2022/0140(COD) | [ParlTrack]

Proposal for a regulation
Article 23 – title

CEuropean or international standards and common specifications

Amendment 132 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 23 – paragraph -1 (new)

-1. The Commission shall promote European or international standards in respect of the essential requirements set out in Annex II. The Commission shall identify and analyse existing best practices in terms of interoperability or analyse the option to request development of European or internationally recognised standards, where appropriate.

Amendment 133 #

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1

The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a time limit for implementing those common specifications. The Commission shall consult, when preparing implementing acts, the relevant stakeholders, including the European Data Protection Supervisor and the European Data Protection Board where common specifications have an impact on the data protection requirements of EHR systems. Where relevant, the common specifications shall take into account the specificities of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14.

Amendment 134 #

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1

TIn duly justified and exceptional cases, where European or international standards are proven not to be fit for the purpose and development of a standard is not feasible, the Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a time limit for implementing those common specifications. Where relevant, the common specifications shall take into account the specificities of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14.

Amendment 135 #

Proposal for a regulation
Article 23 – paragraph 2 – point f

(f) explanatory part, including any relevant implementation guidelines and justification why the use of international standard was not applicable or preferable.

Amendment 136 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 23 – paragraph 4

4. EHR systems, medical devices and high risk AI systems referred to in Article 14 that are in conformity with the international standards or common specifications referred to in paragraphs -1 or 1 shall be considered to be in conformity with the essential requirements covered by those specifications or parts thereof, set out in Annex II covered by those common specifications or the relevant parts of those common specifications.

Amendment 137 #

Proposal for a regulation
Article 23 – paragraph 5

5. Where common specifications covering interoperability and security requirements of EHR systems affect medical devices or high-risk AI systems falling under other acts, such as Regulations (EU) 2017/745 or […] [AI Act COM/2021/206 final], the adoption of those common specifications ~~may~~shall be preceded by a consultation with the Medical Devices Coordination Group (MDCG) referred to in Article 103 of Regulation (EU) 2017/745 or the European Artificial Intelligence Board referred to in Article 56 of Regulation […] [AI Act COM/2021/206 final], as applicable, as well as the European Data Protection Board referred to in Article 68 of Regulation (EU) 2016/679 .

Amendment 138 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 23 – paragraph 6

6. Where common specifications covering interoperability and security requirements of medical devices or high- risk AI systems falling under other acts such as Regulation (EU) 2017/745 or Regulation […] [AI Act COM/2021/206 final], impact EHR systems, the adoption of those common specifications shall be preceded by a consultation with the EHDS Board, especially its subgroup for Chapters II and III of this Regulation, and, where applicable, the European Data Protection Board referred to in Article 68 of Regulation (EU) 2016/679.

Amendment 139 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 24 – paragraph 1

1. ThManufacturers shall draw up and keep up-to-date technical documentation ~~shall be drawn up~~ before the EHR system is placed on the market or put into service ~~and shall be~~ . The technical documentation shall be submitted to the markept ~~up-to-dat~~surveillance authorities of the Member States concerned at least 6 months before an EHR system is placed on the market or put into service.

Amendment 140 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 24 – paragraph 2

2. The technical documentation shall be drawn up in such a way as to demonstrate that the EHR system complies with the essential requirements laid down in Annex II and provide market surveillance authorities with all the necessary information to assess the conformity of the EHR system with those requirements. It shall contain, at a minimum, the elements set out in Annex III. In case the system or any part of it complies with European standards or common specifications, the list of the relevant European standards and common specifications shall also be indicated.

Amendment 141 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 25 – paragraph 2 – point a

(a) the identity, registered trade name or registered trademark, and the contact details of the manufacturer, including the postal and electronic address and the telephone number and, where applicable, of its authorised representative;

Amendment 142 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 25 – paragraph 3

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to supplement this Regulation by allowing manufacturers to enter the information referred to in paragraph 2 into the EU database of EHR systems ~~and wellness applications~~ referred to in Article 32, as an alternative to supplying the information sheet referred to in paragraph 1 with the EHR system.

Amendment 143 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 26 – paragraph 1

1. The EU declaration of conformity shall state that the manufacturer of the EHR system has demonstrated that the essential requirements laid down in Annex II have been fulfilled. The manufacturer shall regularly update the EU declaration of conformity.

Amendment 144 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 26 – paragraph 4

4. By drawing up the EU declaration of conformity, the manufacturer shall assume responsibility for ~~the conformity of~~compliance with the requirements of this Regulation and of all Union acts applicable to the EHR system.

Amendment 145 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. The Commission is empowered to adopt delegated acts in accordance with Article 67 amending the minimum content of the EU declaration of conformity set out in Annex IV.

Amendment 146 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 27 – paragraph 1

1. The CE marking shall be affixed visibly, legibly and indelibly to the accompanying documents of the EHR system ~~and~~, where applicable, to the packaging, and, where possible, to the EHR system itself.

Amendment 147 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 27 – paragraph 1 a (new)

1 a. The CE marking shall be affixed before making the EHR system available on the market.

Amendment 148 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 27 – paragraph 2 a (new)

2 a. Where EHR systems are subject to other Union legislation in respect of aspects not covered by this Regulation, which also requires the affixing of the CE marking, the CE marking shall indicate that the systems also fulfil the requirements of that other legislation.

Amendment 149 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES

Proposal for a regulation
Article 28 – paragraph 2

2. Member States shall designate the market surveillance authority or authorities responsible for the implementation of this Chapter. They shall entrust their market surveillance authorities with the powers, ~~resources, equipment and knowledge~~human, technical and financial resources, equipment, IT tools, premises, infrastructure, knowledge and ongoing training necessary for the proper and effective performance of their tasks pursuant to this Regulation. Member States shall communicate the identity of the market surveillance authorities to the Commission which shall publish a list of those authorities.

Amendment 150 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 28 – paragraph 3 a (new)

3 a. Market surveillance authorities shall act as single contact points, and centralize all procedures and verifications avoiding duplicated procedures with the Artificial Intelligence Act (2021/0106(COD)), Medical Devices Regulation 2012/0266(COD), In vitro Diagnostic Medical Devices Regulation (2012/0267(COD)), Cyber Resilience Act (2022/0272(COD)).

Amendment 151 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 29 – paragraph 1 a (new)

1 a. Where a market surveillance authority, on the basis of the information and documentation demonstrating the conformity of an EHR system provided by the relevant economic operator, considers or has reason to believe that the EHR system presents a risk to the health or safety of natural persons or to other aspects of public interest protection, including before the EHR system is placed on the market or put into service, it shall perform all the necessary checks to ensure that the system is compliant with this Regulation.

Amendment 152 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 29 – paragraph 1 b (new)

1 b. Where a market surveillance authority considers or has reason to believe that an EHR system has caused damage to the health or safety of natural persons or to other aspects of public interest protection, it shall immediately provide information and documentation, as applicable, to the affected person or user and, as appropriate, other third parties affected by the damage caused to the person or user, without prejudice to data protection rules.

Amendment 153 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 29 – paragraph 4 – subparagraph 2

Such notification shall be made, without prejudice to incident notification requirements under Directive (EU) 2016/1148, immediately after the manufacturer has established a causal link between the EHR system and the serious incident or the reasonable likelihood of such a link, and, in any event, not later than 157 days after the manufacturer becomes aware of the serious incident involving the EHR system.

Amendment 154 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 30 – paragraph 1 – introductory part

1. Where a market surveillance authority makes, inter alia, one of the following findings, it shall require the manufacturer of the EHR system concerned, its authorised representative and all other relevant economic operators to ~~put an end to the non-compliance concerned~~bring the EHR system into conformity:

Amendment 155 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 30 – paragraph 1 – point a

(a) the EHR system is not in conformity with essential requirements laid down in Annex II and with the common specifications in accordance with Article 23;

Amendment 156 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 30 – paragraph 1 – point b

(b) the technical documentation is either not available or not complete, or not in accordance with Article 24;

Amendment 157 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 30 – paragraph 1 – point b a (new)

(b a) the EHR systems is not accompanied by the information sheet provided for in Article 25, free of charge by the user, and by clear and complete instructions for use in accessible formats for persons with disabilities;

Amendment 158 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 30 – paragraph 1 – point c

(c) the EU declaration of conformity has not been drawn up or has not been drawn up correctly as referred to in Article 26;

Amendment 159 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 30 – paragraph 1 – point d a (new)

(d a) the registration obligations of Article 32 has not been fulfilled.

Amendment 160 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 31

Voluntary labelling of wellness 1. Where a manufacturer of a wellness application claims interoperability with an EHR system and therefore compliance with the essential requirements laid down in Annex II and common specifications in Article 23, such wellness application may be accompanied by a label, clearly indicating its compliance with those requirements. The label shall be issued by the manufacturer of the wellness application. 2. The label shall indicate the following information: (a) categories of electronic health data for which compliance with essential requirements laid down in Annex II has been confirmed; (b) reference to common specifications to demonstrate compliance; (c) validity period of the label. 3. The Commission may, by means of implementing acts, determine the format and content of the label. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). 4. The label shall be drawn-up in one or more official languages of the Union or languages determined by the Member State(s) in which the in which the wellness application is placed on the market. 5. The validity of the label shall not exceed 5 years. 6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device. 2D barcodes may also be used to display the label. 7. The market surveillance authorities shall check the compliance of wellness applications with the essential requirements laid down in Annex II. 8. Each supplier of a wellness application, for which a label has been issued, shall ensure that the wellness application that is placed on the market or put into service is accompanied with the label for each individual unit, free of charge. 9. Each distributor of a wellness application for which a label has been issued shall make the label available to customers at the point of sale in electronic form or, upon request, in physical form. 10. The requirements of this Article shall not apply to wellness applications which are high-risk AI systems as defined under Regulation […] [AI Act COM/2021/206 final].Article 31 deleted applications

Amendment 161 #

Proposal for a regulation
Article 31 – paragraph 3

3. The Commission may consider the format and content of the label by use of European or international standards. In exceptional situations, if no international standard is fit for purpose, the Commission may, by means of implementing acts, determine the format and content of the label. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 162 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

6. If the wellness application is embedded in a device, the accompanying label ~~shall~~may be placed on the device. 2D barcodes may also be used to display the label.

Amendment 163 #

Proposal for a regulation
Article 32 – title

Registration of EHR systems ~~and wellness applications~~

Amendment 164 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 32 – paragraph 1

1. The Commission shall establish and maintain a publicly available database with information on EHR systems for which an EU declaration of conformity has been issued pursuant to Article 26 ~~and wellness applications for which a label has been issued pursuant to Article 31~~.

Amendment 165 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 32 – paragraph 2

2. Before placing on the market or putting into service an EHR system referred to in Article 14 ~~or a wellness application referred to in Article 31~~, the manufacturer of such EHR system ~~or wellness application~~ or, where applicable, its authorised representative shall register the required data into the EU database referred to in paragraph 1.

Amendment 166 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 32 – paragraph 4

4. The Commission is empowered to adopt delegated acts in accordance with Article 67 to determine the list of required data to be registered by the manufacturers of EHR systems ~~and wellness applications~~ pursuant to paragraph 2.

Amendment 167 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from fully completed or terminated clinical trials;

Amendment 168 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from ~~private enterprise~~health data holders shall be made available for secondary use. Where such data is made available for secondary use, all measures necessary to preserve IP rights and the confidentiality of ~~IP rights and trade secrets shall be taken~~trade secrets must be taken. The sharing of health data for secondary use including the sharing of clinical trial data, shall be shared without prejudice to existing relevant Union legislation including Directive 2004/48/EC, Directive 2001/29/EC, Directive (EU) 2016/943, Directive (EU) 2019/790 and Regulation (EU) No 536/2014.

Amendment 169 #

Proposal for a regulation
Article 34 – paragraph 1 – point a a (new)

(a a) activities for reasons of public interest in cases of serious public health threats.

Amendment 170 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices, including supporting operational efficiency, improving the patient pathway and post- market monitoring to identify side effects and adverse events;

Amendment 171 #

Proposal for a regulation
Article 34 – paragraph 1 – point f a (new)

(f a) development and innovation activities for products or services, including health economics and health outcomes research studies;

Amendment 172 #

Proposal for a regulation
Article 35 – paragraph 1 – introductory part

Seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited on case-by-case basis, if there is harm to patients or consumers from such use:

Amendment 173 #

Proposal for a regulation
Article 37 – paragraph 1 – introductory part

1. Health data access bodies ~~shall~~may carry out the following tasks:

Amendment 174 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

(i) ~~support~~the data access bodies shall support with expertise the development of AI systems, the training, testing and validating of AI systems and the development of harmonised standards and guidelines under Regulation […] [AI Act COM/2021/206 final] for the training, testing and validation of AI systems in health;.

Amendment 175 #

Proposal for a regulation
Article 37 – paragraph 1 – point p

(p) send to the data holder free of charge, by the expiry of the data permit, a copy of the corrected, annotated or enriched dataset, as applicable, and a description of the operations performed on the original dataset;deleted

Amendment 176 #

Proposal for a regulation
Article 41 – paragraph 1

1. ~~Where a~~A data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate in ~~good faith~~a methodical and supervised process with the health data access bodies~~, where relevant~~ and other involved actors.

Amendment 177 #

Proposal for a regulation
Article 42 – paragraph 1

1. Health data access bodies and single data holders may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]deleted

Amendment 178 #

Proposal for a regulation
Article 42 – paragraph 1

1. Health data access bodies and single data holders may charge fees for making electronic health data available for secondary use. Any fees shall ~~include and be derived from~~be proportionate in relation to the costs related to conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]

Amendment 179 #

Proposal for a regulation
Article 42 – paragraph 2

2. Where the data in question are not held by the data access body or a public sector body, the fees may also include compensation for part of the costs for collecting the electronic health data specifically under this Regulation in addition to the fees that may be charged pursuant to paragraph 1. The part of the fees linked to the data holder’s costs shall be paid to the data holder.deleted

Amendment 180 #

Proposal for a regulation
Article 42 – paragraph 3

3. The electronic health data referred to in Article 33(1), point (o), shall be made available to a new user free of charge or against a fee matching the compensation for the costs of the human and technical resources used to enrich the electronic health data. That fee shall be paid to the entity that enriched the electronic health data.deleted

Amendment 181 #

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate to the cost of collecting and making electronic health data available for secondary use, objectively justified and shall not restrict competition. The support received by the data holder from donations, public national or Union funds, to set up, develop or update tat dataset shall be excluded from this calculation. The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees, by reducing those fees proportionately to their size or budget.

Amendment 182 #

Proposal for a regulation
Article 42 – paragraph 5

5. Where data holders and data users do not agree on the level of the fees within 1 month of the data permit being granted, the health data access body may set the fees in proportion to the cost of making available electronic health data for secondary use. Where the data holder or the data user disagree with the fee set out by the health data access body, they shall have access to dispute settlement bodies set out in accordance with Article 10 of the Regulation […] [Data Act COM/2022/68 final].deleted

Amendment 183 #

Proposal for a regulation
Article 42 – paragraph 6

6. TNo later than 12 months after the entry into force of the Regulation, the Commission ~~may~~shall, by means of implementing acts, lay down principles and rules for the fee policies and fee structures. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The fee structure shall maximise the data- driven network effects. The Commission may consider different solutions, including steep data access fees and provisions to remunerate the data provider, as a one-size-fits-all solution is not effective.

Amendment 184 #

Proposal for a regulation
Article 44 – paragraph 3 a (new)

3 a. The Commission shall, by means of implementing act, set out rules for risk- based anonymisation methodology, taking into consideration risk factors such as type of use, the safeguards in place, probability of re-identification of patients, sensitivity of type of data.

Amendment 185 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites without prejudice to IP rights and relevant Union legislation. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 186 #

Proposal for a regulation
Article 46 – paragraph 11

11. DHealth data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, ~~no later~~ if possible, withain 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The health data users shall inform the health data access bodies from which a data permit was obtained and support them to make the ~~information~~results or output provided by the health data users public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 187 #

Proposal for a regulation
Article 49 – paragraph 1

1. Where an applicant requests access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The applicant may file a data access application or a data request also by other means of sharing health data using existing infrastructures and registries that have established data flows, technical architectures, governance models and data access. The Regulation shall not impede existing data sharing initiatives already in place in Union and Member States in order to enhance the interoperability and data exchange in the internal market. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders ~~shall~~may be adressed to health data access bodies.

Amendment 188 #

Proposal for a regulation
Article 52 – paragraph 1

1. Each Member State ~~shall~~may designate a national contact point for secondary use of electronic health data,. The national contact point shall be an organisational and technical gateway, enabling and responsible for making electronic health data available for secondary use in a cross- border context ~~and shall communicate their names and contact details to the Commiss~~. The national contact point shall be constructed in close consultation with the data holders and data users of that specific Member State. Each Member State shall notify the Commission the name and contact details of the national contact point by the date of application of this Regulation. The national contact point may be the coordinator health data access body pursuant to Article 36. The Commission and the Member States shall make this information publicly available.

Amendment 189 #

Proposal for a regulation
Article 52 – paragraph 8

8. The Member States and the Commission shall set up HealthData@EU to support ~~and facilitate~~ the cross-border access to electronic health data for secondary use, connecting the national contact points for secondary use of electronic health data of all Member States and authorised participants in that infrastructure. The Commission shall use a decentralised structure to facilitate the cross-border access to electronic health data for secondary use.

Amendment 190 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 63 – paragraph 1

In the context of international access and transfer of personal electronic health data, Member States may maintain or introduce further conditions, including limitations, in accordance with and under the conditions of article 9(4) of the Regulation (EU) 2016/679. Such limitations shall not entail storage requirements for health data that can be lawfully transferred to third countries in accordance with the requirements under Regulation […] [Data Governance Act COM/2020/767 final] and Chapter V of Regulation (EU) 2016/679 or stricter conditions under national law.

Amendment 191 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 192 #

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including ~~patients’~~ representatives of patients, healthcare pr~~esentative~~ofessionals, academia and researchers, shall be invited to attend meetings of the EHDS Board and to participate in its work~~, depending on the topics discussed and their degree of sensitivity~~.

Amendment 193 #

Proposal for a regulation
Article 67 – paragraph 4

4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State and targeted stakeholders, including health professionals and patients’ organisations, in accordance with the principles laid down in the Inter-institutional Agreement of 13 April 2016 on Better Law-Making.

Amendment 194 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 68 – paragraph 2 a (new)

2 a. In accordance with the Inter- Institutional Agreement of 13 April 2016 on Better Law-Making, the Commission will make use of expert groups, consult targeted stakeholders and carry out public consultations to gather broader expertise in the early preparation of draft implementing acts.

Amendment 195 #

Proposal for a regulation
Article 69 – paragraph 1

Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are properly and effectively implemented. The penalties shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them.

Amendment 196 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 69 – paragraph 1 a (new)

When deciding on the amount of the penalty in each individual case, all relevant circumstances of the specific situation shall be taken into account and due regard shall be given to the following: (a) the nature, gravity and duration of the infringement and of its consequences, taking into account the nature, scope as well as the number of users affected and the level of damage suffered by them; (b) whether penalties have been already applied by other competent authorities to the same infringing party; (c) the size and market share of the economic operator committing the infringement; (d) the intentional or negligent character of the infringement; (e) any action taken by the infringing party to mitigate the damage of the infringement; (f) the degree of responsibility of the infringing party taking into account technical and organisational measures implemented to prevent the infringement; (g) the degree of cooperation with the competent authorities, in order to remedy the infringement and mitigate the possible adverse effects of the infringement; (h) the manner in which the infringement became known to the competent authorities, in particular whether, and if so to what extent, the infringing party notified the infringement; (i) any other aggravating or mitigating factor applicable to the circumstances of the case, such as financial benefits gained, or losses avoided, directly or indirectly, from the infringement.

Amendment 197 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 69 – paragraph 1 a (new)

Penalties shall at least include fines proportionate to the extent of non- compliance and to the turnover of the relevant economic operator. Fines shall be calculated in such a way as to make sure that they effectively deprive the economic operator of the economic benefits derived from their infringements. Fines shall be gradually increased for repeated infringements.

Amendment 198 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 69 – paragraph 1 b (new)

In deciding whether to impose sanctions and, if so, in determining their nature and appropriate level, due account shall be taken of: (a) the nature, gravity and duration of the infringement; (b) any previous infringements by the economic operator of this Regulation; (c) the financial benefits gained or losses avoided by the economic operator due to the infringement, if the relevant data are available; (d) penalties imposed in respect of the same infringement in other Member States; (e) any action taken by the economic operator to remedy or to mitigate the adverse effects of the infringement; (f) any other aggravating or mitigating factors applicable to the circumstances of the case.

Amendment 199 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 69 – paragraph 1 b (new)

The non-compliance of an EHR system with any requirements or obligations under this Regulation, including the supply of incorrect, incomplete or misleading information to national competent authorities, shall be subject to penalties of up to 20 000 000 EUR or up to 6% of its total worldwide annual turnover for the preceding financial year, whichever is higher.

Amendment 200 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 69 – paragraph 1 c (new)

Member States shall ensure that any decision containing penalties related to the breach of the provisions of this Regulation is published no later than a month after the penalty is imposed.

Amendment 201 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 70 – paragraph 1

1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of a) the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies. ; b) impacts of EHR systems on health outcomes for patients, including impact on standardised preventable and treatable mortality rate, life expectancy and patients’ healthcare utilisation (number of visits); c) impacts of EHR systems on healthcare economic performance; d) the data portability rights, including the impact on portability transaction costs and impact on selection of health service providers, healthcare costs, diagnosis and treatment speed; e) resilience and flexibility of the EHR systems and secondary data sharing framework in order to assess the readiness for potential future crisis; f) the implementation of technological innovations in the healthcare sector, including the development of new drugs and medical procedures; g) interoperability model in place in Member States, including best practices analysis concerning the cost-benefit results, transparency, decentralisation level; h) the analysis of market coordination failure before and after implementation and related monetary benefit from reducing information asymmetries between medical service providers per Member State; i) impact on information asymmetry between patients and health care providers per Member State; j) contribution to additional investments in the Union and related net impact on productivity and economic growth; k) quality and coverage of access of health professionals to the medical records of patients per Member State, including impact on reduction of duplications and errors and reduction of administration time and costs; l) overlaps and incoherences with other Union and national legislation, including the quantification of related extra costs of overlaps and related regulatory uncertainty. Inter alia, the assessment shall analyse alignment with the General Data Protection Regulation, Data Governance Act, Data Act, AI Act and Regulations on cybersecurity.

