26 Amendments of Sophia IN 'T VELD related to 2022/0140(COD)
Amendment 256 #
Proposal for a regulation
Recital 20
Recital 20
(20) While EHR systems are widely spread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare providers that register health data in electronic format. In order to support the implementation of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and according to specific data quality requirements. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data. The Commission should be empowered to adopt implementing acts for determining additional aspects related to the registration of electronic health data, such as categories of healthcare providers that are to register health data electronically, categories of data to be registered electronically, or data quality requirements.
Amendment 295 #
Proposal for a regulation
Recital 27
Recital 27
(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory self-certificationthird party assessment scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this self- certificationthird party assessment, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).
Amendment 300 #
Proposal for a regulation
Recital 28
Recital 28
(28) While EHR systems specifically intended by the manufacturer to be used for processing one or more specific categories of electronic health data should be subject to mandatory self-certificationthird party assessment, software for general purposes should not be considered as EHR systems, even when used in a healthcare setting, and should therefore not be required to comply with the provisions of Chapter III.
Amendment 472 #
Proposal for a regulation
Article 1 – paragraph 2 – point a
Article 1 – paragraph 2 – point a
(a) strengthens the rights of natural persons in relation to the availability, sharing and control of their electronic health data;
Amendment 505 #
Proposal for a regulation
Article 2 – paragraph 2 – point a
Article 2 – paragraph 2 – point a
(a) ‘personal electronic health data’ means data concerning health and genetic data as defined in Regulation (EU) 2016/679, as well as data referring to determinants of health, or data processed in relation to the provision of healthcare services, processed in an electronic form;
Amendment 650 #
Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 2
Article 3 – paragraph 5 – subparagraph 2
The proxy services shall provide authorisations free of charge, electronically or on paper. They shall enablein a transparent and easily understandable way, free of charge, electronically or on paper. Authorised natural persons and those acting on their behalf shall be informed about what authorisation rights they have, how to exercise them, and what they can expect from the authorisation process. The electronic health data access services as well as the proxy services shall be easily accessible for persons with disabilities in accordance with Directive (EU) 2019/882. The proxy services shall enable legal guardians or other representatives to be authorised, either automatically or upon request, to access electronic health data of the natural persons whose affairs they administer either for a specific purpose and time period or without limitation to administer their affairs. Member States may provide that authorisations do not apply whenever necessary for reasons related to the protection of the natural person, and in particular based on patient safety and ethics. The proxy services shall be interoperable among Member States. The proxy services shall provide an easy complaint mechanism with a contact point designated to inform individuals of a way to seek redress or remedy if they believe that their authorisation rights have been violated.
Amendment 743 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Where access to electronic health data has been restricted by the natural person, pursuant to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the restricted electronic health data without prior authorisationexplicit consent as defined in Article 9(2)(a) of Regulation (EU) 2016/679 by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data, in line with Article 6(1)(d) of of Regulation (EU) 2016/679. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.
Amendment 774 #
Proposal for a regulation
Article 5 – paragraph 2 – introductory part
Article 5 – paragraph 2 – introductory part
2. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend Annex I by adding, modifying or removing the main characteristics of the priority categories of electronic health data and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria:.
Amendment 868 #
(o a) promote public awareness and understanding of the benefits, risks, rules, safeguards and rights in relation to the EHDS system;
Amendment 879 #
Proposal for a regulation
Article 10 – paragraph 4
Article 10 – paragraph 4
4. Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers. Digital health authorities and their members and staff shall have the qualifications, experience and skills required to carry out their duties and exercise their powers.
Amendment 937 #
Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1
Article 13 – paragraph 3 – subparagraph 1
Amendment 943 #
Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 2
Article 13 – paragraph 3 – subparagraph 2
Amendment 1033 #
Proposal for a regulation
Article 23 – paragraph 4 a (new)
Article 23 – paragraph 4 a (new)
4 a. Where common specifications have an impact on data protection requirements of EHR systems, they shall be subject to consultation with EDPB and EDPS before their adoption, pursuant to Article 42(2) of Regulation (EU) 2018/1725.
Amendment 1174 #
Proposal for a regulation
Article 33 – paragraph 1 – point f
Article 33 – paragraph 1 – point f
(f) person generated electronic health data, including from medical devices, wellness applications or other digital health applications;
Amendment 1202 #
Amendment 1264 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health dataNatural persons that are subjects to secondary use of health data shall be asked for explicit consent prior to the processing of their health data. Health data access bodies shall provide for an accesible and easily understandable opt-in mechanism.
Amendment 1273 #
Proposal for a regulation
Article 33 – paragraph 7
Article 33 – paragraph 7
Amendment 1346 #
Proposal for a regulation
Article 34 – paragraph 1 – point h
Article 34 – paragraph 1 – point h
Amendment 1371 #
Proposal for a regulation
Article 35 – paragraph 1 – point a
Article 35 – paragraph 1 – point a
(a) taking decisions detrimental to a natural person or a group of natural persons based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;
Amendment 1389 #
Proposal for a regulation
Article 35 – paragraph 1 – point c
Article 35 – paragraph 1 – point c
(c) advertising or marketing activities towards health professionals, organisations in health or natural persons;
Amendment 1537 #
Proposal for a regulation
Article 37 – paragraph 4 a (new)
Article 37 – paragraph 4 a (new)
4 a. The EDPB shall provide health data acces bodies with specific guidelines and minimum standards of anonymisation and pseudonymisation for the purposes in this Regulation in order to ensure the same level of quality of anonymisation and pseudonymisation across Member States. The guidelines shall be based on state-of- the-art technology in this regard, which in turn shall be used by the health data access bodies when carrying out their task of anonymisation or pseudonymisation of electronic health data. The guidelines shall be regularly updated, in line with technological progress in this field.
Amendment 1599 #
Proposal for a regulation
Article 39 – paragraph 2
Article 39 – paragraph 2
2. The report shall be transmitted to the Commission, the Council and the European Parliament and made publicly available.
Amendment 1690 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. The health data access body shall ensure that access is only provided to requested electronic health data relevant for the purpose of processing indicated in the data access application by the data user from natural persons who have explicitly given access to their right data under Article 33(5) and in line with the data permit granted.
Amendment 1727 #
Proposal for a regulation
Article 45 – paragraph 2 – point -a (new)
Article 45 – paragraph 2 – point -a (new)
(-a) the applicant´s identity, description of professional functions and operations, including the identity of the concrete persons who will have access to electronic health data, if a data permit is granted;
Amendment 1831 #
Proposal for a regulation
Article 46 – paragraph 6 – point b a (new)
Article 46 – paragraph 6 – point b a (new)
(b a) the identity of the applicant as well as the concrete persons who are authorised to have access to the electronic health data in the secure processing environment;
Amendment 2043 #
Proposal for a regulation
Article 64 – paragraph 7 a (new)
Article 64 – paragraph 7 a (new)
7a. The EHDS Board shall operate in a transparent manner with open publication of meeting dates and minutes of the discussions and produce and annual report on its activities.