Activities of Ville NIINISTÖ related to 2022/0140(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on European Health Data Space
Amendments (34)
Amendment 88 #
Amendment 106 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
(b) ‘non-personal electronic health data’ means data concerning health and anonymised genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;
Amendment 108 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
Article 2 – paragraph 2 – point f
(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals using commonly accepted open standards and open data formats, involving the exchange of information and knowledge without changing the content of the data between these organisations, software applications or devices, through the processes they support;
Amendment 109 #
(g) ‘European electronic health record exchange format’ means a structured, commonly used, open standard and machine-readable format that allows transmission of personal electronic health data between different software applications, devices and healthcare providers;
Amendment 112 #
Proposal for a regulation
Article 2 – paragraph 2 – point q – point i
Article 2 – paragraph 2 – point q – point i
(i) the death of a natural person or serious damage to a natural person’s health or rights;
Amendment 113 #
Proposal for a regulation
Article 2 – paragraph 2 – point y
Article 2 – paragraph 2 – point y
Amendment 116 #
Proposal for a regulation
Article 2 – paragraph 2 – point z
Article 2 – paragraph 2 – point z
(z) ‘data user’ means a natural or legal person who has lawful access to personal or non-personal electronic health data for secondary use;
Amendment 118 #
Proposal for a regulation
Article 2 – paragraph 2 – point ad
Article 2 – paragraph 2 – point ad
(ad) ‘data quality’ means the degree to which characteristics of electronic health data are suitable for secondary use;
Amendment 133 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. The Commission shall, by means of implementing acts, lay down the open technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format. The format shall include the following elements:
Amendment 137 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. The Commission shall, by means of implementingdelegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the secure transferability of electronic health data in a cross-border context. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).
Amendment 138 #
Proposal for a regulation
Article 9 – paragraph 3
Article 9 – paragraph 3
3. The Commission and the Member States shall implement services required by the interoperable, cross-border identification and authentication mechanism referred to in paragraph 2 of this Article at Union level, as part of the cross-border digital health infrastructure referred to in Article 12(3).
Amendment 140 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The digital health authoritiMember States and the Commission shall implementdevelop a the cross- border identification and authentication mechanism at Union and Member States’ level, respectively, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final].
Amendment 145 #
Proposal for a regulation
Article 31 – paragraph 2 – point b
Article 31 – paragraph 2 – point b
(b) reference to open common specifications to demonstrate compliance;
Amendment 150 #
Proposal for a regulation
Article 33 – paragraph 1 – introductory part
Article 33 – paragraph 1 – introductory part
1. Data holders shall make the following categories of electronic data available for secondary use upon request and only with consent from the data subject in the case of personal data, in accordance with the provisions of this Chapter:
Amendment 156 #
Proposal for a regulation
Article 33 – paragraph 1 – point e
Article 33 – paragraph 1 – point e
(e) anonymised human genetic, genomic and proteomic data;
Amendment 158 #
Proposal for a regulation
Article 33 – paragraph 1 – point f
Article 33 – paragraph 1 – point f
(f) person generated electronic health data, including medical devices, wellness applications or other digital health applications;
Amendment 166 #
Proposal for a regulation
Article 33 – paragraph 1 – point n
Article 33 – paragraph 1 – point n
Amendment 175 #
Proposal for a regulation
Article 33 – paragraph 3 a (new)
Article 33 – paragraph 3 a (new)
3a. When electronic health data is made available for secondary use through health data bodies, the beneficiary shall respect the principle of open science, and provide open access to research or processing results, following the principle “as open as possible, as closed as necessary”, in full respect of this regulation and other applicable laws. Derogations from the open access requirements, and open access practices should be closely monitored by the Commission and any exemption should be public.
Amendment 183 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national or Union law, health data access bodies shall rely on the obligations laid down in the respective legislation and this Chapter to provide access to electronic health data ensuring the primacy of the individual fundamental rights.
Amendment 188 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
Amendment 193 #
Proposal for a regulation
Article 33 – paragraph 8
Article 33 – paragraph 8
8. Health data access bodies may provide access to additional categories of electronic health data that they have been entrusted with pursuant to national law or based on voluntary cooperation with the relevant data holders at national level, in particular to electronic health data held by private entities in the health sector and in accordance with the relevant security and privacy provisions.
Amendment 202 #
Proposal for a regulation
Article 34 – paragraph 1 – point f
Article 34 – paragraph 1 – point f
(f) development and innovation activities for products or services demonstrably contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;
Amendment 206 #
Proposal for a regulation
Article 35 – paragraph 1 – introductory part
Article 35 – paragraph 1 – introductory part
Seeking or gaining access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 or made available according to this legislation for the following purposes shall be prohibited and subject to penalties :
Amendment 209 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
Article 35 – paragraph 1 – point c
(c) advertising or marketing activities towards health professionals, organisations in health or natural persons;
Amendment 210 #
Proposal for a regulation
Article 35 – paragraph 1 – point e
Article 35 – paragraph 1 – point e
(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco products, or goods or services which are designed or modified in such a way that they contravene public order or morality or result in behavioural changes that reduce the freedom of choice or security of the natural persons.
Amendment 284 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the health data access body shallmay issue a data permit.
Amendment 286 #
Proposal for a regulation
Article 46 – paragraph 3
Article 46 – paragraph 3
3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.
Amendment 301 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required toin the case of justified requests for access to the electronic health data under this Article by public sector bodies and Union institutions, bodies, offices and agencies that carry relevant activities under this Regulation. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe that cannot be longer than 2 additional months.
Amendment 304 #
Proposal for a regulation
Article 49
Article 49
Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be adressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder
Amendment 316 #
Proposal for a regulation
Article 61 – paragraph 1
Article 61 – paragraph 1
Amendment 321 #
Proposal for a regulation
Article 61 – paragraph 2
Article 61 – paragraph 2
2. TheAdditional protective measures for the categories of data mentioned in paragraph 1 shall depend on the nature of the data and anonymization techniques and shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].
Amendment 337 #
Proposal for a regulation
Article 69 – paragraph 1
Article 69 – paragraph 1
Member States shall lay down the rules on penalties applicable to infringements of this Regulation, for all public and private stakeholders in particular for the non- respect of data access and usage provisions with intent or by negligence, and shall take all measures necessary to ensure that they are properly and effectively implemented. The penalties shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them.
Amendment 340 #
Proposal for a regulation
Annex II – point 2 – point 2.3
Annex II – point 2 – point 2.3
2.3. An EHR system that includes a functionality for entering structured personal electronic health data shall enable the entry of data structured in a structured way that supports the data sharing in a structured, commonly used, open and machine- readable format, enabling system to system communication.
Amendment 341 #
2.4. An EHR system shall not include features that prohibit, restrict or place undue burden on authorised access, personal electronic health data sharing, or use of personal electronic health data for permitted purposes, in particular on the basis of commercial considerations and beyond security and legal safeguards requirements. .