Amendment 202 #

Proposal for a regulation
Article 70 – paragraph 1

1. After 53 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies, as well as the need to designate a public testing facility of a Member State as a Union testing facility, pursuant to Article 21 of Regulation (EU) 2019/1020.

Amendment 203 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 70 – paragraph 1

1. After 53 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment especially with regards to a transition from self-certification to third- party certification. The evaluation shall include an assessment of the self- certification of EHR systems and ~~reflect on~~consider the need to introduce a conformity assessment procedure performed by notified bodies as a way to better ensure protection of electronic health data.

Amendment 204 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 70 – paragraph 2

2. After 7 years from the entry into 2. force of this Regulation and then every 7 years, the Commission shall carry out an overall evaluation of this Regulation, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The overall evaluation shall also identify best practices and assess the health outcomes for patients and consumers resulting from implementation of the EHDS.

Amendment 205 #

Proposal for a regulation
Article 70 – paragraph 2

2. After 75 years from the entry into force of this Regulation, the Commission shall carry out an overall evaluation of this Regulation, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment.

Amendment 206 #

Proposal for a regulation
Article 70 – paragraph 3

3. Member States shall provide the Commission with the information necessary for the preparation of that report. and shall report to the Commission on the common indicators.

Amendment 207 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 70 – paragraph 3 a (new)

3 a. The Commission shall be empowered to adopt, by 12 months after the entry into force of this Regulation, delegated acts to supplement this Regulation in order to: (a) set out the common result and impact oriented indicators to be used for reporting on the progress and for the purpose of monitoring and evaluation of this Regulation; (b) measure the costs, benefits and other health and economic results including trends per Member State in order to compare the effectiveness of implementation of this Regulation;and (c) define a methodology for reporting by Member States. The Commission shall regularly revise and, if necessary, update the common indicators.

Amendment 208 #

Proposal for a regulation
Article 71 a (new)

Article 71 a Amendment to Directive (EU) 2020/1828 on Representative Actions for the Protection of the Collective Interests of Consumers The following is added to Annex I: “(67) Regulation (EU) .../... of the European Parliament and of the Council on the European Health Data Space”

Amendment 209 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 71 a (new)

Article 71 a Representative Actions Directive (EU) 2020/1828 shall apply to the representative actions brought against infringements by economic operators of provisions of this Regulation that harm or may harm the collective interests of consumers.

Amendment 210 #

Proposal for a regulation
Article 72 – paragraph 3 – point a

(a) from 14 year after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (a), (b) and (c), and to EHR systems intended by the manufacturer to process such categories of data.;

Amendment 211 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 72 – paragraph 4

Chapter III shall apply to EHR systems put into service in the Union pursuant to Article 15(2) from 34 years after date of entry into application.

Amendment 212 #

Proposal for a regulation
Annex II – point 3 – point 3.1

3.1. An EHR system shall be designed and developed in such a way that it ensures safe and secure processing of electronic health data, ~~and~~ that it prevents unauthorised access to such data, and that it duly takes into consideration the principles of data minimization and data protection by design.

Amendment 213 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Annex II – point 3 – point 3.8

3.8. An EHR system designed for the storage of electronic health data shall support different retention periods and access rights that take into account the origins and categories of electronic health data and the specific purpose of the data processing operations.

Amendment 31 #

Virginie JORON, Markus BUCHHEIT, Jean-Lin LACAPELLE

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. The implementation costs for connecting healthcare professionals to the EHDS, including new infrastructure and cybersecurity maintenance, capacity building and additional administrative data workload, cannot be carried by healthcare professionals themselves. Member States need to ensure that EU financial incentives are distributed evenly and fairly among those impacted by the proposal. The time spent by healthcare professionals validating and rectifying the electronic health record needs to be accounted for by Member States.

Amendment 32 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). A patient’s Covid vaccination status does not need to be included in the electronic health data. In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it.

Amendment 33 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems ~~or wellness applications~~ are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it.

Amendment 34 #

Proposal for a regulation
Recital 11

(11) Natural persons should be further empowered to exchange and to provide access to personal electronic health data to the health professionals of their choice, going beyond the right to data portability as established in Article 20 of Regulation (EU) 2016/679. This is necessary to tackle objective difficulties and obstacles in the current state of play. Under Regulation (EU) 2016/679, portability is limited only to data processed based on consent or contract, which excludes data processed under other legal bases, such as when the processing is based on law, for example when their processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. It only concerns data provided by the data subject to a controller, excluding many inferred or indirect data, such as diagnoses, or tests. Finally, under Regulation (EU) 2016/679, the natural person has the right to have the personal data transmitted directly from one controller to another only where technically feasible. That Regulation, however, does not impose an obligation to make this direct transmission technically feasible. All these elements limit the data portability and may limit its benefits for provision of high-quality, safe and efficient healthcare services to the natural person. Portability should give consumers more choice in the selection of healthcare provider, resulting in reduced healthcare costs, faster diagnosis and treatment time and overall better health outcomes.

Amendment 35 #

Virginie JORON, Markus BUCHHEIT, Jean-Lin LACAPELLE

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Such costs and health outcomes should be regularly assessed and quantified in order to measure the results of improved interoperability. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Cost reduction should be periodically reviewed and compared between Member States in order to identify best practices and deliver results in the whole internal market without potential fragmentation. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format.

Amendment 36 #

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format~~, which can be transmitted between healthcare providers~~ are entirely controlled by the patient and can be shared by the patient with healthcare providers on a strictly voluntary basis, which can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. To that end, patients must be asked, in a clear and comprehensible manner, for their explicit consent whenever their personal health data could be shared. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format.

Amendment 37 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the Commission and the Member States should agree on ambitious time-based targets to implement improved health data interoperability across the Union. The access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format.

Amendment 38 #

Proposal for a regulation
Recital 16 a (new)

(16 a) Implementation of an interoperable European electronic health record exchange format should build on the existing investments and solutions already made in Member States. Existing health data infrastructures should be leveraged to allow continuity and build on existing expertise.

Amendment 39 #

Virginie JORON, Markus BUCHHEIT, Jean-Lin LACAPELLE

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. The EHDS should also contribute to other requirements, mainly to apply the once-only principle, where possible. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 40 #

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons who so wish to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accessible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Electronic health records should only be processed and stored on servers in Europe, under the supervision of Member States, and by European undertakings which provide the necessary technology and employees for those purposes. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format shcouldbecome ~~more~~generalised at ~~EU and~~national level. While the eHealth Network under Article 14 of Directive 2011/24/EU 46of the European Parliament and of the Council46 recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 41 #

(19 a) The once-only principle means that natural or legal persons provide data only once to public sector or EHDS including EHR systems under the primary use regime, while public sector bodies take the necessary steps to use such data for secondary use, while respecting data protection rules. It would avoid duplication and unnecessary burdens to healthcare professionals and providers, to provide data again.

Amendment 42 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate and exchange best practices at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems and wellness applications, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.

Amendment 43 #

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems ~~and wellness applications~~, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.

Amendment 44 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. Making interoperability mandatory would overcome the market coordination failure. Introducing interoperability standards at EU level is likely to be more effective than at national level. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.

Amendment 45 #

Proposal for a regulation
Recital 25

(25) In the context of MyHealth@EU, a central platform should provide a common infrastructure for the Member States to ensure connectivity and interoperability in an efficient and secure way. In order to guarantee compliance with data protection rules and to provide a risk management framework for the transmission of personal electronic health data, the Commission should, by means of implementing acts, allocate specific responsibilities among the Member States, as joint controllers, and prescribe its own obligations, as processor. Furthermore, to ensure the technological sovereignty of the Union and ensure the highest security standards, the platform should be licenced under an open source licence in line with the Open Source Strategy 2020-2023 (C(2020) 7149 final) and Commission decision 2021/C 495 I/01. This will increase transparency and ensure consumer trust and confidence in the platform.

Amendment 46 #

Proposal for a regulation
Recital 25 a (new)

(25 a) EHDS as a whole is a federated structure that can accommodate centralisation or decentralisation based on the Commission and Member States preferences in order to deliver resilient, secure and interoperable infrastructure. The structure should be chosen based on the in-depth analysis for each part of the Regulation.

Amendment 47 #

Proposal for a regulation
Recital 29

(29) Software or module(s) of software which falls within the definition of a medical device or high-risk artificial intelligence (AI) system should be certified in accordance with Regulation (EU) 2017/745 of the European Parliament and of the Council49and Regulation […] of the European Parliament and of the Council [AI Act COM/2021/206 final], as applicable. The essential requirements on interoperability of this Regulation should only apply to the extent that the manufacturer of a medical device or high- risk AI system, which is providing electronic health data to be processed as part of the EHR system, claims interoperability with such EHR system. In such case, the provisions on international standards andcommon specifications for EHR systems should be applicable to those medical devices and high-risk AI systems. _________________ 49 Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC (OJ L 117, 5.5.2017, p. 1).

Amendment 48 #

Proposal for a regulation
Recital 33

(33) Compliance with essential requirements on interoperability and security should be demonstrated by the manufacturers of EHR systems through the implementation of ~~common specifications. To that end~~international standards or common specifications, if duly justified where the international standard is not available. Applying common specifications may lead to the risk of using outdated data formats that are e.g., no longer secure and therefore restrictive, hampering patient safety, innovation and introducing additional barriers for European companies operating globally. To that end, in exceptional situation, implementing powers should be conferred on the Commission to determine such common specifications regarding datasets, coding systems, technical specifications, including standards, specifications and profiles for data exchange, as well as requirements and principles related to security, confidentiality, integrity, patient safety and protection of personal data as well as specifications and requirements related to identification management and the use of electronic identification. Digital health authorities should contribute to the development of such common specifications.

Amendment 49 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Recital 33 a (new)

(33 a) European or Interoperability standards should be aligned to the extent possible with best practices and existing technical solutions. The Commission should identify and analyse those best practices and commonly used existing technical solutions in Member States in order to avoid the burden of implementing additional regulatory requirements.

Amendment 50 #

Proposal for a regulation
Recital 34

(34) In order to ensure an appropriate and effective enforcement of the requirements and obligations laid down in Chapter III of this Regulation, the system of market surveillance and compliance of products established by Regulation (EU) 2019/1020 should apply. Depending on the organisation defined at national level, such market surveillance activities could be carried out by the digital health authorities ensuring the proper implementation of Chapter II or a separate market surveillance authority responsible for EHR systems. While designating digital health authorities as market surveillance authorities could have important practical advantages for the implementation of health and care, any conflicts of interest should be avoided, for instance by separating different tasks. Member States should ensure that market surveillance authorities have the necessary human, technical and financial resources, premises, infrastructure, and expertise to carry out their duties effectively.

Amendment 51 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 35

(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntary labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. The Commission may set out in implementing acts the details regarding the format and content of such label.deleted

Amendment 52 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 36

(36) The distribution of information on certified EHR systems ~~and labelled wellness applications~~ is necessary to enable procurers and users of such products to find interoperable solutions for their specific needs. A database of interoperable EHR systems ~~and wellness applications~~, which are not falling within the scope of Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final] should therefore be established at Union level, similar to the European database on medical devices (Eudamed) established by Regulation (EU) 2017/745. The objectives of the EU database of interoperable EHR systems ~~and wellness applications~~ should be to enhance overall transparency, to avoid multiple reporting requirements and to streamline and facilitate the flow of information. For medical devices and AI systems, the registration should be maintained under the existing databases established respectively under Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final], but the compliance with interoperability requirements should be indicated when claimed by manufacturers, to provide information to procurers.

Amendment 53 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use. Additionally, cybersecurity is of utmost importance in the healthcare sector, especially when it comes to protecting health data. That is why robust cybersecurity measures should be implemented by the national digital health authorities in order to protect sensitive health data of users to thwart any attempts to breach the systems and steal or damage the data.

Amendment 54 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices~~, wellness applications or other wearables~~ and digital health applications. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 55 #

Proposal for a regulation
Recital 40

Amendment 56 #

Proposal for a regulation
Recital 51

(51) As the resources of health data access bodies are limited, they can apply prioritisation rules, ~~for inst~~the Commission should issue guidance on prioritis~~ing public institutions before private entiti~~ation criteria. In general, the request with potential overall highes,t b~~ut they should not make any discrimination between the national or from organisations from other Member States within the same category of priorities~~enefit for the citizens and Union should be prioritised, for example research and development of technologies and innovations in the healthcare sector. The common criteria should avoid fragmentation of the single market. The data user should be able to extend the duration of the data permit in order, for example, to allow access to the datasets to reviewers of scientific publication or to enable additional analysis of the dataset based on the initial findings. This would require an amendment of the data permit and may be subject to an additonal fee. However, in all the cases, the data permit should reflect theses additionals uses of the dataset. Preferably, the data user should mention them in their initial request for the issuance of the data permit. In order to ensure a harmonised approach between health data access bodies, the Commission should support the harmonisation of data permit.

Amendment 57 #

Proposal for a regulation
Recital 68

(68) In order to ensure that EHDS fulfils its objectives, the power to adopt acts in accordance with Article 290 Treaty on the Functioning of the European Union should be delegated to the Commission in respect of different provisions of primary and secondary use of electronic health data. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Inter- institutional Agreement of 13 April 2016 on Better Law-Making52. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. ~~_________________ 52 OJ L 123, 12.5.2016, p. 1~~In accordance with the Inter-Institutional Agreement of 13 April 2016 on Better Law-Making, the Commission will also resort to public consultations to gather the necessary expertise. In particular, health professionals and patients’ representatives shall be consulted prior to the adoption of delegated acts.

Amendment 58 #

Proposal for a regulation
Recital 69

(69) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council~~53. _________________ 53 Regulation (EU) No 182/~~. In accordance with the Inter-Institutional Agreement of 13 April 20116 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13)n Better Law-Making, the Commission will make use of expert groups, consult targeted stakeholders and carry out public consultation to gather broader expertise in the early preparation of draft implementing acts. In particular, health professionals and patients’ representatives shall be consulted. .

Amendment 59 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Recital 70

(70) Member States should take all necessary measures to ensure that the provisions of this Regulation are implemented, including by laying down effective, proportionate and dissuasive penalties for their infringement. For certain specific infringements, Member States should take into account the margins and criteria set out in this Regulation. Moreover, the Member states should put in place communication campaigns to inform all relevant stakeholders, especially the industry, and society, about the infringements and all provisions of the Regulation in order to facilitate its implementation which needs to take especially into account the different digital developments of health systems across the EU.

Amendment 60 #

(71) In order to assess whether this Regulation reaches its objectives effectively and efficiently, is coherent and still relevant and provides added value at Union level the Commission should carry out an evaluation of this Regulation. The Commission should carry out a partial evaluation of this Regulation 53 years after its entry into force, on the self-certification of EHR systems and the need to introduce a conformity assessment procedure performed by notified bodies, and an overall evaluation 7 years after the entry into force of this Regulation. The Commission should submit reports on its main findings following each evaluation to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions.

Amendment 61 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Recital 73 a (new)

(73 a) Consumers should be entitled to enforce their rights in relation to the obligations imposed on economic operators under this Regulation through representative actions in accordance with Directive (EU) 2020/1828 of the European Parliament and of the Council. For that purpose, this Regulation should provide that Directive (EU) 2020/1828 is applicable to the representative actions concerning infringements of the provisions of this Regulation that harm or can harm the collective interests of consumers. The Annex to that Directive should therefore be amended accordingly. It is for the Member States to ensure that that amendment is reflected in their transposition measures adopted in accordance with Directive (EU) 2020/1828, although the adoption of national transposition measures in this regard is not a condition for the applicability of that Directive to those representative actions. The applicability of Directive (EU) 2020/1828 to the representative actions brought against infringements by economic operators of provisions of this Regulation that harm or can harm the collective interests of consumers should start from the date of application of this Regulation.

Amendment 62 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems ~~and wellness applications~~ placed on the market and put into service in the Union and the users of such products; (This amendment applies throughout the text.)

Amendment 63 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 1 – paragraph 4

Directive 2013/87/EC
Article 1 – paragraph 4

4. This Regulation shall be without prejudice to other Union legal acts regarding access to, sharing of or secondary use of electronic health data, or requirements related to the processing of data in relation to electronic health data, in particular Regulations (EU) 2016/679, (EU) 2018/1725, […] [Data Governance Act COM/2020/767 final], Directive (EU) 2016/943 and […] [Data Act COM/2022/68 final].

Amendment 64 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data ~~concerning health and genetic data in electronic format~~in electronic format relevant for health research that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 65 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 2 – paragraph 2 – point h

(h) ‘registration of electronic health data’ means the recording of health data in an electronic format, through manual entry of data, through the collection of data by a device, or through the conversion of non- electronic health data into an electronic format, to be processed in an EHR system ~~or a wellness application~~;

Amendment 66 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 2 – paragraph 2 – point m

(m) ‘EHR’ (electronic health record) means any collection of past or present electronic health data, including physical and mental data, related to a natural person and collected in the health system, processed for healthcare or research purposes;

Amendment 67 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 2 – paragraph 2 – point m

(m) ‘EHR’ (electronic health record) means an electronic collection of ~~electronic~~ health data related to a natural person ~~and collected~~ in the health system, processed for healthcare purposes;

Amendment 68 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance ~~or softwar~~, software or other article intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records, or that can be reasonably expected by the manufacturer to be mainly used for these purposes;

Amendment 69 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 2 – paragraph 2 – point n

Directive 2013/87/EC
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance or software primarily intended by the manufacturer to ~~be used for storing, intermediating, importing, exporting, converting, editing or view~~consolidate, share and retaing electronic health records;

Amendment 70 #

Proposal for a regulation
Article 2 – paragraph 2 – point n a (new)

(n a) ‘general software’ means any software that is not intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records, or that cannot be reasonably expected by the manufacturer to be mainly used for these purposes;

Amendment 71 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 2 – paragraph 2 – point o

(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life-styles;deleted

Amendment 72 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 2 – paragraph 2 – point o

(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for ~~other purposes than healthcare, such as well-being and pursuing healthy life- styl~~healthy life-style and well-being purposes, or that can be reasonably expected by the manufacturer to be mainly used for these purposes;

Amendment 73 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 2 – paragraph 2 – point o

Directive 2013/87/EC
Article 2 – paragraph 2 – point o

(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, but related to healthcare, such as well-being and pursuing healthy life-styles;

Amendment 74 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) ‘common specifications’ (CS) means a set of technical and/or clinical requirements, other than a standard, that provides a means of complying with the legal obligations applicable to an EHR system.

Amendment 75 #

Proposal for a regulation
Article 3 – paragraph 1

1. Natural persons shall have the right to access their personal electronic health data processed in the context of primary use of electronic health data, immediately, free of charge and in an easily readable, consolidated and accessible form. Natural persons shall not have the right to change the relevant data.

Amendment 76 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a Directive 2013/87/EC

(a) establish one or more electronic health data access services at national, regional or local level, using centralised or decentralised structure, enabling the exercise of rights referred to in paragraphs 1 and 2;

Amendment 77 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain information on ~~the~~which healthcare providers and health professionals tha~~t have~~ve specifically accessed their electronic health data and the reason of why these actors accessed this data in the context of healthcare. The information shall be provided immediately, automatically, and free of charge through electronic health data access services.

Amendment 78 #

Proposal for a regulation
Article 6 – paragraph 1 – introductory part

1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format. When setting out the European electronic health record exchange format, the Commission shall primarily consider the existing international standards and the formats already used in the Member States. The format shall include the following elements:

Amendment 79 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 10 – paragraph 2 – point m – point i (new)

i) ensure robust cybersecurity measures to protect sensitive health data of users to thwart any attempts to breach the systems and steal or damage the data.

Amendment 80 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Commission shall establish a central platform for digital health to provide services to support and facilitate the exchange of electronic health data between national contact points for digital health of the Member States. The central platform shall be licenced under an open- source licence and published in the Open Source code repository of the EU institutions.

Amendment 81 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Commission shall establish a central platform for digital health to provide services to support and facilitate the exchange of electronic health data between national contact points for digital health of the Member States. The platform shall not enable the storage of electronic health data on the platform.

Amendment 82 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 12 – paragraph 4

4. TNo later than 12 months after the entry into force of the Regulation, the Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 83 #

Proposal for a regulation
Chapter III – title

III EHR systems ~~and wellness applications~~

Amendment 84 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 14 – paragraph 3 a (new)

3 a. No later than 12 months after the entry into force of this Regulation, the Commission shall issue guidance to clarify requirement of the manufacturers to conduct conformity assessments under different Union legislation, such as Medical Device Regulations, Artificial Intelligence Act or EHDS. The guidance shall also clarify which rules apply to products that are covered by more regulated categories.

Amendment 85 #

Proposal for a regulation
Article 14 – paragraph 4

4. PNotwithstanding the obligations laid down in Regulation [AI act COM/2021/206 final], providers of high- risk AI systems as defined in Article 6 of Regulation […] [AI act COM/2021/206 final], which does not fall within the scope of Regulation (EU) 2017/745, that claim interoperability of those AI systems with EHR systems will need to prove compliance with the essential requirements on interoperability laid down in Section 2 of Annex II of this Regulation. Article 23 of this Chapter shall be applicable to those high-risk AI systems.

Amendment 86 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 14 a (new)

Article 14 a Once only principle Natural or legal persons shall provide data to public sector bodies or EHR providers under the primary use regime only once, while public sector bodies may use such data for secondary purposes.

Amendment 87 #

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only if they comply with the provisions laid down in this Chapter and in Annex II.

