BETA

30 Amendments of Luisa REGIMENTI related to 2022/0140(COD)

Amendment 343 #
Proposal for a regulation
Recital 39 a (new)
(39 a) A relationship of trust between patients and health or care providers is a crucial element of the provision of health or social care or treatment. It is within that delicate context that patients should have a say in the processing of their electronic health records for secondary use. It is appropriate to empower patients by giving them the possibility to restrict access to all or parts of their electronic health record for all or parts of secondary use and to provide for obligations to clearly inform individuals of this possibility. Therefore, an opt-out for individuals for secondary use of their electronic health records should be envisaged.
2023/03/30
Committee: ENVILIBE
Amendment 346 #
Proposal for a regulation
Recital 40
(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protectionshall be granted the level of protection of confidential information mandated by Article 39(2) of the TRIPS Agreement and the Trade Secrets Directive (2016/943) with the protection of the main IP rights i.e. patents, SPCs, utility models, copyright, trademarks, database rights (as per Directive 96/9/EC), design rights, etc.. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.
2023/03/30
Committee: ENVILIBE
Amendment 392 #
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made availablethat ensures, to the maximum extent possible, by making use of state-of-the-art technologies, that a person cannot be reidentified, should be made available by the health data access bodies when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
2023/03/30
Committee: ENVILIBE
Amendment 784 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format, ensuring consistency with the technical specifications prevailing in the Member States. The format shall include the following elements:
2023/03/30
Committee: ENVILIBE
Amendment 885 #
Proposal for a regulation
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest. Essential health stakeholders’ representatives on national level, including patient organisations, healthcare professionals and industry associations shall be present in the governance and decision-making structures of the digital health authority.
2023/03/30
Committee: ENVILIBE
Amendment 948 #
Proposal for a regulation
Article 14 – paragraph 2
2. This Chapter shall not apply to general software used in a healthcare environment. Manufacturers of EHR systems that also qualify as medical devices as defined under Article 2(1) of Regulation (EU) 2017/745 and claim interoperability of those medical devices with EHR systems under this Regulation shall prove compliance with the essential requirements for interoperability laid down in Section 2 of Annex II to this Regulation. Article 23 of this Regulation shall be applicable to those medical devices.
2023/03/30
Committee: ENVILIBE
Amendment 1028 #
Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1
The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a common template document and a time limit for implementing those common specifications. Those common specifications shall be based on existing harmonised standards or international standards and shall be adopted only after consulting the European standardisation organisations as well as the relevant stakeholders. Where relevant, the common specifications shall take into account the specificities and verify compatibility with sectorial legislation and harmonized standards of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14, including the state-of-the art standards for health informatics and the European electronic health record exchange format.
2023/03/30
Committee: ENVILIBE
Amendment 1180 #
Proposal for a regulation
Article 33 – paragraph 1 – point g
(g) identification data related to health professionals involved in the treatment of a natural personresearch should be limited to data which is absolutely necessary;
2023/03/30
Committee: ENVILIBE
Amendment 1187 #
Proposal for a regulation
Article 33 – paragraph 1 – point j
(j) electronic health data from clinical trialsfully completed clinical trials in accordance with definitions in Article 2(2) and Article 2(26) of Regulation (EU) No 536/2014;
2023/03/30
Committee: ENVILIBE
Amendment 1211 #
Proposal for a regulation
Article 33 – paragraph 1 a (new)
1 a. Data holders have the right to refuse access to the data referred to in par.1 for one of the following reasons: a) if there are legal or contractual impediments that prevent the data holder from sharing; b) if it could compromise the scientific integrity of a scientific research study, including a clinical trial; c) if it could compromise the protection of data entailing IP rights (including trade secrets) or commercial property, with the scope of each category of data to be further clarified;
2023/03/30
Committee: ENVILIBE
Amendment 1231 #
Proposal for a regulation
Article 33 – paragraph 4
4. Electronic health data entailingWithout prejudice to the law relating to the protectedion of intellectual property and trade secrets from private enterprises shall be made available for secondary useindustrial property (including of trade secrets) (“IP rights”) and commercial property, electronic health data entailing protected IP rights from private enterprises shall be made available for secondary use. Data sharing should be based on a data sharing agreement persuant to Articles 46.6(g) and 46A between data holders and data users that respects the conditions of use listed in article 33(4a). Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights and, including trade secrets, shall be taken in advance. The data holder shall identify the data which are protected as trade secrets. When no agreement is reached regarding the necessary measures to preserve the confidentiality of trade secrets or the recepient fails to implement those measures, the data holder is entitled to refuse the user’s access to data which are protected as trade secrets.
