Activities of Margarita DE LA PISA CARRIÓN related to 2022/0140(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on European Health Data Space
Amendments (66)
Amendment 54 #
Proposal for a regulation
Recital 7
Recital 7
(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it. However, existing electronic health records and the technological infrastructures that support them shall be retained, where possible, and Member States shall further their interoperability and compliance with the provisions of this Regulation.
Amendment 56 #
Proposal for a regulation
Recital 13
Recital 13
(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services. In this respect, health professionals will be able to check that they do not have access to part of the electronic health records, which is something they will have to take into account when caring for their patients.
Amendment 57 #
Proposal for a regulation
Recital 16
Recital 16
(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, with access managed by the professional regulatory body, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. None of the provisions of this regulation shall be construed as limiting health professionals’ obligation to behave in line with the relevant codes of conduct, ethical guidelines or other provisions governing ethical conduct with regard to the exchanging of, or access to, information, particularly in extreme or life-threatening situations.
Amendment 59 #
Proposal for a regulation
Recital 19
Recital 19
(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345 provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46 recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).
Amendment 61 #
Proposal for a regulation
Recital 21
Recital 21
(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services (including telemedicine) that they provide and reimburse. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health services such as telemedicine, including online pharmacy services. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.
Amendment 62 #
Proposal for a regulation
Recital 23
Recital 23
(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems and wellness applications, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities. (24 new) whereas there is technology that is advanced enough to ensure that this regulation does not oblige health professionals to enter data into information systems, and whereas it is a technological system that reads and interprets health care reports and can draw the most relevant conclusions; (This AM is a new consideration, but the at4am is not allowing us to add as a new one. Please take in to consideration.)
Amendment 63 #
Proposal for a regulation
Recital 24
Recital 24
(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.
Amendment 65 #
Proposal for a regulation
Recital 30
Recital 30
(30) To further support interoperability and security, Member States may maintain or define specific rules for the procurement, reimbursement, financing or use of EHR systems at national level in the context of the organisation, delivery or financing of health services. Such specific rules should not impede the free movement of EHR systems in the Union unless those specific rules can be justified by overriding reasons of general interest relating to public health. Some Member States have introduced mandatory certification of EHR systems or mandatory interoperability testing for their connection to national digital health services. Such requirements are commonly reflected in procurements organised by healthcare providers, national or regional authorities. Mandatory certification of EHR systems at Union level should establish a baseline that can be used in procurements at national level.
Amendment 66 #
Proposal for a regulation
Recital 35
Recital 35
(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntary labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. Labelling schemes may also include information for users on data protection rights and an indication of whether the application provider or browser operator has access in any way to the data generated by the application. The Commission may set out in implementing acts the details regarding the format and content of such label.
Amendment 68 #
Proposal for a regulation
Recital 38
Recital 38
(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makelegislators, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleashmake the absolute most of the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use provided that the effort is made by means of effective and safe processes, such as aggregation and randomisation, with due respect for professional duties, including but not limited to confidentiality duties.
Amendment 83 #
Proposal for a regulation
Recital 49
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, common standards for data anonymisation will be further developed and the use of anonymised electronic health data which is devoid ofithout any personal data should be made available when possible and if the data user asks itwill be facilitated wherever possible, excluding possibilities for re-use of data that cannot be anonymised or pseudonymised. Requests for pseudonymised data shall be duly justified. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
Amendment 87 #
Proposal for a regulation
Recital 53
Recital 53
Amendment 110 #
Proposal for a regulation
Article 2 – paragraph 2 – point l
Article 2 – paragraph 2 – point l
(l) ‘telemedicine’ means the provision of healthcare services, including remote care and online pharmacies, through the use of information and communication technologies, in situations where the health professional and the patient (or several health professionals) are not in the same location;
Amendment 115 #
Proposal for a regulation
Article 2 – paragraph 2 – point y
Article 2 – paragraph 2 – point y
(y) ‘data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data, through control of the technical design of a product and related services, the ability to make available, including to register, provide, restrict access or exchange certain datao register, facilitate, restrict access or exchange certain data that the person processes for secondary use or that could be processed for such purposes in accordance with applicable Union law or national legislation implementing Union law;
Amendment 126 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a
Article 3 – paragraph 5 – subparagraph 1 – point a
(a) establish one or more electronic health data access services at national, regional or local level enabling the exercise of rights referred to in paragraphs 1 and 2; These bodies shall incorporate health professionals’ experience when dealing with the exercise of the rights set out in paragraph 7.
