30 Amendments of Luisa REGIMENTI related to 2022/0140(COD)
Amendment 343 #
Proposal for a regulation
Recital 39 a (new)
Recital 39 a (new)
Amendment 346 #
Proposal for a regulation
Recital 40
Recital 40
(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protectionshall be granted the level of protection of confidential information mandated by Article 39(2) of the TRIPS Agreement and the Trade Secrets Directive (2016/943) with the protection of the main IP rights i.e. patents, SPCs, utility models, copyright, trademarks, database rights (as per Directive 96/9/EC), design rights, etc.. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
Amendment 392 #
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made availablethat ensures, to the maximum extent possible, by making use of state-of-the-art technologies, that a person cannot be reidentified, should be made available by the health data access bodies when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
Amendment 784 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format, ensuring consistency with the technical specifications prevailing in the Member States. The format shall include the following elements:
Amendment 885 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest. Essential health stakeholders’ representatives on national level, including patient organisations, healthcare professionals and industry associations shall be present in the governance and decision-making structures of the digital health authority.
Amendment 948 #
Proposal for a regulation
Article 14 – paragraph 2
Article 14 – paragraph 2
2. This Chapter shall not apply to general software used in a healthcare environment. Manufacturers of EHR systems that also qualify as medical devices as defined under Article 2(1) of Regulation (EU) 2017/745 and claim interoperability of those medical devices with EHR systems under this Regulation shall prove compliance with the essential requirements for interoperability laid down in Section 2 of Annex II to this Regulation. Article 23 of this Regulation shall be applicable to those medical devices.
Amendment 1028 #
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1
Article 23 – paragraph 1 – subparagraph 1
The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a common template document and a time limit for implementing those common specifications. Those common specifications shall be based on existing harmonised standards or international standards and shall be adopted only after consulting the European standardisation organisations as well as the relevant stakeholders. Where relevant, the common specifications shall take into account the specificities and verify compatibility with sectorial legislation and harmonized standards of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14, including the state-of-the art standards for health informatics and the European electronic health record exchange format.
Amendment 1180 #
Proposal for a regulation
Article 33 – paragraph 1 – point g
Article 33 – paragraph 1 – point g
(g) identification data related to health professionals involved in the treatment of a natural personresearch should be limited to data which is absolutely necessary;
Amendment 1187 #
Proposal for a regulation
Article 33 – paragraph 1 – point j
Article 33 – paragraph 1 – point j
(j) electronic health data from clinical trialsfully completed clinical trials in accordance with definitions in Article 2(2) and Article 2(26) of Regulation (EU) No 536/2014;
Amendment 1211 #
Proposal for a regulation
Article 33 – paragraph 1 a (new)
Article 33 – paragraph 1 a (new)
1 a. Data holders have the right to refuse access to the data referred to in par.1 for one of the following reasons: a) if there are legal or contractual impediments that prevent the data holder from sharing; b) if it could compromise the scientific integrity of a scientific research study, including a clinical trial; c) if it could compromise the protection of data entailing IP rights (including trade secrets) or commercial property, with the scope of each category of data to be further clarified;
Amendment 1231 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailingWithout prejudice to the law relating to the protectedion of intellectual property and trade secrets from private enterprises shall be made available for secondary useindustrial property (including of trade secrets) (“IP rights”) and commercial property, electronic health data entailing protected IP rights from private enterprises shall be made available for secondary use. Data sharing should be based on a data sharing agreement persuant to Articles 46.6(g) and 46A between data holders and data users that respects the conditions of use listed in article 33(4a). Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights and, including trade secrets, shall be taken in advance. The data holder shall identify the data which are protected as trade secrets. When no agreement is reached regarding the necessary measures to preserve the confidentiality of trade secrets or the recepient fails to implement those measures, the data holder is entitled to refuse the user’s access to data which are protected as trade secrets.
Amendment 1258 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.To the extent the electronic health data referred to in paragraph 1(a) includes personal data, the individual concerned shall be offered an additional safeguard in the form of a right to opt-out from the use of his personal data under Chapter IV of this regulation. The exercise of this right to opt-out shall not affect the lawfulness of the processing that took place under this Chapter IV before the individual opted-out
Amendment 1284 #
Proposal for a regulation
Article 33 – paragraph 8 a (new)
Article 33 – paragraph 8 a (new)
8 a. Regarding the electronic health data referred to in paragraph 1(j) of this Article, a summary of results of the clinical trial shall be published, and individual patient data may be shared, in accordance with Article 37(4) of Regulation (EU) No 536/2014.
