Activities of Cristian-Silviu BUŞOI related to 2022/0140(COD)
Plenary speeches (1)
European Health Data Space (debate)
Opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on European Health Data Space
Amendments (19)
Amendment 90 #
Proposal for a regulation
Recital 54
Recital 54
(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. The requirements for secure processing environments and their development should strike an appropriate balance between security and functionality, taking into account technical feasibility and building on existing best practices. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.
Amendment 92 #
Proposal for a regulation
Recital 55
Recital 55
(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible, bearing in mind technical feasibility and existing best practices. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).
Amendment 96 #
Proposal for a regulation
Recital 61 a (new)
Recital 61 a (new)
(61a) In order to alleviate reported difficulties associated with the implementation of Regulation (EU) 2016/679, potential outcomes of the secondary use of health data, and its impact upon research, the Commission should conduct a study to examine the impact of Regulation (EU) 2016/679 and Regulation on EHDS on research. The study should be completed and published by not later than one year after the adoption of this Regulation. The study should examine divergence of implementation approaches and the impacts upon different areas of research. The study should include remedial recommendations.
Amendment 99 #
Proposal for a regulation
Recital 64 a (new)
Recital 64 a (new)
Amendment 100 #
Proposal for a regulation
Recital 65
Recital 65
(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Board should consists of representatives from digital health authorities, European Data Protection Board, European Data Protection Supervisor, European Medicines Agency, European Centre for Disease Prevention and Control, healthcare professionals, patient organizations, research community and health industry. All Board members have the same rights and responsibilities. Furthermore, experts of the European Parliament should be invited to attend the meetings of the EHDS Board. The EHDS Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].
Amendment 169 #
Proposal for a regulation
Article 33 – paragraph 1 – point o a (new)
Article 33 – paragraph 1 – point o a (new)
(oa) Death registries, death certificates
Amendment 197 #
Proposal for a regulation
Article 34 – paragraph 1 – point a
Article 34 – paragraph 1 – point a
(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety and efficacy of healthcare and of medicinal products or medical devices, for the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases the EMA and ECDC shall be granted rapid and unrestricted access to the health data within the EHDS;
Amendment 212 #
Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)
Article 35 – paragraph 1 – point e a (new)
(ea) re-engineering medical devices or AI algorithms.
Amendment 222 #
Proposal for a regulation
Article 36 – paragraph 3
Article 36 – paragraph 3
3. Member States shall ensure that essential health stakeholders’ representatives, including patient organisations, healthcare professionals and research community shall be present in the governance and decision-making structures of the health data access bodies. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions.
Amendment 278 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user or for the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases, , the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.
Amendment 300 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. For the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases, the EMA and ECDC shall be granted rapid and unrestricted access to the health data within the EHDS. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.
Amendment 317 #
Proposal for a regulation
Recital 36 a (new)
Recital 36 a (new)
(36 a) For the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases, the EMA and the ECDC shall be granted rapid access to the health data within the EHDS.
Amendment 1255 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health dataNatural persons that are subjects to secondary use of health data shall have the right to decline the processing of their health data, except for the uses covered under Article 34(1) (a)-(c). In all other cases, health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons must be offered the possibility to explicitly express their wish not to have all or part of their personal electronic health data processed for some or all secondary use purposes. In situation where natural persons explicitly express their wish to use the opt-out mechanism to data holders, data holders shall direct natural persons to the health data access bodies.
Amendment 1296 #
Proposal for a regulation
Article 34 – paragraph 1 – point a
Article 34 – paragraph 1 – point a
(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and, safety and efficacy of healthcare and of medicinal products or medical devices;
Amendment 1357 #
Proposal for a regulation
Article 34 – paragraph 2 a (new)
Article 34 – paragraph 2 a (new)
2 a. Where data subjects wish to generally or partially opt-out of having their personal electronic health data processed for secondary use, in accordance with Article 33(5), for any of the purposes listed in paragraph 1 (d), (e), (f), (g) and (h), they shall indicate so to the health data access body.
Amendment 1708 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, or for the purpose of the evaluation of the benefits and risks of medicinal products or of the identification and assessment of threats to human health posed by infectious diseases, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessaryrequired to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.
Amendment 1876 #
Proposal for a regulation
Article 48 – title
Article 48 – title
Making data available for public sector bodies and Union institutions, bodies, offices andUnion agencies without a data permit
Amendment 1882 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article for any of the purposes under Article 34(1), points (a) or (b). When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of dataand upon request from the Union agencies, in duly justified cases the health data access body shall make the electronic health data available within 21 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from . However, data shall be shared as soon as it is available in the context of a Public Health Emergency of International Concern (PHEIC) or when a public health emergency has been declared at Union level. By derogation from Article 42 of this Regulation, no fees shall be payable by ECDC and EMA to the healthe data holders, unless it specifies that it will provide the data within a longer specified timeframaccess body to access the data under this Article.
Amendment 2021 #
1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of th: (a) one high level representatives of digital health authorities and health data access bodies of all the Member States. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observers toone high level representative of health data access bodies appointed by each Member State; (b) one representative of the European Data Protection Board (EDPB) and one representative of the European Data Protection Supervisor (EDPS); (c) one representative of the European Medicines Agency (EMA); (d) one representative of the European Centre for Disease Prevention and Control (ECDC); (e) one member and one alternate member appointed by the Commission, on the basis of a public call for expressions of interest, atftend its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodir consulting the European Parliament, in order to represent healthcare professionals; (f) one member and one alternate member appointed by the Commission, on the basis of a public call for expressions of interest, offices and agencies, research infrastructures and other similar structures shall have an observer role. after consulting the European Parliament, in order to represent patient organisations; (g) one member and one alternate member appointed by the Commission, on the basis of a public call for expressions of interest, after consulting the European Parliament, in order to represent the health industry;