BETA

273 Amendments of Tudor CIUHODARU related to 2022/0140(COD)

Amendment 159 #
Draft legislative resolution
Citation 2
— having regard to Article 294(2) and Articles 16, 114 and 11468 of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C9- 0167/2022),
2023/03/30
Committee: ENVILIBE
Amendment 168 #
Proposal for a regulation
Citation 1
Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 16, 114 and 11468 thereof,
2023/03/30
Committee: ENVILIBE
Amendment 171 #
Proposal for a regulation
Recital 1
(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improvegrant access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for the improvement for other purposes that would benefit the society such as research, innovation, policy- making, health threats preparedness and control, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal and technical framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in conformity with Union values.
2023/03/30
Committee: ENVILIBE
Amendment 173 #
Proposal for a regulation
Recital 1
(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes that would benefit the society such as research, innovation, policy- making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’), as well as the clarification of access to those data, in conformity with Union values.
2023/03/30
Committee: ENVILIBE
Amendment 176 #
Proposal for a regulation
Recital 1 a (new)
(1 a) The EHDS constitutes a key component for the creation of a strong and resilient European Health Union to better protect the health of European citizens, prevent and address future pandemics and improve resilience of Europe’s health systems.
2023/03/30
Committee: ENVILIBE
Amendment 177 #
Proposal for a regulation
Recital 1 b (new)
(1 b) This Regulation should work horizontally with other European programs such as the Digital Europe Programme, Connecting Europe Facility and Horizon Europe. The European Commission should ensure that other European programs complement and facilitate the implementation of the European Health Data Space.
2023/03/30
Committee: ENVILIBE
Amendment 179 #
Proposal for a regulation
Recital 2
(2) The COVID-19 pandemic has highlighted the imperative of having timely access to quality electronic health data for health threats preparedness and response, as well as for prevention, diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, to reduced costs and an improved response to health threats and ultimately would have helped to save more lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural and systemicapproach at Member States and Union level. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).
2023/03/30
Committee: ENVILIBE
Amendment 180 #
Proposal for a regulation
Recital 2
(2) The COVID-19 pandemic has highlighted the imperative of having timely access to electronic health data for health threats preparedness and response, as well as for diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, and ultimately would have helped to save lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural approach at Member States and Union level, including appropriate measures on access to, and protection of, patients' personal data. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).
2023/03/30
Committee: ENVILIBE
Amendment 184 #
Proposal for a regulation
Recital 3
(3) The COVID-19 crisis strongly anchored the work of the eHealth Network, a voluntary network of digital health authorities, as the main pillar for the development of mobile contact tracing and warning applications and the technical aspects of the EU Digital COVID Certificates. It also highlighted the value of access to real time data to steer effective policy responses and the need for sharing electronic health data that are findable, accessible, interoperable and reusable (‘FAIR principles’), and ensuring that electronic health data are as open as possible and as closed as necessary. Synergies between the EHDS, the European Open Science Cloud42and the European Research Infrastructures should be ensured, as well as lessons learned from data sharing solutions developed under the European COVID-19 Data Platform. _________________ 42 EOSC Portal (eosc-portal.eu).
2023/03/30
Committee: ENVILIBE
Amendment 185 #
Proposal for a regulation
Recital 3
(3) The COVID-19 crisis strongly anchored the work of the eHealth Network, a voluntary network of digital health authorities, as the main pillar for the development of mobile contact tracing and warning applications and the technical aspects of the EU Digital COVID Certificates. It also highlighted the need for sharing electronic health data that are findable, accessible, interoperable and reusable (‘FAIR principles’), and ensuring that electronic health data are as open as possible and as closed as necessary so as to protect patients' personal data and information. Synergies between the EHDS, the European Open Science Cloud42and the European Research Infrastructures should be ensured, as well as lessons learned from data sharing solutions developed under the European COVID-19 Data Platform. _________________ 42 EOSC Portal (eosc-portal.eu).
2023/03/30
Committee: ENVILIBE
Amendment 188 #
Proposal for a regulation
Recital 4
(4) The processing of personal electronic health data is subject to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council43and, for Union institutions and bodies, Regulation (EU) 2018/1725 of the European Parliament and of the Council44. References to the provisions of Regulation (EU) 2016/679 should be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions and bodies, where relevant. In addition, the Regulation should comply with Cyber Resilience Act. _________________ 43 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1). 44 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
2023/03/30
Committee: ENVILIBE
Amendment 194 #
Proposal for a regulation
Recital 5
(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an appropriate and secure electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, includingthe necessary treatment, especially when this is long-term, and which also relates to the provision of associated health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, such as behaviour, environmental, physical influences, medical care, social or educational factors. Electronic health data also includes data that has been initially collected for research, statistics, policy making or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.
2023/03/30
Committee: ENVILIBE
Amendment 196 #
Proposal for a regulation
Recital 5
(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, such as behaviour, environmental, physical influences, medical care, social or educational factors. Electronic health data also includes data that has been initially collected for research, statistics, threat assessment, policy making or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.
2023/03/30
Committee: ENVILIBE
Amendment 200 #
Proposal for a regulation
Recital 7
(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, and other complementary exams of diagnosis and therapeutics, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). To this end, Member States should ensure a common standard for health care data exchange to ensure and facilitate the data exchange and translation to the Union official languages. However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. In this respect, appropriate funding and appropriate support at EU level should be considered as a means to reduce fragmentation, heterogeneity, and division and to achieve a system that is user-friendly and intuitive in all countries.
2023/03/30
Committee: ENVILIBE
Amendment 204 #
Proposal for a regulation
Recital 7
(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided secure health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it. Those data also need to be properly secured and protected against cyberattacks.
2023/03/30
Committee: ENVILIBE
Amendment 209 #
Proposal for a regulation
Recital 8
(8) The right of access to data by a natural person, established by Article 15 of Regulation (EU) 2016/679, should be further developed in the health sector. Under Regulation (EU) 2016/679, controllers do not have to provide access immediately. While patient portals, mobile applications and other personal health data access services exist in many places, including national solutions in some Member States, the right of access to health data is still commonly implemented in many places through the provision of the requested health data in paper format or as scanned documents, which is time- consuming. This may severely impair timely access to health data by natural persons, and may have a negative impact on natural persons who need such access immediately due to urgent circumstances pertaining to their health condition. Appropriate Union funding should be granted to Member States transpose the information on Article 5(1) to electronic format. All health data prior to the implementation of this Regulation shall be inserted in electronic health records with the support of Member States and without additional burden to healthcare professionals.
2023/03/30
Committee: ENVILIBE
Amendment 211 #
Proposal for a regulation
Recital 8
(8) The right of access to data by a natural person, established by Article 15 of Regulation (EU) 2016/679, should be further developed in the health sector, in parallel with the measures on access to, and protection, of those data. Under Regulation (EU) 2016/679, controllers do not have to provide access immediately. While patient portals, mobile applications and other personal health data access services exist in many places, including national solutions in some Member States, the right of access to health data is still commonly implemented in many places through the provision of the requested health data in paper format or as scanned documents, which is time- consuming. This may severely impair timely access to health data by natural persons, and may have a negative impact on natural persons who need such access immediately due to urgent circumstances pertaining to their health condition.
2023/03/30
Committee: ENVILIBE
Amendment 214 #
Proposal for a regulation
Recital 9
(9) At the same time, it should be considered that immediate access to certain types of personal electronic health data may be harmful for the safety of natural persons, unethical or inappropriate. For example, it could be unethical to inform a patient through an electronic channel about a diagnosis with an incurable disease that is likely to lead to their swift passing instead of providing this information in a consultation with the patient first. Therefore, a possibility for limited exceptions in the implementation of this right should be ensured. Such an exception may be imposed by the Member States where this exception constitutes a necessary and proportionate measure in a democratic society, in line with the requirements of Article 23 of Regulation (EU) 2016/679. Such restrictions should be implemented by delaying the display of the concerned personal electronic health data to the natural person for a limited period. Where health data is only available on paper, if the effort to make data available electronically is disproportionate, there should be no obligation that such health data is converted until the moment of contact between the patient and the health professional. The availability of health data prior to the implementation of this regulation should happen in a timely manner into electronic format through a process facilitated by Member States. Any digital transformation in the healthcare sector should aim to be inclusive and benefit also natural persons with limited ability to access and use digital services. Natural persons should be able to provide an authorisation to the natural persons of their choice, such as to their relatives or other close natural persons, enabling them to access or control access to their personal electronic health data or to use digital health services on their behalf. Such authorisations may also be useful for convenience reasons in other situations. Proxy services should be established by Member States to implement these authorisations, and they should be linked to personal health data access services, such as patient portals on patient-facing mobile applications. The proxy services should also enable guardians to act on behalf of their dependent children; in such situations, authorisations could be automatic. In order to take into account cases in which the display of some personal electronic health data of minors to their guardians could be contrary to the interests or will of the minor, Member States should be able to provide for such limitations and safeguards in national law, as well as the necessary technical implementation. Personal health data access services, such as patient portals or mobile applications, should make use of such authorisations and thus enable authorised natural persons to access personal electronic health data falling within the remit of the authorisation, in order for them to produce the desired effect.
2023/03/30
Committee: ENVILIBE
Amendment 221 #
Proposal for a regulation
Recital 10
(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data and does not have the same clinical or legal value as information provided by a healthcare professional. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.
2023/03/30
Committee: ENVILIBE
Amendment 222 #
Proposal for a regulation
Recital 11
(11) Natural persons should be further empowered to exchange and to provide access to personal electronic health data to the health professionals of their choice, going beyond the right to data portability as established in Article 20 of Regulation (EU) 2016/679. This is necessary to tackle objective difficulties and obstacles in the current state of play. Under Regulation (EU) 2016/679, portability is limited only to data processed based on consent or contract, which excludes data processed under other legal bases, such as when the processing is based on law, for example when their processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. It only concerns data provided by the data subject to a controller, excluding many inferred or indirect data, such as diagnoses, or tests. Finally, under Regulation (EU) 2016/679, the natural person has the right to have the personal data transmitted directly from one controller to another only where technically feasible and if the appropriate protection measures and complied with. That Regulation, however, does not impose an obligation to make this direct transmission technically feasible. All these elements limit the data portability and may limit its benefits for provision of high- quality, safe and efficient healthcare services to the natural person.
2023/03/30
Committee: ENVILIBE
Amendment 225 #
Proposal for a regulation
Recital 12
(12) Natural persons should be able to exercise control over the transmission of personal electronic health data to other healthcare providers. Healthcare providers and other organisations providing EHRs should facilitate the exercise of this right. Stakeholders such as healthcare providers, digital health service providers, manufacturers of EHR systems or medical devices should not limit or block the exercise of the right of portability because of the use of proprietary standards or other measures taken to limit the portability. Healthcare providers must follow data minimization principles when requesting personal health data, limiting it to the strictly necessary and justified data for a given service. For these reasons, the framework laid down by this Regulation builds on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their electronic health data, including inferred data, irrespective of the legal basis for processing the electronic health data. This right should apply to electronic health data processed by public or private controllers, irrespective of the legal basis for processing the data under in accordance with the Regulation (EU) 2016/679. This right should apply to all electronic health data.
2023/03/30
Committee: ENVILIBE
Amendment 235 #
Proposal for a regulation
Recital 13
(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person dependent on that information. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.
2023/03/30
Committee: ENVILIBE
Amendment 237 #
Proposal for a regulation
Recital 15
(15) Article 9(2), point (h), of Regulation (EU) 2016/679 provides for exceptions where the processing of senstitive data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health care or treatment or the management of health care systems and services on the basis of Union or Member State law. This Regulation should provide conditions and safeguards for the processing of electronic health data by healthcare providers and health professionals in line with Article 9(2), point (h), of Regulation (EU) 2016/679 with the purpose of accessing personal electronic health data provided by the natural person or transmitted from other healthcare providers. However, this Regulation should be without prejudice to the national laws concerning the processing of health data, including the legislation establishing categories of health professionals that can process different categories of electronic health data.
2023/03/30
Committee: ENVILIBE
Amendment 238 #
Proposal for a regulation
Recital 16
(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and, avoiding duplications and errors and reducing costs. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as appropriate electronic and digital devices and health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. None of the provisions in this Regulation should be interpreted as limiting the obligation of healthcare professionals to conduct themselves in accordance with the applicable codes of conduct, deontological guidelines or other provisions governing ethical conduct with respect to sharing or accessing information, particularly in life- threatening or extreme situations.
2023/03/30
Committee: ENVILIBE
Amendment 242 #
Proposal for a regulation
Recital 16
(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers, provided that access to that data is properly secured, can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format.
2023/03/30
Committee: ENVILIBE
Amendment 245 #
Proposal for a regulation
Recital 17
(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, hospital discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission, especially in the case of cross-border patients or of people who find themselves in another Member State for a limited period of time and may need healthcare assistance for a variety of reasons. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded. The Commission should be empowered to extend the list of priority categories, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general, for cross-border patients or people who find themselves in another Member State for a limited period of time and may need healthcare assistance for a variety of reasons.
2023/03/30
Committee: ENVILIBE
Amendment 247 #
Proposal for a regulation
Recital 17
(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, hospitalealth units discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded. The Commission should be empowered to extend the list of priority categories, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general.
2023/03/30
Committee: ENVILIBE
Amendment 253 #
Proposal for a regulation
Recital 19
(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).
2023/03/30
Committee: ENVILIBE
Amendment 255 #
Proposal for a regulation
Recital 19 a (new)
(19 a) The interoperability of the EHDS should contribute to high quality of European health data sets.