2023/03/30
Committee: ENVILIBE
Amendment 1258 #
Proposal for a regulation
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.To the extent the electronic health data referred to in paragraph 1(a) includes personal data, the individual concerned shall be offered an additional safeguard in the form of a right to opt-out from the use of his personal data under Chapter IV of this regulation. The exercise of this right to opt-out shall not affect the lawfulness of the processing that took place under this Chapter IV before the individual opted-out
2023/03/30
Committee: ENVILIBE
Amendment 1284 #
Proposal for a regulation
Article 33 – paragraph 8 a (new)
8 a. Regarding the electronic health data referred to in paragraph 1(j) of this Article, a summary of results of the clinical trial shall be published, and individual patient data may be shared, in accordance with Article 37(4) of Regulation (EU) No 536/2014.
2023/03/30
Committee: ENVILIBE
Amendment 1382 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
(c) advertising or marketing activities towards health professionals, organisations in health or natural persons with the exception of communication in line with approved regulatory information or to provide up-to date, verifiable and complete scientific information to health care professionals for educational purpose in line with Directive 2001/83/EC;
2023/03/30
Committee: ENVILIBE
Amendment 1398 #
Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)
(e a) unfair commercial use or other unfair competition, in accordance with Article 39 of TRIPS; using data from private enterprises in regulatory or reimbursement submissions for any generic or biosimilar product without an agreement from the private sector data holder while the data holder’s referenced product is under patent or regulatory data protection (including such use of data outside of the EU), or equivalent protected data of nonmedicinal products such as medical devices and software medical devices
2023/03/30
Committee: ENVILIBE
Amendment 1446 #
Proposal for a regulation
Article 36 – paragraph 3
3. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions. Member States shall ensure that essential health stakeholders’ representatives, including patient organisations, healthcare professional and industry associations shall be present in the governance and decision-making structures of the health data access bodies.
2023/03/30
Committee: ENVILIBE
Amendment 1481 #
Proposal for a regulation
Article 37 – paragraph 1 – point g
(g) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation, ensuring a secure sharing environment, and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;
2023/03/30
Committee: ENVILIBE
Amendment 1590 #
Proposal for a regulation
Article 39 – paragraph 1 – introductory part
1. Each health data access body shall publish an annual activity report that shall include summary data only which shall contain at least the following:
2023/03/30
Committee: ENVILIBE
Amendment 1598 #
Proposal for a regulation
Article 39 – paragraph 1 a (new)
1 a. Data holders should be consulted prior to any results or output of the secondary use being made publicly available to allow for vetting for any unauthorised disclosure related to the IP rights, trade secrets and confidential information of data holders.
2023/03/30
Committee: ENVILIBE
Amendment 1789 #
Proposal for a regulation
Article 46 – paragraph 1
1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the health data access body shall issue a data permitand only after any data sharing agreement(s) on mutually agreed terms required by this Regulation, such as set out in Article 46a, are signed, the health data access body shall issue a data permit. However, any assessments by health data access bodies of an application concerning any data under Article 33(4) shall require the health data access bodies to consult the data holder(s).
2023/03/30
Committee: ENVILIBE
Amendment 1809 #
Proposal for a regulation
Article 46 – paragraph 2
2. Health data access bodies shall refuse all applications including one or more purposes listed in Article 35 or where requirements in this Chapter are not met, including in the event a data holder permissibly refuses to give access to its data under Article 33(1).
2023/03/30
Committee: ENVILIBE
Amendment 1815 #
Proposal for a regulation
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.
2023/03/30
Committee: ENVILIBE
Amendment 1833 #
Proposal for a regulation
Article 46 – paragraph 6 – point f a (new)
(f a) when required, signed data sharing agreements, as set out in Article 46a;
2023/03/30
Committee: ENVILIBE
Amendment 1836 #
Proposal for a regulation
Article 46 – paragraph 7
7. Data users shall have the right to access and process the electronic health data in accordance with the data permit delivered to them on the basis of this Regulation. Pursuant to Article 9)(1), point (j), of Regulation (EU)2016/679, where the permit allows data users to process personal electronic health data, data users shall have a right to process such data, subject to the safeguards and limitations set out in this Regulation and the permit.