Amendment 127 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b
Article 3 – paragraph 5 – subparagraph 1 – point b
(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf or to enable guardians to act on behalf of their dependent children in a legitimate manner in accordance with the Member State’s national standards.
Amendment 128 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 2
Article 3 – paragraph 5 – subparagraph 2
The proxy services shall provide authorisations free of charge, electronically or on paper. They shall enable guardians or other representatives to be authorised, either automatically or upon request, to access electronic health data of the natural persons whose affairs they administer. Member States may provide that authorisations do not apply whenever necessary for reasons related to the protection of the natural person, and in particular based on patient safety and ethics. The proxy services shall be interoperable among Member States unless the proposed rectification concerns a data record made by a health service provider, in which case the provider concerned will have to approve the rectification or lodge their opposition before the health data processing service.
Amendment 129 #
Proposal for a regulation
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
(b) ensure that the personal electronic health data of the natural persons they treat are updated with information related to the health services provided and, otherwise, update data on the health services that they offer.
Amendment 130 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals who lawfully carry out their work through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. To that end, they may cooperate, where appropriate, with professional associations as provided for under national rules.
Amendment 132 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
Article 5 – paragraph 2 – introductory part
2. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend Annex I by adding, modifying or removing the minimum main characteristics of the priority categories of electronic health data and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria:
Amendment 134 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are issued in the format referred to in paragraph 1 and such data shall be read and accepted by the data recipient including measures intended to ensure that priority categories of personal health data are translated into the language of the patient or health professional to the extent necessary for those health services to be provided.
Amendment 135 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. Member States shall ensure that, where data is processed in electronic format, health professionals systematically register the relevant health data falling under at least the priority categories referred to in Article 5 concerning the health services provided by them to natural persons, in the electronic format in an EHR system.
Amendment 142 #
Proposal for a regulation
Article 10 – paragraph 2 – point m
Article 10 – paragraph 2 – point m
(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ representatives, healthcare providers, health professionals, through the professional associations that represent them, industry associations;
Amendment 143 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives and health representatives. Members of the digital health authority shall avoid any conflicts of interest.
Amendment 144 #
Proposal for a regulation
Article 12 – paragraph 6
Article 12 – paragraph 6
6. Member States shall ensure that pharmacies operating on their territories, including online pharmacies, are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmaciy offices shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU, provided that the conditions laid down in their national legislation within the meaning of Article 85(c) of Directive 2001/83/EC and Article 11 of Directive 2011/24/EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmaciy offices shall reportcommunicate the dispensation to the Member State that issued the prescription, through MyHealth@EU.
Amendment 147 #
Proposal for a regulation
Article 33 – paragraph 1 – introductory part
Article 33 – paragraph 1 – introductory part
1. Data holders shall make the following categories of electronic data available for secondary use in accordance with the provisions of this Chapter: , provided that their availability does not conflict with the holder’s other legal or ethical obligations:
Amendment 171 #
Proposal for a regulation
Article 33 – paragraph 2
Article 33 – paragraph 2
2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36). The requirement in the first subparagraph shall not apply to data holders who fall within the category of small enterprises in the context of health professional practices.
Amendment 173 #
Proposal for a regulation
Article 33 – paragraph 3
Article 33 – paragraph 3
3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, collected by entities and bodies in the health or care sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies , which are processed for secondary use or that may be processed for such purposes in accordance with applicable Union law or with national legislation implementing Union law.
Amendment 178 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use. Where such data is made available for secondary use, aAll measures necessary to preserve the confidentiality of IP rights and trade secrets shall be taken and data holders may refuse to make the data available if sufficient safeguards for those measures are not provided.