2023/03/30
Committee: ENVILIBE
Amendment 257 #
Proposal for a regulation
Recital 20
(20) While EHR systems are widely spread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare providers that register health data in electronic format. In order to support the implementation of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and according to specific data quality requirements, including measures on access to, and the protection of, those data. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data. The Commission should be empowered to adopt implementing acts for determining additional aspects related to the registration of electronic health data, such as categories of healthcare providers that are to register health data electronically, categories of data to be registered electronically, or data quality and data security requirements.
2023/03/30
Committee: ENVILIBE
Amendment 259 #
Proposal for a regulation
Recital 20 a (new)
(20 a) In order to support the successful implementation of the EHDS and the execution of an effective landscape of European health data cooperation, the European Commission and Member States should agree on time-based targets to implement improved health data interoperability across the European Union with a range of targets and milestones to be reviewed and assessed in an annual report.
2023/03/30
Committee: ENVILIBE
Amendment 261 #
Proposal for a regulation
Recital 21
(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services (including telemedicine) thatthat they provide and reimburse. Telemedicine and online pharmacy services have they provide and reimburseotential to reduce health inequalities and reinforce the free movement of european citizens across borders. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health services such as telemedicine, including and online pharmacy services. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.
2023/03/30
Committee: ENVILIBE
Amendment 265 #
Proposal for a regulation
Recital 21 a (new)
(21 a) Telemedicine is becoming an increasingly important tool that can provide patients access to care and tackle inequities. Digital and other technological tools can minimize the circumstance of remote care, however, telemedicine should not be viewed as a replacement for in-person medicine, as there are certain conditions and procedures that require physical examination and intervention.
2023/03/30
Committee: ENVILIBE
Amendment 271 #
Proposal for a regulation
Recital 23
(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. Digital health authorities should ensure that appropriate training initiatives are undertaken at the local level. In particular, health professionals should be informed and trained with respect to their rights and obligations under the present Regulation. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, healthcare professionals, manufacturers of EHR systems and wellness applications, as well as other stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.
2023/03/30
Committee: ENVILIBE
Amendment 277 #
Proposal for a regulation
Recital 24
(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data, and funding as well as other means of European level support should be considered.
2023/03/30
Committee: ENVILIBE
Amendment 278 #
Proposal for a regulation
Recital 24
(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence, or when they work in a Member State other than the one in which they live. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.
2023/03/30
Committee: ENVILIBE
Amendment 285 #
Proposal for a regulation
Recital 25
(25) In the context of MyHealth@EU, a central platform should provide a common infrastructure for the Member States to ensure connectivity and interoperability in an efficient and secure way. In order to guarantee compliance with data protection rules and to provide a risk management framework for the transmission of personal electronic health data, the Commission should, by means of implementing acts, allocate specific responsibilities with time- based targets among the Member States, as joint controllers, and prescribe its own obligations, as processor.
2023/03/30
Committee: ENVILIBE
Amendment 291 #
Proposal for a regulation
Recital 27
(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory self-certification scheme, as well as to instill the trust of citizens. To that end, a mandatory conformity assessment by notified bodies for EHR systems processing one or more priority categories of electronic health data should be establishconducted to overcome market fragmentation while ensuring a proportionate approach. Through this self- certification,compliance with robust security and data protection requirements. Through this conformity assessment, notified bodies should ascertain that EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).
2023/03/30
Committee: ENVILIBE
Amendment 299 #
Proposal for a regulation
Recital 28
(28) While EHR systems specifically intended by the manufacturer to be used for processing one or more specific categories of electronic health data should be subject to a mandatory self-certificationconformity assessment by a notified body, software for general purposes should not be considered as EHR systems, even when used in a healthcare setting, and should therefore not be required to comply with the provisions of Chapter III.
2023/03/30
Committee: ENVILIBE
Amendment 302 #
Proposal for a regulation
Recital 30
(30) To further support interoperability and security, Member States may maintain or define specific rules for the procurement, reimbursement, financing or use of EHR systems at national level in the context of the organisation, delivery or financing of health services. Such specific rules should not impede the free movement of EHR systems in the Union. Some Member States have introduced mandatory certification of EHR systems or mandatory interoperability testing for their connection to national digital health services. Such requirements are commonly reflected in procurements organised by healthcare providers, national or regional authorities. Mandatory certification of EHR systems at Union level via a conformity assessment procedure should establish a baseline that can be used in procurements at national level.
2023/03/30
Committee: ENVILIBE
Amendment 303 #
Proposal for a regulation
Recital 33
(33) Compliance with essential requirements on interoperability and security should be demonstrated by the manufacturers of EHR systems through the implementation of common specifications. To that end, implementing powers should be conferred on the Commission to determine such common specifications regarding datasets, coding systems, technical specifications, including standards, specifications and profiles for data exchange, as well as requirements and principles related to security, confidentiality, integrity, patient safety and protection of personal data as well as specifications and requirements related to identification management and the use of electronic identification. Digital health authorities should contribute to the development of such common specifications and base their discussion on previous debates.
2023/03/30
Committee: ENVILIBE
Amendment 304 #
Proposal for a regulation
Recital 34
(34) In order to ensure an appropriate and effective enforcement of the requirements and obligations laid down in Chapter III of this Regulation, the system of market surveillance and compliance of products established by Regulation (EU) 2019/1020 should apply. Depending on the organisation defined at national level, such market surveillance activities could be carried out by the digital health authorities ensuring the proper implementation of Chapter II, notified bodies for EHR systems or a separate market surveillance authority responsible for EHR systems. While designating digital health authorities or national notified bodies as market surveillance authorities could have important practical advantages for the implementation of health and care, any conflicts of interest should be avoided, for instance by separating different tasks.
2023/03/30
Committee: ENVILIBE
Amendment 311 #
Proposal for a regulation
Recital 35
(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntamandatory labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. Such labelling schemes should also include information for users on data protection rights and an indication of whether the provider of the app or the browser operator has access to data generated by the app in any way. The Commission mayshould set out in implementing acts the details regarding the format and content of such label.
2023/03/30
Committee: ENVILIBE
Amendment 324 #
Proposal for a regulation
Recital 37
(37) For the secondary use of the clinical data for research, innovation, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically: for processing of electronic health data held by the data holder pursuant to this Regulation, this Regulation creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing the data by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to the health data access bodies (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguardsthe necessary safeguards must be determined in accordance to this Regulation. In this context, the data permits issued by the health data access bodies are an administrative decision defining the conditions for the access to the data.
2023/03/30
Committee: ENVILIBE
Amendment 329 #
Proposal for a regulation
Recital 38
(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, health surveillance, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health- related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use insofar as such effort is always conducted through effective and secured processes, such as aggregation and randomisations and with due respect to professional duties, including but not limited to, confidentiality duties.
2023/03/30
Committee: ENVILIBE
Amendment 330 #
Proposal for a regulation
Recital 38
(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, files on the COVID pandemic and other events with a major impact on public health, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use.
2023/03/30
Committee: ENVILIBE
Amendment 339 #
Proposal for a regulation
Recital 39
(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices, wellness applications or other wearables and digital health applications, which must comply with the data security measures. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.
2023/03/30
Committee: ENVILIBE
Amendment 340 #
Proposal for a regulation
Recital 39
(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices, wellness applications or other wearables and digital health applications. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset for research and innovation activities. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.
2023/03/30
Committee: ENVILIBE
Amendment 345 #
Proposal for a regulation
Recital 40
(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. Health professionals contribute to the EHDS by registering the required categories of patient data in the EHR. Health professionals who are required to register data in an EHR system for primary use purposes should be exempt from providing the data again for secondary use purposes. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented ofr difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protection. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
2023/03/30
Committee: ENVILIBE
Amendment 348 #
Proposal for a regulation
Recital 40
(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS, but they must comply with the measures on appropriate access and security in respect of such personal data. The public or private entities often receive public funding, from national or Union funds to collect, store and process electronic health data for research, statistics (official or not) or other similar purposes, including in areas where the collection of such data is fragmented ofr difficult, such as rare diseases, cancer etc. Such data, collected, stored and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, adaptation to the evolution of new healthcare technologies, patient safety orand policy- making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protection. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
2023/03/30
Committee: ENVILIBE
Amendment 356 #
Proposal for a regulation
Recital 41
(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Particularly, the secondary use of health data for research and development purposes should contribute to a return to society in the form of new medicines, medical devices, health care products and services at affordable and fair prices for European citizens, as well as enhancing access and availability of such in all Member States. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public health bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agenciesNational public health authorities and European Union agencies related to health may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. POther public sector bodies from Member States and European Union institutions, bodies, offices and agencies may carry out such research activities by using third parties, including sub- contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.
2023/03/30
Committee: ENVILIBE
Amendment 359 #
Proposal for a regulation
Recital 41
(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities and information campaigns on a range of health matters, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities and the measures on access to, and the security of, personal data are strictly complied with. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access, be this limited or not, depending on the situation, to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.
2023/03/30
Committee: ENVILIBE
Amendment 362 #
Proposal for a regulation
Recital 41 a (new)
(41 a) Natural persons should be empowered to and have a right to control their electronic health data under this Regulation. Therefore the possibility for data subjects to decline the processing of all or parts of their health data for secondary use for some or all purposes should be provided. An easily understandable and accessible opt-out mechanism in a user-friendly format should be provided in this regard. Natural persons who opt-out of the processing of some or all of their health data for secondary use should not preclude their possibility to reconsider and provide some or all of their health data for secondary use at a later point.
2023/03/30
Committee: ENVILIBE
Amendment 365 #
Proposal for a regulation
Recital 41 b (new)
(41 b) Due to the highly sensitive nature of certain types of electronic health data, where full anonymisation is not possible and therefore the risk of re-identification of the data subject is high, additional safeguards should be provided for. An opt-in mechanism whereby data subjects explicitly consent or give their permission to the processing of part or all of such data for some or all secondary use purposes should be envisaged. This is particularly relevant for human genetic, genomic and proteomic data, as well as data from biobanks. Where data subjects explicitly consent to the use of parts or all of this data for some or all secondary use purposes, they should be made aware of the sensitive nature of the data they are sharing.
2023/03/30
Committee: ENVILIBE
Amendment 366 #
Proposal for a regulation
Recital 41 c (new)
(41 c) Different demographics have varying degrees of digital literacy which may hamper their ability to enact their rights to control their electronic health data. In addition to the right for natural persons to authorise another natural person of their choice to access or control their electronic health data on their behalf, Member States should charge digital health authorities with the creation of targeted national digital literacy programmes to maximise social inclusion and to ensure all natural persons can effectively exercise their rights under this Regulation.
2023/03/30
Committee: ENVILIBE
Amendment 370 #
Proposal for a regulation
Recital 42
(42) The establishment of one or more health data access bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data. Member States should therefore establish one or more health data access body, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies should be designated as a coordinator in case there are more than one data access body. Where a Member State establishes several bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one health data access body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other health data access bodies, the EHDS Board and the Commission. Health data access bodies may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization) but should have the same functions, responsibilities and capabilities, and comply with all the measures on access to, and the security of, personal medical data. Health data access bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that the health data access body cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each health data access body should be provided with the financial and human resources, premises and infrastructure necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Each health data access body should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks to the competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health data.
2023/03/30
Committee: ENVILIBE
Amendment 376 #
Proposal for a regulation
Recital 44
(44) Considering the administrative burden for health data access bodies to inform the natural persons whose data are used in data projects within a secure processing environment, the exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 should apply. Therefore, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the health data access body, which should inform the data subject or his health professional, with due regard for the stated wish of the data subject not to be contacted. Natural persons should be able to access the results of different research projects on the website of the health data access body, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.
2023/03/30
Committee: ENVILIBE
Amendment 380 #
Proposal for a regulation
Recital 46
(46) In order to support the secondary use of electronic health data, the data holders should refrain from withholding the data, requesting unjustified fees that are not transparent nor proportionate with the costs for making data available (and, where relevant, with marginal costs for data collection), requesting the data users to co- publish the research or other practices that could dissuade the data users from requesting the data. Where ethical approval is necessary for providing a data permit, its evaluation should be based on its own merits. On the other hand, Union institutions, bodies, offices andnational public health authorities, European Union agencies, including EMA, ECDC and the Commission,EMCDDA have very important and insightful data. Access to data of such institutions, bodies, offices and agencies should be granted through the health data access body where the controller is located.
2023/03/30
Committee: ENVILIBE
Amendment 387 #
Proposal for a regulation
Recital 48
(48) In order to strengthen the enforcement of the rules on the secondary use of electronic health data, appropriate measures that can lead to penalties or temporary or definitive exclusions from the EHDS framework ofr even fines directed to the data users or data holders that do not comply with their obligations. The health data access body should be empowered to verify compliance and give data users and holders the opportunity to reply to any findings and to remedy any infringement. The imposition of penalties should be subject to appropriate procedural safeguards in accordance with the general principles of law of the relevant Member State, including effective judicial protection and due process.
2023/03/30
Committee: ENVILIBE
Amendment 389 #
Proposal for a regulation
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, common standards for data anonymisation shall be further developed and the use of anonymised electronic health data which is devoid of any personal data should be made available, when possible and if the data user asks it, with data that cannot be anonymised or pseudonymized being excluded of reuse possibilities. Requests of pseudonymised data should be duly justified. When providing access to a pseudonymised or anonymised dataset, a Data Access Body should follow state-of- the-art anonymisation/pseudonymisation technology. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s)'s professional, with due regard for the stated wish of the data subject not to be contacted. Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
2023/03/30
Committee: ENVILIBE
Amendment 397 #
Proposal for a regulation
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity and must ensure the total protection of that data. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
2023/03/30
Committee: ENVILIBE
Amendment 409 #
Proposal for a regulation
Recital 52
(52) As the COVID-19 crisis has shown, the Union institutions, bodies, offices and agencies, especially the Commission, need access to health data for a longer period and on a recurring basis. This is may be the case not only in specific circumstances in times of crisis but also to provide scientific evidence and technical support for Union policies on a regular basis. Access to such data may be required in specific Member States or throughout the whole territory of the Union, and the conditions and period of access must be set out very clearly, while the security of the data must also be respected.