Amendment 88 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point b

(b) draw up and keep up to date the technical documentation of their EHR systems in accordance with Article 24;

Amendment 89 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point c

(c) ensure that their EHR systems are accompanied, free of charge for the user, by the information sheet provided for in Article 25 and by clear and complete instructions for use in accessible formats for persons with disabilities;

Amendment 90 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point g

(g) take ~~without undue d~~immediatelay any necessary corrective action in respect of their EHR systems wh~~ich~~en manufacturers consider or have reasons to believe that such systems are not in conformity with the essential requirements laid down in Annex II, or recall or withdraw such systems;

Amendment 91 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point h

(h) immediately inform the distributors of their EHR systems and, where applicable, the authorised representative and importers of any corrective action, recall or withdrawal;

Amendment 92 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point i

(i) immediately inform the market surveillance authorities of the Member States in which they made their EHR systems available or put them into service of the non- conformity and of any corrective action taken;

Amendment 93 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point i a (new)

(i a) immediately inform the market surveillance authorities of the Member States in which they made their EHR systems available, where manufacturers consider or have reasons to believe that such systems present a risk to the health or safety of natural persons or to other aspects of public interest protection;

Amendment 94 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 – point j

(j) ~~upon request of a market surveillance authority, provide it~~at least 6 months before placing on the market or putting into service their EHR systems, provide market surveillance authorities of the Member States concerned with all the information and documentation necessary to demonstrate the conformity of their EHR system with the essential requirements laid down in Annex II.

Amendment 95 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 17 – paragraph 1 – point j

(j) ~~upon request of a~~provide market surveillance authorit~~y, provide it~~ies with all the information and documentation necessary to demonstrate the conformity of their EHR system with the essential requirements laid down in Annex II prior to making it available or putting it into service.

Amendment 96 #

Adriana MALDONADO LÓPEZ, Marc ANGEL, Maria-Manuel LEITÃO-MARQUES, Alex AGIUS SALIBA, Clara AGUILERA, Maria GRAPINI

Proposal for a regulation
Article 17 – paragraph 1 – point k a (new)

(k a) establish reporting channels and ensure their accessibility to allow for users to submit complaints or concerns regarding potential non-conformity of products; assess the complaints and concerns received, and inform market surveillance authorities in case of suspected non-compliance of the product; and keep a register of complaints and concerns received for 10 years and make it available upon request from a market surveillance authority.

Amendment 97 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 1 a (new)

1 a. If the manufacturer fails to cooperate with market surveillance authorities or if the information and documentation provided is incomplete or incorrect, market surveillance authorities shall take all appropriate measures to prohibit or restrict the relevant EHR system from being available on the market, to withdraw it from the market or to recall it until the manufacturer cooperates or provides complete and correct information;

Amendment 98 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 3 a (new)

3 a. A manufacturer of EHR systems established outside of the Union shall ensure that its authorised representative has the necessary documentation permanently available in order to fulfil the tasks referred to in Article 18(2).

Amendment 99 #

Alexandra GEESE, David CORMAND, Anna CAVAZZINI, Francisco GUERREIRO

Proposal for a regulation
Article 17 – paragraph 3 b (new)

3 b. Natural or legal persons may claim compensation for damage caused by a defective EHR system in accordance with applicable Union and national law. Manufacturers shall have measures in place to provide sufficient financial coverage in respect of their potential liability under Directive 85/374/EEC, without prejudice to more protective measures under national law.

source: 745.235

2023/03/10 ITRE 295 amendments...

Amendment 100 #

Proposal for a regulation
Recital 65

(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Board should consists of representatives from digital health authorities, European Data Protection Board, European Data Protection Supervisor, European Medicines Agency, European Centre for Disease Prevention and Control, healthcare professionals, patient organizations, research community and health industry. All Board members have the same rights and responsibilities. Furthermore, experts of the European Parliament should be invited to attend the meetings of the EHDS Board. The EHDS Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].

Amendment 101 #

Proposal for a regulation
Article 1 – paragraph 1

1. This Regulation establishes the European Health Data Space (‘EHDS’) by providing for rules, common and interoperable standards ~~and~~, practices, and infrastructures and a governance framework for the primary and secondary use of electronic health data.

Amendment 102 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) strengthens the rights of natural persons in relation to the availability, sharing and control of their electronic health data;

Amendment 103 #

Proposal for a regulation
Article 1 – paragraph 3 – point d

(d) data recipients and users to whom electronic health data are made available by data holders in the Union.

Amendment 104 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data concerning health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679; and on a case by case basis pseudonymised data according to Article 4(5) of Regulation (EU) 2016/679

Amendment 105 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data concerning mental and physical health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 106 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data concerning health and anonymised genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 107 #

Proposal for a regulation
Article 2 – paragraph 2 – point f

(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals, involving the exchange of information and knowledge without changing the content or quality of the data between these organisations, software applications or devices, through the processes they support, enabling data portability across data holders and health care providers for data recipients and data users;

Amendment 108 #

Proposal for a regulation
Article 2 – paragraph 2 – point f

(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals using commonly accepted open standards and open data formats, involving the exchange of information and knowledge without changing the content of the data between these organisations, software applications or devices, through the processes they support;

Amendment 109 #

(g) ‘European electronic health record exchange format’ means a structured, commonly used, open standard and machine-readable format that allows transmission of personal electronic health data between different software applications, devices and healthcare providers;

Amendment 110 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 2 – paragraph 2 – point l

(l) ‘telemedicine’ means the provision of healthcare services, ~~including remote care and online pharmacies,~~ through the use of information and communication technologies, in situations where the health professional and the patient (or several health professionals) are not in the same location;

Amendment 111 #

(m) ‘EHR’ (electronic health record) means a collection of electronic mental and physical health data related to a natural person and collected in the health system, processed for healthcare or research purposes;

Amendment 112 #

Proposal for a regulation
Article 2 – paragraph 2 – point q – point i

(i) the death of a natural person or serious damage to a natural person’s health or rights;

Amendment 113 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

Amendment 114 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

Amendment 115 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

Amendment 116 #

Proposal for a regulation
Article 2 – paragraph 2 – point z

(z) ‘data user’ means a natural or legal person who has lawful access to personal or non-personal electronic health data ~~for secondary use~~;

Amendment 117 #

Proposal for a regulation
Article 2 – paragraph 2 – point a a

(aa) ‘data permit’ means an administrative decision issued to a data user by a ~~health data ac~~n application processing body or data holder to process the electronic health data specified in the data permit for the secondary use purposes specified in the data permit based on conditions laid down in this Regulation;

Amendment 118 #

Proposal for a regulation
Article 2 – paragraph 2 – point ad

(ad) ‘data quality’ means the degree to which characteristics of electronic health data are suitable for ~~secondary~~ use;

Amendment 119 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

(aea) ‘anonymised data’ or ‘data in anonymised format’ means personal data that have been anonymised in such a way as to prevent the data subject from being re-identified, including by drawing on state-of-the-art and future technologies and methods or other data.

Amendment 120 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(aea) ‘data sharing’ means the provision defined in Article 2 (10) of the Regulation (EU) 2022/868;

Amendment 121 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)

(aeb) ‘application processing body’ means a body set up in accordance with Article 36(1), fourth sentence, point (a), whose tasks include, in particular, checking data applications and issuing data permits.

Amendment 122 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)

(aeb) 'pseudonymisation' means the processing defined in Article 4 (5) of the Regulation (EU) 2016/679.

Amendment 123 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae c (new)

(aec) ‘pseudonymisation body’ means a body established in accordance with Article 36(1), fourth sentence, point (b), whose tasks include, in particular, the pseudonymisation of electronic health data.

Amendment 124 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae d (new)

(aed) ‘health data access body’ means a body established in accordance with Article 36(1), fourth sentence, point (c), whose tasks include, in particular, the provision of a secure data processing environment.

Amendment 125 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae e (new)

(aee) ‘bodies involved in health data access’ means bodies within the meaning of points (ag), (ah) and (ai) in so far as, in a specific case, they are involved in enabling secondary use.

Amendment 126 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a

(a) establish one or more electronic health data access services at national, regional or local level enabling the exercise of rights referred to in paragraphs 1 and 2; These bodies shall incorporate health professionals’ experience when dealing with the exercise of the rights set out in paragraph 7.

Amendment 127 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf or to enable guardians to act on behalf of their dependent children in a legitimate manner in accordance with the Member State’s national standards.

Amendment 128 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 2

The proxy services shall provide authorisations free of charge, electronically or on paper. They shall enable guardians or other representatives to be authorised, either automatically or upon request, to access electronic health data of the natural persons whose affairs they administer. Member States may provide that authorisations do not apply whenever necessary for reasons related to the protection of the natural person, and in particular based on patient safety and ethics. The proxy services shall be interoperable among Member States unless the proposed rectification concerns a data record made by a health service provider, in which case the provider concerned will have to approve the rectification or lodge their opposition before the health data processing service.

Amendment 129 #

Proposal for a regulation
Article 4 – paragraph 1 – point b

(b) ensure that the personal electronic health data of the natural persons they treat are updated with information related to the health services provided and, otherwise, update data on the health services that they offer.

Amendment 130 #

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals who lawfully carry out their work through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. To that end, they may cooperate, where appropriate, with professional associations as provided for under national rules.

Amendment 131 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person according to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. However, health professionals should always be able to distinguish between the case where there is no data and where there is data, but access is restricted. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 132 #

Proposal for a regulation
Article 5 – paragraph 2 – introductory part

2. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend Annex I by adding, modifying or removing the minimum main characteristics of the priority categories of electronic health data and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria:

Amendment 133 #

Proposal for a regulation
Article 6 – paragraph 1 – introductory part

1. The Commission shall, by means of implementing acts, lay down the open technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format. The format shall include the following elements:

Amendment 134 #

Proposal for a regulation
Article 6 – paragraph 3

3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are issued in the format referred to in paragraph 1 and such data shall be read and accepted by the data recipient including measures intended to ensure that priority categories of personal health data are translated into the language of the patient or health professional to the extent necessary for those health services to be provided.

Amendment 135 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Article 7 – paragraph 1

1. Member States shall ensure that, where data is processed in electronic format, health professionals ~~systematically~~ register the relevant health data falling under at least the priority categories referred to in Article 5 concerning the health services provided by them to natural persons, in the electronic format in an EHR system.

Amendment 136 #

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the transferability of electronic health data in a cross-border context. ~~Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).~~

Amendment 137 #

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the secure transferability of electronic health data in a cross-border context. ~~Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).~~

Amendment 138 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 9 – paragraph 3

3. The Commission and the Member States shall implement services required by the interoperable, cross-border identification and authentication mechanism referred to in paragraph 2 of this Article at Union level, as part of the cross-border digital health infrastructure referred to in Article 12(3).

Amendment 139 #

Proposal for a regulation
Article 9 – paragraph 3

3. The Member States and the Commission shall implement services required by the interoperable, cross-border identification and authentication mechanism referred to in paragraph 2 of this Article at Union level, as part of the cross-border digital health infrastructure referred to in Article 12(3).

Amendment 140 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 9 – paragraph 4

4. The ~~digital health authoriti~~Member States and the Commission shall ~~implement~~develop a the cross- border identification and authentication mechanism at Union and Member States’ level, respectively, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final].

Amendment 141 #

Proposal for a regulation
Article 9 – paragraph 4

4. The ~~digital health authoriti~~Member States and the Commission shall implement the cross- border identification and authentication mechanism at Union and Member States’ level, respectively.

Amendment 142 #

Proposal for a regulation
Article 10 – paragraph 2 – point m

(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ representatives, healthcare providers, health professionals, through the professional associations that represent them, industry associations;

Amendment 143 #

Proposal for a regulation
Article 10 – paragraph 5

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives and health representatives. Members of the digital health authority shall avoid any conflicts of interest.

Amendment 144 #

Proposal for a regulation
Article 12 – paragraph 6

6. Member States shall ensure that pharmacies operating on their territories~~, including online pharmacies,~~ are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmaciy offices shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU, provided that the conditions laid down in their national legislation within the meaning of Article 85(c) of Directive 2001/83/EC and Article 11 of Directive 2011/24/EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmaciy offices shall ~~report~~communicate the dispensation to the Member State that issued the prescription, through MyHealth@EU.

Amendment 145 #

Proposal for a regulation
Article 31 – paragraph 2 – point b

(b) reference to open common specifications to demonstrate compliance;

Amendment 146 #

Proposal for a regulation
Article 31 – paragraph 6

6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device and in the case of software, a digital label. 2D barcodes may also be used to display the label.

Amendment 147 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall make the following categories of electronic data available for secondary use in accordance with the provisions of this Chapter: , provided that their availability does not conflict with the holder’s other legal or ethical obligations:

Amendment 148 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders ~~shall~~, on a voluntary basis and with the prior informed consent of the individual persons to whom the data relates, can make the following categories of electronic data available for secondary use in accordance with the provisions of this Chapter:

Amendment 149 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall make the following categories of electronic data available, upon request and verifying that the natural person has not rejected the option of sharing their data for secondary use in accordance with the provisions of this Chapter:

Amendment 150 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall make the following categories of electronic data available for secondary use upon request and only with consent from the data subject in the case of personal data, in accordance with the provisions of this Chapter:

Amendment 151 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) electronic health data from EHRs;

Amendment 152 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

~~(d) health-related administrative data, including claims and reimbursement data;~~deleted

Amendment 153 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

~~(d) health-related administrative data, including claims and reimbursement data;~~deleted

Amendment 154 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

(d) health-related administrative data for population-wide predominantly publicly funded treatments, including claims and reimbursement data;

Amendment 155 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 156 #

Andreas GLÜCK, Nicola BEER

Proposal for a regulation
Article 33 – paragraph 1 – point e

(e) anonymised human genetic, genomic and proteomic data;

Amendment 157 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data~~, including~~ via medical devices~~, wellness applications or other digital health applications~~;

Amendment 158 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data, including medical devices~~, wellness applications or other digital health applications~~;

Amendment 159 #

Proposal for a regulation
Article 33 – paragraph 1 – point h

(h) population wide electronic health data registries (public health registries);

Amendment 160 #

Proposal for a regulation
Article 33 – paragraph 1 – point i

(i) electronic health data from medical registries ~~for specific diseases~~;

Amendment 161 #

Susana SOLÍS PÉREZ

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from ~~clinical trials~~fully completed or terminated clinical trials in accordance with Regulation (EU) No 536/2014;

Amendment 162 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from clinical trials in accordance with Regulation (EU) No 536/2014;

Amendment 163 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from clinical trials in so far as they have been completed;

Amendment 164 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from finalised clinical trials;

Amendment 165 #

Proposal for a regulation
Article 33 – paragraph 1 – point m

~~(m) electronic health data from biobanks and dedicated databases;~~deleted

Amendment 166 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 167 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 168 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

(n) electronic data related to insurance status, professional status, and education~~, lifestyle, wellness and behaviour data relevant to health~~;

Amendment 169 #

Proposal for a regulation
Article 33 – paragraph 1 – point o a (new)

(oa) Death registries, death certificates

Amendment 170 #

Proposal for a regulation
Article 33 – paragraph 1 a (new)

(1a) Data in categories (b) and (l) shall only be made available if the data have been collected systematically and comprehensively from data subjects. The fact that a public body, a body governed by public law or a public undertaking within the meaning of Regulation (EU) 2022/868 [Data Governance Act] is involved in the collection of data shall not constitute predominantly public funding of data collection. Data holders shall not be obliged to make unlisted categories of data available for secondary use in accordance with the provisions of this Chapter.

Amendment 171 #

Proposal for a regulation
Article 33 – paragraph 2

2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC~~59. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36)~~. The requirement in the first subparagraph shall not apply to data holders who fall within the category of small enterprises in the context of health professional practices.

Amendment 172 #

Proposal for a regulation
Article 33 – paragraph 2

(2) The requirement in the first sentence of the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).

Amendment 173 #

Proposal for a regulation
Article 33 – paragraph 3

3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, collected by entities and bodies in the health or care sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies , which are processed for secondary use or that may be processed for such purposes in accordance with applicable Union law or with national legislation implementing Union law.

Amendment 174 #

Proposal for a regulation
Article 33 – paragraph 3

(3) The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, collected by entities and bodies in the health ~~or care~~ sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies.

Amendment 175 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Article 33 – paragraph 3 a (new)

3a. When electronic health data is made available for secondary use through health data bodies, the beneficiary shall respect the principle of open science, and provide open access to research or processing results, following the principle “as open as possible, as closed as necessary”, in full respect of this regulation and other applicable laws. Derogations from the open access requirements, and open access practices should be closely monitored by the Commission and any exemption should be public.

Amendment 176 #

Proposal for a regulation
Article 33 – paragraph 3 a (new)

3a. The natural person shall receive information about the benefits of providing access to their health date for secondary use.

Amendment 177 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from ~~private enterprise~~health data holders shall be made available for secondary use. For data defined under Article 33 (k) (medical devices) where data holder can demonstrate that data are derived or inferred by means of complex proprietary algorithms and can lead to reverse engineering, data holder should be entitled to refer to data coordinator as established under Article 31 of Regulation (Data Act) to request a restriction or limitation of the sharing of data. Where such data is made available for secondary use, all measures necessary to preserve ~~the~~IP rights and confidentiality of ~~IP rights and~~ trade secrets shall be taken. This regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directive 2001/29/EC, Directive 2004/48/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.

Amendment 178 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use. ~~Where such data is made available for secondary use, a~~All measures necessary to preserve the confidentiality of IP rights and trade secrets shall be taken and data holders may refuse to make the data available if sufficient safeguards for those measures are not provided.

Amendment 179 #

Proposal for a regulation
Article 33 – paragraph 4

(4) Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use~~. Where such data is made available for secondary use,~~ if and to the extent that all measures necessary to preserve the confidentiality of IP rights and trade secrets ~~shall~~can be taken., for example by taking the following measures:

Amendment 180 #

Proposal for a regulation
Article 33 – paragraph 4 a (new)

(4a) extending the period for making data available to 24 months in order to allow for registration of property rights; or

Amendment 181 #

Proposal for a regulation
Article 33 – paragraph 4 b (new)

(4b) processing data to ensure that trade secrets are redacted.

Amendment 182 #

Proposal for a regulation
Article 33 – paragraph 5

(5) Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.deleted

Amendment 183 #

Proposal for a regulation
Article 33 – paragraph 5

5. Where the consent of the natural person is required by national or Union law, health data access bodies shall rely on the obligations laid down in the respective legislation and this Chapter to provide access to electronic health data ensuring the primacy of the individual fundamental rights.

Amendment 184 #

Proposal for a regulation
Article 33 – paragraph 5

Amendment 185 #

Proposal for a regulation
Article 33 – paragraph 6

(6) Where a public sector body obtains data in emergency situations as defined in Article 15, point (a) or (b) of the Regulation […] [Data Act COM/2022/68 final], in accordance with the rules laid down in that Regulation, it may be supported by a health data access body or a pseudonymisation body to provide technical support to process the data or combing it with other data for joint analysis.

Amendment 186 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 187 #

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 188 #

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 189 #

Proposal for a regulation
Article 33 – paragraph 7

7. The Commission shall periodically review the list in paragraph 1. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data. The EHDS board shall be consulted as part of the periodical review.

Amendment 190 #

Proposal for a regulation
Article 33 – paragraph 7

7. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data after consultations with all stakeholders, including industry and ensuring public scrutiny for the changes.

Amendment 191 #

Proposal for a regulation
Article 33 – paragraph 7 a (new)

7a. In order to protect the natural persons, but also with a view to public and national security Member States may limit the scope of data made available for secondary use.

Amendment 192 #

Proposal for a regulation
Article 33 – paragraph 8

(8) Health data access bodies may provide access to additional categories of electronic health data that they have been entrusted with pursuant to national law or based on voluntary cooperation with the relevant data holders at national level, in particular to electronic health data held by private entities in the health sector.deleted

Amendment 193 #

Proposal for a regulation
Article 33 – paragraph 8

8. Health data access bodies may provide access to additional categories of electronic health data that they have been entrusted with pursuant to national law or based on voluntary cooperation with the relevant data holders at national level, in particular to electronic health data held by private entities in the health sector and in accordance with the relevant security and privacy provisions.

Amendment 194 #

Proposal for a regulation
Article 33 – paragraph 8 a (new)

(8a) Electronic health data from biobanks and dedicated databases, as well as human genetic, genomic and proteomic data, may be shared by the data holder on a voluntary basis in accordance with the rules of this Regulation.

Amendment 195 #

Proposal for a regulation
Article 33 a (new)

Article 33a Rights of natural persons in relation to the secondary use Natural persons shall have the right to restrict access by health data access bodies to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms.

Amendment 196 #

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

(1) ~~Health data ac~~Application processing bodies shall only ~~provid~~authorise access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant complies with:

Amendment 197 #

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety and efficacy of healthcare and of medicinal products or medical devices, for the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases the EMA and ECDC shall be granted rapid and unrestricted access to the health data within the EHDS;

Amendment 198 #

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality ~~and safety~~, safety and effectiveness of healthcare and of medicinal products or medical devices, in order to evaluate the risks and benefits of pharmaceutical products approved, authorized by or submitted for approval or authorization to the EMA or other national pharmaceutical agencies;

Amendment 199 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices, identification of environmental factors on health, identification of work related risks and evaluation of preventive measure taken;

Amendment 200 #

Proposal for a regulation
Article 34 – paragraph 1 – point e a (new)

(ea) Health Economics and Outcomes Research (HEOR);

Amendment 201 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) ~~development and innovation activities for products or~~activities for the development, placing on the market, advancement and seurv~~ices contributing to public health or social security, or ensuring high levels of quality and safety of~~eillance of products or services related to health or care~~, of medicinal products or of medical device~~ sectors;

Amendment 202 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development ~~and innovation~~ activities for products or services demonstrably contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 203 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health ~~or social security~~, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 204 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluidating of algorithms, including in medical devices, AI systems and digital ~~health~~ applications~~, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices~~ related to health in accordance with the AI Act (COM/2021/206 final);

Amendment 205 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to ~~the~~ public health ~~or social security~~, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 206 #

Proposal for a regulation
Article 35 – paragraph 1 – introductory part

Seeking or gaining access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 or made available according to this legislation for the following purposes shall be prohibited and subject to penalties :

Amendment 207 #

Proposal for a regulation
Article 35 – paragraph 1 – point a

(a) taking decisions or allowing actions of any kind detrimental to a natural person based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;

Amendment 208 #

Proposal for a regulation
Article 35 – paragraph 1 – point b

Amendment 209 #

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 210 #

Proposal for a regulation
Article 35 – paragraph 1 – point e

(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco products, or goods or services which are designed or modified in such a way that they contravene public order or morality or result in behavioural changes that reduce the freedom of choice or security of the natural persons.

