Activities of Adriana MALDONADO LÓPEZ related to 2022/0140(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on the European Health Data Space
Amendments (50)
Amendment 50 #
Proposal for a regulation
Recital 1 a (new)
Recital 1 a (new)
(1a) The EHDS constitutes a key component for the creation of a strong and resilient European Health Union to better protect the health of European citizens, prevent and address future pandemics and improve resilience of Europe’s health systems.
Amendment 50 #
Proposal for a regulation
Recital 34
Recital 34
(34) In order to ensure an appropriate and effective enforcement of the requirements and obligations laid down in Chapter III of this Regulation, the system of market surveillance and compliance of products established by Regulation (EU) 2019/1020 should apply. Depending on the organisation defined at national level, such market surveillance activities could be carried out by the digital health authorities ensuring the proper implementation of Chapter II or a separate market surveillance authority responsible for EHR systems. While designating digital health authorities as market surveillance authorities could have important practical advantages for the implementation of health and care, any conflicts of interest should be avoided, for instance by separating different tasks. Member States should ensure that market surveillance authorities have the necessary human, technical and financial resources, premises, infrastructure, and expertise to carry out their duties effectively.
Amendment 51 #
Proposal for a regulation
Recital 1 b (new)
Recital 1 b (new)
(1b) The following Regulation should work horizontally with other European programs such as the Digital Europe Programme, Connecting Europe Facility and Horizon Europe. The European Commission should ensure that other European programs complement and facilitate the implementation of the European Health Data Space.
Amendment 52 #
Proposal for a regulation
Recital 1 c (new)
Recital 1 c (new)
(1c) Member States should cooperate in using interoperable standards together with European Digital Identity, facilitating the primary use of data in accordance with Article 9 of Regulation (EU)2016/679.
Amendment 53 #
Proposal for a regulation
Recital 4
Recital 4
(4) The processing of personal electronic health data is subject to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council43and, for Union institutions and bodies, Regulation (EU) 2018/1725 of the European Parliament and of the Council44. References to the provisions of Regulation (EU) 2016/679 should be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions and bodies, where relevant. In addition, the Regulation should comply with Cyber Resilience Act. _________________ 43 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1). 44 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
Amendment 60 #
Proposal for a regulation
Recital 19 a (new)
Recital 19 a (new)
(19a) The interoperability of the EHDS should contribute to high quality of European health data sets.
Amendment 60 #
(71) In order to assess whether this Regulation reaches its objectives effectively and efficiently, is coherent and still relevant and provides added value at Union level the Commission should carry out an evaluation of this Regulation. The Commission should carry out a partial evaluation of this Regulation 53 years after its entry into force, on the self-certification of EHR systems and the need to introduce a conformity assessment procedure performed by notified bodies, and an overall evaluation 7 years after the entry into force of this Regulation. The Commission should submit reports on its main findings following each evaluation to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions.
Amendment 66 #
Proposal for a regulation
Article 2 – paragraph 2 – point m
Article 2 – paragraph 2 – point m
(m) ‘EHR’ (electronic health record) means any collection of past or present electronic health data, including physical and mental data, related to a natural person and collected in the health system, processed for healthcare or research purposes;
Amendment 68 #
Proposal for a regulation
Article 2 – paragraph 2 – point n
Article 2 – paragraph 2 – point n
(n) ‘EHR system’ (electronic health record system) means any appliance or softwar, software or other article intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records, or that can be reasonably expected by the manufacturer to be mainly used for these purposes;
Amendment 70 #
Proposal for a regulation
Article 2 – paragraph 2 – point n a (new)
Article 2 – paragraph 2 – point n a (new)
(n a) ‘general software’ means any software that is not intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records, or that cannot be reasonably expected by the manufacturer to be mainly used for these purposes;
Amendment 72 #
Proposal for a regulation
Article 2 – paragraph 2 – point o
Article 2 – paragraph 2 – point o
(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life- stylhealthy life-style and well-being purposes, or that can be reasonably expected by the manufacturer to be mainly used for these purposes;
Amendment 75 #
Proposal for a regulation
Recital 41
Recital 41
(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Access to secondary health data for research and innovation to the development of medicines, medical devices, health care products and services should contribute to affordable and fair pricing for all European citizens when these products are placed on the market. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.