2023/03/30
Committee: ENVILIBE
Amendment 411 #
Proposal for a regulation
Recital 52
(52) As the COVID-19 crisis has shown, the Union institutions, bodies, offices and agencies, especially the Commission, need access to health data for a longer period and on a recurring basis. This is may be the case not only in specific circumstances in times of crisis but also to provide scientific evidence and technical support for Union policies on a regular basis. Access to such data may be required in specific Member States or throughout the whole territory of the Union.
2023/03/30
Committee: ENVILIBE
Amendment 418 #
Proposal for a regulation
Recital 53
(53) For requests to access electronic health data from a single data holder in a single Member State and in order to alieviate the administrative burden for heath data access bodies of managing such request, the data user should be able to request this data directly from the data holder and the data holder should be able to issue a data permit while complying with all the requirements and safeguards linked to such request and permit. Multi- country requests and requests requiring combination of datasets from several data holders should always be channelled through health data access bodies. The data holder should report to the health data access bodies about any data permits or data requests they provide.
2023/03/30
Committee: ENVILIBE
Amendment 420 #
Proposal for a regulation
Recital 54
(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing high common security standards in order to promote the security and interoperability of the various secure environments as well as the regular updating of these security measures to keep pace with IT developments and to counter attacks on databases.
2023/03/30
Committee: ENVILIBE
Amendment 431 #
Proposal for a regulation
Recital 57
(57) The authorisation process to gain access to personal health data in different Member States can be repetitive and cumbersome for data users. Whenever possible, synergies should be established to reduce the burden and barriers for data users. One way to achieve this aim is to adhere to the “single application” principle whereby, with one application, the data user obtains authorisation from multiple health data access bodies in different Member States.
2023/03/30
Committee: ENVILIBE
Amendment 434 #
Proposal for a regulation
Recital 61
(61) Cooperation and work is ongoing between different professional organisations, the Commission and other institutions to set up minimum data fields and other characteristics of different datasets (registries for instance). This work is more advanced in areas such as cancer, rare diseases, cardiovascular and metabolic diseases, risk factors assessment and statistics and shall be taken into account when defining new standards and disease-specific harmonised templates for structured data elements.. However, many datasets are not harmonised, raising comparability issues and making cross- border research difficult. Therefore, more detailed rules should be set out in implementing acts to ensure a harmonised provision, coding and registration of electronic health data. Member States should work towards delivering sustainable economic and social benefits of European electronic health systems and services and interoperable applications, with a view to achieving a high level of trust and security, enhancing continuity of healthcare and ensuring access to safe and high-quality healthcare. Existing health data infrastructures and registries put in place by institutions and stakeholders can contribute to defining and implementing data standards, to ensuring interoperability and must be leveraged to allow continuity and build on existing expertise.
2023/03/30
Committee: ENVILIBE
Amendment 441 #
Proposal for a regulation
Recital 63
(63) The use of funds should also contribute to attaining the objectives of the EHDS. Public procurers, national competent authorities in the Member States, including digital health authorities and health data access bodies, as well as the Commission should make references to applicable technical specifications, standards and profiles on interoperability, access to and security and data quality of data, as well as other requirements developed under this Regulation when defining the conditions for public procurement, calls for proposals and allocation of Union funds, including structural and cohesion funds.
2023/03/30
Committee: ENVILIBE
Amendment 450 #
Proposal for a regulation
Recital 64 a (new)
(64 a) Member States should consider criminalising unauthorised re- identification and disclosure of de- identified personal data to serve as a deterrent measure.
2023/03/30
Committee: ENVILIBE
Amendment 457 #
Proposal for a regulation
Recital 65
(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed, which can be granted limited or permanent access to data provided that they respect the security of that data. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].
2023/03/30
Committee: ENVILIBE
Amendment 459 #
Proposal for a regulation
Recital 65 a (new)
(65 a) The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report elaborated together with the European Commission.
2023/03/30
Committee: ENVILIBE
Amendment 462 #
Proposal for a regulation
Recital 70
(70) Member States should take all necessary measures to ensure that the provisions of this Regulation are implemented, including by laying down effective, proportionate and dissuasive penalties and fines for their infringement. For certain specific infringements, Member States should take into account the margins and criteria set out in this Regulation.
2023/03/30
Committee: ENVILIBE
Amendment 464 #
Proposal for a regulation
Recital 71
(71) In order to assess whether this Regulation reaches its objectives effectively and efficiently, is coherent and still relevant and provides added value at Union level the Commission should carry out an evaluation of this Regulation. The Commission should carry out a partial evaluation of this Regulation 53 years after its entry into force, on the self-certification of EHR systems, and an overall evaluation 75 years after the entry into force of this Regulation. The Commission should submit reports on its main findings following each evaluation to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions.
2023/03/30
Committee: ENVILIBE
Amendment 471 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
(a) strengthens the rights of natural persons in relation to the availability and, control and security of their electronic health data;
2023/03/30
Committee: ENVILIBE
Amendment 474 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
(a) strengthenoutlines the rights of natural persons in relation to the availability and control of their electronic health data;
2023/03/30
Committee: ENVILIBE
Amendment 476 #
Proposal for a regulation
Article 1 – paragraph 2 – point b
(b) lays down rules for the placing on the market, making available on the market or putting into service of electronic health records systems (‘EHR systems’) in the Union, with the appropriate security measures;
2023/03/30
Committee: ENVILIBE
Amendment 515 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning health and genetic data in electronic formatrelevant for health research in electronic format that have been irreversibly anonymised and data that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;
2023/03/30
Committee: ENVILIBE
Amendment 516 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning mental and physical health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;
2023/03/30
Committee: ENVILIBE
Amendment 534 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals, involving the exchange of information and knowledge without changing the content or quality of the data between these organisations, software applications or devices, through the processes they support, enabling data portability across data holders and health care providers for data recipients and data users;
2023/03/30
Committee: ENVILIBE
Amendment 538 #
Proposal for a regulation
Article 2 – paragraph 2 – point g
(g) ‘European electronic health record exchange format’ means a structured, commonly used and machine-readable format that allows transmission of personal electronic health data between different organisations, software applications, devices and healthcare providers;
2023/03/30
Committee: ENVILIBE
Amendment 541 #
Proposal for a regulation
Article 2 – paragraph 2 – point j
(j) ‘health professional access service’ means a service, supported by an EHR system, that enables health professionals to access data of natural persons under their treatmentcare and with authorised permission to do so;
2023/03/30
Committee: ENVILIBE
Amendment 548 #
Proposal for a regulation
Article 2 – paragraph 2 – point l
(l) ‘telemedicine’ means the provision of healthcare services, including remote care and online pharmacies, through the use of information and communication technologies, in situations where the health professional and the patient (or several health professionals) are not in the same location;
2023/03/30
Committee: ENVILIBE
Amendment 549 #
Proposal for a regulation
Article 2 – paragraph 2 – point m
(m) ‘EHR’ (electronic health record) means any collection of electronicthe past or present electronic mental and physical health data related to a natural person and collected in the health system, processed for healthcarethe purpose of the provision of healthcare services or research purposes;
2023/03/30
Committee: ENVILIBE
Amendment 555 #
Proposal for a regulation
Article 2 – paragraph 2 – point n
(n) ‘EHR system’ (electronic health record system) means any appliance or softwarother article whose primary purpose intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records or that can be reasonably expected by the manufacturer to be used for these purposes;
2023/03/30
Committee: ENVILIBE
Amendment 564 #
Proposal for a regulation
Article 2 – paragraph 2 – point o
(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life- styla healthy lifestyle, well-being purposes or that can be reasonably expected by the manufacturer for these purposes;
2023/03/30
Committee: ENVILIBE
Amendment 572 #
Proposal for a regulation
Article 2 – paragraph 2 – point y
(y) ‘data holder’ means any natural or legal person, which is an entity or a body controller as set out in Regulation (EU) 2016/679 in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies whoich are a controller as set out in Regulation (EU) 2018/1725 which hasve the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, to process personal electronic health data or in the case of non-personal health data, through control of the technical design of athe product and related services, the ability to make and as allowed by contract with natural or legal person owning, renting or leasing the product or related service, the ability to make the relevant and appropriate data pursuant to the relevant requirements laid down in this Regulation available, including to register, provide, restrict access or exchange certain data;
2023/03/30
Committee: ENVILIBE
Amendment 594 #
Proposal for a regulation
Article 2 – paragraph 2 – point ac
(ac) ‘dataset catalogue’ means a collection of datasets descriptions, which is arranged in a systematic manner and consists of a user-oriented public part, where information concerning individual dataset parameters is accessible by electronic means through an online portal;
2023/03/30
Committee: ENVILIBE
Amendment 603 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)
(ae a) "notified body’ means a conformity assessment body notified in accordance with Article 27f of this Regulation;
2023/03/30
Committee: ENVILIBE
Amendment 607 #
(ae b) ‘conformity assessment’ means the process demonstrating whether the essential requirements of this Regulation relating to EHR systems have been fulfilled;
2023/03/30
Committee: ENVILIBE
Amendment 612 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae c (new)
(ae c) ‘conformity assessment body’ means a body that performs conformity assessment activities, including testing, certification and inspection;
2023/03/30
Committee: ENVILIBE
Amendment 615 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae d (new)
(ae d) ‘data sharing’ means the provision defined in Article 2 (10) of the Regulation (EU) 2022/868;
2023/03/30
Committee: ENVILIBE
Amendment 633 #
Proposal for a regulation
Article 3 – paragraph 3
3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of thisese rights whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.
2023/03/30
Committee: ENVILIBE
Amendment 638 #
Proposal for a regulation
Article 3 – paragraph 4
4. Where the personal health data have not been registered electronically prior to the application of this Regulation, Member States mayshall require that such data is made available in electronic format pursuant to this Article. This shall not affect the obligation to make personal electronic health data registered after the application of this Regulation available in electronic format pursuant to this Article.
2023/03/30
Committee: ENVILIBE
Amendment 644 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b
(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf or to enable legal guardians to act on behalf of their dependents in accordance with the national law of the Member State.
2023/03/30
Committee: ENVILIBE
Amendment 654 #
Proposal for a regulation
Article 3 – paragraph 6
6. Natural persons may insert, access and export their electronic health data in and from their own EHR or in that of natural persons whose health information they can access, through electronic health data access services orand applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative as non-validated, and information shall only be considered as a clinical fact if validated by an identified, registered health professional with the relevant competence. Natural persons shall not have the possibility to directly change data inserted by healthcare professionals. The process must be secure.
2023/03/30
Committee: ENVILIBE
Amendment 662 #
Proposal for a regulation
Article 3 – paragraph 7
7. Member States shall ensure that, when exercising the right to rectification under Article 16 of Regulation (EU) 2016/679, natural persons can easily request rectification online through the electronic health data access services referred to in paragraph 5, point (a), of this Article. The rectification of a clinical fact in the EHR must be validated by an identified, registered health professional with the appropriate competence. The process must be secure.
2023/03/30
Committee: ENVILIBE
Amendment 668 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1
Natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit partially or totally, their electronic health data to a data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.
2023/03/30
Committee: ENVILIBE
Amendment 673 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 3
By way of derogation from Article 9 of Regulation […] [Data Act COM/2022/68 final], the data recipient shall not be required to compensate the data holder for making electronic health data available.
2023/03/30
Committee: ENVILIBE
Amendment 674 #
Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 4
Natural persons shall have the right that, where priority categories of personal electronic health data referred to in Article 5 are transmitted or made available by the natural person according to the European electronic health record exchange format referred to in Article 6, such data shall be read and accepterecognised as valid by other healthcare providers.
2023/03/30
Committee: ENVILIBE
Amendment 680 #
Proposal for a regulation
Article 3 – paragraph 9
9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health professionals to all or part of their electronic health data. Member StatesFor judicial reasons strictly related to medical liability of health professionals, the date and time of omitted information must be recorded and only visible to the health data access bodies under these circumstances. The European Commission shall establish the rules and specific safeguards regarding such restriction mechanisms through a delegated act.
2023/03/30
Committee: ENVILIBE
Amendment 691 #
Proposal for a regulation
Article 3 – paragraph 10
10. Natural persons shall have the right to obtain information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. In order to demonstrate compliance with this right, all relevant entities shall maintain a system of automated recording showing unequivocally who, when and where had access to data, accessible to the patient. The information shall be provided immediately and free of charge through electronic health data access services in a commonly accepted, interoperable format.
2023/03/30
Committee: ENVILIBE
Amendment 714 #
Proposal for a regulation
Article 4 – paragraph 1 – point a
(a) have access to the electronic health data of natural persons under their treatmentcare and restrict to their functions of action, irrespective of the Member State of affiliation and the Member State of treatment;
2023/03/30
Committee: ENVILIBE
Amendment 718 #
Proposal for a regulation
Article 4 – paragraph 1 – point b
(b) ensure that the personal electronic health data of the natural persons they treatcare are updated with information related to the health services provided and, if not, update data concerning the health services provided by them.
2023/03/30
Committee: ENVILIBE
Amendment 731 #
Proposal for a regulation
Article 4 – paragraph 3
3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals lawfully exercising their activities through health professional access services and that health professionals can easily select specific relevant information in the EHR. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. To this end, they may cooperate, where appropriate, with professional associations under the terms provided for by national rules.