Amendment 211 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(ea) reconstructing the identity of natural persons from datasets shared under this Regulation;

Amendment 212 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(ea) re-engineering medical devices or AI algorithms.

Amendment 213 #

Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)

(eb) profiling of natural persons solely from the datasets shared under this Regulation or in combination with other data;

Amendment 214 #

Proposal for a regulation
Article 35 – paragraph 1 – point e c (new)

(ec) the targeted use of data shared under this Regulation to obtain intellectual property or trade secrets of competitors or information that allows conclusions to be drawn about the business performance of a specific market operator;

Amendment 215 #

Proposal for a regulation
Article 35 – paragraph 1 – point e d (new)

(ed) the sale of electronic health data made available under this Regulation.

Amendment 216 #

Proposal for a regulation
Article 36 – title

~~Health data access bodies~~Bodies involved in accessing health data

Amendment 217 #

Proposal for a regulation
Article 36 – paragraph 1

(1) Member States shall each designate one or more ~~health data access bodies~~bodies involved in accessing health data that are responsible for granting access to electronic health data for secondary use. Member States may either establish one or more new public sector bodies or rely on existing public sector bodies or on internal services of public sector bodies or private legal persons that fulfil the conditions set out in this Article. Where a Member State designates several ~~health data access bodies~~bodies involved in accessing health data, it shall designate one ~~health data access~~ body to act as coordinator, with responsibility for coordinating requests with the other ~~health data access bodies.~~bodies involved in accessing health data. The following legally and organisationally independent bodies may be involved in accessing electronic health data:

Amendment 218 #

Proposal for a regulation
Article 36 – paragraph 1 a (new)

(1a) application processing bodies, which may be administered by both public and private bodies;

Amendment 219 #

Proposal for a regulation
Article 36 – paragraph 1 b (new)

(1b) pseudonymisation bodies, which shall be administered by national public bodies; the European Union shall also create an independent European pseudonymisation body;

Amendment 220 #

Proposal for a regulation
Article 36 – paragraph 1 c (new)

(1c) access bodies, which shall be administered by national public bodies;

Amendment 221 #

Proposal for a regulation
Article 36 – paragraph 2

(2) Member States shall ensure that each ~~health data access body~~body involved in accessing health data is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers. Certification shall be required for approval and designation as an application processing body. Application processing bodies shall carry out their tasks in an impartial, transparent, consistent and timely manner. Senior managers and staff members of the authorities responsible shall not engage in any activity that may conflict with their independence of judgement or integrity in carrying out the tasks entrusted to them.

Amendment 222 #

Proposal for a regulation
Article 36 – paragraph 3

3. Member States shall ensure that essential health stakeholders’ representatives, including patient organisations, healthcare professionals and research community shall be present in the governance and decision-making structures of the health data access bodies. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions.

Amendment 223 #

Proposal for a regulation
Article 36 – paragraph 3

(3) In the performance of their tasks, ~~health data access bodies~~bodies involved in accessing health data shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of ~~health data access bodies shall avoid any conflicts of interest. Health data access bodies~~bodies involved in accessing health data shall avoid any conflicts of interest. Bodies involved in accessing health data shall not be bound by any instructions, when making their decisions.

Amendment 224 #

Proposal for a regulation
Article 36 – paragraph 4

(4) Member States shall communicate to the Commission the identity of the ~~health data access~~ bodies designated pursuant to paragraph 1 by the date of application of this Regulation. They shall also communicate to the Commission any subsequent modification of the identity of those bodies. The Commission and the Member States shall make this information publicly available.

Amendment 225 #

Proposal for a regulation
Article 37 – title

Tasks of ~~health data access bodies~~bodies involved in accessing health data

Amendment 226 #

Proposal for a regulation
Article 37 – paragraph 1 – introductory part

(1) ~~Health data access bodies~~Bodies involved in accessing health data shall carry out the following tasks:

Amendment 227 #

Proposal for a regulation
Article 37 – paragraph 1 – point a

(a) application processing bodies shall decide on data access applications pursuant to Article 45, authorise and issue data permits pursuant to Article 46 to access electronic health data falling within their national remit for secondary use and decide on data requests in accordance with Chapter II of Regulation […] [Data Governance Act COM/2020/767 final] and this Chapter;

Amendment 228 #

Proposal for a regulation
Article 37 – paragraph 1 – point b

(b) access bodies shall support public sector bodies in carrying out the tasks enshrined in their mandate, based on national or Union law;

Amendment 229 #

Proposal for a regulation
Article 37 – paragraph 1 – point c

(c) access bodies shall support Union institutions, bodies, offices and agencies in carrying out tasks enshrined in the mandate of Union institutions, bodies, offices and agencies, based on national or Union law;

Amendment 230 #

Proposal for a regulation
Article 37 – paragraph 1 – point d

(d) access bodies shall process electronic health data for the purposes set out in Article 34, including the collection, combination, preparation and disclosure of those data for secondary use on the basis of a data permit;

Amendment 231 #

Proposal for a regulation
Article 37 – paragraph 1 – point e

(e) access bodies shall process electronic health data from other relevant data holders based on a data permit or a data request for a purposes laid down in Article 34;

Amendment 232 #

Proposal for a regulation
Article 37 – paragraph 1 – point f

(f) bodies involved in accessing health shall take all measures necessary to preserve the confidentiality of IP rights and of trade secrets;

Amendment 233 #

Proposal for a regulation
Article 37 – paragraph 1 – point g

(g) ~~gather and compile or provide access to~~where electronic health data is not accessed directly between data holder and data user, or where the data of a number of holders need to be merged, the access bodies concerned, with the assistance of pseudonymisation bodies, shall gather and compile the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;

Amendment 234 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

(i) access bodies shall support the development of AI systems, the training, testing and validating of AI systems and the development of harmonised standards and guidelines under Regulation […] [AI Act COM/2021/206 final] for the training, testing and validation of AI systems in health;

Amendment 235 #

Proposal for a regulation
Article 37 – paragraph 1 – point j

(j) application processing bodies shall cooperate with and supervise data holders to ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;

Amendment 236 #

Proposal for a regulation
Article 37 – paragraph 1 – point k

(k) application processing bodies shall maintain a management system to record and process data access applications, data requests and the data permits issued and data requests answered, providing at least information on the name of the data applicant, the purpose of access the date of issuance, duration of the data permit and a description of the data application or the data request;

Amendment 237 #

Proposal for a regulation
Article 37 – paragraph 1 – point l

(l) application processing and access bodies shall jointly maintain a public information system to comply with the obligations laid down in Article 38;

Amendment 238 #

Proposal for a regulation
Article 37 – paragraph 1 – point m

(m) cooperate at Union and national level to lay down common approach, technical requirements and appropriate measure~~s and requirement~~s for accessing electronic health data in a secure processing environment;

Amendment 239 #

Proposal for a regulation
Article 37 – paragraph 1 – point m

(m) access bodies shall cooperate at Union and national level to lay down appropriate measures and requirements for accessing electronic health data in a secure processing environment;

Amendment 240 #

Proposal for a regulation
Article 37 – paragraph 1 – point n

(n) access bodies shall cooperate at Union and national level and provide advice to the Commission on techniques and best practices for electronic health data use and management;

Amendment 241 #

Proposal for a regulation
Article 37 – paragraph 1 – point o

(o) access bodies shall facilitate cross- border access to electronic health data for secondary use hosted in other Member States through HealthData@EU and cooperate closely with each other and with the Commission.;

Amendment 242 #

Proposal for a regulation
Article 37 – paragraph 1 – point q – introductory part

(q) application processing bodies shall make public, through electronic means:

Amendment 243 #

Proposal for a regulation
Article 37 – paragraph 1 – point q – point iii

~~(iii) penalties applied pursuant to Article 43;~~deleted

Amendment 244 #

Proposal for a regulation
Article 37 – paragraph 1 – point q a (new)

(qa) access bodies shall make public through electronic means the sanctions imposed under Article 43;

Amendment 245 #

Proposal for a regulation
Article 37 – paragraph 1 – point r

(r) bodies involved in accessing health data shall fulfil obligations towards natural persons pursuant to Article 38;

Amendment 246 #

Proposal for a regulation
Article 37 – paragraph 1 – point s

(s) access bodies shall, if they have reasonable grounds to suspect an infringement, request from data users and data holders all the relevant information to verify the implementation of this Chapter;

Amendment 247 #

Proposal for a regulation
Article 37 – paragraph 1 – point t

(t) bodies involved in accessing health data shall fulfil any other tasks related to making available the secondary use of electronic health data in the context of this Regulation to the extent that these tasks fall within their remit.

Amendment 248 #

Proposal for a regulation
Article 37 – paragraph 2 – introductory part

(2) In the exercise of their tasks, ~~health data access bodies shall~~bodies involved in accessing health data shall proceed as follows:

Amendment 249 #

Proposal for a regulation
Article 37 – paragraph 2 – point b

(b) access bodies shall inform the relevant supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 where a health data access body has imposed penalties or other measures pursuant to Article 43 in relation to processing personal electronic health data and where such processing refers to an attempt to re-identify an individual or unlawful processing of personal electronic health data;

Amendment 250 #

Proposal for a regulation
Article 37 – paragraph 2 – point c

(c) bodies involved in accessing health data shall cooperate with stakeholders, including patient organisations, representatives from natural persons, health professionals, researchers, and ethical committees, where applicable in accordance with Union and national law;

Amendment 251 #

Proposal for a regulation
Article 37 – paragraph 2 – point c

(c) cooperate with all relevant stakeholders, including patient organisations, representatives from natural persons, health professionals, researchers, industry representatives and ethical committees, where applicable in accordance with Union and national law;

Amendment 252 #

Proposal for a regulation
Article 37 – paragraph 2 – point d

(d) bodies involved in accessing health data shall cooperate with other national competent bodies, including the national competent bodies supervising data altruism organisations under Regulation […] [Data Governance Act COM/2020/767 final], the competent authorities under Regulation […] [Data Act COM/2022/68 final] and the national competent authorities for Regulations (EU) 2017/745 and Regulation […] [AI Act COM/2021/206 final].

Amendment 253 #

Proposal for a regulation
Article 37 – paragraph 4

(4) The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of tasks in paragraph 1 of this Article, to reflect the evolution of activities performed by ~~health data access bodies~~bodies involved in accessing health data in the field of health covered by this Regulation.

Amendment 254 #

Proposal for a regulation
Article 38 – title

Obligations of ~~health data access bodies~~bodies involved in accessing health data towards natural persons

Amendment 255 #

Proposal for a regulation
Article 38 – paragraph 1 – introductory part

(1) ~~Health data ac~~Application processing bodies shall make publicly available and easily searchable the conditions under which electronic health data is made available for secondary use,; with information concerning:

Amendment 256 #

Proposal for a regulation
Article 38 – paragraph 1 – point c

(c) the applicable rights of natural persons in relation to secondary use of electronic health data including the right to opt out for certain type of data as defined in Article 33a (new);

Amendment 257 #

Proposal for a regulation
Article 38 – paragraph 2

(2) ~~Health data access bodies~~Bodies involved in accessing health data shall not be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit ~~and~~. Application processing bodies shall provide general public information on all the data permits issued pursuant to Article 46.

Amendment 258 #

Proposal for a regulation
Article 38 – paragraph 3

(3) Where a ~~health data ac~~n application processing body is informed by a data user of a finding that may impact on the health of a natural person, ~~the health data access body may~~it may, together with the pseudonymisation body and the data holder, inform the natural person and his or her treating health professional about that finding.

Amendment 259 #

Proposal for a regulation
Article 38 – paragraph 4

(4) Member States shall regularly inform the public at large about the role and benefits of ~~health data access bodies~~bodies involved in accessing health data.

Amendment 260 #

Proposal for a regulation
Article 39 – title

Reporting by ~~health data access bodies~~bodies involved in accessing health data

Amendment 261 #

Proposal for a regulation
Article 39 – paragraph 1 – introductory part

(1) Each ~~health data access body~~body involved in access to health data shall publish an annual activity report which shall contain at least the following in relation to its respective tasks:

Amendment 262 #

Proposal for a regulation
Article 39 – paragraph 1 – point b

(b) a list of data permits involving access to electronic health data processed by the health data access body based on data altruism and a summary description of the general interests purposes pursued, where applicable, including the outcomes of the data permits granted;deleted

Amendment 263 #

Proposal for a regulation
Article 39 – paragraph 2

(2) The reports shall be transmitted to the Commission.

Amendment 264 #

Proposal for a regulation
Article 39 – paragraph 3

(3) The Commission is empowered to adopt delegated acts in accordance with Article 67 to modify the content of the annual activity reports.

Amendment 265 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 40 – paragraph 1

(1) When processing personal electronic health data, data altruism organisations shall comply with the rules set out in Chapter IV of Regulation […] [Data Governance Act COM/2020/767 final]. Where data altruism organisations process personal electronic health data using a secure processing envirThis Regulation is without prejudice to the processing of datasets based on conmsent, ~~such environments shall also comply with the requirements set out in Article 50 of this Regulation~~including in particular altruistic consent pursuant to [Data Governance Act COM(2020) 767 final].

Amendment 266 #

Proposal for a regulation
Article 40 – paragraph 1 a (new)

1a. Health data access bodies shall support non-for profits (specially patient and consumer organizations), public bodies like city councils or scientific societies, to register in as recognised data altruism organisations in accordance with Article 17 of Regulation (EU) 2022/868.

Amendment 267 #

Proposal for a regulation
Article 41 – paragraph 1

(1) Where a data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate in good faith with the health data access bodies or data users, where relevant.

Amendment 268 #

Proposal for a regulation
Article 41 – paragraph 2

(2) The data holder shall communicate to the ~~health data ac~~application processing body a general description of the dataset it holds in accordance with Article 55.

Amendment 269 #

Proposal for a regulation
Article 41 – paragraph 3

(3) Where a data quality and utility label accompanies the dataset pursuant to Article 56, the data holder shall provide sufficient documentation to the ~~health data ac~~application processing body for that body to confirm the accuracy of the label.

Amendment 270 #

Proposal for a regulation
Article 41 – paragraph 4

(4) ~~The data holder shall put the electronic health data at the disposal of the health data access body within 2 months from receiving the request from the heal~~Where the data holder has a processing environment that meets the conditions of the secure processing environment in accordance with Article 50, the data holder shall put the electronic health data at the disposal of the data user through that processing environment using the pseudonymisation body as an intermediary; where the data holder does not have such a processing environment, the data holder shall put the electronic health data at the disposal of the health data access body using the pseudonymisation body as an intermediary. The electronic health data shall be made available by the data acholder within 2 months of receipt of the application from the application processing body. In exceptional cases, thate 2-month period may be extended by the ~~health data ac~~application processing body for an additional period of 2 months.

Amendment 271 #

Proposal for a regulation
Article 41 – paragraph 7

~~(7) The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the duties of the data holders in this Article, to reflect the evolution of activities performed by data holders.~~

Amendment 272 #

Proposal for a regulation
Article 42 – paragraph 1

(1) HApplication processing bodies, health data access bodies and single data holders may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]

Amendment 273 #

Proposal for a regulation
Article 42 – paragraph 5

(5) Where data holders and data users do not agree on the level of the fees within 1 month of the data permit being granted, the ~~health data ac~~application processing body may set the fees in proportion to the cost of making available electronic health data for secondary use. Where the data holder or the data user disagree with the fee set out by the ~~health data ac~~application processing body, they shall have access to dispute settlement bodies set out in accordance with Article 10 of the Regulation […] [Data Act COM/2022/68 final].

Amendment 274 #

Proposal for a regulation
Article 43 – paragraph 2

(2) When requesting from data users and data holders as well as other bodies involved in the access to health data the information that is necessary to verify compliance with this Chapter, the health data access bodies shall be proportionate to the performance of the compliance verification task.

Amendment 275 #

Proposal for a regulation
Article 43 – paragraph 4

(4) Health data access bodies shall have the power to ~~revok~~declare the data permit issued pursuant to Article 46 void and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to ~~revok~~declare the data permit void and to exclude the data user from any access to electronic health data for a period of up to 5 years.

Amendment 276 #

Proposal for a regulation
Article 44 – paragraph 1

(1) The health data access body or the data holder shall ensure that access is only provided to requested electronic health data relevant for the purpose of processing indicated in the data access application by the data user and in line with the data permit granted.

Amendment 277 #

Proposal for a regulation
Article 44 – paragraph 2

(2) The health data access bodies or data holders shall provide the electronic health data in an anonymised format, where appropriate using the pseudonymisation body as an intermediary, where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user.

Amendment 278 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user or for the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases, , the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 279 #

Proposal for a regulation
Article 44 – paragraph 3

(3) Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies or the data holder shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the ~~heal~~pseudonymisation body or the data ~~access body~~holder. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the ~~heal~~pseudonymisation body’s or the data ~~access body~~holder’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 280 #

Proposal for a regulation
Article 45 – paragraph 3

(3) Data users seeking access to electronic health data from more than one Member State shall submit a single application to one of the concerned ~~health data ac~~application processing bodies of their choice which shall be responsible for sharing the request with other ~~health data ac~~application processing bodies and authorised participants in HealthData@EU referred to in Article 52, which have been identified in the data access application. For requests to access electronic health data from more than one Member States, the ~~health data ac~~application processing body shall notify the other relevant ~~health data ac~~application processing bodies of the receipt of an application relevant to them within 15 days from the date of receipt of the data access application.

Amendment 281 #

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of ~~how the processing would comply with~~the legal basis on which the processing is to be carried out within the meaning of Article 6(1) of Regulation (EU) 2016/679;

Amendment 282 #

Proposal for a regulation
Article 45 – paragraph 5 – subparagraph 2

Where the public sector bodies and the Union institutions, bodies, offices and agencies intend to access the electronic health data in pseudonymised format, a description of ~~how the processing would comply with Article 6(1) of Regulation (EU) 2016/679~~the legal basis on which the processing is to be carried out within the meaning orf Article 56(1) of Regulation (EU) 201~~8/1725, as applicable,~~6/679 shall also be provided.

Amendment 283 #

(1) ~~Health data ac~~Application processing bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the ~~health data ac~~application processing body shall issue a data permit.

Amendment 284 #

Proposal for a regulation
Article 46 – paragraph 1

Amendment 285 #

Proposal for a regulation
Article 46 – paragraph 2

(2) ~~Health data ac~~Application processing bodies shall refuse all applications including one or more purposes listed in Article 35 or where requirements in this Chapter are not met.

Amendment 286 #

Proposal for a regulation
Article 46 – paragraph 3

3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. ~~Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.~~

Amendment 287 #

Proposal for a regulation
Article 46 – paragraph 3

(3) A ~~health data ac~~n application processing body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the ~~health data ac~~application processing body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a ~~health data ac~~n application processing body fails to provide a decision within the time limit, the data permit shall be issued.

Amendment 288 #

Proposal for a regulation
Article 46 – paragraph 4

(4) Following the issuance of the data permit, the ~~health data ac~~application processing body shall ~~immediately request the electronic health data from the data holder~~call on the data holder to transmit the electronic health data to the health data access body, or to make it available to the data user, via the pseudonymisation body without delay. The health data access body or the data holder shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless the health data access body specifies that it will provide the data within a longer specified timeframe.

Amendment 289 #

Proposal for a regulation
Article 46 – paragraph 4

4. Following the issuance of the data permit, the health data access body shall immediately request the electronic health data from the data holder. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, ~~unless~~except where the health data access body ~~specifies that it will provide the data within~~can duly justify the need for an extension. In this case, a longer specified timeframe shall be decided.

Amendment 290 #

Proposal for a regulation
Article 46 – paragraph 5

(5) When the ~~health data ac~~application processing body refuses to issue a data permit, it shall provide a justification for the refusal to the applicant.

Amendment 291 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. Data users shall not be obliged to make public results or output in a way which compromises intellectual property rights contained therein. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 292 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites without compromising on IP and trade secrets defined in relevant union legislation. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 293 #

Proposal for a regulation
Article 46 – paragraph 11

(11) Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the ~~health data ac~~application processing bodies from which a data permit was obtained and support them to make the information public on the~~alth data ac~~ application processing bodies’ websites or on a central website. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 294 #

Proposal for a regulation
Article 46 – paragraph 12

(12) Data users shall inform the ~~health data ac~~application processing body of any clinically significant findings that may influence the health status of the natural persons whose data are included in the dataset.

Amendment 295 #

Proposal for a regulation
Article 46 – paragraph 14

(14) The liability of health data access bodies ~~as joint controller~~or of the data holder as joint controller, depending on who makes the data available to the data user, is limited to the scope of the issued data permit until the completion of the processing activity.

Amendment 296 #

Proposal for a regulation
Article 47 – paragraph 1

(1) Any natural or legal person may submit a data request for the purposes referred to in Article 34. A health data access body shall only provide an answer to a data request, which is transmitted to it by the application processing body, in an anonymised statistical format and the data user shall have no access to the electronic health data used to provide this answer.

Amendment 297 #

Proposal for a regulation
Article 48

Making data available for public sector bodies and Union institutions, bodies, offices and agencies without a data permit By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.Article 48 deleted

Amendment 298 #

Proposal for a regulation
Article 48

Amendment 299 #

Proposal for a regulation
Article 48

Amendment 300 #

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. For the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases, the EMA and ECDC shall be granted rapid and unrestricted access to the health data within the EHDS. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.

Amendment 301 #

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required toin the case of justified requests for access to the electronic health data under this Article by public sector bodies and Union institutions, bodies, offices and agencies that carry relevant activities under this Regulation. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe that cannot be longer than 2 additional months.

