with the relevant stakeholders, including representatives of patients, health professionals, researchers, industry representatives, regulators and policy makers in the health sector.
Amendment 350 #
Proposal for a regulation
Recital 40
Recital 40
(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protectionshall be granted the level protection of confidential information mandated by Article 39 of the Agreement on Trade-Related Aspects of Intellectual Property and the Trade Secrets Directive (2016/943). However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
Amendment 364 #
Proposal for a regulation
Recital 41 a (new)
Recital 41 a (new)
(41 a) Cross-border research collaborations are of great importance across medical research fields, including for research into childhood cancer and rare diseases. As such, the use of electronic health data for secondary purposes through the European Health Data Space should empower the development of collaborative research by supporting the use of data between two or more teams within the same Member State or cross-border.
Amendment 436 #
Proposal for a regulation
Recital 61 a (new)
Recital 61 a (new)
(61 a) It should be supported that new common standards are based on existing harmonised standards, or where relevant international standards, and shall be adopted only after consulting all relevant stakeholders. Notably, existing health data infrastructures and registries created and run by various stakeholders can contribute to defining and implementing common standards. This should be leveraged to allow for continuity and build on existing expertise.
Amendment 447 #
Proposal for a regulation
Recital 64
Recital 64
(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. This underlines the need for a harmonized interpretation of anonymisation and pseudonymisation across Member States. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].
Amendment 697 #
Proposal for a regulation
Article 3 – paragraph 10
Article 3 – paragraph 10
10. Natural persons shall have the right to obtain information on the healthcare providers and healany access to their electronic health data, including information about the identity of the professionals that haveerson who accessed their electronic health data in the context of healthcare, which health data was accessed and the time of access. The information shall be provided immediately and free of charge through electronic health data access services.
Amendment 760 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point d
Article 5 – paragraph 1 – subparagraph 1 – point d
(d) medical images and, image reports, audio and video;
Amendment 821 #
Proposal for a regulation
Article 8
Article 8
Amendment 1029 #
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1
Article 23 – paragraph 1 – subparagraph 1
The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a time limit for implementing those common specifications. Those common specifications shall be issued in accordance with Article 10 of Regulation (EU) 1025/2012, and where relevant based on existing harmonised standards or relevant international standards, and shall be adopted only after consulting the European standardisation organisations as well as other relevant stakeholders. Where relevant, the common specifications shall take into account the specificities of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14.
Amendment 1193 #
Proposal for a regulation
Article 33 – paragraph 1 – point l
Article 33 – paragraph 1 – point l
(l) research cohorts, questionnaires and surveys related to health, including patient-reported outcome measures and patient-reported experience measures;
Amendment 1236 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. EWithout prejudice to applicable legislation on intellectual property rights, regulatory data protection and trade secrets, electronic health data entailing protected intellectual property and, regulatory data protection or trade secrets from private enterprises shall be made available for secondary use. Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights, protected regulatory data and trade secrets shall be taken.
Amendment 1277 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
7. The Commission shall periodically review the list in paragraph 1. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data. The EHDS Board shall be consulted as part of the periodical review.
Amendment 1326 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products or services contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of, medical devices or in vitro diagnostic medical devices;
Amendment 1337 #
Proposal for a regulation
Article 34 – paragraph 1 – point g
Article 34 – paragraph 1 – point g
(g) training, testing and evaluating of algorithms, including in medical devices, in vitro diagnostic medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of, medical devices or in vitro diagnostic medical devices;
Amendment 1349 #
Proposal for a regulation
Article 34 – paragraph 1 – point h
Article 34 – paragraph 1 – point h
(h) improving delivery of healthcare, optimising patient pathways and providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons and real world evidence.
Amendment 1359 #
Proposal for a regulation
Article 34 – paragraph 4
Article 34 – paragraph 4
4. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights and, regulatory data protection or trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall, upon consultation with the data holder, take all specific measures necessary to preserve the confidentiality of such data.