2023/03/30
Committee: ENVILIBE
Amendment 763 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f
(f) discharge reports.;
2023/03/30
Committee: ENVILIBE
Amendment 765 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f a (new)
(f a) medical directives.
2023/03/30
Committee: ENVILIBE
Amendment 785 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
(a) harmonised datasets containing electronic health data and defining structures, such minimum as data fields and data groups for the content representation of clinical content and other parts of the electronic health data, that can be enlarged to include disease-specific data;
2023/03/30
Committee: ENVILIBE
Amendment 790 #
Proposal for a regulation
Article 6 – paragraph 3
3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are issued in the format referred to in paragraph 1 and such data shall be read and accepted by therecognised as valid by the data recipient including measures aimed at ensuring priority categories of personal electronic health data arecipient translated as necessary for the provision of healthcare to the language of the patient or the healthcare professional.
2023/03/30
Committee: ENVILIBE
Amendment 796 #
Proposal for a regulation
Article 7 – paragraph 1
1. Member States shall ensure that, wWhere data is processed in electronic format, Member States shall facilitate health professionals to systematically register the relevant health data falling under at least the priority categories referred to in Article 5 concerning the health services provided by them to natural persons, in the electronic format in an EHR system.
2023/03/30
Committee: ENVILIBE
Amendment 806 #
Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – introductory part
The Commission shall, by means of implementingdelegated acts, determine the requirements for the registration of electronic health data by healthcare providers and natural persons, as relevant. Those implementingdelegated acts shall establish the following:
2023/03/30
Committee: ENVILIBE
Amendment 816 #
Proposal for a regulation
Article 7 – paragraph 3 a (new)
3 a. For the purpose of transparency and accountability, natural persons or their legal representatives must be able to see which healthcare professional accessed their electronic health record separately in each specific category and when.
2023/03/30
Committee: ENVILIBE
Amendment 817 #
Proposal for a regulation
Article 7 – paragraph 3 b (new)
3 b. When health data is registered or updated, electronic health records must identify the time, person and location of the registry.
2023/03/30
Committee: ENVILIBE
Amendment 826 #
Proposal for a regulation
Article 8 – paragraph 1
Where a Member State accepts the provision of telemedicine services, it shall, under the same conditions, accept the provision of the services of the same type by healthcare providers located in other Member States with the same rights and obligations to access and register electronic health data. Telemedicine services shall respect the national law of the Member State in which is being provided.
2023/03/30
Committee: ENVILIBE
Amendment 835 #
Proposal for a regulation
Article 9 – paragraph 2
2. The Commission shall, by means of implementingdelegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the transferability of electronic health data in a cross-border context. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
2023/03/30
Committee: ENVILIBE
Amendment 836 #
Proposal for a regulation
Article 9 – paragraph 3
3. The Member States and the Commission shall implement services required by the interoperable, cross-border identification and authentication mechanism referred to in paragraph 2 of this Article at Union level, as part of the cross-border digital health infrastructure referred to in Article 12(3).
2023/03/30
Committee: ENVILIBE
Amendment 839 #
Proposal for a regulation
Article 10 – paragraph 1
1. Each Member State shall designate a digital health authority responsible for the implementation and enforcement of this Chapter at national level. Implementation shall be harmonised at national level and across Member States with the EHDS Board conducting an oversight and leadership role in achieving this. The Member State shall communicate the identity of the digital health authority to the Commission by the date of application of this Regulation. Where a designated digital health authority is an entity consisting of multiple organisations, the Member State shall communicate to the Commission a description of the separation of tasks between the organisations. The Commission shall make this information publicly available.
2023/03/30
Committee: ENVILIBE
Amendment 843 #
Proposal for a regulation
Article 10 – paragraph 2 – point b
(b) ensure that complete and up to date information about the implementation of rights and obligations provided for in in Chapters II and III is made readily available to natural persons, health professionals and healthcare providers and that appropriate training initiatives are undertaken at the local level;
2023/03/30
Committee: ENVILIBE
Amendment 848 #
Proposal for a regulation
Article 10 – paragraph 2 – point h
(h) contribute, at Union level, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing interoperability, the access period and the access process per se, and security, safety or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems and wellness applications referred to in Article 32;
2023/03/30
Committee: ENVILIBE
Amendment 853 #
Proposal for a regulation
Article 10 – paragraph 2 – point k
(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible and equitable to different groups of natural persons and health professionals, including natural persons with disabilities, do not discriminate and offer the possibility of choosing between in person and digital services;
2023/03/30
Committee: ENVILIBE
Amendment 855 #
Proposal for a regulation
Article 10 – paragraph 2 – point k a (new)
(k a) ensure a communication plan to the natural person, health professional and stakeholders to inform the rights and obligations of which element of the EHDS and inform the natural person the advantages and potential gains to science and society of the primary and secondary use of electronic health data;
2023/03/30
Committee: ENVILIBE
Amendment 856 #
Proposal for a regulation
Article 10 – paragraph 2 – point k b (new)
(k b) offer, free of charge, accessible online training, to natural persons and health professionals on how to use electronic health data access service and health professional access service, respectively;
2023/03/30
Committee: ENVILIBE
Amendment 882 #
Proposal for a regulation
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ and healthcare professionals’ representatives. Members of the digital health authority shall avoid any conflicts of interest. The Commission shall be empowered to adopt delegated acts setting out what is likely to constitute a conflict of interest together with the procedure to be followed in such cases.
2023/03/30
Committee: ENVILIBE
Amendment 903 #
Proposal for a regulation
Article 11 – paragraph 2
2. The digital health authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken and inform the legal authorities if applicable.
2023/03/30
Committee: ENVILIBE
Amendment 918 #
Proposal for a regulation
Article 12 – paragraph 4
4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The implementing act shall include the agreement of target implementation dates, including for improved cross-border health data interoperability, in consultation with the EHDS board.
2023/03/30
Committee: ENVILIBE
Amendment 936 #
Proposal for a regulation
Article 13 – paragraph 2
2. The Commission and Member States may facilitate the exchange of electronic health data with other infrastructures, such as the Clinical Patient Management System or other services or infrastructures in the health, care or social security fields which may become authorised participants to MyHealth@EU. The Commission shall, by means of implementing acts, set out the technical aspects of such exchanges, with a focus on the mode and period of access, in compliance with patient data security measures. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The connection of another infrastructure to the central platform for digital health shall be subject to a decision of the joint controllership group for MyHealth@EU referred to in Article 66.
2023/03/30
Committee: ENVILIBE
Amendment 953 #
Proposal for a regulation
Article 15 – paragraph 1
1. EHR systems may be placed on the market or put into service only if theyafter a notified body has assessed and verified that the EHR system complyies with the provisions laid down in this Chapter.
2023/03/30
Committee: ENVILIBE
Amendment 962 #
Proposal for a regulation
Article 17 – paragraph 1 – point b
(b) draw up the technical documentation of their EHR systems in accordance with Article 24 before placing their system on the market;
2023/03/30
Committee: ENVILIBE
Amendment 965 #
Proposal for a regulation
Article 17 – paragraph 1 – point d
(d) draw up an EU declaration of conformitycarry out the relevant conformity assessment procedures as referred to in Article 267a;
2023/03/30
Committee: ENVILIBE
Amendment 966 #
Proposal for a regulation
Article 17 – paragraph 1 – point d a (new)
(d a) draw up the EU declaration of conformity in accordance with Article 26 and affix the CE marking in accordance with Article 27 where compliance of the EHR system requirements laid down in Annex II has been demonstrated by that conformity assessment procedure;
2023/03/30
Committee: ENVILIBE
Amendment 967 #
Proposal for a regulation
Article 17 – paragraph 1 – point e
(e) affix the CE marking in accordance with Article 27;deleted
2023/03/30
Committee: ENVILIBE
Amendment 969 #
Proposal for a regulation
Article 17 – paragraph 1 – point g
(g) take without undue delay any necessary corrective action in respect of their EHR systems which are not or are no longer in conformity with the essential requirements laid down in Annex II, or recall or withdraw such systems;
2023/03/30
Committee: ENVILIBE
Amendment 971 #
Proposal for a regulation
Article 17 – paragraph 1 – point i
(i) inform the market surveillance authorities and notified bodies of the Member States in which they made their EHR systems available or put them into service of the non- conformity and of any corrective action taken;
2023/03/30
Committee: ENVILIBE
Amendment 975 #
Proposal for a regulation
Article 17 – paragraph 1 – point j
(j) upon request of a market surveillance authority or a notified body, provide it with all the information and documentation necessary to demonstrate the conformity of their EHR system with the essential requirements laid down in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 976 #
Proposal for a regulation
Article 17 – paragraph 1 – point k
(k) cooperate with market surveillance authorities and notified bodies, at their request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 979 #
Proposal for a regulation
Article 17 – paragraph 2
2. Manufacturers of EHR systems shall ensure that procedures are in place to ensure that the design, development and deployment of an EHR system continues to comply with the essential requirements laid down in Annex II and the common specifications referred to in Article 23. Changes in EHR system design or characteristics shall be adequately taken into account and reflected in the technical documentationfor EHR systems to remain in conformity with this Regulation. Changes in EHR system design or characteristics and changes in the harmonised standards or the technical specifications referred to in Annex II and III by reference to which the conformity of the EHR system is declared or by application of which its conformity is verified shall be adequately taken into account and reflected in the technical documentation. When deemed appropriate with regard to the risks presented by EHR systems, manufacturers shall, to protect the rights of natural persons, carry out sample testing or put into service, investigate, and, if necessary, keep a register of complaints, of non-conforming EHR systems and EHR systems recalls, and shall keep distributors informed of any such monitoring.
2023/03/30
Committee: ENVILIBE
Amendment 980 #
Proposal for a regulation
Article 17 – paragraph 3
3. Manufacturers of EHR systems shall keep the technical documentation and the EU declaration of conformity for 10 years after the last EHR system covered by the EU declaration of conformity has been placed on the market, where relevant, at the disposal of the market surveillance authorities for 10 years after the last EHR system conformity assessment. Where relevant, the source code or programmed logic included in the technical documentation shall be made available upon a reasoned request from the competent national authorities provided that it is necessary in order for those authorities to be able to check compliance with the essential requirements set out in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 982 #
3 a. Manufacturers who consider or have reason to believe that an EHR system, which they have placed on the market or put into service is not in conformity with the essential requirements set out in Annex II shall immediately take the corrective measures necessary to bring that EHR system into conformity, to withdraw it or to recall it, as appropriate. Furthermore, where the EHR system presents a risk, manufacturers shall immediately inform the competent national authorities of the Member States in which they made the EHR system available on the market to that effect, giving details, in particular, of the non-conformity and of any corrective measures taken.
2023/03/30
Committee: ENVILIBE
Amendment 984 #
Proposal for a regulation
Article 17 – paragraph 3 b (new)
3 b. Manufacturers shall, further to a reasoned request from a competent national authority, provide it with all the information and documentation, in paper or electronic form, necessary to demonstrate the conformity of the EHR system with the essential requirements set out in Annex II, in a language which can be easily understood by that authority. They shall cooperate with that authority, at its request, on any measures taken to eliminate the risks posed by the EHR system, which they have placed on the market or put into service.
2023/03/30
Committee: ENVILIBE
Amendment 990 #
Proposal for a regulation
Article 18 – paragraph 2 – point a
(a) keep the EU declaration of conformity and the technical documentation at the disposal of the national market surveillance authorities for the period referred to in Article 17(3);
2023/03/30
Committee: ENVILIBE
Amendment 994 #
Proposal for a regulation
Article 18 – paragraph 2 – point c
(c) cooperate with the market surveillancecompetent national authorities, at their request, on any corrective action taken in relation to the EHR systems covered by their mandate.
2023/03/30
Committee: ENVILIBE
Amendment 999 #
Proposal for a regulation
Article 19 – paragraph 2 – point a
(a) the manufacturer has drawn up the technical documentation and the EU declaration of conformity;
2023/03/30
Committee: ENVILIBE
Amendment 1000 #
Proposal for a regulation
Article 19 – paragraph 2 – point a a (new)
(a a) ensure that the appropriate conformity assessment procedures referred to in Article 27a have been carried out by the manufacturer
2023/03/30
Committee: ENVILIBE
Amendment 1002 #
Proposal for a regulation
Article 19 – paragraph 2 – point b
(b) the EHR system bears the CE marking of conformity referred to in Article 27 ;
2023/03/30
Committee: ENVILIBE
Amendment 1005 #
Proposal for a regulation
Article 19 – paragraph 5
5. Where an importer considers or has reason to believe that an EHR system, which they have placed on the market, is not in conformity with the essential requirements in Annex II, it shall not make that system available on the market until that system has been brought into conformity. In situations where the EHR system is already on the market, importers shall immediately take the corrective measures necessary to bring that EHR system into conformity, to withdraw it or recall it, as appropriate. The importer shall inform without undue delay the manufacturer of such EHR system and the market surveillancenational competent authorities of the Member State in which it made the EHR system available, to that effect, giving details, in particular, of the non- conformity and of any corrective measures taken. Where relevant, the source code or programmed logic included in the technical documentation shall be made available upon a reasoned request from competent national authorities provided that it is necessary in order for those authorities to be able to check compliance with the essential requirements set out in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 1007 #
Proposal for a regulation
Article 19 – paragraph 6
6. Importers shall keep a copy of the EU declaration of conformity at the disposal of the market surveillance authorities for the period referred to in Article 17(3) and ensure that the technical documentation can be made available to those authorities, upon request. Where relevant, the source code or programmed logic included in the technical documentation shall be made available upon a reasoned request from competent national authorities provided that it is necessary in order for those authorities to be able to check compliance with the essential requirements set out in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 1010 #
Proposal for a regulation
Article 19 – paragraph 7
7. Importers shall, further to a reasoned request from a market surveillancecompetent national authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system in the official language of the Member State where the market surveillancecompetent national authority is located. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 1015 #
Proposal for a regulation
Article 20 – paragraph 1 – point a
(a) the manufacturer has drawn up the EU declaration of conformity;deleted
2023/03/30
Committee: ENVILIBE
Amendment 1016 #
Proposal for a regulation
Article 20 – paragraph 1 – point a a (new)
(a a) ensure that the appropriate conformity assessment procedures referred to in Article 27a have been carried out by the manufacturer;
2023/03/30
Committee: ENVILIBE
Amendment 1018 #
Proposal for a regulation
Article 20 – paragraph 1 a (new)
1 a. When making an EHR system available on the market, distributors shall act with due care in relation to the requirements of this Regulation.