Amendment 302 #

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be adressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 303 #

Proposal for a regulation
Article 49

Access to electronic health data from a (1) Where an applicant requests access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be adressed to health data access bodies. (2) In such case, the data holder may issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. (3) By way of derogation from Article 51, the single data provider and the data user shall be deemed joint controllers. (4) Within 3 months the data holder shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder

Amendment 304 #

Proposal for a regulation
Article 49

Amendment 305 #

Proposal for a regulation
Article 50 – paragraph 2

(2) The health data access bodies shall ensure that electronic health data can be uploaded by data holders and can be accessed by the data user in a secure processing environment. The data users shall only be able to download non- personal electronic health data from the secure processing environment. Initially personal data may only be downloaded by data users if anonymised in accordance with this Regulation; this is usually the case only for aggregated data from at least 100 individual datasets.

Amendment 306 #

Proposal for a regulation
Article 51 – paragraph 1

(1) The health data access bodies and the data users, including Union institutions, bodies, offices and agencies, shall be deemed joint controllers of electronic health data processed in accordance with data permit. In the event that the data holder provides access to the electronic health data to the data user without going through the health data access bodies, the data holder and data user shall be joint controllers of the electronic health data processed in accordance with the data permit.

Amendment 307 #

Proposal for a regulation
Article 52 – paragraph 3

(3) Union institutions, bodies, offices and agencies in the health sector involved in research, health policy or analysis, shall be authorised participants of HealthData@EU.

Amendment 308 #

Proposal for a regulation
Article 52 – paragraph 4

(4) Health-related research infrastructures or similar structures ~~whose functioning is based on Union law and~~ which support the use of electronic health data in the health sector for research, policy making, statistical, patient safety or regulatory purposes shall be authorised participants of HealthData@EU.

Amendment 309 #

Proposal for a regulation
Article 52 – paragraph 7

(7) The Commission is empowered to adopt delegated acts in accordance with Article 67 in order to amend this Article to add or remove categories of authorised health sector participants in HealthData@EU, taking into account the opinion of the joint controllership group pursuant to Article 66 of this Regulation.

Amendment 310 #

Proposal for a regulation
Article 52 – paragraph 8

(8) The Member States and the Commission shall set up HealthData@EU to support and facilitate the cross-border access to electronic health data for secondary use in the health sector, connecting the national contact points for secondary use of electronic health data of all Member States and authorised participants in that infrastructure.

Amendment 311 #

Proposal for a regulation
Article 53 – paragraph 1

(1) In the case of cross-border registries and databases, the ~~health data ac~~application processing body in which the data holder is registered shall be competent to decide on data access applications ~~to provid~~and to arrange access to electronic health data through the health data access body. Where the registry has joint controllers, the health data access body that shall provide access to electronic health data shall be the body in the Member State where one of the joint controllers is established.

Amendment 312 #

Proposal for a regulation
Article 53 – paragraph 2

(2) Where registries or databases from a number of Member States organise themselves into a single network of registries or databases at Union level, the associated registries may designate one of their members as a coordinator to ensure the provision of data from the registries’ network for secondary use. The ~~health data ac~~application processing body of the Member State in which the coordinator of the network is located shall be competent to decide on the data access applications to ~~provid~~arrange access to electronic health data for the network of registries or databases.

Amendment 313 #

Proposal for a regulation
Article 54 – paragraph 1

(1) When handling an access application for cross-border access to electronic health data for secondary use, ~~health data ac~~application processing bodies and relevant authorised participants shall remain responsible for taking decisions to grant or refuse access to electronic health data within their remit in accordance with the requirements for access laid down in this Chapter.

Amendment 314 #

Proposal for a regulation
Article 54 – paragraph 2

(2) A data permit issued by one ~~concerned health data ac~~application processing body may benefit from mutual recognition by the other concerned ~~health data ac~~application processing bodies.

Amendment 315 #

Proposal for a regulation
Article 55 – paragraph 1

(1) The ~~health data ac~~application processing bodies shall inform the data users about the available datasets and their characteristics through a metadata catalogue. Each dataset shall include information concerning the source, the scope, the main characteristics, nature of electronic health data and conditions for making electronic health data available.

Amendment 316 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made 1. available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 317 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 318 #

Proposal for a regulation
Article 61 – paragraph 1

(1) Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (~~e), (f), (i), (j), (k),~~b) and (f) through to (mi)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future. This shall be without prejudice to Article 50(2) third sentence.

Amendment 319 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 61 – paragraph 2

2. The enforced protective measures for the categories of data mentioned in paragraph 1 shall depend on the nature of the data and anonymization techniques and range from denial to assignment to conditional authorization; they shall be specified and shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 320 #

Proposal for a regulation
Article 61 – paragraph 2

2. The protective measures for the categories of data mentioned in paragraph 1 shall depend on the nature of the data and anonymization and pseudonymisation techniques and shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 321 #

Proposal for a regulation
Article 61 – paragraph 2

2. ~~The~~Additional protective measures for the categories of data mentioned in paragraph 1 shall depend on the nature of the data and anonymization techniques and shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 322 #

Proposal for a regulation
Article 62 – paragraph 5

(5) The digital health authorities, ~~health data access bodies~~bodies involved in accessing health data, data users shall inform the data holder about the existence of a request of a third- country administrative authority to access its data before complying with that request, except where the request serves law enforcement purposes and for as long as this is necessary to preserve the effectiveness of the law enforcement activity.

Amendment 323 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 64 – paragraph 1

Amendment 324 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 325 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 326 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 64 – paragraph 3

3. The composition, organisation, functioning and cooperation of the sub- groups shall be set out in the rules of procedure put forward by the Commission after consultations with the Member States.

Amendment 327 #

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including healthcare professionals, researchers and patients’ representatives, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.

Amendment 328 #

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including patients’ and health professionals’ representatives, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.

Amendment 329 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Robert HAJŠEL, Monika BEŇOVÁ

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including patients’ representatives, shall be invited upon request to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.

Amendment 330 #

Proposal for a regulation
Article 64 – paragraph 5

5. The EHDS Board shall cooperate with other relevant bodies, entities and experts, such as the European Data Innovation Board referred to in Article 26 of Regulation […] [Data Governance Act COM/2020/767 final], competent bodies set up under Article 7 of Regulation […] [Data Act COM/2022/68 final], supervisory bodies set up under Article 17 of Regulation […] [eID Regulation], European Data Protection Board referred to in Article 68 of Regulation (EU) 2016/679 and cybersecurity bodies, in particular the European Agency for Cybersecurity (ENISA).

Amendment 331 #

Susana SOLÍS PÉREZ

Proposal for a regulation
Article 64 – paragraph 5 a (new)

5a. The EHDS Board is required to issue an annual report detailing the progress of the European Health Data Space's implementation as well as other pertinent advancements, including those pertaining to cross-border health data interoperability and related implementation obstacles.

Amendment 332 #

Proposal for a regulation
Article 64 – paragraph 6

6. The ~~Commission shall chair~~Parliamentary committee ENVI, LIBE and ITRE, represented by their respective Presidents or Vice Presidents, shall chair in rotation the meetings of the EHDS Board.

Amendment 333 #

Proposal for a regulation
Article 65 – paragraph 2 – point b – point iii

(iii) incentives policy for promoting data quality and interoperability improvement, including facilitating the development of harmonised guidance for anonymisation and pseudonymisation of health data;

Amendment 334 #

Proposal for a regulation
Article 65 – paragraph 2 – point c a (new)

(ca) to provide expertise on the amending of the list of minimum categories of electronic data for secondary use in accordance with Article 33(7);

Amendment 335 #

Proposal for a regulation
Article 65 – paragraph 2 – point f

(f) to facilitate the exchange of views on the secondary use of electronic health data with the relevant stakeholders, including representatives of patients, health professionals, researchers, industry representatives, regulators and policy makers in the health sector.

Amendment 336 #

Proposal for a regulation
Article 67 – paragraph 2

(2) The power to adopt delegated acts referred to in Articles 5(2), 10(3), 25(3), 32(4), 33(7), 37(4), 39(3), ~~41(7),~~ 45(7), 46(8), 52(7), 56(4) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Regulation.

Amendment 337 #

Proposal for a regulation
Article 69 – paragraph 1

Member States shall lay down the rules on penalties applicable to infringements of this Regulation, for all public and private stakeholders in particular for the non- respect of data access and usage provisions with intent or by negligence, and shall take all measures necessary to ensure that they are properly and effectively implemented. The penalties shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them.

Amendment 338 #

Proposal for a regulation
Article 72 – paragraph 3 – introductory part

However, Articles 3, 4, 5, 6, 7, 12, 14, 23, 31 and 313 shall apply as follows:

Amendment 339 #

Proposal for a regulation
Article 72 – paragraph 3 – point c a (new)

(ca) from 2 years after its entry into force to categories of electronic data that should be make available by data holders referred to in Article 33.

Amendment 340 #

Proposal for a regulation
Annex II – point 2 – point 2.3

2.3. An EHR system that includes a functionality for entering structured personal electronic health data shall enable the entry of data structured in a structured way that supports the data sharing in a structured, commonly used, open and machine- readable format, enabling system to system communication.

Amendment 341 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Robert HAJŠEL, Monika BEŇOVÁ

2.4. An EHR system shall not include features that prohibit, restrict or place undue burden on authorised access, personal electronic health data sharing, or use of personal electronic health data for permitted purposes, in particular on the basis of commercial considerations and beyond security and legal safeguards requirements. .

Amendment 342 #

Proposal for a regulation
Annex II – point 3 – point 3.1

3.1. An EHR system shall be designed and developed in such a way that it ensures highly safe and secure processing of electronic health data, and that it prevents unauthorised access to such data.

Amendment 343 #

Proposal for a regulation
Annex II – point 3 – point 3.2

3.2. An EHR system designed to be used by health professionals shall provide reliable national mechanisms for the identification and authentication of health professionals, including checks on professional rights and qualifications.

Amendment 49 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Recital 1

(1) Whereas: The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes in the health sector that would benefit the society such as research, innovation, policy-making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in conformity with Union values.

Amendment 50 #

Proposal for a regulation
Recital 1 a (new)

(1a) The EHDS constitutes a key component for the creation of a strong and resilient European Health Union to better protect the health of European citizens, prevent and address future pandemics and improve resilience of Europe’s health systems.

Amendment 51 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Recital 1 b (new)

(1b) The following Regulation should work horizontally with other European programs such as the Digital Europe Programme, Connecting Europe Facility and Horizon Europe. The European Commission should ensure that other European programs complement and facilitate the implementation of the European Health Data Space.

Amendment 52 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Recital 1 c (new)

(1c) Member States should cooperate in using interoperable standards together with European Digital Identity, facilitating the primary use of data in accordance with Article 9 of Regulation (EU)2016/679.

Amendment 53 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Recital 4

(4) The processing of personal electronic health data is subject to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council43and, for Union institutions and bodies, Regulation (EU) 2018/1725 of the European Parliament and of the Council44. References to the provisions of Regulation (EU) 2016/679 should be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions and bodies, where relevant. In addition, the Regulation should comply with Cyber Resilience Act. _________________ 43 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1). 44 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

Amendment 54 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it. However, existing electronic health records and the technological infrastructures that support them shall be retained, where possible, and Member States shall further their interoperability and compliance with the provisions of this Regulation.

Amendment 55 #

Josianne CUTAJAR

Proposal for a regulation
Recital 10 a (new)

(10a) Persons who suffer from rare diseases and who, in consequence, are more likely to have received inaccurate diagnoses, should also be enabled to request a rectification of the incorrect electronic health data, misdiagnoses and inconsistencies in their medical records or medical prescriptions, which should be processed in a timely manner.

Amendment 56 #

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services. In this respect, health professionals will be able to check that they do not have access to part of the electronic health records, which is something they will have to take into account when caring for their patients.

Amendment 57 #

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, with access managed by the professional regulatory body, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. None of the provisions of this regulation shall be construed as limiting health professionals’ obligation to behave in line with the relevant codes of conduct, ethical guidelines or other provisions governing ethical conduct with regard to the exchanging of, or access to, information, particularly in extreme or life-threatening situations.

Amendment 58 #

Josianne CUTAJAR

Proposal for a regulation
Recital 17 a (new)

(17a) With a view to improving interoperability and data sharing, Member States should aim to gradually implement the use of ICD-11, within the International Classification of Diseases, in the electronic health records systems, in order to ensure visibility within national health and social systems for affected patients including those suffering from rare diseases.

Amendment 59 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider ~~or a pharmacy~~ by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345 provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46 recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 60 #

Proposal for a regulation
Recital 19 a (new)

(19a) The interoperability of the EHDS should contribute to high quality of European health data sets.

Amendment 61 #

Proposal for a regulation
Recital 21

(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services (including telemedicine) that they provide and reimburse. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health ~~services such as telemedicine, including online pharmacy~~ services. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.

Amendment 62 #

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems and wellness applications, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities. (24 new) whereas there is technology that is advanced enough to ensure that this regulation does not oblige health professionals to enter data into information systems, and whereas it is a technological system that reads and interprets health care reports and can draw the most relevant conclusions; (This AM is a new consideration, but the at4am is not allowing us to add as a new one. Please take in to consideration.)

Amendment 63 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers ~~and pharmacies~~ to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.

Amendment 64 #

Proposal for a regulation
Recital 27 a (new)

(27a) Highlights that the national and European electronic health record systems, databases and registries, where health data is processed and stored, provide the foundation on which the European Health Data Space rests. Recognises that static minimum requirements are not sufficient for meeting demands of data recipients and data users, notably in regard to creating a future-proof framework for European health data. Calls in this regard for support for research into the technology on which electronic health record systems, databases and registries are built in order to promote innovation in this field. Stresses that such research and innovation is essential for securing and preserving the position of Europe as a global frontrunner on health data usage, including the benefits this brings to citizens, industrial competiveness and other relevant interests.

Amendment 65 #

Proposal for a regulation
Recital 30

(30) To further support interoperability and security, Member States may maintain or define specific rules for the procurement, reimbursement, financing or use of EHR systems at national level in the context of the organisation, delivery or financing of health services. Such specific rules should not impede the free movement of EHR systems in the Union unless those specific rules can be justified by overriding reasons of general interest relating to public health. Some Member States have introduced mandatory certification of EHR systems or mandatory interoperability testing for their connection to national digital health services. Such requirements are commonly reflected in procurements organised by healthcare providers, national or regional authorities. Mandatory certification of EHR systems at Union level should establish a baseline that can be used in procurements at national level.

Amendment 66 #

Proposal for a regulation
Recital 35

(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntary labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. Labelling schemes may also include information for users on data protection rights and an indication of whether the application provider or browser operator has access in any way to the data generated by the application. The Commission may set out in implementing acts the details regarding the format and content of such label.

Amendment 67 #

(37) For the secondary use ~~of the~~, not requiring consent, of certain clinical data for health-related research, innovation, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of, not requiring consent, of certain health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to that health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically: for processing of certain electronic health data held by the data holder pursuant to this Regulation, this Regulation, in certain cases, creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing theat data, for secondary use, by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to the bodies involved in health data access ~~bodies~~ (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. This applies equally to the activities of the application processing body that examines and, where appropriate, approves data access applications by data users, without storing health data itself, and to the activities of the pseudonymisation body that pseudonymises the electronic health data prior to storage at health data access bodies. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which certain electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguards. In this context, the data permits issued by the ~~health data ac~~application processing bodies are an administrative decision defining the conditions for the access to the data.

Amendment 68 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, ~~policy- make~~legislators, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to ~~fully unleash~~make the absolute most of the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use provided that the effort is made by means of effective and safe processes, such as aggregation and randomisation, with due respect for professional duties, including but not limited to confidentiality duties.

Amendment 69 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data shcould also be made available on a voluntary basis and with the prior informed consent of individuals to whom the data relates, for secondary use. However, much of the existing health- related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use.

Amendment 70 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person-generated data, such as data from medical devices, wellness applications or other wearables and digital health applications. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes shcould be made available on a voluntary basis free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 71 #

Susana SOLÍS PÉREZ

Proposal for a regulation
Recital 40

Amendment 72 #

Proposal for a regulation
Recital 40

Amendment 73 #

Proposal for a regulation
Recital 40

Amendment 74 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR, Lina GÁLVEZ, Robert HAJŠEL, Monika BEŇOVÁ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 75 #

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Access to secondary health data for research and innovation to the development of medicines, medical devices, health care products and services should contribute to affordable and fair pricing for all European citizens when these products are placed on the market. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 76 #

Carlos ZORRINHO, Adriana MALDONADO LÓPEZ, Patrizia TOIA, Josianne CUTAJAR

Proposal for a regulation
Recital 41 a (new)

(41a) Natural persons need quality education to help them understand the advantages and benefits of providing access to their health data for the secondary use, without prejudice to their right to opt-out from such sharing. In addition to high-level of transparency in terms of how and where their data would be used.

Amendment 77 #

Proposal for a regulation
Recital 42

(42) ~~The establishment of one or more~~In order to increase the level of data protection and citizens' trust in connection with the secondary use of data, health data acprocess ~~bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health-related data~~ing steps should be divided up among legally distinct entities, i.e. different bodies for (i) the pseudonymisation of health data (‘pseudonymisation bodies’), (ii) the storage and processing of health data (‘health data access bodies’) and (iii) health data access applications (‘application processing bodies’). Member States should therefore establish one or more ~~health data access body~~such bodies in each case, for instance to reflect their constitutional, organisational and administrative structure. However, one of these bodies involved in health data access ~~bodies~~ should be designated as a coordinator for Union-wide cooperation in case there are more than one data access body. Where a Member State establishes several such bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one ~~health data access~~ body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other bodies involved in health data access ~~bodies~~, the EHDS Board and the Commission. HThe bodies involved in health data access ~~bodies~~ may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization or private bodies) but should have the same functions, responsibilities and capabilities. ~~Health data ac~~Application processing bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that ~~the health data ac~~application processing bodyies cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each ~~health data ac~~application processing body should be provided with the necessary financial and human resources, premises and infrastructure ~~necessary~~, and any private application processing body should be reimbursed the necessary appropriate level of expenditure, for the effective performance of its tasks, including those related to cooperation with other bodies involved in health data access ~~bodies~~ throughout the Union. ~~Each health data access body~~All bodies involved in the secondary use of health data should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks toWith regard to application processing bodies, a certification system should be set up to ensure their competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health datace and uniform assessment standards for data use applications.

Amendment 78 #

Proposal for a regulation
Recital 43

(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. In this regard, health data access bodies should cooperate cross-border and converge on common definitions and techniques. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.

Amendment 79 #

Proposal for a regulation
Recital 43

(43) ~~The health data access~~Supervisory bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, ~~the health data access~~supervisory bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. ~~The health data access~~Supervisory bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, ~~the health data access~~supervisory bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the application processing body, in concert with the health data access body, should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. Together with the pseudonymisation body, they should apply tested techniques that ensure that electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. Health data access bodies and pseudonymisation bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.

Amendment 80 #

Proposal for a regulation
Recital 44

(44) Considering the administrative burden for health data access bodies, application processing bodies and pseudonymisation bodies to inform the natural persons whose data are used in data projects within a secure processing environment, the exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 should apply. Therefore, bodies involved in health data access ~~bodies~~ should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the ~~health data ac~~data holder, where appropriate with the involvement of the application processing body, which, with the involvement of the pseudonymisation body, should inform the data subject or his health professional. Natural persons should be able to access the results of different research projects on the website of the ~~health data ac~~application processing body or a central website, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each ~~health data ac~~application processing body should publish an annual activity report providing an overview of its activities.

Amendment 81 #

Proposal for a regulation
Recital 47

(47) Health data access bodies, pseudonymisation bodies, application processing bodies and single data holders should be allowed to charge fees based on the provisions of Regulation […] [Data Governance Act COM/2020/767 final] in relation to their tasks. Such fees may take into account the situation and interest of SMEs, individual researchers or public bodies. Data holders should be allowed to also charge fees for making data available. Such fees should reflect the costs for providing such services. Private data holders may also charge fees for the collection of data. In order to ensure a harmonised approach concerning fee policies and structure, the Commission may adopt implementing acts. Provisions in Article 10 of the Regulation [Data Act COM/2022/68 final] should apply for fees charged under this Regulation.

Amendment 82 #

Proposal for a regulation
Recital 48

(48) In order to strengthen the enforcement of the rules on the secondary use of electronic health data, appropriate measures that can lead to penalties or temporary or definitive exclusions from the EHDS framework of the data users or data holders that do not comply with their obligations. ~~The health data access~~Supervisory bodyies should be empowered to verify compliance and give data users and holders the opportunity to reply to any findings and to remedy any infringement. The imposition of penalties should be subject to appropriate procedural safeguards in accordance with the general principles of law of the relevant Member State, including effective judicial protection and due process.

Amendment 83 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, common standards for data anonymisation will be further developed and the use of anonymised electronic health data w~~hich is devoid of~~ithout any personal data ~~should be made available when possible and if the data user asks it~~will be facilitated wherever possible, excluding possibilities for re-use of data that cannot be anonymised or pseudonymised. Requests for pseudonymised data shall be duly justified. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 84 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the permanent encryption key can only be held by the ~~health data access~~pseudonymisation body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the ~~health data ac~~application processing bodyies, which in turn would request the pseudonymisation body to inform the concerned natural person(s)~~. Moreover,~~ about this. Moreover, via the application processing bodies the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 85 #

Proposal for a regulation
Recital 50

(50) In order to ensure that all ~~health data ac~~application processing bodies issue permits in a similar way, it is necessary to establish a standard common process for the issuance of data permits, with similar requests in different Member States. The applicant should provide the~~alth data ac~~ application processing bodies with several information elements that would help the body evaluate the request and decide if the applicant may receive a data permit for secondary use of data, also ensuring coherence between different ~~health data ac~~application processing bodies. Such information include: the legal basis under Regulation (EU) 2016/679 to request access to data (exercise of a task in the public interest assigned by law or legitimate interest), purposes for which the data would be used, description of the needed data and possible data sources, a description of the tools needed to process the data, as well as characteristics of the secure environment that are needed. Where data is requested in pseudonymised format, the data applicant should explain why this is necessary and why anonymous data would not suffice. An ethical assessment may be requested based on national law. ~~The health data ac~~Application processing bodies and, where relevant, data holders, should assist data users in the selection of the suitable datasets or data sources for the intended purpose of secondary use. Where the applicant needs anonymised statistical data, it should submit a data request application, requiring the application processing health data access body to provide directly the result with the help of the access body. In order to ensure a harmonised approach between ~~health data ac~~application processing bodies, the Commission should support the harmonisation of data application, as well as data request.