Amendment 76 #
Proposal for a regulation
Recital 41 a (new)
Recital 41 a (new)
(41a) Natural persons need quality education to help them understand the advantages and benefits of providing access to their health data for the secondary use, without prejudice to their right to opt-out from such sharing. In addition to high-level of transparency in terms of how and where their data would be used.
Amendment 95 #
Proposal for a regulation
Article 17 – paragraph 1 – point j
Article 17 – paragraph 1 – point j
(j) upon request of aprovide market surveillance authority, provide ities with all the information and documentation necessary to demonstrate the conformity of their EHR system with the essential requirements laid down in Annex II prior to making it available or putting it into service.
Amendment 96 #
Proposal for a regulation
Article 17 – paragraph 1 – point k a (new)
Article 17 – paragraph 1 – point k a (new)
(k a) establish reporting channels and ensure their accessibility to allow for users to submit complaints or concerns regarding potential non-conformity of products; assess the complaints and concerns received, and inform market surveillance authorities in case of suspected non-compliance of the product; and keep a register of complaints and concerns received for 10 years and make it available upon request from a market surveillance authority.
Amendment 105 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning mental and physical health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;
Amendment 106 #
Proposal for a regulation
Article 18 – paragraph 2 – point b
Article 18 – paragraph 2 – point b
(b) further to a reasoned request from a market surveillance authority, provide thatmarket surveillance authorityies with all the information and documentation necessary to demonstrate the conformity of an EHR system with the essential requirements laid down in Annex II;
Amendment 107 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
Article 2 – paragraph 2 – point f
(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals, involving the exchange of information and knowledge without changing the content or quality of the data between these organisations, software applications or devices, through the processes they support, enabling data portability across data holders and health care providers for data recipients and data users;
Amendment 111 #
(m) ‘EHR’ (electronic health record) means a collection of electronic mental and physical health data related to a natural person and collected in the health system, processed for healthcare or research purposes;
Amendment 118 #
Proposal for a regulation
Article 19 – paragraph 7
Article 19 – paragraph 7
7. Importers shall, further to a reasoned request from a provide market surveillance authority, provide ities with all the information and documentation necessary to demonstrate the conformity of an EHR system, prior to making it available on the market, in the official language of the Member State where the market surveillance authority is located. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.
Amendment 120 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)
Article 2 – paragraph 2 – point ae a (new)
(aea) ‘data sharing’ means the provision defined in Article 2 (10) of the Regulation (EU) 2022/868;
Amendment 122 #
Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)
Article 2 – paragraph 2 – point ae b (new)
(aeb) 'pseudonymisation' means the processing defined in Article 4 (5) of the Regulation (EU) 2016/679.
Amendment 126 #
Proposal for a regulation
Article 20 – paragraph 4
Article 20 – paragraph 4
4. Distributors shall, further to a reasoned request from a provide market surveillance authority, provide ities with all the information and documentation necessary to demonstrate the conformity of an EHR system prior to making it available on the market. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.
Amendment 129 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
An importer or distributor shall be considered a manufacturer for the purposes of this Regulation and shall be subject to the obligations laid down in Article 17, where they made an EHR system available on the market under their own name or trademark or modify an EHR system already placed on the market in such a way that conformity with the applicable requirements may be affected. Second- hand economic operators, including refurbishers, who make available on the market second-hand EHR systems, whether prepared for re-use, checked, cleaned, repaired, refurbished or without any action on the product shall not be considered as modifying a product in such a way that conformity with the applicable requirements may be affected.