2023/03/30
Committee: ENVILIBE
Amendment 1021 #
Proposal for a regulation
Article 20 – paragraph 4
4. Distributors shall, further to a reasoned request from a market surveillancecompetent national authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 1022 #
Proposal for a regulation
Article 20 – paragraph 4 a (new)
4 a. Where a distributor considers or has reason to believe that an EHR system, which they have placed on the market, is not in conformity with the essential requirements in Annex II, it shall not make that system available on the market until that system has been brought into conformity. In situations where the EHR system is already on the market, importers shall immediately take the corrective measures necessary to bring that EHR system into conformity, to withdraw it or recall it, as appropriate. The distributor shall inform without undue delay the manufacturer of such EHR system and the national competent authorities of the Member State in which it made the EHR system available, to that effect, giving details, in particular, of the non- conformity and of any corrective measures taken.
2023/03/30
Committee: ENVILIBE
Amendment 1024 #
Proposal for a regulation
Article 20 – paragraph 4 b (new)
4 b. Distributors shall, further to a reasoned request from a competent national authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system in the official language of the Member State where the competent national authority is located. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.
2023/03/30
Committee: ENVILIBE
Amendment 1044 #
Proposal for a regulation
Article 25 a (new)
Article 25 a Presumption of conformity of EHR systems 1. An EHR system which is in conformity with harmonised standards as referred to in Article 23 shall be presumed to be in conformity with the essential requirements set out in Annex II covered by those standards. 2. The Commission shall, as provided in Article 10(1) of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards for the essential requirements set out in Annex II. 3. The Commission is empowered to adopt implementing acts establishing technical specifications for the essential requirements set out in Annex II where the following conditions have been fulfilled: (a) no reference to harmonised standards covering the relevant essential health and safety requirements is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012; (b) the Commission has requested one or more European standardisation organisations to draft a harmonised standard for the essential health and safety requirements and there are undue delays in the standardisation procedure or the request has not been accepted by any of the European standardisation organisations. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2). 4. An EHR system which is in conformity with the technical specifications shall be presumed to be in conformity with the essential requirements set out in Annex II covered by those technical specifications.
2023/03/30
Committee: ENVILIBE
Amendment 1046 #
Proposal for a regulation
Article 26 – paragraph 1
1. The EU declaration of conformity shall state that the manufacturer of the EHR system has demonstrated that the essential requirements laid down in Annex II have been fulfilled.
2023/03/30
Committee: ENVILIBE
Amendment 1049 #
Proposal for a regulation
Article 26 – paragraph 4
4. By drawing upissuing the EU declaration of conformity, to the manufacturerhealth data access body, the notified body shall assume responsibility for the conformity of the EHR system.
2023/03/30
Committee: ENVILIBE
Amendment 1057 #
Proposal for a regulation
Article 27 a (new)
Article 27 a Conformity assessment procedures for EHR systems 1. In order to certify the conformity of an EHR system with this Regulation, the manufacturer or its authorised representative, shall apply for EU type- examination procedure provided for in Annex IVa; 2. Notified bodies shall take into account the specific interests and needs of small and medium sized enterprises when setting the fees for conformity assessment and reduce those fees proportionately to their specific interests and needs.
2023/03/30
Committee: ENVILIBE
Amendment 1058 #
Proposal for a regulation
Article 27 b (new)
Article 27 b Notification Member States shall notify the Commission and the other Member States of conformity assessment bodies authorised to carry out conformity assessments in accordance with this Regulation.
2023/03/30
Committee: ENVILIBE
Amendment 1059 #
Proposal for a regulation
Article 27 c (new)
Article 27 c Notifying authorities 1. Member States shall designate a notifying authority that shall be responsible for setting up and carrying out the necessary procedures for the assessment and notification of conformity assessment bodies and the monitoring of notified bodies, including compliance with Article 27j. 2. Member States may decide that the assessment and monitoring referred to in paragraph 1 shall be carried out by a national accreditation body within the meaning of and in accordance with Regulation (EC) No 765/2008. 3. Where the notifying authority delegates or otherwise entrusts the assessment, notification or monitoring referred to in paragraph 1 of this Article to a body, which is not a governmental entity that body shall be a legal entity and shall comply mutatis mutandis with the requirements laid down in Article 27d. In addition, that body shall have arrangements to cover liabilities arising out of its activities. 4. The notifying authority shall take full responsibility for the tasks performed by the body referred to in paragraph 3.
2023/03/30
Committee: ENVILIBE
Amendment 1060 #
Proposal for a regulation
Article 27 d (new)
Article 27 d Requirements relating to notifying authorities 1. A notifying authority shall be established in such a way that no conflict of interest with conformity assessment bodies occurs. 2. A notifying authority shall be organised and operated so as to safeguard the objectivity and impartiality of its activities. 3. A notifying authority shall be organised in such a way that each decision relating to notification of a conformity assessment body is taken by competent persons different from those who carried out the assessment of the EHR system. 4. A notifying authority shall not offer or provide any activities that conformity assessment bodies perform, or consultancy services on a commercial or competitive basis. 5. A notifying authority shall safeguard the confidentiality of the information it obtains. 6. A notifying authority shall have a sufficient number of competent personnel at its disposal for the proper performance of its tasks.
2023/03/30
Committee: ENVILIBE
Amendment 1061 #
Proposal for a regulation
Article 27 e (new)
Article 27 e Information obligation on notifying authorities Member States shall inform the Commission of their procedures for the assessment and notification of conformity assessment bodies and the monitoring of notified bodies, and of any changes thereto. The Commission shall make that information publicly available.
2023/03/30
Committee: ENVILIBE
Amendment 1062 #
Proposal for a regulation
Article 27 f (new)
Article 27 f Requirements relating to notified bodies 1. For the purposes of notification, a conformity assessment body shall meet the requirements laid down in paragraphs 2 to 11. 2. A conformity assessment body shall be established under the national law of a Member State and have legal personality. 3. A conformity assessment body shall be a third-party body independent of the organisation or the EHR system it assesses. 4. A conformity assessment body, its top- level management and the personnel responsible for carrying out the conformity assessment tasks shall not be the designer, manufacturer, supplier, installer, purchaser, owner, user or maintainer of an EHR system, that they assess, nor the representative of any of those parties.A conformity assessment body, its top-level management and the personnel responsible for carrying out the conformity assessment tasks shall not be directly involved in the design, manufacture, marketing, installation, use or maintenance of EHR systems, or represent the parties engaged in those activities. They shall not engage in any activity that may conflict with their independence of judgement or integrity in relation to conformity assessment activities for which they are notified. This shall in particular apply to consultancy services.A conformity assessment body shall ensure that the activities of its subsidiaries or subcontractors do not affect the confidentiality, objectivity or impartiality of its conformity assessment activities. 5. A conformity assessment body and its personnel shall carry out the conformity assessment activities with the highest degree of professional integrity and the requisite technical competence in the specific field and shall be free from all pressures and inducements, particularly financial, which might influence its judgement or the results of its conformity assessment activities, especially as regards persons or groups of persons with an interest in the results of those activities. 6. A conformity assessment body shall be capable of carrying out all the conformity assessment activities mentioned in Annexes IVa in relation to which it has been notified, whether those tasks are carried out by the conformity assessment body itself or on its behalf and under its responsibility.At all times, and for each conformity assessment procedure and each kind of a EHR system for which it has been notified, a conformity assessment body shall have at its disposal the necessary: (a) personnel with technical knowledge and sufficient and appropriate experience to perform the conformity assessment activities; (b) descriptions of procedures in accordance with which conformity assessment is carried out, ensuring the transparency and the ability of reproduction of those procedures; (c) appropriate policies and procedures to distinguish between activities that it carries out as a notified body and other activities; (d) procedures for the performance of conformity assessment activities which take due account of the size of an undertaking, the sector in which it operates, its structure and the degree of complexity of the technology in question. A conformity assessment body shall have the means necessary to perform the technical and administrative tasks connected with the conformity assessment activities in an appropriate manner and shall have access to all necessary equipment or facilities. 7. The personnel responsible for carrying out conformity assessment tasks shall have the following: (a) sound technical and vocational training covering all the conformity assessment activities in relation to which the conformity assessment body has been notified; (b) satisfactory knowledge of the requirements of the assessments they carry out and adequate authority to carry out those assessments; (c) the ability to draw up certificates, records and reports demonstrating that conformity assessments have been carried out. 8. The impartiality of a conformity assessment body, its top-level management and the personnel responsible for carrying out the conformity assessment activities shall be guaranteed. The remuneration of the top-level management and the personnel responsible for carrying out the conformity assessment activities shall not depend on the number of conformity assessments carried out or on the results of those assessments. 9. A conformity assessment body shall take out liability insurance unless liability is assumed by the Member State in accordance with national law, or the Member State itself is directly responsible for the conformity assessment. 10. The personnel of a conformity assessment body shall observe professional secrecy with regard to all information obtained in carrying out the conformity assessment activities in accordance with Annexes IVa, except in relation to the competent authorities of the Member State in which its activities are carried out. Proprietary rights, intellectual property rights and trade secrets shall be protected. 11. A conformity assessment body shall participate in, or ensure that its personnel responsible for carrying out the conformity assessment activities are informed of, the relevant standardisation activities and the activities of the notified body coordination group established under Article 27r and shall apply as general guidance the administrative decisions and documents produced as a result of the work of that group.
2023/03/30
Committee: ENVILIBE
Amendment 1063 #
Proposal for a regulation
Article 27 g (new)
Article 27 g Presumption of conformity of notified bodies Where a conformity assessment body demonstrates its conformity with the criteria laid down in the relevant harmonised standards the references of which have been published in the Official Journal of the European Union, it shall be presumed to comply with the requirements set out in Article 27f in so far as the applicable harmonised standards cover those requirements.
2023/03/30
Committee: ENVILIBE
Amendment 1064 #
Proposal for a regulation
Article 27 h (new)
Article 27 h Subsidiaries of and subcontracting by notified bodies 1. Where a notified body subcontracts specific tasks connected with conformity assessment or has recourse to a subsidiary, it shall ensure that the subcontractor or the subsidiary meets the requirements set out in Article 27f and shall inform the notifying authority accordingly. 2. A notified body shall take full responsibility for the tasks performed by subcontractors or subsidiaries wherever those are established. 3. Activities may be subcontracted or carried out by a subsidiary only with the agreement of the client. 4. A notified body shall keep at the disposal of the notifying authority the relevant documents concerning the assessment of the qualifications of the subcontractor or the subsidiary and the work carried out by them under Annex IVa.
2023/03/30
Committee: ENVILIBE
Amendment 1065 #
Proposal for a regulation
Article 27 i (new)
Article 27 i Notification procedure 1. A notifying authority shall notify only conformity assessment bodies which have satisfied the requirements laid down in Article 27f. 2. The notifying authority shall send a notification to the Commission and the other Member States of each conformity assessment body referred to in paragraph 1, using the electronic notification tool developed and managed by the Commission. 3. The notification referred to in paragraph 2 shall include the following: (a) full details of the conformity assessment activities to be performed; (b) the relevant attestation of competence. 4. Where a notification is not based on an accreditation certificate referred to in Article 27i(2), the notifying authority shall provide the Commission and the other Member States with documentary evidence which attests to the conformity assessment body's competence and the arrangements in place to ensure that that body will be monitored regularly and will continue to satisfy the requirements laid down in Article 27f. 5. The conformity assessment body concerned may perform the activities of a notified body only where no objections are raised by the Commission or the other Member States within two weeks of the validation of the notification where it includes an accreditation certificate referred to in Article 27i(2), or within two months of the notification where it includes documentary evidence referred to in Article 27i(3). Only such a body shall be considered a notified body for the purposes of this Regulation. 6. The notifying authority shall notify the Commission and the other Member States of any subsequent relevant changes to the notification referred to in paragraph 2.
2023/03/30
Committee: ENVILIBE
Amendment 1066 #
Proposal for a regulation
Article 27 i (new)
Article 27 i Application for notification 1. A conformity assessment body shall submit an application for notification to the notifying authority of the Member State in which it is established. 2. The application for notification shall be accompanied by a description of the conformity assessment activities, of the conformity assessment procedures set out in Annex IVa as well as by an accreditation certificate, where one exists, issued by a national accreditation body attesting that the conformity assessment body fulfils the requirements laid down in Article 27f. 3. Where the conformity assessment body concerned cannot provide an accreditation certificate as referred to in paragraph 2, it shall provide the notifying authority with all the documentary evidence necessary for the verification, recognition and regular monitoring of its compliance with the requirements laid down in Article 27f.