Amendment 86 #

Proposal for a regulation
Recital 51

(51) As the resources of ~~health data ac~~application processing bodies are limited, they can apply prioritisation rules, for instance prioritising ~~public institutions before private entiti~~research projects on specific diseases, but they should not make any discrimination between the national or from organisations from other Member States within the same category of priorities. The data user should be able to extend the duration of the data permit in order, for example, to allow access to the datasets to reviewers of scientific publication or to enable additional analysis of the dataset based on the initial findings. This would require an amendment of the data permit and may be subject to an additional fee. However, in all the cases, the data permit should reflect theses additionals uses of the dataset. Preferably, the data user should mention them in their initial request for the issuance of the data permit. In order to ensure a harmonised approach between ~~health data access~~ bodies, the Commission should support the harmonisation of data permit.

Amendment 87 #

Proposal for a regulation
Recital 53

(53) For requests to access electronic health data from a single data holder in a single Member State and in order to alieviate the administrative burden for heath data access bodies of managing such request, the data user should be able to request this data directly from the data holder and the data holder should be able to issue a data permit while complying with all the requirements and safeguards linked to such request and permit. Multi- country requests and requests requiring combination of datasets from several data holders should always be channelled through health data access bodies. The data holder should report to the health data access bodies about any data permits or data requests they provide.deleted

Amendment 88 #

Amendment 89 #

Proposal for a regulation
Recital 53

(53) ~~For requests to access electronic health data from a single data holder in a single Member State and in order to alieviate the administrative burden for heath data ac~~Access to health data should be arranged directly between the data holder and the data user. In this case, in principle, only the application processing bodies of managing such request, the data user should be able to request this data directly from the data holder and the data holder should be able to issue a data permit while complying with all the requirements and safeguards linked to such request and permit. Multi- country requests and requests requiring combination of datasets from severaly is involved in making electronic health data available and the data holder takes over the operational tasks of the pseudonymisation and access body if the data holder can make that possible. However, the pseudonymisation body may be consulted by the data holder~~s s~~. Should a~~lways be channelled through health data access bodies. The data holder should report to the health data access bodies about any data permits or~~ secure processing environment not be available to the data user for making the data available, access should be provided via the relevant health data ~~requ~~accests ~~they provide~~body.

Amendment 90 #

Proposal for a regulation
Recital 54

(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. The requirements for secure processing environments and their development should strike an appropriate balance between security and functionality, taking into account technical feasibility and building on existing best practices. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.

Amendment 91 #

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950 or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. ~~For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants.~~ For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 92 #

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible, bearing in mind technical feasibility and existing best practices. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 93 #

Proposal for a regulation
Recital 56

(56) In case of cross-border registries or databases, such as the registries of European Reference Networks for Rare Diseases, which receive data from different healthcare providers in several Member States, ~~the health data ac~~an application processing body ~~where~~from the Member State in which the coordinator of the registry is located should be responsible for providing access to data.

Amendment 94 #

Proposal for a regulation
Recital 57

(57) The authorisation process to gain access to personal health data in different Member States can be repetitive and cumbersome for data users. Whenever possible, synergies should be established to reduce the burden and barriers for data users. One way to achieve this aim is to adhere to the “single application” principle whereby, with one application, the data user obtain authorisation from multiple ~~health data ac~~application processing bodies in different Member States.

Amendment 95 #

(58) ~~The health data ac~~Application processing bodies should provide information about the available datasets and their characteristics so that data users can be informed of elementary facts about the dataset and assess their possible relevance to them. For this reason, each dataset should include, at least, information concerning the source, nature of data and conditions for making data available. Therefore, an EU datasets catalogue should be established to facilitate the discoverability of datasets available in the EHDS; to help data holders to publish their datasets; to provide all stakeholders, including the general public, also taking into account people with disabilities, with information about datasets placed on the EHDS (such as quality and utility labels, dataset information sheets); to provide the data users with up-to-date data quality and utility information about datasets.

Amendment 96 #

Proposal for a regulation
Recital 61 a (new)

(61a) In order to alleviate reported difficulties associated with the implementation of Regulation (EU) 2016/679, potential outcomes of the secondary use of health data, and its impact upon research, the Commission should conduct a study to examine the impact of Regulation (EU) 2016/679 and Regulation on EHDS on research. The study should be completed and published by not later than one year after the adoption of this Regulation. The study should examine divergence of implementation approaches and the impacts upon different areas of research. The study should include remedial recommendations.

Amendment 97 #

Proposal for a regulation
Recital 64

(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re- identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re- identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]Therefore, appropriate anonymisation under this Regulation is only possible if it cannot be reversed in the future. In particular, in order to protect data subjects, no individual datasets may be issued in connection with secondary use under this Regulation.

Amendment 98 #

Proposal for a regulation
Recital 64

(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. This underlines the need for a harmonized interpretation of anonymisation and pseudonymisation across Member States. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 99 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Recital 64 a (new)

(64a) An obligation to store electronic health data in the Union does not preclude transfers of those data to third countries or international organisations. Indeed, it is possible to reconcile a general requirement to store personal data in the Union with specific transfers being allowed in compliance with Union law on personal data protection, for instance in the context of scientific research, disbursement of care or international cooperation. Remote access relying on state-of-the-art technologies should be the prioritised form of cross- border data exchanges with third countries and international organisations, in accordance with the “bring questions to data instead of moving data” principle. In particular, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by Regulation (EU) 2016/679 should not be undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. Transfers of personal health data to third countries and international organisations may only be carried out in full compliance with Chapter V of Regulation (EU) 2016/679. Hence, controllers and processors processing personal electronic health data remain subject to Article 48 of that Regulation on transfers or disclosures not authorised by Union law and should comply with this provision in case of an access request stemming from a third country. In accordance with and under the conditions of Article 9(4) of Regulation (EU) 2016/679, Member States can maintain or introduce further conditions, including limitations, to transfers of personal health data to third countries or international organisations.

source: 745.175

2023/03/30 ENVI, LIBE 1703 amendments...

Amendment 1000 #

Proposal for a regulation
Article 19 – paragraph 2 – point a a (new)

(a a) ensure that the appropriate conformity assessment procedures referred to in Article 27a have been carried out by the manufacturer

Amendment 1001 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 19 – paragraph 2 – point a a (new)

(a a) the manufacturer is identified and an authorised representative in accordance with Article 18 has been appointed;

Amendment 1002 #

Proposal for a regulation
Article 19 – paragraph 2 – point b

(b) the EHR system bears the CE marking of conformity referred to in Article 27 ;

Amendment 1003 #

Proposal for a regulation
Article 19 – paragraph 2 – point c

(c) the EHR system is accompanied by the information sheet referred to in Article 25 and ~~appropria~~clear and complete instructions for use in accessible formats, including for persons with disabilities.

Amendment 1004 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 19 – paragraph 3

3. Importers shall indicate their name, registered trade name or registered trade mark and the ~~address~~postal and electronic address and a telephone number at which they can be contacted in a document accompanying the EHR system. They shall ensure that any additional label does not obscure any information on the label provided by the manufacturer.

Amendment 1005 #

Proposal for a regulation
Article 19 – paragraph 5

5. Where an importer considers or has reason to believe that an EHR system, which they have placed on the market, is not in conformity with the essential requirements in Annex II, it shall not make that system available on the market until that system has been brought into conformity. In situations where the EHR system is already on the market, importers shall immediately take the corrective measures necessary to bring that EHR system into conformity, to withdraw it or recall it, as appropriate. The importer shall inform without undue delay the manufacturer of such EHR system and the ~~market surveillance~~national competent authorities of the Member State in which it made the EHR system available, to that effect, giving details, in particular, of the non- conformity and of any corrective measures taken. Where relevant, the source code or programmed logic included in the technical documentation shall be made available upon a reasoned request from competent national authorities provided that it is necessary in order for those authorities to be able to check compliance with the essential requirements set out in Annex II.

Amendment 1006 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 19 – paragraph 5

Amendment 1007 #

Proposal for a regulation
Article 19 – paragraph 6

6. Importers shall keep a copy of the EU declaration of conformity at the disposal of the market surveillance authorities for the period referred to in Article 17(3) and ensure that the technical documentation can be made available to those authorities, upon request. Where relevant, the source code or programmed logic included in the technical documentation shall be made available upon a reasoned request from competent national authorities provided that it is necessary in order for those authorities to be able to check compliance with the essential requirements set out in Annex II.

Amendment 1008 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 19 – paragraph 7

7. Importers shall, ~~further to a reasoned request from a market surveillance authority, provide it~~at least 6 months before placing on the market or putting into service an EHR system, provide market surveillance authorities of Member States concerned with all the information and documentation necessary to demonstrate the conformity of an EHR system in the official language of the Member State where the market surveillance authority is located. They shall cooperate with that authority, at its request, and with the manufacturer and, where applicable, with the manufacturer’s authorised representative on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II, or to ensure that their EHR systems are withdrawn or recalled.

Amendment 1009 #

Proposal for a regulation
Article 19 – paragraph 7

7. Importers shall, further to a reasoned request from a market surveillance authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system in the official languages of the Member State where the market surveillance authority is located. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.

Amendment 1010 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 19 – paragraph 7

7. Importers shall, further to a reasoned request from a ~~market surveillance~~competent national authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system in the official language of the Member State where the ~~market surveillance~~competent national authority is located. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.

Amendment 1011 #

Proposal for a regulation
Article 19 – paragraph 7 a (new)

7 a. Importers shall verify whether the communication channels referred to in Article 17(3c), are publicly available to consumers and professional users allowing them to submit complaints and communicate any risk related to their health and safety or to other aspects of public interest protection and of any serious incident involving an EHR system. If such channels are not available, the importer shall provide for them, taking into account accessibility needs of vulnerable populations including migrants, the elderly and persons with disabilities.

Amendment 1012 #

Proposal for a regulation
Article 19 – paragraph 7 b (new)

7 b. If the importer fails to cooperate with market surveillance authorities or if the information and documentation provided is incomplete or incorrect, market surveillance authorities shall take all appropriate measures to prohibit or restrict its EHR system from being available on the market, to withdraw it from the market or to recall it until the importer cooperates or provides complete and correct information.

Amendment 1013 #

Proposal for a regulation
Article 19 – paragraph 7 c (new)

Amendment 1014 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 19 – paragraph 7 d (new)

Amendment 1015 #

Proposal for a regulation
Article 20 – paragraph 1 – point a

~~(a) the manufacturer has drawn up the EU declaration of conformity;~~deleted

Amendment 1016 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 20 – paragraph 1 – point a a (new)

(a a) ensure that the appropriate conformity assessment procedures referred to in Article 27a have been carried out by the manufacturer;

Amendment 1017 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 20 – paragraph 1 – point c

(c) the EHR system is accompanied by the information sheet referred to in Article 25 and ~~appropria~~by clear and complete instructions for use in accessible formats, including for persons with disabilities;

Amendment 1018 #

Proposal for a regulation
Article 20 – paragraph 1 a (new)

1 a. When making an EHR system available on the market, distributors shall act with due care in relation to the requirements of this Regulation.

Amendment 1019 #

Proposal for a regulation
Article 20 – paragraph 3

Amendment 1020 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 20 – paragraph 4

4. Distributors shall, further to a reasoned request from a market surveillance authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system. They shall cooperate with that authority, at its request, and with the manufacturer, the importer and, where applicable, with the manufacturer’s authorised representative on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II or to ensure that their EHR systems are withdrawn or recalled.

Amendment 1021 #

Proposal for a regulation
Article 20 – paragraph 4

4. Distributors shall, further to a reasoned request from a ~~market surveillance~~competent national authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.

Amendment 1022 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 20 – paragraph 4 a (new)

4 a. Where a distributor considers or has reason to believe that an EHR system, which they have placed on the market, is not in conformity with the essential requirements in Annex II, it shall not make that system available on the market until that system has been brought into conformity. In situations where the EHR system is already on the market, importers shall immediately take the corrective measures necessary to bring that EHR system into conformity, to withdraw it or recall it, as appropriate. The distributor shall inform without undue delay the manufacturer of such EHR system and the national competent authorities of the Member State in which it made the EHR system available, to that effect, giving details, in particular, of the non- conformity and of any corrective measures taken.

Amendment 1023 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 20 – paragraph 4 a (new)

4 a. Distributors that have received complaints from consumers or professional users about suspected incidents involving an EHR system they made available on the market, shall immediately forward this information to the manufacturer and, where applicable, the manufacturer's authorised representative, and the importer. They shall keep a register of complaints, of non-conforming EHR systems and of recalls and withdrawals, and keep the manufacturer and, where available, the authorised representative and the importer informed of such monitoring and provide them with any information upon their request.

Amendment 1024 #

Proposal for a regulation
Article 20 – paragraph 4 b (new)

4 b. Distributors shall, further to a reasoned request from a competent national authority, provide it with all the information and documentation necessary to demonstrate the conformity of an EHR system in the official language of the Member State where the competent national authority is located. They shall cooperate with that authority, at its request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.

Amendment 1025 #

Proposal for a regulation
Article 21 – title

Cases in which obligations of manufacturers of an EHR system apply to ~~importers and distribu~~other economic operators

Amendment 1026 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ

Proposal for a regulation
Article 21 – paragraph 1

Amendment 1027 #

Proposal for a regulation
Chapter III – Section 2 a (new)

2a CONFORMITY ASSESSMENT Article 22b Conformity assessment procedure for EHR systems 1.Before placing an EHR system on the market, manufacturers of EHR systems shall use the conformity assessment procedure foreseen in this Article to demonstrate that the EHR system complies with the requirements set out in Article 17, in Annex II and with the applicable data privacy and data security requirements. 2.The manufacturer shall lodge an application for a conformity assessment procedure with the notified body of his or her choice, for EHR system concerned.The application shall include: (a) a description of the EHR system (b) the name and address of the manufacturer and, if the application is lodged by an authorised representative, the name and address of that authorised representative; (c) the technical documentation for the EHR system as referred to in Article 24. 3.When a conformity assessment body notified under Article 22c (hereinafter referred to as a “notified body”) carries out the assessment, it shall evaluate, if necessary together with the manufacturer, the compliance of the EHR system with the requirement of this Regulation, in particular its compliance with the security and interoperability requirements set out in Annex II and with the applicable data protection and data security requirements. 4.Following its positive assessment, the notified body shall grant a conformity certificate for the EHR system.Member States shall ensure that their notified bodies do not grant a conformity certificate for an EHR system in respect of which a certificate has been refused or withdrawn. Article 22c Notification of conformity assessment bodies Member States shall notify the Commission and the other Member States of bodies authorised to carry out third- party conformity assessment tasks in accordance with this Regulation. Article 22d Notifying authorities 1.Member States shall designate a notifying authority that shall be responsible for setting up and carrying out the necessary procedures for the assessment and notification of conformity assessment bodies and the monitoring of notified bodies. 2.Member States may decide that the assessment and monitoring referred to in paragraph 1 shall be carried out by a national accreditation body within the meaning of and in accordance with Regulation (EC) No 765/2008. 3.Where the notifying authority delegates or otherwise entrusts the assessment, notification or monitoring referred to in paragraph 1 to a body, which is not a governmental entity that body shall be a legal entity and shall comply mutatis mutandis with the requirements laid down in Article 22e.In addition, that body shall have arrangements to cover liabilities arising out of its activities. 4.The notifying authority shall take full responsibility for the tasks performed by the body referred to in paragraph 3. Article 22e Requirements relating to notifying authorities 1.A notifying authority shall be established in such a way that no conflict of interest with conformity assessment bodies occurs. 2.A notifying authority shall be organised and operated so as to safeguard the objectivity and impartiality of its activities. 3.A notifying authority shall be organised in such a way that each decision relating to notification of a conformity assessment body is taken by competent persons different from those who carried out the assessment. 4.A notifying authority shall not offer or provide any activities that conformity assessment bodies perform, or consultancy services on a commercial or competitive basis. 5.A notifying authority shall safeguard the confidentiality of the information it obtains. 6.A notifying authority shall have a sufficient number of competent personnel at its disposal for the proper performance of its tasks. Article 22f Information obligation on notifying authorities Member States shall inform the Commission of their procedures for the assessment and notification of conformity assessment bodies and the monitoring of notified bodies, and of any changes thereto.The Commission shall make that information publicly available. Article 22g Requirements relating to notified bodies 1.For the purposes of notification, a conformity assessment body shall meet the requirements laid down in paragraphs 2 to 11. 2.A conformity assessment body shall be established under the national law of a Member State and have legal personality. 3.A conformity assessment body shall be a third-party body independent of the organisation or the EHR system it assesses.A body belonging to a business association or professional federation representing undertakings involved in the design, manufacture, provision, use or maintenance of EHR systems which it assesses, may, on the condition that its independence and the absence of any conflict of interest are demonstrated, be considered such a conformity assessment body. 4.A conformity assessment body, its top- level management and the personnel responsible for carrying out the conformity assessment tasks shall not be the designer, manufacturer, supplier, importer, distributor, installer, purchaser, owner, user or maintainer of EHR systems, that they assess or be the representative of any of those parties.A conformity assessment body, its top-level management and the personnel responsible for carrying out the conformity assessment tasks shall not be directly involved in the design, import, distribution, manufacture, marketing, installation, use or maintenance of those EHR systems, or represent the parties engaged in those activities.They shall not engage in any activity that may conflict with their independence of judgement or integrity in relation to conformity assessment activities for which they are notified.This shall in particular apply to consultancy services.A conformity assessment body shall ensure that the activities of its subsidiaries or subcontractors do not affect the confidentiality, objectivity or impartiality of its conformity assessment activities. 5.A conformity assessment body and its personnel shall carry out the conformity assessment activities with the highest degree of professional integrity and the requisite technical competence in the specific field and shall be free from all pressures and inducements, particularly financial, which might influence its judgement or the results of its conformity assessment activities, especially as regards persons or groups of persons with an interest in the results of those activities. 6.A conformity assessment body shall be capable of carrying out all the conformity assessment tasks to verify the EHR’s compliance with Article 17 and Annex II and in relation to which it has been notified, whether those tasks are carried out by the conformity assessment body itself or on its behalf and under its responsibility.At all times, and for each conformity assessment procedure and each EHR system for which it has been notified, a conformity assessment body shall have at its disposal the necessary: (a) personnel with technical knowledge and sufficient and appropriate experience to perform the conformity assessment tasks; (b) descriptions of procedures in accordance with which conformity assessment is carried out, ensuring the transparency and the ability of reproduction of those procedures; (c) appropriate policies and procedures to distinguish between tasks that it carries out as a notified body and other activities; (d) procedures for the performance of conformity assessment activities. A conformity assessment body shall have the means necessary to perform the technical and administrative tasks connected with the conformity assessment activities in an appropriate manner and shall have access to all necessary equipment or facilities. 7.The personnel responsible for carrying out conformity assessment tasks shall have the following: (a) sound technical and vocational training covering all the conformity assessment activities in relation to which the conformity assessment body has been notified; (b) satisfactory knowledge of the requirements of the assessments they carry out and adequate authority to carry out those assessments; (c) appropriate knowledge and understanding of the essential security and interoperability requirements set out in Annex II and of the data protection and data security requirements applicable under Union and national legislations. (d) the ability to draw up certificates, records and reports demonstrating that conformity assessments have been carried out. 8.The impartiality of a conformity assessment body, its top-level management and the personnel responsible for carrying out the conformity assessment tasks shall be guaranteed.The remuneration of the top- level management and the personnel responsible for carrying out the conformity assessment tasks shall not depend on the number of conformity assessments carried out or on the results of those assessments. 9.A conformity assessment body shall take out liability insurance unless liability is assumed by the Member State in accordance with national law, or the Member State itself is directly responsible for the conformity assessment. 10.The personnel of a conformity assessment body shall observe professional secrecy with regard to all information obtained in carrying out the conformity assessment tasks in accordance with Article 22b, except in relation to the competent authorities of the Member State in which its tasks are carried out.Proprietary rights, intellectual property rights and trade secrets shall be protected. Article 22h Presumption of conformity of notified bodies Where a conformity assessment body demonstrates its conformity with the criteria laid down in the relevant harmonised standards or parts thereof the references of which have been published in the Official Journal of the European Union, it shall be presumed to comply with the requirements set out in Article 22g in so far as the applicable harmonised standards cover those requirements. Article 22i Subsidiaries of and subcontracting by notified bodies 1.Where a notified body subcontracts specific tasks connected with conformity assessment or has recourse to a subsidiary, it shall ensure that the subcontractor or the subsidiary meets the requirements set out in Article 22g and shall inform the notifying authority accordingly. 2.A notified body shall take full responsibility for the tasks performed by subcontractors or subsidiaries wherever those are established. 3.Activities may be subcontracted or carried out by a subsidiary only with the agreement of the client. 4.A notified body shall keep at the disposal of the notifying authority the relevant documents concerning the assessment of the qualifications of the subcontractor or the subsidiary and the work carried out by them under Article 22b. Article 22j Application for notification 1.A conformity assessment body shall submit an application for notification to the notifying authority of the Member State in which it is established. 2.The application for notification shall be accompanied by a description of the conformity assessment activities, of the conformity assessment procedures set out in Article 22b and of the kinds or categories of EHR systems for which the conformity assessment body claims to be competent, as well as by an accreditation certificate, where one exists, issued by a national accreditation body attesting that the conformity assessment body fulfils the requirements laid down in Article 28. 3.Where the conformity assessment body concerned cannot provide an accreditation certificate as referred to in paragraph 2, it shall provide the notifying authority with all the documentary evidence necessary for the verification, recognition and regular monitoring of its compliance with the requirements laid down in Article 22g. Article 22k Notification procedure 1.A notifying authority shall notify only conformity assessment bodies which have satisfied the requirements laid down in Article 22g. 2.The notifying authority shall send a notification to the Commission and the other Member States, using the electronic notification tool developed and managed by the Commission. 3.The notification referred to in paragraph 2 shall include the following: (a) full details of the conformity assessment activities to be performed; (b) an indication of the conformity assessment module or modules and the kinds of EHR systems concerned; (c) the relevant attestation of competence. 4.Where a notification is not based on an accreditation certificate referred to in Article 31(2), the notifying authority shall provide the Commission and the other Member States with documentary evidence which attests to the conformity assessment body's competence and the arrangements in place to ensure that that body will be monitored regularly and will continue to satisfy the requirements laid down in Article 28. 5.The conformity assessment body concerned may perform the activities of a notified body only where no objections are raised by the Commission or the other Member States within two weeks of the validation of the notification where it includes an accreditation certificate referred to in Article 31(2), or within two months of the notification where it includes documentary evidence referred to in Article 31(3) and in paragraph 4 of this Article.Only such a body shall be considered a notified body for the purposes of this Regulation. 6.The notifying authority shall notify the Commission and the other Member States of any subsequent relevant changes to the notification referred to in paragraph 2. Article 22l Identification numbers and lists of notified bodies 1.The Commission shall assign an identification number to a notified body.It shall assign a single such number even where the body is notified under several Union acts. 2.The Commission shall make publicly available the list of bodies notified under this Regulation including the identification numbers that have been assigned to them and the conformity assessment activities for which they have been notified.The Commission shall ensure that the list is kept up to date. Article 22m Changes to notifications 1.Where a notifying authority has ascertained or has been informed that a notified body no longer meets the requirements laid down in Article 22g, or that it is failing to fulfil its obligations as set out in Article 22o the notifying authority shall restrict, suspend or withdraw the notification, as appropriate, depending on the seriousness of the failure to meet those requirements or fulfil those obligations.It shall immediately inform the Commission and the other Member States accordingly. 2.In the event of restriction, suspension or withdrawal of notification, or where the notified body has ceased its activity, the notifying authority shall take appropriate steps to ensure that the files of that body are either processed by another notified body or kept available for the responsible notifying and market surveillance authorities at their request. Article 22n Challenge of the competence of notified bodies 1.The Commission shall investigate all cases where it doubts, or doubt is brought to its attention regarding, the competence of a notified body or the continued fulfilment by a notified body of the requirements and responsibilities to which it is subject. 2.The notifying Member State shall provide the Commission, on request, with all information relating to the basis for the notification or the maintenance of the competence of the notified body concerned. 3.The Commission shall ensure that all sensitive information obtained in the course of its investigations is treated confidentially. 4.Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall adopt an implementing act requesting the notifying Member State to take the necessary corrective measures, including the withdrawal of the notification if necessary.That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 46(2). Article 22o Operational obligations of notified bodies 1.A notified body shall carry out conformity assessments in accordance with the conformity assessment procedures set out in Article 22b. 2.A notified body shall perform its activities in a proportionate manner, avoiding unnecessary burdens for economic operators, and taking due account of the size of an undertaking, the sector in which the undertaking operates, the structure of the undertaking, the degree of complexity of the technology in question and the mass or serial nature of the production process.In so doing, the notified body shall nevertheless respect the degree of rigour and the level of protection required for the compliance of the EHR system with the requirements of this Regulation. 3.Where a notified body finds that the essential security and interoperability requirements set out in Annex II and of the data protection and data security requirements applicable under Union and national legislations have not been met by a manufacturer, it shall require the manufacturer to take appropriate corrective actions and shall not issue a certificate of conformity or adopt an approval decision. 4.Where, in the course of the monitoring of conformity following the issue of an approval decision a notified body finds that a EHR system no longer complies, it shall require the manufacturer to take appropriate corrective actions and shall suspend or withdraw the approval decision, if necessary. 5.Where corrective actions are not taken or do not have the required effect, the notified body shall restrict, suspend or withdraw any certificates or approval decisions, as appropriate. Article 22p Appeals against decisions of notified bodies A notified body shall ensure that a transparent and accessible appeals procedure against its decisions is available. Article 22q Information obligation on notified bodies 1.A notified body shall inform the notifying authority of the following: (a) any refusal, restriction, suspension or withdrawal of a certificate or approval decision; (b) any circumstances affecting the scope of, or the conditions for, its notification; (c) any request for information which it has received from market surveillance authorities regarding its conformity assessment activities; (d) on request, any conformity assessment activities performed within the scope of its notification and any other activity performed, including cross-border activities and subcontracting. 2.A notified body shall provide the other bodies notified under this Regulation carrying out similar conformity assessment activities covering the same kinds of EHR systems with relevant information on issues relating to negative and, on request, positive conformity assessment results. Article 22r Exchange of experience The Commission shall provide for the organisation of exchange of experience between the Member States' national authorities responsible for notification policy. Article 22s Coordination of notified bodies The Commission shall ensure that appropriate coordination and cooperation between bodies notified under this Regulation are put in place and properly operated in the form of a sectoral group of notified bodies. Notified bodies shall participate in the work of that group, directly or by means of designated representatives.