Amendment 190 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
7. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data after consultations with all stakeholders, including industry and ensuring public scrutiny for the changes.
Amendment 191 #
Proposal for a regulation
Article 33 – paragraph 7 a (new)
Article 33 – paragraph 7 a (new)
7a. In order to protect the natural persons, but also with a view to public and national security Member States may limit the scope of data made available for secondary use.
Amendment 202 #
Proposal for a regulation
Recital 7
Recital 7
(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it. Electronic health records and the technological infrastructures that support them shall be retained, where possible, and Member States shall further their interoperability and compliance with the provisions of this Regulation.
Amendment 234 #
Proposal for a regulation
Recital 13
Recital 13
(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services. Health professionals will be able to check that they do not have access to part of the electronic health records when caring for their patients.
Amendment 241 #
Proposal for a regulation
Recital 16
Recital 16
(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. This Regulation shall not limit the obligation of health professionals to comply with codes of conduct, ethical guidelines or other ethical provisions governing the exchange or access to information.
Amendment 254 #
Proposal for a regulation
Recital 19
Recital 19
(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accessible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’' rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).
Amendment 263 #
Proposal for a regulation
Recital 21
Recital 21
(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services (including telemedicine) that they provide and reimburse. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health services such as telemedicine, including online pharmacy services. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.
Amendment 281 #
Proposal for a regulation
Recital 24
Recital 24
(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.
Amendment 298 #
Proposal for a regulation
Article 48
Article 48
Amendment 302 #
Proposal for a regulation
Article 49
Article 49
Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be adressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder
Amendment 312 #
Proposal for a regulation
Recital 35
Recital 35
(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntary labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. The Commission may set out in implementing acts the details regarding the format and content of such label. Labelling schemes may include information for users on data protection rights and access to the data generated.
Amendment 326 #
Proposal for a regulation
Article 64 – paragraph 3
Article 64 – paragraph 3
3. The composition, organisation, functioning and cooperation of the sub- groups shall be set out in the rules of procedure put forward by the Commission after consultations with the Member States.
Amendment 328 #
Proposal for a regulation
Article 64 – paragraph 4
Article 64 – paragraph 4
4. Stakeholders and relevant third parties, including patients’ and health professionals’ representatives, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.
Amendment 331 #
Proposal for a regulation
Recital 38
Recital 38
(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, health professionals, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use in full respect of the rules on confidentiality.
Amendment 338 #
Proposal for a regulation
Article 72 – paragraph 3 – introductory part
Article 72 – paragraph 3 – introductory part
However, Articles 3, 4, 5, 6, 7, 12, 14, 23, 31 and 313 shall apply as follows:
Amendment 339 #
Proposal for a regulation
Article 72 – paragraph 3 – point c a (new)
Article 72 – paragraph 3 – point c a (new)
(ca) from 2 years after its entry into force to categories of electronic data that should be make available by data holders referred to in Article 33.
Amendment 343 #
Proposal for a regulation
Annex II – point 3 – point 3.2
Annex II – point 3 – point 3.2
3.2. An EHR system designed to be used by health professionals shall provide reliable national mechanisms for the identification and authentication of health professionals, including checks on professional rights and qualifications.
Amendment 395 #
Proposal for a regulation
Recital 49
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it and the request is duly justified. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
Amendment 413 #
Proposal for a regulation
Recital 53
Recital 53
Amendment 523 #
Proposal for a regulation
Article 2 – paragraph 2 – point d
Article 2 – paragraph 2 – point d
(d) ‘'primary use of electronic health data’' means the processing of personal electronic health data for the provision of health services to assess, maintain or restore the state of health of the natural person to whom that data relates, including the prescription, dispensation and provision of medicinal products and medical devices, improvement of personalised care, as well as for relevant social security, administrative or reimbursement services;
Amendment 547 #
Proposal for a regulation
Article 2 – paragraph 2 – point l
Article 2 – paragraph 2 – point l
(l) ‘telemedicine’ means the provision of healthcare services, including remote care and online pharmacies, through the use of information and communication technologies, in situations where the health professional and the patient (or several health professionals) are not in the same location;
Amendment 639 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a
Article 3 – paragraph 5 – subparagraph 1 – point a
(a) establish one or more electronic health data access services at national, regional or local level enabling the exercise of rights referred to in paragraphs 1 and 2;, incorporating health professionals’ experience and knowledge within the framework of the exercise of the rights set out in paragraph 7.