2023/03/30
Committee: ENVILIBE
Amendment 1067 #
Proposal for a regulation
Article 27 k (new)
Article 27 k Identification numbers and lists of notified bodies 1. The Commission shall assign an identification number to a notified body. It shall assign a single such number even where the body is notified under several Union acts. 2. The Commission shall make publicly available the list of notified bodies including the identification numbers that have been assigned to them and the conformity assessment activities for which they have been notified. The Commission shall ensure that the list is kept up to date.
2023/03/30
Committee: ENVILIBE
Amendment 1068 #
Proposal for a regulation
Article 27 l (new)
Article 27 l Changes to notifications 1. Where a notifying authority has ascertained or has been informed that a notified body no longer meets the requirements laid down in Article 27f, or that it is failing to fulfil its obligations as set out in Article 27m the notifying authority shall restrict, suspend or withdraw the notification, as appropriate, depending on the seriousness of the failure to meet those requirements or fulfil those obligations. It shall immediately inform the Commission and the other Member States accordingly. 2. In the event of restriction, suspension or withdrawal of notification, or where the notified body has ceased its activity, the notifying authority shall take appropriate steps to ensure that the files of that body are either processed by another notified body or kept available for the responsible notifying and market surveillance authorities at their request.
2023/03/30
Committee: ENVILIBE
Amendment 1069 #
Proposal for a regulation
Article 27 m (new)
Article 27 m Challenge of the competence of notified bodies 1. The Commission shall investigate all cases where it doubts, or doubt is brought to its attention regarding, the competence of a notified body or the continued fulfilment by a notified body of the requirements and responsibilities to which it is subject. 2. The notifying authority shall provide the Commission, on request, with all information relating to the basis for the notification or the maintenance of the competence of the notified body concerned. 3. The Commission shall ensure that all sensitive information obtained in the course of its investigations is treated confidentially. 4. Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall adopt an implementing act requesting the notifying authority to take the necessary corrective measures, including the withdrawal of the notification if necessary. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
2023/03/30
Committee: ENVILIBE
Amendment 1070 #
Proposal for a regulation
Article 27 n (new)
Article 27 n Operational obligations of notified bodies 1. A notified body shall carry out conformity assessments in accordance with the conformity assessment procedures set out in Annex IVa. 2. A notified body shall perform its activities in a proportionate manner, avoiding unnecessary burdens for economic operators, and taking due account of the size of an undertaking, the structure of the undertaking, the degree of complexity of the EHR system in question. In so doing, the notified body shall nevertheless respect the degree of rigour and the level of protection required for the compliance of the EHR system with the requirements of this Regulation. 3. Where, in the course of the monitoring of conformity following the issuance of a certificate of conformity or the adoption of an approval decision, a notified body finds that a EHR system no longer complies, it shall require the manufacturer to take appropriate corrective measures and shall suspend or withdraw the certificate of conformity or the approval decision, if necessary. 4. Where corrective measures are not taken or do not have the required effect, the notified body shall restrict, suspend or withdraw any certificates of conformity or approval decisions, as appropriate.
2023/03/30
Committee: ENVILIBE
Amendment 1071 #
Proposal for a regulation
Article 27 o (new)
Article 27 o Appeals against decisions of notified bodies A notified body shall ensure that a transparent and accessible appeals procedure against its decisions is available.
2023/03/30
Committee: ENVILIBE
Amendment 1072 #
Proposal for a regulation
Article 27 p (new)
Article 27 p Information obligation on notified bodies 1. A notified body shall inform the notifying authority of the following: (a) any refusal, restriction, suspension or withdrawal of a certificate of conformity or approval decision; (b) any circumstances affecting the scope of, or the conditions for, its notification; (c) any request for information which it has received from market surveillance authorities regarding its conformity assessment activities; (d) on request, any conformity assessment activities performed within the scope of its notification and any other activity performed, including cross-border activities and subcontracting. 2. A notified body shall provide other notified bodies carrying out similar conformity assessment activities covering the same kinds of machinery product with relevant information on issues relating to negative and, on request, positive conformity assessment results.
2023/03/30
Committee: ENVILIBE
Amendment 1073 #
Proposal for a regulation
Article 27 q (new)
Article 27 q Coordination of notified bodies The Commission shall ensure that appropriate coordination and cooperation between notified bodies are put in place and properly operated in the form of a sectoral group of notified bodies. A notified body shall participate in the work of that group, directly or by means of designated representatives.
2023/03/30
Committee: ENVILIBE
Amendment 1074 #
Proposal for a regulation
Article 27 q (new)
Article 27 q Exchange of experience The Commission shall provide for the organisation of exchange of experience between the Member States' national authorities responsible for notification policy.
2023/03/30
Committee: ENVILIBE
Amendment 1075 #
Proposal for a regulation
Chapter III – Section 3 a (new)
3a Section 3a Conformity assessment
2023/03/30
Committee: ENVILIBE
Amendment 1079 #
Proposal for a regulation
Article 28 – paragraph 4 a (new)
4 a. Market surveillance authorities shall immediately inform Notified Bodies about manufacturers of EHR systems that no longer comply with the requirements on the declaration of conformity.
2023/03/30
Committee: ENVILIBE
Amendment 1080 #
Proposal for a regulation
Article 29 – paragraph 1
1. Where a market surveillance authority findsof one Member State have sufficient reason to believe that an EHR system presents a risk to the health or, safety or rights of natural persons or to other aspects of public interest protection, ithey shall require the manufacturer of the EHR system concerned, icarry out an evaluation in relation to the EHR system concerned covering all relevant requirements laid down in this Regulation. Its authorised representatives and all other relevant economic operators toshall cooperate as necessary with the market surveillance authorities for that purpose and take all appropriate measures to ensure that the EHR system concerned no longer presents that risk when placed on the market to withdraw the EHR system from the market or to recall it within a reasonable period. Where, in the course of the evaluation referred to in the first subparagraph, the market surveillance authorities find that the EHR system does not comply with the requirements laid down in this Regulation, they shall without delay require the relevant economic operator to take all appropriate corrective action to bring the EHR system into compliance with those requirements, to withdraw the machinery product from the market, or to recall it within a reasonable period which is commensurate with the nature of the risk referred to in the first subparagraph. The market surveillance authorities shall inform the relevant notified body accordingly.
2023/03/30
Committee: ENVILIBE
Amendment 1083 #
Proposal for a regulation
Article 29 – paragraph 1 a (new)
1 a. Where the market surveillance authorities consider that non-compliance is not restricted to their national territory, they shall inform the Commission and the other Member States of the results of the evaluation and of the actions which they have required the economic operator to take.
2023/03/30
Committee: ENVILIBE
Amendment 1096 #
Proposal for a regulation
Article 30 – paragraph 1 a (new)
1 a. Where the relevant economic operator does not take adequate corrective action within the period referred to in Article 29, paragraph 1, second subparagraph, the market surveillance authorities shall take all appropriate provisional measures to prohibit or restrict the EHR system being made available on their national market, to withdraw the machinery product from that market or to recall it. The market surveillance authorities shall inform the Commission and the other Member States, without delay, of those measures.
2023/03/30
Committee: ENVILIBE
Amendment 1097 #
Proposal for a regulation
Article 30 – paragraph 1 b (new)
1 b. The information referred to in paragraph 1.a, second subparagraph, shall include all available details, in particular the data necessary for the identification of the noncompliant EHR system, the origin of that EHR system, the nature of the non-compliance alleged and the risk involved, the nature and duration of the national measures taken and the arguments put forward by the relevant economic operator.In particular, the market surveillance authorities shall indicate whether the noncompliance is due to any of the following: (a) failure of the EHR system to meet the requirements relating to the essential requirements set out in Annex II; (b) shortcomings in the harmonised standards referred to in Article 25a(1); (c) shortcomings in the technical specifications referred to in Article 25a(4).
2023/03/30
Committee: ENVILIBE
Amendment 1098 #
Proposal for a regulation
Article 30 – paragraph 1 c (new)
1 c. Member States other than the Member State initiating the procedure under this Article shall without delay inform the Commission and the other Member States of any measures adopted and of any additional information at their disposal relating to the non-compliance of the EHR system concerned, and, in the event of disagreement with the adopted national measure, of their objections.
2023/03/30
Committee: ENVILIBE
Amendment 1099 #
Proposal for a regulation
Article 30 – paragraph 1 d (new)
1 d. Where, within three months of receipt of the information referred to in paragraph 1a, second subparagraph, no objection has been raised by either a Member State or the Commission in respect of a provisional measure taken by a Member State, that measure shall be deemed justified.
2023/03/30
Committee: ENVILIBE
Amendment 1100 #
Proposal for a regulation
Article 30 a (new)
Article 30 a Union safeguard procedure 1. Where, on completion of the procedure set out in Article 29(2) and Article 30(1a), objections are raised against a measure taken by a Member State, or where the Commission considers a national measure to be contrary to Union legislation, the Commission shall without delay enter into consultation with the Member States and the relevant economic operator or operators and shall evaluate the national measure. On the basis of the results of that evaluation, the Commission shall adopt an implementing act in the form of a decision determining whether the national measure is justified or not. The Commission shall address its decision to all Member States and shall without delay communicate it to them and to the relevant economic operator or operators. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 68(2a). 2. If the national measure is considered justified, all Member States shall take the necessary measures to ensure that the non-compliant EHR system is withdrawn from their market, and shall inform the Commission accordingly. If the national measure is considered unjustified, the Member State concerned shall withdraw that measure. Where the national measure is considered justified and the non-compliance of the EHR system is attributed to shortcomings in the harmonised standards or technical specifications referred to in Article 30(1b), points (b) and (c), of this Regulation, the Commission shall apply the procedure provided for in Article 11 of Regulation (EU) No 1025/2012.
2023/03/30
Committee: ENVILIBE
Amendment 1106 #
Proposal for a regulation
Article 31 – paragraph 1
1. Where a manufacturer of a wellness application claims interoperability with an EHR system and therefore compliance with the essential requirements laid down in Annex II and common specifications in Article 23, such wellness application mayshall be accompanied by a label, clearly indicating its compliance with those requirements. The label shall be issued by the manufacturer of the wellness application and the health data access body shall be informed.
2023/03/30
Committee: ENVILIBE
Amendment 1107 #
Proposal for a regulation
Article 31 – paragraph 3
3. The Commission mayshall, by means of implementing acts, determine the format and content of the label. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
2023/03/30
Committee: ENVILIBE
Amendment 1132 #
Proposal for a regulation
Article 33 – paragraph 1 – introductory part
1. Data holders shall, through a secure system ensuring protection of the patients’ data, make the following categories of electronic data available for secondary use, in accordance with the provisions of this Chapter:
2023/03/30
Committee: ENVILIBE
Amendment 1142 #
Proposal for a regulation
Article 33 – paragraph 1 – point a
(a) electronic health data from EHRs;
2023/03/30
Committee: ENVILIBE
Amendment 1151 #
Proposal for a regulation
Article 33 – paragraph 1 – point b
(b) data on factors impacting on health, including social, environmental behavioural determinants of health;
2023/03/30
Committee: ENVILIBE
Amendment 1156 #
Proposal for a regulation
Article 33 – paragraph 1 – point d
(d) healthcare-related administrative data, including claims and reimbursement data;
2023/03/30
Committee: ENVILIBE
Amendment 1166 #
Proposal for a regulation
Article 33 – paragraph 1 – point e
(e) extracts from human genetic, genomic and proteomic data, such as genetic markers;
2023/03/30
Committee: ENVILIBE
Amendment 1220 #
Proposal for a regulation
Article 33 – paragraph 2
2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro and small enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59in the context of healthcare provision. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).
2023/03/30
Committee: ENVILIBE
Amendment 1222 #
Proposal for a regulation
Article 33 – paragraph 2 a (new)
2 a. The Commission, together with the Member States, will define measures to protect the personal data of healthcare professionals involved in the treatment of a natural person, in order to prevent the possibility of identifying which prescriptions doctors administer to their patients.
2023/03/30
Committee: ENVILIBE
Amendment 1229 #
Proposal for a regulation
Article 33 – paragraph 3 a (new)
3 a. The natural person shall receive information about the benefits of providing access to their health data for secondary use.
2023/03/30
Committee: ENVILIBE
Amendment 1251 #
Proposal for a regulation
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.deleted
2023/03/30
Committee: ENVILIBE
Amendment 1265 #
Proposal for a regulation
Article 33 – paragraph 5 a (new)
5 a. Natural persons shall have the right to decline the processing of parts or all of their electronic health data for secondary use. In this regard, health data access bodies shall provide an easily understandable and accessible opt-out mechanism in a user-friendly format whereby natural persons have the option to explicitly remove parts or all of their electronic health data to be processed for some or all secondary use purposes.
2023/03/30
Committee: ENVILIBE
Amendment 1268 #
Proposal for a regulation
Article 33 – paragraph 5 b (new)
5 b. For the categories of electronic health data referred to in (e) and (m) of the first paragraph, health data access bodies shall only provide this health data for secondary use processing after natural persons have explicitly consented to its use. Such an opt-in mechanism shall be easily understandable and accessible and provided for in a user-friendly format whereby data subjects are made aware of the sensitive nature of the data.
2023/03/30
Committee: ENVILIBE
Amendment 1274 #
Proposal for a regulation
Article 33 – paragraph 7
7. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.