Amendment 1028 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1

The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a common template document and a time limit for implementing those common specifications. Those common specifications shall be based on existing harmonised standards or international standards and shall be adopted only after consulting the European standardisation organisations as well as the relevant stakeholders. Where relevant, the common specifications shall take into account the specificities and verify compatibility with sectorial legislation and harmonized standards of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14, including the state-of-the art standards for health informatics and the European electronic health record exchange format.

Amendment 1029 #

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1

The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a time limit for implementing those common specifications. Those common specifications shall be issued in accordance with Article 10 of Regulation (EU) 1025/2012, and where relevant based on existing harmonised standards or relevant international standards, and shall be adopted only after consulting the European standardisation organisations as well as other relevant stakeholders. Where relevant, the common specifications shall take into account the specificities of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14.

Amendment 1030 #

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 1

The Commission shall, by means of implementing acts, adopt common specifications in respect of the essential requirements set out in Annex II, including a uniform template document and a time limit for implementing those common specifications. Where relevant, the common specifications shall take into account the specificities of medical devices and high risk AI systems referred to in paragraphs 3 and 4 of Article 14.

Amendment 1031 #

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 2

Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2), after consultation with the EHDS Board and other relevant stakeholders.

Amendment 1032 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 23 – paragraph 1 – subparagraph 2

Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2) after consultation with the EHDS Board and relevant stakeholders.

Amendment 1033 #

Proposal for a regulation
Article 23 – paragraph 4 a (new)

4 a. Where common specifications have an impact on data protection requirements of EHR systems, they shall be subject to consultation with EDPB and EDPS before their adoption, pursuant to Article 42(2) of Regulation (EU) 2018/1725.

Amendment 1034 #

Proposal for a regulation
Article 23 – paragraph 5

Amendment 1035 #

Proposal for a regulation
Article 23 – paragraph 6

6. Where common specifications covering interoperability and security requirements of medical devices or high- risk AI systems falling under other acts such as Regulation (EU) 2017/745 or Regulation […] [AI Act COM/2021/206 final], impact EHR systems, the adoption of those common specifications shall be preceded by a consultation with the EHDS Board, especially its subgroup for Chapters II and III of this Regulation and, where applicable, the European Data Protection Board referred to in Article 68 of Regulation (EU) 2016/679.

Amendment 1036 #

Proposal for a regulation
Article 24 – paragraph 1

1. ~~The~~Manufacturers shall draw up technical documentation ~~shall be drawn up~~ before the EHR system is placed on the market or put into service and shall be kept up-to-date. The technical documentation shall be submitted to the market surveillance authorities of the Member States concerned at least 6 months before an EHR system is placed on the market or put into service.

Amendment 1037 #

Proposal for a regulation
Article 24 – paragraph 2

Amendment 1038 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 24 – paragraph 2 a (new)

2 a. To ensure conformity, templates for technical documentation are provided by the market surveillance authority of a Member State.

Amendment 1039 #

Proposal for a regulation
Article 24 – paragraph 3

3. The technical documentation shall be drawn up in one of the official languages of the Union. Following a reasoned request from the market surveillance authority of a Member State, the manufacturer shall provide a translation of the relevant parts of the technical documentation into the official languages of that Member State.

Amendment 1040 #

Proposal for a regulation
Article 25 – paragraph 2 – point a

(a) the identity, registered trade name or registered trademark, and the contact details of the manufacturer including the postal and electronic address and the telephone number and, where applicable, of its authorised representative;

Amendment 1041 #

Proposal for a regulation
Article 25 – paragraph 3

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to supplement this Regulation by allowing manufacturers to enter the information referred to in paragraph 2 into the EU database of EHR systems ~~and wellness applications referred to in Article 32~~, as an alternative to supplying the information sheet referred to in paragraph 1 with the EHR system.

Amendment 1042 #

Proposal for a regulation
Article 25 – paragraph 3

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to supplement this Regulation by allowing manufacturers to enter the information referred to in paragraph 2 into the EU database of EHR systems ~~and wellness applications referred to in Article 32~~, as an alternative to supplying the information sheet referred to in paragraph 1 with the EHR system.

Amendment 1043 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 25 – paragraph 3

Amendment 1044 #

Proposal for a regulation
Article 25 a (new)

Article 25 a Presumption of conformity of EHR systems 1. An EHR system which is in conformity with harmonised standards as referred to in Article 23 shall be presumed to be in conformity with the essential requirements set out in Annex II covered by those standards. 2. The Commission shall, as provided in Article 10(1) of Regulation (EU) No 1025/2012, request one or more European standardisation organisations to draft harmonised standards for the essential requirements set out in Annex II. 3. The Commission is empowered to adopt implementing acts establishing technical specifications for the essential requirements set out in Annex II where the following conditions have been fulfilled: (a) no reference to harmonised standards covering the relevant essential health and safety requirements is published in the Official Journal of the European Union in accordance with Regulation (EU) No 1025/2012; (b) the Commission has requested one or more European standardisation organisations to draft a harmonised standard for the essential health and safety requirements and there are undue delays in the standardisation procedure or the request has not been accepted by any of the European standardisation organisations. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2). 4. An EHR system which is in conformity with the technical specifications shall be presumed to be in conformity with the essential requirements set out in Annex II covered by those technical specifications.

Amendment 1045 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 26 – paragraph 1

Amendment 1046 #

Proposal for a regulation
Article 26 – paragraph 1

1. The EU declaration of conformity shall state that the manufacturer of the EHR system has demonstrated that the essential requirements laid down in Annex II have been fulfilled.

Amendment 1047 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 26 – paragraph 3

3. The EU declaration of conformity shall, as a minimum, contain the information set out in Annex IV and shall be translated into one or more official Union languages determined by the Member State(s) in which the EHR system is made available. Manufacturers shall provide a translation of the relevant parts of the technical documentation into all the official languages of Member States.

Amendment 1048 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 26 – paragraph 4

4. By drawing up the EU declaration of conformity, the manufacturer shall assume responsibility for ~~the conformity of the~~compliance with the requirements of this Regulation and all Union acts applicable to EHR systems.

Amendment 1049 #

Proposal for a regulation
Article 26 – paragraph 4

4. By ~~drawing up~~issuing the EU declaration of conformity, to the ~~manufacturer~~health data access body, the notified body shall assume responsibility for the conformity of the EHR system.

Amendment 1050 #

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. The Commission is empowered to adopt delegated acts in accordance with Article 67 amending the minimum content of the EU declaration of conformity set out in Annex IV.

Amendment 1051 #

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4 a. The Commission shall draw up a standard uniform EU declaration of conformity and make it available in digital format in all the official Union languages.

Amendment 1052 #

Proposal for a regulation
Article 26 – paragraph 4 a (new)

4a. The Commission shall publish a standard format for the EU declaration of conformity in digital form and accessible in all official EU languages.

Amendment 1053 #

Proposal for a regulation
Article 26 a (new)

Article 26 a Conformity assessment Before an EHR system may be placed on the market a notified body has to: (1) assess if the EHR system is in conformity with the essential requirements laid down in Annex II; (2) assess if the EHR system is in conformity with the requirements laid down in Regulation... (Cyber Resilience Act COM/2022/457). (3) assess if the technical documentation is available and complete; (4) assess if the EHR system fulfils the requirements of the EU declaration of conformity. Only after EU-wide approval has been issued, the CE marking can be affixed, together with an identification number.

Amendment 1054 #

Proposal for a regulation
Article 27 – paragraph 1 a (new)

1 a. The CE marking shall be affixed before making the EHR system available on the market.

Amendment 1055 #

Proposal for a regulation
Article 27 – paragraph 2 a (new)

Amendment 1056 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 a (new)

Article 27 a Assessment of conformity Before an EHR system may be placed on the market a Notified Body has to: (1) assess if the EHR system is in conformity with the essential requirements laid down in Annex II; (2) assess if the EHR system is in conformity with the requirements laid down in Regulation... (Cyber Resilience Act COM/2022/457). (3) assess if the technical documentation is available and complete; (4) assess if the EHR system fulfils the requirements of the EU declaration of conformity Only after EU-wide approval has been issued, the CE marking can be affixed, together with an identification number.

Amendment 1057 #

Proposal for a regulation
Article 27 a (new)

Article 27 a Conformity assessment procedures for EHR systems 1. In order to certify the conformity of an EHR system with this Regulation, the manufacturer or its authorised representative, shall apply for EU type- examination procedure provided for in Annex IVa; 2. Notified bodies shall take into account the specific interests and needs of small and medium sized enterprises when setting the fees for conformity assessment and reduce those fees proportionately to their specific interests and needs.

Amendment 1058 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 b (new)

Article 27 b Notification Member States shall notify the Commission and the other Member States of conformity assessment bodies authorised to carry out conformity assessments in accordance with this Regulation.

Amendment 1059 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 c (new)

Article 27 c Notifying authorities 1. Member States shall designate a notifying authority that shall be responsible for setting up and carrying out the necessary procedures for the assessment and notification of conformity assessment bodies and the monitoring of notified bodies, including compliance with Article 27j. 2. Member States may decide that the assessment and monitoring referred to in paragraph 1 shall be carried out by a national accreditation body within the meaning of and in accordance with Regulation (EC) No 765/2008. 3. Where the notifying authority delegates or otherwise entrusts the assessment, notification or monitoring referred to in paragraph 1 of this Article to a body, which is not a governmental entity that body shall be a legal entity and shall comply mutatis mutandis with the requirements laid down in Article 27d. In addition, that body shall have arrangements to cover liabilities arising out of its activities. 4. The notifying authority shall take full responsibility for the tasks performed by the body referred to in paragraph 3.

Amendment 1060 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 d (new)

Article 27 d Requirements relating to notifying authorities 1. A notifying authority shall be established in such a way that no conflict of interest with conformity assessment bodies occurs. 2. A notifying authority shall be organised and operated so as to safeguard the objectivity and impartiality of its activities. 3. A notifying authority shall be organised in such a way that each decision relating to notification of a conformity assessment body is taken by competent persons different from those who carried out the assessment of the EHR system. 4. A notifying authority shall not offer or provide any activities that conformity assessment bodies perform, or consultancy services on a commercial or competitive basis. 5. A notifying authority shall safeguard the confidentiality of the information it obtains. 6. A notifying authority shall have a sufficient number of competent personnel at its disposal for the proper performance of its tasks.

Amendment 1061 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 e (new)

Article 27 e Information obligation on notifying authorities Member States shall inform the Commission of their procedures for the assessment and notification of conformity assessment bodies and the monitoring of notified bodies, and of any changes thereto. The Commission shall make that information publicly available.

Amendment 1062 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 f (new)

Article 27 f Requirements relating to notified bodies 1. For the purposes of notification, a conformity assessment body shall meet the requirements laid down in paragraphs 2 to 11. 2. A conformity assessment body shall be established under the national law of a Member State and have legal personality. 3. A conformity assessment body shall be a third-party body independent of the organisation or the EHR system it assesses. 4. A conformity assessment body, its top- level management and the personnel responsible for carrying out the conformity assessment tasks shall not be the designer, manufacturer, supplier, installer, purchaser, owner, user or maintainer of an EHR system, that they assess, nor the representative of any of those parties.A conformity assessment body, its top-level management and the personnel responsible for carrying out the conformity assessment tasks shall not be directly involved in the design, manufacture, marketing, installation, use or maintenance of EHR systems, or represent the parties engaged in those activities. They shall not engage in any activity that may conflict with their independence of judgement or integrity in relation to conformity assessment activities for which they are notified. This shall in particular apply to consultancy services.A conformity assessment body shall ensure that the activities of its subsidiaries or subcontractors do not affect the confidentiality, objectivity or impartiality of its conformity assessment activities. 5. A conformity assessment body and its personnel shall carry out the conformity assessment activities with the highest degree of professional integrity and the requisite technical competence in the specific field and shall be free from all pressures and inducements, particularly financial, which might influence its judgement or the results of its conformity assessment activities, especially as regards persons or groups of persons with an interest in the results of those activities. 6. A conformity assessment body shall be capable of carrying out all the conformity assessment activities mentioned in Annexes IVa in relation to which it has been notified, whether those tasks are carried out by the conformity assessment body itself or on its behalf and under its responsibility.At all times, and for each conformity assessment procedure and each kind of a EHR system for which it has been notified, a conformity assessment body shall have at its disposal the necessary: (a) personnel with technical knowledge and sufficient and appropriate experience to perform the conformity assessment activities; (b) descriptions of procedures in accordance with which conformity assessment is carried out, ensuring the transparency and the ability of reproduction of those procedures; (c) appropriate policies and procedures to distinguish between activities that it carries out as a notified body and other activities; (d) procedures for the performance of conformity assessment activities which take due account of the size of an undertaking, the sector in which it operates, its structure and the degree of complexity of the technology in question. A conformity assessment body shall have the means necessary to perform the technical and administrative tasks connected with the conformity assessment activities in an appropriate manner and shall have access to all necessary equipment or facilities. 7. The personnel responsible for carrying out conformity assessment tasks shall have the following: (a) sound technical and vocational training covering all the conformity assessment activities in relation to which the conformity assessment body has been notified; (b) satisfactory knowledge of the requirements of the assessments they carry out and adequate authority to carry out those assessments; (c) the ability to draw up certificates, records and reports demonstrating that conformity assessments have been carried out. 8. The impartiality of a conformity assessment body, its top-level management and the personnel responsible for carrying out the conformity assessment activities shall be guaranteed. The remuneration of the top-level management and the personnel responsible for carrying out the conformity assessment activities shall not depend on the number of conformity assessments carried out or on the results of those assessments. 9. A conformity assessment body shall take out liability insurance unless liability is assumed by the Member State in accordance with national law, or the Member State itself is directly responsible for the conformity assessment. 10. The personnel of a conformity assessment body shall observe professional secrecy with regard to all information obtained in carrying out the conformity assessment activities in accordance with Annexes IVa, except in relation to the competent authorities of the Member State in which its activities are carried out. Proprietary rights, intellectual property rights and trade secrets shall be protected. 11. A conformity assessment body shall participate in, or ensure that its personnel responsible for carrying out the conformity assessment activities are informed of, the relevant standardisation activities and the activities of the notified body coordination group established under Article 27r and shall apply as general guidance the administrative decisions and documents produced as a result of the work of that group.

Amendment 1063 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 g (new)

Article 27 g Presumption of conformity of notified bodies Where a conformity assessment body demonstrates its conformity with the criteria laid down in the relevant harmonised standards the references of which have been published in the Official Journal of the European Union, it shall be presumed to comply with the requirements set out in Article 27f in so far as the applicable harmonised standards cover those requirements.

Amendment 1064 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 h (new)

Article 27 h Subsidiaries of and subcontracting by notified bodies 1. Where a notified body subcontracts specific tasks connected with conformity assessment or has recourse to a subsidiary, it shall ensure that the subcontractor or the subsidiary meets the requirements set out in Article 27f and shall inform the notifying authority accordingly. 2. A notified body shall take full responsibility for the tasks performed by subcontractors or subsidiaries wherever those are established. 3. Activities may be subcontracted or carried out by a subsidiary only with the agreement of the client. 4. A notified body shall keep at the disposal of the notifying authority the relevant documents concerning the assessment of the qualifications of the subcontractor or the subsidiary and the work carried out by them under Annex IVa.

Amendment 1065 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 i (new)

Article 27 i Notification procedure 1. A notifying authority shall notify only conformity assessment bodies which have satisfied the requirements laid down in Article 27f. 2. The notifying authority shall send a notification to the Commission and the other Member States of each conformity assessment body referred to in paragraph 1, using the electronic notification tool developed and managed by the Commission. 3. The notification referred to in paragraph 2 shall include the following: (a) full details of the conformity assessment activities to be performed; (b) the relevant attestation of competence. 4. Where a notification is not based on an accreditation certificate referred to in Article 27i(2), the notifying authority shall provide the Commission and the other Member States with documentary evidence which attests to the conformity assessment body's competence and the arrangements in place to ensure that that body will be monitored regularly and will continue to satisfy the requirements laid down in Article 27f. 5. The conformity assessment body concerned may perform the activities of a notified body only where no objections are raised by the Commission or the other Member States within two weeks of the validation of the notification where it includes an accreditation certificate referred to in Article 27i(2), or within two months of the notification where it includes documentary evidence referred to in Article 27i(3). Only such a body shall be considered a notified body for the purposes of this Regulation. 6. The notifying authority shall notify the Commission and the other Member States of any subsequent relevant changes to the notification referred to in paragraph 2.

Amendment 1066 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 i (new)

Article 27 i Application for notification 1. A conformity assessment body shall submit an application for notification to the notifying authority of the Member State in which it is established. 2. The application for notification shall be accompanied by a description of the conformity assessment activities, of the conformity assessment procedures set out in Annex IVa as well as by an accreditation certificate, where one exists, issued by a national accreditation body attesting that the conformity assessment body fulfils the requirements laid down in Article 27f. 3. Where the conformity assessment body concerned cannot provide an accreditation certificate as referred to in paragraph 2, it shall provide the notifying authority with all the documentary evidence necessary for the verification, recognition and regular monitoring of its compliance with the requirements laid down in Article 27f.

Amendment 1067 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 k (new)

Article 27 k Identification numbers and lists of notified bodies 1. The Commission shall assign an identification number to a notified body. It shall assign a single such number even where the body is notified under several Union acts. 2. The Commission shall make publicly available the list of notified bodies including the identification numbers that have been assigned to them and the conformity assessment activities for which they have been notified. The Commission shall ensure that the list is kept up to date.