Amendment 646 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b
Article 3 – paragraph 5 – subparagraph 1 – point b
(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf in accordance with the provisions of Member States' legislation.
Amendment 661 #
Proposal for a regulation
Article 3 – paragraph 7
Article 3 – paragraph 7
7. Member States shall ensure that, when exercising the right to rectification under Article 16 of Regulation (EU) 2016/679, natural persons can easily request rectification online through the electronic health data access services referred to in paragraph 5, point (a), of this Article, unless the proposed rectification concerns a data record made by a health service provider, in which case the provider in question will have to approve the rectification or lodge its opposition before the health data processing service.
Amendment 719 #
Proposal for a regulation
Article 4 – paragraph 1 – point b
Article 4 – paragraph 1 – point b
(b) ensure that the personal electronic health data of the natural persons they treat and the data connected with the health services offered to them are updated with information related to the health services provided.
Amendment 733 #
Proposal for a regulation
Article 4 – paragraph 3
Article 4 – paragraph 3
3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. Where appropriate, professional associations shall be authorised to cooperate in accordance with the provisions of national legislation.
Amendment 775 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
Article 5 – paragraph 2 – introductory part
2. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend Annex I by adding, modifying or removing the mainimum characteristics of the priority categories of electronic health data and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria:
Amendment 791 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are issued in the format referred to in paragraph 1 and such data shall be read and accepted by the data recipient. Likewise, access to personal health data in the language of the patient or the health professional shall be assured to the extent necessary to provide those health services effectively.
Amendment 889 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ and healthcare professionals’ representatives. Members of the digital health authority shall avoid any conflicts of interest.
Amendment 925 #
Proposal for a regulation
Article 12 – paragraph 6
Article 12 – paragraph 6
6. Member States shall ensure that pharmacies operating on their territories, including online pharmacies, are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU in accordance with national provisions on the matter.
Amendment 1131 #
Proposal for a regulation
Article 33 – paragraph 1 – introductory part
Article 33 – paragraph 1 – introductory part
1. Data holders shall make the following categories of electronic data available for secondary use in accordance with the provisions of this Chapter, in such a manner so as not to conflict with the holder’s legal and ethical obligations:
Amendment 1218 #
Proposal for a regulation
Article 33 – paragraph 2
Article 33 – paragraph 2
2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. nor to the category of small enterprises in the context of health professional practices. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).
Amendment 1238 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use. Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights and trade secrets shall be taken. Data holders may refuse to make data available if the confidentiality of the data is not adequately ensured.
Amendment 1303 #
Proposal for a regulation
Article 34 – paragraph 1 – point b
Article 34 – paragraph 1 – point b
(b) to support public sector bodies or Union institutions, agencies and bodies, including regulatory authorities and professional associations, in the health or care sector to carry out their tasks defined in their mandates;
Amendment 1316 #
Proposal for a regulation
Article 34 – paragraph 1 – point e
Article 34 – paragraph 1 – point e
(e) scientific research related to health or care sectors for the purpose of improving medical diagnostics or health services or the development of new products and services;
Amendment 1395 #
Proposal for a regulation
Article 35 – paragraph 1 – point e
Article 35 – paragraph 1 – point e
(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco products or those that may cause addiction, or goods or services which are designed or modified in such a way that they contravene public order or morality.
Amendment 1557 #
Proposal for a regulation
Article 38 – paragraph 2
Article 38 – paragraph 2
2. Health data access bodies shall not be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46. Health data access bodies shall establish protocols to facilitate access for all natural persons to the specific information concerning the use of their data, especially in the case of pseudonymised or anonymised data where the lack of information could affect the fundamental rights of the natural person.