2023/03/30
Committee: ENVILIBE
Amendment 1295 #
Proposal for a regulation
Article 34 – paragraph 1 – point a
(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance, monitoring and evaluating health programmes or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices;
2023/03/30
Committee: ENVILIBE
Amendment 1300 #
Proposal for a regulation
Article 34 – paragraph 1 – point b
(b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, as well as, where national laws apply, professional associations, in the health or care sector to carry out their tasks defined in their mandates;
2023/03/30
Committee: ENVILIBE
Amendment 1311 #
Proposal for a regulation
Article 34 – paragraph 1 – point d
(d) education oruniversity and post-university teaching activities in health or care sectors;
2023/03/30
Committee: ENVILIBE
Amendment 1314 #
Proposal for a regulation
Article 34 – paragraph 1 – point e
(e) scientific research related to health or care sectors for prevention, early detection, diagnosis, treatment, rehabilitation or healthcare management, including fundamental, exploratory or applied healthcare research;
2023/03/30
Committee: ENVILIBE
Amendment 1325 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products or services contributing to public health or social security and intended for healthcare or long-term care purposes, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;
2023/03/30
Committee: ENVILIBE
Amendment 1339 #
Proposal for a regulation
Article 34 – paragraph 1 – point g
(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security and intended for healthcare or long-term care purposes, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;
2023/03/30
Committee: ENVILIBE
Amendment 1372 #
Proposal for a regulation
Article 35 – paragraph 1 – point a
(a) taking decisions detrimental to a natural person or a group of natural persons based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;
2023/03/30
Committee: ENVILIBE
Amendment 1377 #
Proposal for a regulation
Article 35 – paragraph 1 – point b
(b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance or credit contract or to modify their contributions and insurance premiums or conditions of loans or exclude them from the benefit of participating in clinical trials;
2023/03/30
Committee: ENVILIBE
Amendment 1388 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
(c) advertising or marketing activities towards health professionals, organisations in health or natural persons;
2023/03/30
Committee: ENVILIBE
Amendment 1393 #
Proposal for a regulation
Article 35 – paragraph 1 – point e
(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco and nicotine products, weaponries or products, or goods or services which are designed or modified in such a way that they incite chemical, behavioural or any other type of addiction or that they contravene public order or morality.
2023/03/30
Committee: ENVILIBE
Amendment 1404 #
Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)
(e a) automated individual decision- making, including profiling, in accordance with Article 22 of the Regulation (EU) 2016/679.
2023/03/30
Committee: ENVILIBE
Amendment 1412 #
Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)
(e b) data of pharmaceutical prescriptions or medical devices by commercial name, with the exception of usage by public authorities.
2023/03/30
Committee: ENVILIBE
Amendment 1415 #
Proposal for a regulation
Article 35 – paragraph 1 – point e c (new)
(e c) national defense and security.
2023/03/30
Committee: ENVILIBE
Amendment 1417 #
Proposal for a regulation
Article 35 – paragraph 1 – point e d (new)
(e d) confidential data used by public bodies which are market regulators.
2023/03/30
Committee: ENVILIBE
Amendment 1436 #
Proposal for a regulation
Article 36 – paragraph 2
2. Member States shall ensure that each health data access body is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers in a timely manner.
2023/03/30
Committee: ENVILIBE
Amendment 1468 #
Proposal for a regulation
Article 37 – paragraph 1 – point d
(d) process electronic health data for the purposes set out in Article 34, including the collection, combination, preparation and disclosure of those data for secondary use on the basis of a data permit, while also ensuring proper security of that data;
2023/03/30
Committee: ENVILIBE
Amendment 1490 #
Proposal for a regulation
Article 37 – paragraph 1 – point j
(j) cooperate with and supervise data holders to enable them to enact their rights to opt-out of data processing for secondary use as referred to in Article 33(5a) and to opt-in for data processing for the specific categories of data referred to in Article 33(5b) ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;
2023/03/30
Committee: ENVILIBE
Amendment 1532 #
Proposal for a regulation
Article 37 – paragraph 2 – point d a (new)
(d a) cooperate with European institutions and agencies, where applicable in accordance with Union law.
2023/03/30
Committee: ENVILIBE
Amendment 1543 #
Proposal for a regulation
Article 38 – paragraph 1 – point c
(c) the applicable rights of natural persons in relation to secondary use of electronic health data, including the right to opt-out referred to in Article 33(5a) and the right to opt-in for the categories of data referred to in Article 33(5b);
2023/03/30
Committee: ENVILIBE
Amendment 1550 #
Proposal for a regulation
Article 38 – paragraph 1 – point d a (new)
(d a) the record on who has been granted access to the data, the legal basis and the purpose, in accordance with Union and national law;
2023/03/30
Committee: ENVILIBE
Amendment 1558 #
Proposal for a regulation
Article 38 – paragraph 2
2. HAt the request of a natural person or a group representing natural persons, health data access bodies shall not be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46.
2023/03/30
Committee: ENVILIBE
Amendment 1566 #
Proposal for a regulation
Article 38 – paragraph 3
3. Where a health data access body isData users shall inform the health data access bodies of conclusive findings that arise from the secondary use of natural persons’ health data. Health data access bodies shall provide an accessible and easily understandable mechanism for natural persons to express their explicit will to be informed by a data user of a finding that may impact on the health of athat natural person, the health data access body may inform the natural person and his or her treating health professional about. Electronic health records shall notify the health professionals with the appropriate competence to communicate to the natural person about that finding to better evaluate thate finding and its consequences.
2023/03/30
Committee: ENVILIBE
Amendment 1571 #
Proposal for a regulation
Article 38 – paragraph 4
4. Member States shall regularly inform the public at large about the role and benefits of health data access bodies, as well as the risks and consequences linked with individual and collective digital health data rights arising from this Regulation.
2023/03/30
Committee: ENVILIBE
Amendment 1574 #
Proposal for a regulation
Article 38 – paragraph 4
4. Member States shall regularly inform the public at large about the role and benefits of health data access bodies, as well as the risks and consequences linked with individual and collective digital health data rights arising from this Regulation.
2023/03/30
Committee: ENVILIBE
Amendment 1627 #
Proposal for a regulation
Article 41 – paragraph 4
4. The data holder shall put the electronic health data at the disposal of the health data access body within 23 months from receiving the request from the health data access body. In exceptional cases, that period may be extended by the health data access body for an additional period of 2 months.
2023/03/30
Committee: ENVILIBE
Amendment 1632 #
Proposal for a regulation
Article 42 – paragraph 1
1. Health data access bodies and single data holders may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to set up, data enrichment, maintainance or updating of the dataset and conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]. No fees should be charged to public health authorities, at local, regional or national level or to address public health research, including but not limited to, epidemiological surveillance or monitoring of health projects and programmes.
2023/03/30
Committee: ENVILIBE
Amendment 1646 #
Proposal for a regulation
Article 42 – paragraph 4
4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate to the cost of collecting, set up, data enrichment, maintainance or updating of the dataset and making electronic health data available for secondary use, objectively justified and shall not restrict competition. The support received by the data holder from donations, public national or Union funds, to set up, develop or update that dataset shall be excluded from this calculation. The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees, by reducing those fees proportionately to their size or budget.
2023/03/30
Committee: ENVILIBE
Amendment 1657 #
Proposal for a regulation
Article 42 – paragraph 6
6. The Commission mayshall, by means of implementing acts, lay down principles and rules for the fee policies and fee structures. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
2023/03/30
Committee: ENVILIBE
Amendment 1665 #
4. Health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to revoke the data permit and to exclude the data user from any access to electronic health data for a period of up to 5 years, and fines shall be imposed in accordance with Article 83 of the Regulation (EU) 2016/679.
2023/03/30
Committee: ENVILIBE
Amendment 1671 #
Proposal for a regulation
Article 43 – paragraph 5
5. Where data holders withhold the electronic health data from health data access bodies with the manifest intention of obstructing the use of electronic health data, or do not respect the deadlines set out in Article 41, the health data access body shall have the power to fine the data holder with fines for each day of delay, which shall be transparent and proportionate. The amount of the fines shall be established by the health data access body. In case of repeated breaches by the data holder of the obligation of loyal cooperation with the health data access body, that body can exclude the data holder from participation in the EHDS for a period of up to 5 years. Where a data holder has been excluded from the participation in the EHDS pursuant to this Article, following manifest intention of obstructing the secondary use of electronic health data, it shall not have the right to provide access to health data in accordance with Article 49.
2023/03/30
Committee: ENVILIBE
Amendment 1677 #
Proposal for a regulation
Article 43 – paragraph 5 a (new)
5 a. Any natural person affected by a breach of the data permit issued pursuant to Articles 35 and 46 should have the right to an effective judicial remedy before a tribunal in accordance with Article 47 of the Charter of Fundamental Rights of the European Union.
2023/03/30
Committee: ENVILIBE
Amendment 1685 #
Proposal for a regulation
Article 43 – paragraph 10
10. The Commission mayshall issues guidelines on penalties to be applied by the health data access bodies.
2023/03/30
Committee: ENVILIBE
Amendment 1715 #
Proposal for a regulation
Article 44 – paragraph 3
3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access bodyholder. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.
2023/03/30
Committee: ENVILIBE
Amendment 1721 #
Proposal for a regulation
Article 44 – paragraph 3 a (new)
3 a. In providing anonymised and pseudonymised datasets, health data access bodies shall follow the state-of-the- art in anonymisation and pseudonymisation technologies. The European Health Data Space Board, together with the digital health authorities, shall discuss and create norms and standards for data holders to apply.
2023/03/30
Committee: ENVILIBE
Amendment 1752 #
Proposal for a regulation
Article 45 – paragraph 2 – point g
(g) an justified estimation of the period during which the electronic health data is needed for processing;
2023/03/30
Committee: ENVILIBE
Amendment 1756 #
Proposal for a regulation
Article 45 – paragraph 2 – point h a (new)
(h a) a communication plan defining audiences and tools to publicly inform on the results or outcomes of the access to the data in accordance with Article 46(11);
2023/03/30
Committee: ENVILIBE
Amendment 1760 #
Proposal for a regulation
Article 45 – paragraph 2 – point h b (new)
(h b) provide the specified information under Article 14 of Regulation (EU) 2016/679 and facilitate the exercise of the rights of natural persons with Chapter III of Regulation (EU) 2016/67.
2023/03/30
Committee: ENVILIBE
Amendment 1761 #
Proposal for a regulation
Article 45 – paragraph 2 – point h c (new)
(h c) information, such as but not limited to professional qualifications, which justify the data applicant's suitability to use the requested data for the intended purpose.
2023/03/30
Committee: ENVILIBE
Amendment 1767 #
Proposal for a regulation
Article 45 – paragraph 4 – introductory part
4. Where the applicant intends to access the personal electronic health data in a pseudonymised format or non- personal data, the following additional information shall be provided together with the data access application:
2023/03/30
Committee: ENVILIBE
Amendment 1813 #
Proposal for a regulation
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 26 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.
2023/03/30
Committee: ENVILIBE
Amendment 1843 #
Proposal for a regulation
Article 46 – paragraph 9
9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 5 years. This duration may be extended once, at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit, for a period which cannot exceed 5 years. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 5 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted within 6 months followingimmediately after the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body.
2023/03/30
Committee: ENVILIBE
Amendment 1851 #
Proposal for a regulation
Article 46 – paragraph 11
11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 182 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public in lay summaries on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
2023/03/30
Committee: ENVILIBE
Amendment 1877 #
Proposal for a regulation
Article 48 – title
Making data available for public sector bodies and Union institutions, bodies, offices andnational public health authorities and European Union public health agencies without a data permit
2023/04/05
Committee: ENVILIBE
Amendment 1885 #
Proposal for a regulation
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodnational public health authorities and the European Union health agencies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.
2023/04/05
Committee: ENVILIBE
Amendment 1890 #
Proposal for a regulation
Article 49
Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder
2023/04/05
Committee: ENVILIBE
Amendment 1900 #
Proposal for a regulation
Article 50 – paragraph 1 – introductory part
1. TSubject to the issuance of a data permit, the health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organisational measures and security and interoperability requirements. In particular, they shall take the following security measures:
2023/04/05
Committee: ENVILIBE
Amendment 1910 #
Proposal for a regulation
Article 50 – paragraph 3
3. The health data access bodies shall ensure regular audits of the secure processing environments. and take immediate corrective action of any shortcomings, risks or vulnerabilities identified in the secure processing environments
2023/04/05
Committee: ENVILIBE
Amendment 1917 #
Proposal for a regulation
Article 51 – title
Joint cControllership
2023/04/05
Committee: ENVILIBE
Amendment 1921 #
Proposal for a regulation
Article 51 – paragraph 1
1. The health data access bodies and the data users, including Union institutions, bodies, offices and agencies,In addition to data holders, the health data access bodies shall be deemed a controller for the processing of personal electronic health data in accordance with Article 37(1)(d). The data users shall be deemed joint controllers of electronic health data processed in accordance with data permi for the processing of personal electronic health data in pseudonymised form in the secure processing environment pursuant to the data permit. The health data access body shall act as a processor for the health data user´s processing pursuant to a data permit in the secure processing environment.
2023/04/05
Committee: ENVILIBE
Amendment 1925 #
Proposal for a regulation
Article 51 – paragraph 2
2. The Commission shall, by means of implementing acts, establish a template for the joint controllers’ arrangement. Those implementing acts shall be adopted in accordance with the advisory procedure set out in Article 68(2).
2023/04/05
Committee: ENVILIBE
Amendment 1929 #
Proposal for a regulation
Article 52 – paragraph 3
3. Union institutions, bodies, offices and agencies involved in health research, health policy or analysis, shall be authorised participants of HealthData@EU.
2023/04/05
Committee: ENVILIBE
Amendment 1934 #
Proposal for a regulation
Article 52 – paragraph 5
5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation and whereby the transfer of electronic health data is compliant with the provisions laid down in Chapter V of Regulation (EU) 2016/679 and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and Chapter V of Regulation 2016/679 and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.