2023/03/30
Committee: ENVILIBE
Amendment 1847 #
Proposal for a regulation
Article 46 – paragraph 11
11. Data users shall make public the results or output (in accordance with the definition of results /outputs under Article 2) of the secondary use of electronic health data on a voluntary basis, including information relevant for the provision of healthcare and in compliance with minimum requirements of what needs to be published, but such that this will not prejudice the IP rights in the secondary use results/outputs, particularly if the secondary use is for development or innovation as referred to in Article 34(f), no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47with a possible extension to 24 months. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.
2023/03/30
Committee: ENVILIBE
Amendment 1860 #
Proposal for a regulation
Article 46 a (new)
Article 46 a Data sharing agreement for electronic health data 1. In order for electronic health data entailing IP rights, including trade secrets, and commercial property from private enterprises to be made available for secondary use, the data user must sign a data sharing agreement with each private enterprise data holder. Such electronic health data shall not be made available to any data user for the purposes of secondary use unless and until the data user has signed the data sharing agreement. 2. The data sharing agreement shall set out all necessary measures to protect all IP rights, including trade secrets, and commercial property entailed in the electronic health data and additional conditions of access requested by the data holder. In particular, without limitations, it may include any or all of: a. a restriction on any use of the electronic health data outside the scope of the secondary use purposes specified in the data permit, including for any prohibited secondary use as set out in this Regulation, including Article 35; b. an undertaking by the data user to preserve and not infringe or misappropriate the IP rights, including trade secrets, of the data holder, including to (i) preserve the confidentiality of the data holder’s confidential information, including trade secrets, and (ii) not perform or enable any reverse engineering or other activity to identify the confidential information, including trade secrets, of the data holder; c. provisions to ensure the confidentiality of the electronic health data and confidential information, including trade secrets, of the data holder. For example, (i) a right of prior review by the data holder of any public disclosures or applications for registerable IP rights, including patent applications, intended by or on behalf of the data user(s), including under this Regulation, that relates to or arises from the use of the electronic health data, including the results or outputs, including the right to delay or prohibit the publication, and (ii) data security requirements reasonably required by the data holder; d. a requirement for the data user to notify the data holder of the creation of any new IP right from its use of the electronic health data and for granting the data holder non-exclusive, fully-paid up and royalty-free licence rights enabling the data holder and its affiliates to use any new IP right, results and outputs for its own business purposes. Such licence shall only be sub-licensable to third parties working in collaboration with, or on behalf of, the data holder or one of its affiliates for the aforesaid purposes. Such a licence shall be non- transferable, except where needed in order to commercialise an existing product of the data holder or any of its affiliates; e. audit rights for the data holder to ensure compliance of the processing with the data sharing agreement; f. the data holder to own all and any derived data created by the data user(s), a requirement for the data user to assign to and notify the data holder of any derived data and to enable the data holder to obtain a copy of it, and the rights, obligations and undertakings of, and the restrictions on, the data user as it relates to the electronic health data and confidential information, (including trade secrets, of the data holder to apply mutatis mutandis to any and all derived data. [‘Derived data’ means the improved, corrected, or enriched dataset provided to the data holder in accordance with Article 37(1)(p), as well as any new or different form of the original electronic health data created by the data user(s), including any alternative or different representation or abstraction of the original data or any new form which would enable the original data to be identified or reverse engineered]; g. the right of the data holder to terminate the data sharing agreement, and of the right to use the data, in the event of a breach of the terms of the data sharing agreement by the data user.
2023/03/30
Committee: ENVILIBE
Amendment 1880 #
Proposal for a regulation
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. Where electronic health data involving protected intellectual property and trade secrets are made available, it shall be ensured that all necessary measures are taken to protect the confidentiality of intellectual property rights and trade secrets. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation [...] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation [...] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.
2023/04/05
Committee: ENVILIBE
Amendment 1899 #
Proposal for a regulation
Article 50 – paragraph 1 – introductory part
1. The health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organisational measures and security and interoperability requirements and protection of intellectual property and trade secrets. In particular, they shall take the following security measures:
2023/04/05
Committee: ENVILIBE
Amendment 1999 #
Proposal for a regulation
Article 61 – paragraph 1
1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.
2023/04/05
Committee: ENVILIBE
Amendment 2015 #
Proposal for a regulation
Article 63 – paragraph 1
In the context of international access and transfer of personal electronic health data, Member States may maintain or introduce further conditions, including limitations, in accordance with and under the conditions of article 9(4) of the Regulation (EU) 2016/679.deleted
2023/04/05
Committee: ENVILIBE