Amendment 133 #
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1
Article 23 – paragraph 1 – subparagraph 1
The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a time limit for implementing those common specifications. The Commission shall consult, when preparing implementing acts, the relevant stakeholders, including the European Data Protection Supervisor and the European Data Protection Board where common specifications have an impact on the data protection requirements of EHR systems. Where relevant, the common specifications shall take into account the specificities of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14.
Amendment 136 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. The Commission shall, by means of implementingdelegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the transferability of electronic health data in a cross-border context. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
Amendment 139 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. The Member States and the Commission shall implement services required by the interoperable, cross-border identification and authentication mechanism referred to in paragraph 2 of this Article at Union level, as part of the cross-border digital health infrastructure referred to in Article 12(3).
Amendment 141 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The digital health authoritiMember States and the Commission shall implement the cross- border identification and authentication mechanism at Union and Member States’ level, respectively.
Amendment 146 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. The CE marking shall be affixed visibly, legibly and indelibly to the accompanying documents of the EHR system and, where applicable, to the packaging, and, where possible, to the EHR system itself.
Amendment 149 #
Proposal for a regulation
Article 33 – paragraph 1 – introductory part
Article 33 – paragraph 1 – introductory part
1. Data holders shall make the following categories of electronic data available, upon request and verifying that the natural person has not rejected the option of sharing their data for secondary use in accordance with the provisions of this Chapter:
Amendment 149 #
Proposal for a regulation
Article 28 – paragraph 2
Article 28 – paragraph 2
2. Member States shall designate the market surveillance authority or authorities responsible for the implementation of this Chapter. They shall entrust their market surveillance authorities with the powers, resources, equipment and knowledgehuman, technical and financial resources, equipment, IT tools, premises, infrastructure, knowledge and ongoing training necessary for the proper and effective performance of their tasks pursuant to this Regulation. Member States shall communicate the identity of the market surveillance authorities to the Commission which shall publish a list of those authorities.
Amendment 150 #
Proposal for a regulation
Article 28 – paragraph 3 a (new)
Article 28 – paragraph 3 a (new)
3 a. Market surveillance authorities shall act as single contact points, and centralize all procedures and verifications avoiding duplicated procedures with the Artificial Intelligence Act (2021/0106(COD)), Medical Devices Regulation 2012/0266(COD), In vitro Diagnostic Medical Devices Regulation (2012/0267(COD)), Cyber Resilience Act (2022/0272(COD)).
Amendment 152 #
Proposal for a regulation
Article 33 – paragraph 1 – point d
Article 33 – paragraph 1 – point d
Amendment 164 #
Proposal for a regulation
Article 33 – paragraph 1 – point j
Article 33 – paragraph 1 – point j
(j) electronic health data from finalised clinical trials;
Amendment 176 #
Proposal for a regulation
Article 33 – paragraph 3 a (new)
Article 33 – paragraph 3 a (new)
3a. The natural person shall receive information about the benefits of providing access to their health date for secondary use.
Amendment 187 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
Amendment 197 #
Proposal for a regulation
Article 69 – paragraph 1 a (new)
Article 69 – paragraph 1 a (new)
Penalties shall at least include fines proportionate to the extent of non- compliance and to the turnover of the relevant economic operator. Fines shall be calculated in such a way as to make sure that they effectively deprive the economic operator of the economic benefits derived from their infringements. Fines shall be gradually increased for repeated infringements.
Amendment 198 #
Proposal for a regulation
Article 69 – paragraph 1 b (new)
Article 69 – paragraph 1 b (new)
In deciding whether to impose sanctions and, if so, in determining their nature and appropriate level, due account shall be taken of: (a) the nature, gravity and duration of the infringement; (b) any previous infringements by the economic operator of this Regulation; (c) the financial benefits gained or losses avoided by the economic operator due to the infringement, if the relevant data are available; (d) penalties imposed in respect of the same infringement in other Member States; (e) any action taken by the economic operator to remedy or to mitigate the adverse effects of the infringement; (f) any other aggravating or mitigating factors applicable to the circumstances of the case.