Amendment 1400 #
Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)
Article 35 – paragraph 1 – point e a (new)
(e a) all acts of unfair competition or unfair commercial use, in accordance with Article 10bis of the Paris Convention for the Protection of Industrial Property and Article 39 of the Agreement on Trade-Related Aspects of Intellectual Property;
Amendment 1432 #
Proposal for a regulation
Article 36 – paragraph 2
Article 36 – paragraph 2
2. Member States shall ensure that each health data access body is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers. This shall include sufficient administrative, technical and scientific personnel, including expertise in relevant areas such as data management, data protection, data science, healthcare and intellectual property rights.
Amendment 1476 #
Proposal for a regulation
Article 37 – paragraph 1 – point f
Article 37 – paragraph 1 – point f
(f) take all measures necessary to preserve the confidentiality of IP rights and of trade secrets and of protected regulatory data;
Amendment 1506 #
Proposal for a regulation
Article 37 – paragraph 1 – point p
Article 37 – paragraph 1 – point p
(p) inform the data holder when electronic health data made available for secondary use entails their intellectual property, trade secrets or regulatory data and upon request send to the data holder free of charge, by the expiry of the data permit, a copy of the corrected, annotated or enriched dataset, as applicable, and a description of the operations performed on the original dataset;
Amendment 1528 #
Proposal for a regulation
Article 37 – paragraph 2 – point c
Article 37 – paragraph 2 – point c
(c) cooperate with all relevant stakeholders, including patient organisations, representatives from natural persons, health professionals, researchers, industry representatives and ethical committees, where applicable in accordance with Union and national law;
Amendment 1827 #
Proposal for a regulation
Article 46 – paragraph 4
Article 46 – paragraph 4
4. Following the issuance of the data permit, the health data access body shall immediately request the electronic health data from the data holder. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unlessexcept where the health data access body specifies that it will provide the data withincan duly justify the need for an extension. In this case, a longer specified timeframe shall be decided.
Amendment 1841 #
Proposal for a regulation
Article 46 – paragraph 9
Article 46 – paragraph 9
9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 510 years. This duration may be extended once, at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit, for a period which cannot exceed 52 years. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 5 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted within 6 months following the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body.
Amendment 1849 #
Proposal for a regulation
Article 46 – paragraph 11
Article 46 – paragraph 11
11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. Data users shall not be obliged to make public results or output in a way that compromises intellectual property rights contained therein. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
Amendment 1983 #
Proposal for a regulation
Article 59 – paragraph 1
Article 59 – paragraph 1
The Commission shall support sharing of best practices and expertise, aimed to build the capacity of Member States to strengthen digital health systems for primary and secondary use of electronic health data. To support capacity building, the Commission shall draw up benchmarking guidelines for the primary and secondary use of electronic health data. Additionally, with reference to Article 33(1), point (i), guidance shall be made available to support compliance, particularly for non-profit organisations, researchers and medical societies, who act as data holders in relation to registries.
Amendment 2026 #
Proposal for a regulation
Article 64 – paragraph 1
Article 64 – paragraph 1
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of the high level representatives of digital health authorities and health data access bodies of all the Member States. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observshall, where relevant, invite experts and other relevant stakeholders to attend its meetings, and mayto cooperate with other external experts as appropriateon aspects of its work. Such stakeholders may include actors of the public and private sector, patients, health professionals, and researchers. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.
Amendment 2056 #
Proposal for a regulation
Article 65 – paragraph 2 – point b – point iii
Article 65 – paragraph 2 – point b – point iii
(iii) incentives policy for promoting data quality and interoperability improvement, including facilitating the development of harmonised guidance for anonymisation and pseudonymisation of health data;
Amendment 2063 #
Proposal for a regulation
Article 65 – paragraph 2 – point c a (new)
Article 65 – paragraph 2 – point c a (new)
(ca) to provide expertise for amending the list of minimum categories of electronic data for secondary use in accordance with Article 33(7);
Amendment 2067 #
Proposal for a regulation
Article 65 – paragraph 2 – point f
Article 65 – paragraph 2 – point f
(f) to facilitate the exchange of views on the secondary use of electronic health data with the relevant stakeholders, including representatives of patients, health professionals, researchers, industry representatives, regulators and policy makers in the health sector.