2023/04/05
Committee: ENVILIBE
Amendment 1945 #
The Commission mayshall, by means of implementing acts, set out:
2023/04/05
Committee: ENVILIBE
Amendment 1947 #
Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point a
(a) requirements, technical specifications, the IT architecture of HealthData@EU, conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU which shall ensure state- of-the-art data security, confidentiality, and protection of electronic health data in the cross border infrastructure;
2023/04/05
Committee: ENVILIBE
Amendment 1952 #
(aa) conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU;
2023/04/05
Committee: ENVILIBE
Amendment 1961 #
Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 2
Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The Commission shall consult with and involve the European Union Agency for Cyber Security (ENISA) in the aforementioned process.
2023/04/05
Committee: ENVILIBE
Amendment 1975 #
Proposal for a regulation
Article 54 – paragraph 2
2. AThe same data permit issued by one concerned health data access body mayshall benefit from mutual recognition by the other concerned health data access bodies.
2023/04/05
Committee: ENVILIBE
Amendment 1976 #
Proposal for a regulation
Article 54 – paragraph 2
2. AThe same data permit issued by one concerned health data access body mayshall benefit from mutual recognition by the other concerned health data access bodies.
2023/04/05
Committee: ENVILIBE
Amendment 1981 #
Proposal for a regulation
Article 57 – paragraph 1
1. The Commission shall establish an EU Datasets Catalogue connecting the national catalogues of datasets established by the health data access bodies and other authorised participants in HealthData@EU. taking into consideration the health interoperability resources already developed across the Union.
2023/04/05
Committee: ENVILIBE
Amendment 2006 #
Proposal for a regulation
Article 61 – paragraph 2
2. The protective measures for the categories of data mentioned in paragraph 1 shall depend on the nature of the data and anonymization and pseudonymisation techniques and shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].
2023/04/05
Committee: ENVILIBE
Amendment 2017 #
Proposal for a regulation
Article 63 – paragraph 1
In the context of international access and transfer of personal electronic health data, Member States may maintain or introduce furPersons responsible and processors located in the EU who process personal electronic health data in the scope of this Regulation shall store the respective data within the territory of the EU. In ther conditions, including limitations, in accordance with and under the conditions of article 9(4)text of international access and transfer of personal electronic health data, shall be granted in accordance with Chapter V of the Regulation (EU) 2016/679.
2023/04/05
Committee: ENVILIBE
Amendment 2023 #
Proposal for a regulation
Article 64 – paragraph 1
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of the high level representatives of digital health authorities and health data access bodies of all the Member States. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor mayshall be invited to the meetings, where the issues discussed are of relevance for them. The Board shall also consult on a regular basis European level patient organisations and European level healthcare professional organisations and may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.
2023/04/05
Committee: ENVILIBE
Amendment 2036 #
Proposal for a regulation
Article 64 – paragraph 4
4. Stakeholders and relevant third partieRelevant stakeholders, including patients' and healthcare presentativesofessional's organisations and academia, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.
2023/04/05
Committee: ENVILIBE
Amendment 2039 #
Proposal for a regulation
Article 64 – paragraph 5
5. The EHDS Board shall cooperate with other relevant bodies, entities and experts, such as the European Data Innovation Board referred to in Article 26 of Regulation […] [Data Governance Act COM/2020/767 final], competent bodies set up under Article 7 of Regulation […] [Data Act COM/2022/68 final], supervisory bodies set up under Article 17 of Regulation […] [eID Regulation], European Data Protection Board referred to in Article 68 of Regulation (EU) 2016/679 and cybersecurity bodies, in particular the European Agency for Cybersecurity (ENISA).
2023/04/05
Committee: ENVILIBE
Amendment 2040 #
Proposal for a regulation
Article 64 – paragraph 5 a (new)
5a. The EHDS Board, in conjunction with the European Commission, shall publish an annual report covering the implementation status of the European Health Data Space and other relevant points of development, including with respect to cross-border health data interoperability, and implementation challenges.
2023/04/05
Committee: ENVILIBE
Amendment 2066 #
Proposal for a regulation
Article 65 – paragraph 2 – point f
(f) to facilitate the exchange of views on the secondary use of electronic health data with the relevant stakeholders, including representatives of patients, health professionals, researchers, regulators and policy makers in the health sector to support the design of aligned implementation strategies, guidance and standards and to assess the needs for further improvement.
2023/04/05
Committee: ENVILIBE
Amendment 2076 #
Proposal for a regulation
Article 67 – paragraph 2
2. The power to adopt delegated acts referred to in Articles 5(2), 107(3), 25(3), 32(4), 33(7), 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Regulation.
2023/04/05
Committee: ENVILIBE
Amendment 2081 #
Proposal for a regulation
Article 67 – paragraph 3
3. The power to adopt delegated acts referred to in Articles 5(2), 107(3), 25(3), 32(4), 33(7), 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
2023/04/05
Committee: ENVILIBE
Amendment 2083 #
Proposal for a regulation
Article 67 – paragraph 4
4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State and targeted stakeholders, including health professionals and patients’ organisations, in accordance with the principles laid down in the Inter-institutional Agreement of 13 April 2016 on Better Law-Making.
2023/04/05
Committee: ENVILIBE
Amendment 2086 #
Proposal for a regulation
Article 68 – paragraph 2 a (new)
2a. In accordance with the Inter- Institutional Agreement of 13 April 2016 on Better Law-Making, the Commission shall make use of expert groups, consult targeted stakeholders and carry out public consultations to gather broader expertise in the early preparation of draft implementing acts.
2023/04/05
Committee: ENVILIBE
Amendment 2091 #
Proposal for a regulation
Article 69 – paragraph 1
Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties shall be effective, proportionate and, dissuasive and encouraging corrective action to the infringements. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them.
2023/04/05
Committee: ENVILIBE
Amendment 2100 #
Proposal for a regulation
Article 70 – paragraph 1
1. After 53 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.
2023/04/05
Committee: ENVILIBE
Amendment 2120 #
Proposal for a regulation
Article 72 – paragraph 3 – point b
(b) from 32 years after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (d), (e) and (f), and to EHR systems intended by the manufacturer to process such categories of data;
2023/04/05
Committee: ENVILIBE
Amendment 2122 #
Proposal for a regulation
Article 72 – paragraph 4
Chapter III shall apply to EHR systems put into service in the Union pursuant to Article 15(2) from 32 years after date of entry into application.
2023/04/05
Committee: ENVILIBE
Amendment 2129 #
Proposal for a regulation
Annex II – point 2 – point 2.5
2.5. An EHR system shall not include features that prohibit, restrict or place undue burden on authorised exporting of personal electronic health data for the reasons of replacing the EHR system by another product. Authorised exporting of personal electronic health data shall be free of charge, without undue delay, or in in any event within one month from the request and in a structured, commonly used and machine-readable format, in line with the interoperability and security requirements to be developed according to Articles 23 and 50.
2023/04/05
Committee: ENVILIBE
Amendment 2131 #
Proposal for a regulation
Annex II – point 3 – point 3.1
3.1. An EHR system shall be designed and developed in such a way that it ensures highly safe and secure processing of electronic health data, and that it prevents unauthorised access to such data.
2023/04/05
Committee: ENVILIBE
Amendment 2133 #
Proposal for a regulation
Annex IV a (new)
ANNEX IVa 1. EU type-examination is the part of a conformity assessment procedure in which a notified body examines the technical design of an EHR system and verifies and attests that the technical design of the EHR system meets the applicable requirements of this Regulation. 2. EU type-examination shall be carried out by assessment of the adequacy of the technical design of the EHR system through examination of the technical documentation, plus examination of a specimen of the EHR system that is representative of the production envisaged (production type). 3. Application for EU type- examination The manufacturer shall lodge an application for EU type-examination with a single notified body of his or her choice. The application shall include: (a) the name and address of the manufacturer and, if the application is lodged by an authorised representative, the name and address of that authorised representative; (b) a written declaration that the same application has not been lodged with any other notified body; (c) the technical documentation described in Annex III; (d) the specimen(s) of the EHR system representative of the production envisaged. The notified body may request further specimens if needed for carrying out the test programme. 4. EU type-examination The notified body shall: (a) examine the technical documentation to assess the adequacy of the technical design of the EHR system; (b) verify that the EHR system has been manufactured in conformity with the technical documentation, and identify the elements that have been designed in accordance with the applicable provisions of the relevant harmonised standards or technical specifications adopted by the Commission; (c) carry out appropriate examinations and tests, or have them carried out, to check whether, where the manufacturer has chosen to apply the solutions in the relevant harmonised standards, those have been applied correctly; (e) carry out appropriate examinations and tests, or have them carried out, to check whether, where the solutions in the relevant harmonised standards or technical specifications adopted by the Commission, the solutions adopted by the manufacturer, including those in other technical specifications applied, meet the corresponding essential requirements and have been applied correctly. 5. Evaluation report The notified body shall draw up an evaluation report that records the activities undertaken in accordance with point 4 and their outcomes. Without prejudice to its obligations vis-à-vis the notifying authorities, as mentioned in Article 27, point (j), the notified body shall release the content of that report, in full or in part, only with the agreement of the manufacturer. 6. EU type-examination certificate 6.1. Where the type meets the applicable essential requirements, the notified body shall issue an EU type- examination certificate to the manufacturer. The period of validity of a newly issued certificate and, where appropriate, of a renewed certificate shall not exceed five years. 6.2. The EU type-examination certificate shall contain at least the following information: (a) the name and identification number of the notified body; (b) the name and address of the manufacturer and, if the application is lodged by an authorised representative, the name and address of that authorised representative; (c) an identification of the EHR system covered by the certificate (type number); (d) a statement that the EHR system complies with the applicable essential requirements; (e) where harmonised standards or technical specifications adopted by the Commission have been fully or partially applied, the references of those standards or parts thereof; (f) where other technical specifications have been applied, the references of those technical specifications; (g) where applicable, the performance level(s) or protection class of the machinery product; (h) the date of issue, the date of expiry and, where appropriate, the date(s) of renewal; (i) any conditions attached to the issuing of the certificate. 6.3. Where the type does not satisfy the applicable essential requirements, the notified body shall refuse to issue an EU type-examination certificate and shall inform the applicant accordingly, giving detailed reasons for its refusal. 7. Review of the EU type- examination certificate 7.1. The notified body shall keep itself apprised of any changes in the generally acknowledged state of the art, which indicate that the approved type may no longer comply with the applicable essential requirements, and shall determine whether such changes require further investigation. If so, the notified body shall inform the manufacturer accordingly. 7.2. The manufacturer shall inform the notified body that holds the technical documentation relating to the EU type- examination certificate of all modifications to the approved type and of all modifications to the technical documentation that may affect the conformity of the EHR system with the applicable essential health and safety requirements or the conditions for validity of that certificate. Such modifications shall require additional approval in the form of an addition to the original EU type-examination certificate. 7.3. The manufacturer shall ensure that the EHR system continues to fulfil the applicable essential requirements in light of the state of the art. 7.4. The manufacturer shall ask the notified body to review the EU type- examination certificate either: (a) in the case of a modification to the approved type referred to in point 7.2; (b) in the case of a change in the state of the art referred to in point 7.3; (c) at the latest, before the date of expiry of the certificate. In order to allow the notified body to fulfil its tasks, the manufacturer shall submit his or her application at the earliest 12 months and at the latest 6 months prior to the expiry date of the EU type-examination certificate. 7.5. The notified body shall examine the EHR system type and, where necessary in the light of the changes made, carry out the relevant tests to ensure that the approved type continues to fulfil the applicable essential requirements. If the notified body is satisfied that the approved type continues to fulfil the applicable essential requirements, it shall renew the EU type- examination certificate. The notified body shall ensure that the review procedure is finalised before the expiry date of the EU type-examination certificate. 7.6. Where the conditions referred to in points (a) and (b) of point 7.4 are not met, a simplified review procedure shall apply. The manufacturer shall supply the notified body with the following: (a) His or her name and address and data identifying the EU type-examination certificate concerned; (b) confirmation that there has been no modification to the approved type as referred to in point 7.2, nor to the relevant harmonised standards or technical specifications adopted by the Commission or other technical specifications applied; (c) confirmation that there has been no change in the state of the art as referred to in point 7.3; 7.7. If, following the review, the notified body concludes that the EU type- examination certificate is no longer valid, the body shall withdraw it and the manufacturer shall cease the placing on the market of the EHR system concerned. 8. Each notified body shall inform its notifying authority concerning the EU type-examination certificates and/or any additions thereto which it has issued or withdrawn, and shall, periodically or upon request, make available to its notifying authority the list of such certificates and/or any additions thereto refused, suspended or otherwise restricted. Each notified body shall inform the other notified bodies concerning the EU type-examination certificates and/or any additions thereto, which it has refused, withdrawn, suspended or otherwise restricted, and, upon request, concerning the EU type-examination certificates and/or additions thereto which it has issued. The Commission, the Member States and the other notified bodies may, on request, obtain a copy of the EU type-examination certificates and/or additions thereto. On request, the Commission and the Member States may obtain a copy of the technical documentation and the results of the examinations carried out by the notified body. The notified body shall keep a copy of the EU type-examination certificate, its annexes and additions, as well as the technical file including the documentation submitted by the manufacturer, for a period of five years after the expiry of the validity of that certificate. 9. The manufacturer shall keep a copy of the EU type-examination certificate together with the technical documentation at the disposal of the national authorities, for 10 years after the EHR system has been placed on the market. 10. The manufacturer's authorised representative may lodge the application referred to in point 3 and fulfil the obligations set out in points 7.2, 7.4 and 9, provided that they are specified in the mandate.
2023/04/05
Committee: ENVILIBE