Amendment 200 #
Proposal for a regulation
Article 34 – paragraph 1 – point e a (new)
Article 34 – paragraph 1 – point e a (new)
(ea) Health Economics and Outcomes Research (HEOR);
Amendment 200 #
Proposal for a regulation
Article 69 – paragraph 1 c (new)
Article 69 – paragraph 1 c (new)
Member States shall ensure that any decision containing penalties related to the breach of the provisions of this Regulation is published no later than a month after the penalty is imposed.
Amendment 203 #
Proposal for a regulation
Article 70 – paragraph 1
Article 70 – paragraph 1
1. After 53 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment especially with regards to a transition from self-certification to third- party certification. The evaluation shall include an assessment of the self- certification of EHR systems and reflect onconsider the need to introduce a conformity assessment procedure performed by notified bodies as a way to better ensure protection of electronic health data.
Amendment 208 #
Proposal for a regulation
Article 71 a (new)
Article 71 a (new)
Article 71 a Amendment to Directive (EU) 2020/1828 on Representative Actions for the Protection of the Collective Interests of Consumers The following is added to Annex I: “(67) Regulation (EU) .../... of the European Parliament and of the Council on the European Health Data Space”
Amendment 212 #
Proposal for a regulation
Annex II – point 3 – point 3.1
Annex II – point 3 – point 3.1
3.1. An EHR system shall be designed and developed in such a way that it ensures safe and secure processing of electronic health data, and that it prevents unauthorised access to such data, and that it duly takes into consideration the principles of data minimization and data protection by design.
Amendment 213 #
Proposal for a regulation
Annex II – point 3 – point 3.8
Annex II – point 3 – point 3.8
3.8. An EHR system designed for the storage of electronic health data shall support different retention periods and access rights that take into account the origins and categories of electronic health data and the specific purpose of the data processing operations.
Amendment 266 #
Proposal for a regulation
Article 40 – paragraph 1 a (new)
Article 40 – paragraph 1 a (new)
1a. Health data access bodies shall support non-for profits (specially patient and consumer organizations), public bodies like city councils or scientific societies, to register in as recognised data altruism organisations in accordance with Article 17 of Regulation (EU) 2022/868.
Amendment 320 #
Proposal for a regulation
Article 61 – paragraph 2
Article 61 – paragraph 2
2. The protective measures for the categories of data mentioned in paragraph 1 shall depend on the nature of the data and anonymization and pseudonymisation techniques and shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].
Amendment 324 #
Proposal for a regulation
Article 64 – paragraph 1
Article 64 – paragraph 1
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of the high level representatives of digital health authorities and health data access bodies of all the Member States, as well at least one patient organisation and one healthcare professional organization. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor mayshall be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.
Amendment 327 #
Proposal for a regulation
Article 64 – paragraph 4
Article 64 – paragraph 4
4. Stakeholders and relevant third parties, including healthcare professionals, researchers and patients’ representatives, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.
Amendment 330 #
Proposal for a regulation
Article 64 – paragraph 5
Article 64 – paragraph 5
5. The EHDS Board shall cooperate with other relevant bodies, entities and experts, such as the European Data Innovation Board referred to in Article 26 of Regulation […] [Data Governance Act COM/2020/767 final], competent bodies set up under Article 7 of Regulation […] [Data Act COM/2022/68 final], supervisory bodies set up under Article 17 of Regulation […] [eID Regulation], European Data Protection Board referred to in Article 68 of Regulation (EU) 2016/679 and cybersecurity bodies, in particular the European Agency for Cybersecurity (ENISA).
Amendment 342 #
Proposal for a regulation
Annex II – point 3 – point 3.1
Annex II – point 3 – point 3.1
3.1. An EHR system shall be designed and developed in such a way that it ensures highly safe and secure processing of electronic health data, and that it prevents unauthorised access to such data.