Amendment 1382 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
Article 35 – paragraph 1 – point c
(c) advertising or marketing activities towards health professionals, organisations in health or natural persons with the exception of communication in line with approved regulatory information or to provide up-to date, verifiable and complete scientific information to health care professionals for educational purpose in line with Directive 2001/83/EC;
Amendment 1398 #
Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)
Article 35 – paragraph 1 – point e a (new)
(e a) unfair commercial use or other unfair competition, in accordance with Article 39 of TRIPS; using data from private enterprises in regulatory or reimbursement submissions for any generic or biosimilar product without an agreement from the private sector data holder while the data holder’s referenced product is under patent or regulatory data protection (including such use of data outside of the EU), or equivalent protected data of nonmedicinal products such as medical devices and software medical devices
Amendment 1446 #
Proposal for a regulation
Article 36 – paragraph 3
Article 36 – paragraph 3
3. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions. Member States shall ensure that essential health stakeholders’ representatives, including patient organisations, healthcare professional and industry associations shall be present in the governance and decision-making structures of the health data access bodies.
Amendment 1481 #
Proposal for a regulation
Article 37 – paragraph 1 – point g
Article 37 – paragraph 1 – point g
(g) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation, ensuring a secure sharing environment, and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;
Amendment 1590 #
Proposal for a regulation
Article 39 – paragraph 1 – introductory part
Article 39 – paragraph 1 – introductory part
1. Each health data access body shall publish an annual activity report that shall include summary data only which shall contain at least the following:
Amendment 1598 #
Proposal for a regulation
Article 39 – paragraph 1 a (new)
Article 39 – paragraph 1 a (new)
1 a. Data holders should be consulted prior to any results or output of the secondary use being made publicly available to allow for vetting for any unauthorised disclosure related to the IP rights, trade secrets and confidential information of data holders.
Amendment 1789 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the health data access body shall issue a data permitand only after any data sharing agreement(s) on mutually agreed terms required by this Regulation, such as set out in Article 46a, are signed, the health data access body shall issue a data permit. However, any assessments by health data access bodies of an application concerning any data under Article 33(4) shall require the health data access bodies to consult the data holder(s).
Amendment 1809 #
Proposal for a regulation
Article 46 – paragraph 2
Article 46 – paragraph 2
2. Health data access bodies shall refuse all applications including one or more purposes listed in Article 35 or where requirements in this Chapter are not met, including in the event a data holder permissibly refuses to give access to its data under Article 33(1).
Amendment 1815 #
Proposal for a regulation
Article 46 – paragraph 3
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.
Amendment 1833 #
Proposal for a regulation
Article 46 – paragraph 6 – point f a (new)
Article 46 – paragraph 6 – point f a (new)
(f a) when required, signed data sharing agreements, as set out in Article 46a;
Amendment 1836 #
Proposal for a regulation
Article 46 – paragraph 7
Article 46 – paragraph 7
7. Data users shall have the right to access and process the electronic health data in accordance with the data permit delivered to them on the basis of this Regulation. Pursuant to Article 9)(1), point (j), of Regulation (EU)2016/679, where the permit allows data users to process personal electronic health data, data users shall have a right to process such data, subject to the safeguards and limitations set out in this Regulation and the permit.
Amendment 1847 #
Proposal for a regulation
Article 46 – paragraph 11
Article 46 – paragraph 11
11. Data users shall make public the results or output (in accordance with the definition of results /outputs under Article 2) of the secondary use of electronic health data on a voluntary basis, including information relevant for the provision of healthcare and in compliance with minimum requirements of what needs to be published, but such that this will not prejudice the IP rights in the secondary use results/outputs, particularly if the secondary use is for development or innovation as referred to in Article 34(f), no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47with a possible extension to 24 months. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
Amendment 1860 #
Proposal for a regulation
Article 46 a (new)
Article 46 a (new)
Amendment 1880 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. Where electronic health data involving protected intellectual property and trade secrets are made available, it shall be ensured that all necessary measures are taken to protect the confidentiality of intellectual property rights and trade secrets. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […...] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […...] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.
Amendment 1899 #
Proposal for a regulation
Article 50 – paragraph 1 – introductory part
Article 50 – paragraph 1 – introductory part
1. The health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organisational measures and security and interoperability requirements and protection of intellectual property and trade secrets. In particular, they shall take the following security measures:
Amendment 1999 #
Proposal for a regulation
Article 61 – paragraph 1
Article 61 – paragraph 1
1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.
Amendment 2015 #
Proposal for a regulation
Article 63 – paragraph 1
Article 63 – paragraph 1