Amendment 1068 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 l (new)

Article 27 l Changes to notifications 1. Where a notifying authority has ascertained or has been informed that a notified body no longer meets the requirements laid down in Article 27f, or that it is failing to fulfil its obligations as set out in Article 27m the notifying authority shall restrict, suspend or withdraw the notification, as appropriate, depending on the seriousness of the failure to meet those requirements or fulfil those obligations. It shall immediately inform the Commission and the other Member States accordingly. 2. In the event of restriction, suspension or withdrawal of notification, or where the notified body has ceased its activity, the notifying authority shall take appropriate steps to ensure that the files of that body are either processed by another notified body or kept available for the responsible notifying and market surveillance authorities at their request.

Amendment 1069 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 m (new)

Article 27 m Challenge of the competence of notified bodies 1. The Commission shall investigate all cases where it doubts, or doubt is brought to its attention regarding, the competence of a notified body or the continued fulfilment by a notified body of the requirements and responsibilities to which it is subject. 2. The notifying authority shall provide the Commission, on request, with all information relating to the basis for the notification or the maintenance of the competence of the notified body concerned. 3. The Commission shall ensure that all sensitive information obtained in the course of its investigations is treated confidentially. 4. Where the Commission ascertains that a notified body does not meet or no longer meets the requirements for its notification, it shall adopt an implementing act requesting the notifying authority to take the necessary corrective measures, including the withdrawal of the notification if necessary. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 1070 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 n (new)

Article 27 n Operational obligations of notified bodies 1. A notified body shall carry out conformity assessments in accordance with the conformity assessment procedures set out in Annex IVa. 2. A notified body shall perform its activities in a proportionate manner, avoiding unnecessary burdens for economic operators, and taking due account of the size of an undertaking, the structure of the undertaking, the degree of complexity of the EHR system in question. In so doing, the notified body shall nevertheless respect the degree of rigour and the level of protection required for the compliance of the EHR system with the requirements of this Regulation. 3. Where, in the course of the monitoring of conformity following the issuance of a certificate of conformity or the adoption of an approval decision, a notified body finds that a EHR system no longer complies, it shall require the manufacturer to take appropriate corrective measures and shall suspend or withdraw the certificate of conformity or the approval decision, if necessary. 4. Where corrective measures are not taken or do not have the required effect, the notified body shall restrict, suspend or withdraw any certificates of conformity or approval decisions, as appropriate.

Amendment 1071 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 o (new)

Article 27 o Appeals against decisions of notified bodies A notified body shall ensure that a transparent and accessible appeals procedure against its decisions is available.

Amendment 1072 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 p (new)

Article 27 p Information obligation on notified bodies 1. A notified body shall inform the notifying authority of the following: (a) any refusal, restriction, suspension or withdrawal of a certificate of conformity or approval decision; (b) any circumstances affecting the scope of, or the conditions for, its notification; (c) any request for information which it has received from market surveillance authorities regarding its conformity assessment activities; (d) on request, any conformity assessment activities performed within the scope of its notification and any other activity performed, including cross-border activities and subcontracting. 2. A notified body shall provide other notified bodies carrying out similar conformity assessment activities covering the same kinds of machinery product with relevant information on issues relating to negative and, on request, positive conformity assessment results.

Amendment 1073 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 q (new)

Article 27 q Coordination of notified bodies The Commission shall ensure that appropriate coordination and cooperation between notified bodies are put in place and properly operated in the form of a sectoral group of notified bodies. A notified body shall participate in the work of that group, directly or by means of designated representatives.

Amendment 1074 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 27 q (new)

Article 27 q Exchange of experience The Commission shall provide for the organisation of exchange of experience between the Member States' national authorities responsible for notification policy.

Amendment 1075 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Chapter III – Section 3 a (new)

3a Section 3a Conformity assessment

Amendment 1076 #

Proposal for a regulation
Article 28 – paragraph 2

2. Member States shall designate the market surveillance authority or authorities responsible for the implementation of this Chapter. They shall entrust their market surveillance authorities with the ~~powers, resources, equipment~~necessary powers, financial resources, equipment, technical expertise, adequate staffing, and knowledge necessary for the proper performance of their tasks pursuant to this Regulation. Member States shall communicate the identity of the market surveillance authorities to the Commission which shall publish a list of those authorities.

Amendment 1077 #

Proposal for a regulation
Article 28 – paragraph 2 a (new)

2 a. Staff of market surveillance authorities shall have no direct or indirect economic, financial or personal conflicts of interest that might be considered prejudicial to their independence and, in particular, that they are not in a situation that may, directly or indirectly, affect the impartiality of their professional conduct.

Amendment 1078 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 28 – paragraph 2 b (new)

2 b. Pursuant to paragraph 2 of this article, Member States shall determine and publish the selection procedure for market surveillance authorities. They shall ensure that the procedure is transparent and does not allow for conflicts of interest.

Amendment 1079 #

Proposal for a regulation
Article 28 – paragraph 4 a (new)

4 a. Market surveillance authorities shall immediately inform Notified Bodies about manufacturers of EHR systems that no longer comply with the requirements on the declaration of conformity.

Amendment 1080 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 29 – paragraph 1

1. Where a market surveillance authority ~~finds~~of one Member State have sufficient reason to believe that an EHR system presents a risk to the health or, safety or rights of natural persons or to other aspects of public interest protection, ithey shall ~~require the manufacturer of the EHR system concerned, i~~carry out an evaluation in relation to the EHR system concerned covering all relevant requirements laid down in this Regulation. Its authorised representatives and all other relevant economic operators toshall cooperate as necessary with the market surveillance authorities for that purpose and take all appropriate measures to ensure that the EHR system concerned no longer presents that risk when placed on the market to withdraw the EHR system from the market or to recall it within a reasonable period. Where, in the course of the evaluation referred to in the first subparagraph, the market surveillance authorities find that the EHR system does not comply with the requirements laid down in this Regulation, they shall without delay require the relevant economic operator to take all appropriate corrective action to bring the EHR system into compliance with those requirements, to withdraw the machinery product from the market, or to recall it within a reasonable period which is commensurate with the nature of the risk referred to in the first subparagraph. The market surveillance authorities shall inform the relevant notified body accordingly.

Amendment 1081 #

Proposal for a regulation
Article 29 – paragraph 1

1. Where a market surveillance authority, or, in cases involving personal data, a supervisory authority under Regulation (EU) 2016/679, finds that an EHR system presents a risk to the health or safety of natural persons, to the protection of personal data or to other aspects of public interest protection, it shall require the manufacturer of the EHR system concerned, its authorised representative and all other relevant economic operators to take all appropriate measures to ensure that the EHR system concerned no longer presents that risk when placed on the market to withdraw the EHR system from the market or to recall it within a reasonable period.

Amendment 1082 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 29 – paragraph 1 a (new)

Amendment 1083 #

Proposal for a regulation
Article 29 – paragraph 1 a (new)

1 a. Where the market surveillance authorities consider that non-compliance is not restricted to their national territory, they shall inform the Commission and the other Member States of the results of the evaluation and of the actions which they have required the economic operator to take.

Amendment 1084 #

Proposal for a regulation
Article 29 – paragraph 1 b (new)

Amendment 1085 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 29 – paragraph 3

3. The market surveillance authority ~~shall immediately inform the Commission and the market surveillance authorities~~, or, where applicable, the supervisory authority under Regulation (EU) 2016/679, shall immediately inform the Commission and the market surveillance authorities, or, if applicable, the supervisory authorities under Regulation (EU) 2016/679, of other Member States of the measures ordered pursuant to paragraph 1. That information shall include all available details, in particular the data necessary for the identification of the EHR system concerned, the origin and the supply chain of the EHR system, the nature of the risk involved and the nature and duration of the national measures taken.

Amendment 1086 #

Proposal for a regulation
Article 29 – paragraph 3 a (new)

3 a. Where a finding of a market surveillance authortiy, or a serious incident it is informed of, concerns personal data protection, the market surveillance authority shall, without undue delay, inform and cooperate with the relevant supervisory authorities under Regulation (EU) 2016/679.

Amendment 1087 #

Proposal for a regulation
Article 29 – paragraph 4 – subparagraph 1

Manufacturers of EHR systems placed on the market shall report any serious incident involving an EHR system to the market surveillance authorities, or, in cases involving personal data, the supervisory authorities under Regulation (EU) 2016/679 of the Member States where such serious incident occurred and the corrective actions taken or envisaged by the manufacturer.

Amendment 1088 #

Proposal for a regulation
Article 29 – paragraph 4 – subparagraph 2

Amendment 1089 #

Proposal for a regulation
Article 29 – paragraph 5

5. The ~~market surveillance~~ authorities referred to in paragraph 4 shall inform the other ~~market surveillance~~ authorities, without delay, of the serious incident and the corrective action taken or envisaged by the manufacturer or required of it to minimise the risk of recurrence of the serious incident.

Amendment 1090 #

Proposal for a regulation
Article 30 – paragraph 1 – introductory part

1. Where a market surveillance authority makes one, inter alia, of the following findings, it shall require the manufacturer of the EHR system concerned, its authorised representative and all other relevant economic operators to ~~put an end to the non-compliance concerned~~bring the EHR system into conformity:

Amendment 1091 #

Proposal for a regulation
Article 30 – paragraph 1 – point a

(a) the EHR system is not in conformity with essential requirements laid down in Annex II and with the common specifications in accordance with Article 23;

Amendment 1092 #

Proposal for a regulation
Article 30 – paragraph 1 – point b

(b) the technical documentation is either not available or not complete; or not in accordance with Article 24;

Amendment 1093 #

Proposal for a regulation
Article 30 – paragraph 1 – point b a (new)

Amendment 1094 #

Proposal for a regulation
Article 30 – paragraph 1 – point c

(c) the EU declaration of conformity has not been drawn up or has not been drawn up correctly as referred to in Article 26;

Amendment 1095 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 30 – paragraph 1 – point d a (new)

(d a) the registration obligations of Article 32 has not been fulfilled.

Amendment 1096 #

Proposal for a regulation
Article 30 – paragraph 1 a (new)

1 a. Where the relevant economic operator does not take adequate corrective action within the period referred to in Article 29, paragraph 1, second subparagraph, the market surveillance authorities shall take all appropriate provisional measures to prohibit or restrict the EHR system being made available on their national market, to withdraw the machinery product from that market or to recall it. The market surveillance authorities shall inform the Commission and the other Member States, without delay, of those measures.

Amendment 1097 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 30 – paragraph 1 b (new)

1 b. The information referred to in paragraph 1.a, second subparagraph, shall include all available details, in particular the data necessary for the identification of the noncompliant EHR system, the origin of that EHR system, the nature of the non-compliance alleged and the risk involved, the nature and duration of the national measures taken and the arguments put forward by the relevant economic operator.In particular, the market surveillance authorities shall indicate whether the noncompliance is due to any of the following: (a) failure of the EHR system to meet the requirements relating to the essential requirements set out in Annex II; (b) shortcomings in the harmonised standards referred to in Article 25a(1); (c) shortcomings in the technical specifications referred to in Article 25a(4).

Amendment 1098 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 30 – paragraph 1 c (new)

1 c. Member States other than the Member State initiating the procedure under this Article shall without delay inform the Commission and the other Member States of any measures adopted and of any additional information at their disposal relating to the non-compliance of the EHR system concerned, and, in the event of disagreement with the adopted national measure, of their objections.

Amendment 1099 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 30 – paragraph 1 d (new)

1 d. Where, within three months of receipt of the information referred to in paragraph 1a, second subparagraph, no objection has been raised by either a Member State or the Commission in respect of a provisional measure taken by a Member State, that measure shall be deemed justified.

Amendment 1100 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 30 a (new)

Article 30 a Union safeguard procedure 1. Where, on completion of the procedure set out in Article 29(2) and Article 30(1a), objections are raised against a measure taken by a Member State, or where the Commission considers a national measure to be contrary to Union legislation, the Commission shall without delay enter into consultation with the Member States and the relevant economic operator or operators and shall evaluate the national measure. On the basis of the results of that evaluation, the Commission shall adopt an implementing act in the form of a decision determining whether the national measure is justified or not. The Commission shall address its decision to all Member States and shall without delay communicate it to them and to the relevant economic operator or operators. That implementing act shall be adopted in accordance with the examination procedure referred to in Article 68(2a). 2. If the national measure is considered justified, all Member States shall take the necessary measures to ensure that the non-compliant EHR system is withdrawn from their market, and shall inform the Commission accordingly. If the national measure is considered unjustified, the Member State concerned shall withdraw that measure. Where the national measure is considered justified and the non-compliance of the EHR system is attributed to shortcomings in the harmonised standards or technical specifications referred to in Article 30(1b), points (b) and (c), of this Regulation, the Commission shall apply the procedure provided for in Article 11 of Regulation (EU) No 1025/2012.

Amendment 1101 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS

Proposal for a regulation
Article -31 (new)

Article -31 Interoperability of wellness applications with EHR systems 1. Manufacturers of wellness applications may claim interoperability with an EHR system, after relevant conditions are met. When this is the case, the users of such wellness applications shall be duly informed about such interoperability and its effects. 2. The interoperability of wellness applications with EHR systems shall not mean automatic sharing or transmission of all or part of the health data from the wellness application with the EHR system. The sharing or transmission of such data shall only be possible pursuant to and in line with Article 3(6) of this Regulation and interoperability shall be limited exclusively to this end. The manufacturers of wellness applications claiming interoperability with an EHR system shall ensure that the user is able to choose which part of health data from the wellness application they want to insert in the EHR system. 3. Wellness applications shall not be able to access the information in EHRs nor extract any information from it.

Amendment 1102 #

Proposal for a regulation
Article 31

Amendment 1103 #

Proposal for a regulation
Article 31

Amendment 1104 #

Proposal for a regulation
Article 31

Amendment 1105 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 31

1. Where a manufacturer of a wellness application claims interoperability with an EHR system and therefore compliance with the essential requirements laid down in Annex II and common specifications in Article 23, such wellness application may be accompanied by a label, clearly indicating its compliance with those requirements. The label shall be issued by the manufacturer of the wellness application. 2. The label shall indicate the following information: (a) categories of electronic health data for which compliance with essential requirements laid down in Annex II has been confirmed; (b) reference to common specifications to demonstrate compliance; (c) validity period of the label. 3. The Commission may, by means of implementing acts, determine the format and content of the label. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). 4. The label shall be drawn-up in one or more official languages of the Union or languages determined by the Member State(s) in which the in which the wellness application is placed on the market. 5. The validity of the label shall not exceed 5 years. 6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device. 2D barcodes may also be used to display the label. 7. The market surveillance authorities shall check the compliance of wellness applications with the essential requirements laid down in Annex II. 8. Each supplier of a wellness application, for which a label has been issued, shall ensure that the wellness application that is placed on the market or put into service is accompanied with the label for each individual unit, free of charge. 9. Each distributor of a wellness application for which a label has been issued shall make the label available to customers at the point of sale in electronic form or, upon request, in physical form. 10. The requirements of this Article shall not apply to wellness applications which are high-risk AI systems as defined under Regulation […] [AI Act COM/2021/206 final].Article 31 deleted Voluntary labelling of wellness applications

Amendment 1106 #

Proposal for a regulation
Article 31 – paragraph 1

Amendment 1107 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 31 – paragraph 3

3. The Commission ~~may~~shall, by means of implementing acts, determine the format and content of the label. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 1108 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 31 – paragraph 4

4. The label shall be drawn-up in one or more official languages of the Union ~~or languages determined by~~, and obligatorily in the language of the Member State(s) ~~in which the~~ in which the wellness application is placed on the market.

Amendment 1109 #

Proposal for a regulation
Article 31 – paragraph 4

4. The label shall be drawn-up in one or more ~~official~~ languages of the Union or languages determined by the Member State(s) in which the in which the wellness application is placed on the market.

Amendment 1110 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK

6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device and in the case of software a digital label. 2D barcodes may also be used to display the label.

Amendment 1111 #

Proposal for a regulation
Article 32 – title

Registration of EHR systems ~~and wellness applications~~

Amendment 1112 #

Proposal for a regulation
Article 32 – title

Registration of EHR systems ~~and wellness applications~~

Amendment 1113 #

Proposal for a regulation
Article 32 – title

Registration of EHR systems ~~and wellness applications~~

Amendment 1114 #

Proposal for a regulation
Article 32 – paragraph 1

Amendment 1115 #

Proposal for a regulation
Article 32 – paragraph 1

Amendment 1116 #

Proposal for a regulation
Article 32 – paragraph 1

Amendment 1117 #

Proposal for a regulation
Article 32 – paragraph 1

1. The Commission shall establish and maintain a publicly available database with information on EHR systems for which an EU declaration of conformity has been issued pursuant to Articles 26 and ~~wellness applications for which a label has been issued pursuant to Article 31~~26a.

Amendment 1118 #

Proposal for a regulation
Article 32 – paragraph 2

Amendment 1119 #

Proposal for a regulation
Article 32 – paragraph 2

Amendment 1120 #

Proposal for a regulation
Article 32 – paragraph 2

Amendment 1121 #

Proposal for a regulation
Article 32 – paragraph 3

3. Medical devices or high-risk AI systems referred to in paragraphs 3 and 4 of Article 14 of this Regulation shall also be registered in the database established pursuant to Regulations (EU) 2017/745 or […] [AI Act COM/2021/206 final], as applicable.

Amendment 1122 #

Proposal for a regulation
Article 32 – paragraph 4

Amendment 1123 #

Proposal for a regulation
Article 32 – paragraph 4

Amendment 1124 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 32 – paragraph 4

Amendment 1125 #

Proposal for a regulation
Article -33 (new)

Article -33 Scope This Chapter shall apply to situations of secondary use of electronic health data where a health data user seeks access to such data, as referred to in Article 33, from one or more health data holders as defined in Article 2 (y) of this Regulation.

Amendment 1126 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article -33 a (new)

Article -33 a Rights of natural persons in relation to the secondary use of electronic health data Natural persons shall have the right to opt-out from sharing their electronic health data for secondary use. A mechanism shall be put in place to allow natural persons the flexibility to determine the categories of electronic health data and/or purposes from which they wish to opt out. Such mechanism shall be easily accessible, comprehensible and actionable.

Amendment 1127 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – title

Minimum categories of electronic health data for secondary use

Amendment 1128 #

Proposal for a regulation
Article 33 – title

~~Minimum c~~Categories of electronic data for secondary use

Amendment 1129 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

Amendment 1130 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall make the following categories of electronic data available, taking into account the differences in administrative, logistical and resource requirements for each category in the member states, for secondary use in accordance with the provisions of this Chapter:

Amendment 1131 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall make the following categories of electronic data available for secondary use in accordance with the provisions of this Chapter, in such a manner so as not to conflict with the holder’s legal and ethical obligations:

Amendment 1132 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall, through a secure system ensuring protection of the patients’ data, make the following categories of electronic data available for secondary use, in accordance with the provisions of this Chapter:

Amendment 1133 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. DAfter having obtained consent of the data subjects, data holders shall make the following categories of electronic data available for secondary use in accordance with the provisions of this Chapter:

Amendment 1134 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. Data holders shall make the following categories of non-personal electronic data available for secondary use in accordance with the provisions of this Chapter:

Amendment 1135 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. ~~Data hold~~This Chapters shall ~~make~~apply to the following categories of electronic health data available for secondary use ~~in accordance with the provisions of this Chapter~~:

Amendment 1136 #

Proposal for a regulation
Article 33 – paragraph 1 – introductory part

1. ~~Data hold~~This Chapters shall ~~make~~apply to the following categories of electronic data ~~available~~ for secondary use, in accordance with the provisions of this Chapter:

Amendment 1137 #

Proposal for a regulation
Article 33 – paragraph 1 – point a

~~(a) EHRs;~~deleted

Amendment 1138 #

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) ~~EHRs;~~electronic health data from EHRs, including the categories in Article 5 of this Regulation.

Amendment 1139 #

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) ~~EHRs~~electronic health data from EHRs, including the categories in Article 5 of this Regulation;

Amendment 1140 #

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) electronic health data from EHRs;

Amendment 1141 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) electronic health data from EHRs ;

Amendment 1142 #

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) electronic health data from EHRs;

Amendment 1143 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) electronic health data from EHRs;

Amendment 1144 #

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) non-personal EHRs;

Amendment 1145 #

Proposal for a regulation
Article 33 – paragraph 1 – point b

~~(b) data impacting on health, including social, environmental behavioural determinants of health;~~deleted

Amendment 1146 #

Proposal for a regulation
Article 33 – paragraph 1 – point b

~~(b) data impacting on health, including social, environmental behavioural determinants of health;~~deleted

Amendment 1147 #

Proposal for a regulation
Article 33 – paragraph 1 – point b

(b) data on factors impacting on health, including social, environmental behavioural determinants of health, but excluding data relating to criminal convictions and offences;

Amendment 1148 #

Proposal for a regulation
Article 33 – paragraph 1 – point b

(b) data on factors impacting on health, including social, environmental behavioural determinants of health;

Amendment 1149 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point b

(b) ~~data~~non-personal data about determinants impacting on health, including social, environmental and behavioural ~~determinants of health~~;

Amendment 1150 #

Proposal for a regulation
Article 33 – paragraph 1 – point b

(b) data on factors impacting on health, including social, environmental behavioural determinants of health;

Amendment 1151 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 1 – point b

(b) data on factors impacting on health, including social, environmental behavioural determinants of health;

Amendment 1152 #

Proposal for a regulation
Article 33 – paragraph 1 – point c

Amendment 1153 #

Proposal for a regulation
Article 33 – paragraph 1 – point c

Amendment 1154 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

~~(d) health-related administrative data, including claims and reimbursement data;~~deleted

Amendment 1155 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 1 – point d

(d) health-related administrative data for population-wide predominantly publicly funded treatments, including claims and reimbursement data;

Amendment 1156 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

(d) healthcare-related administrative data, including claims and reimbursement data;

Amendment 1157 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

(d) healthcare-related administrative ~~data, including claims and reimbursement~~ data;

Amendment 1158 #

Proposal for a regulation
Article 33 – paragraph 1 – point d

(d) ~~health-related~~ administrative data~~, including claims and reimbursement data~~ underlying the provision of health care services;

Amendment 1159 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 1160 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 1161 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 1162 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 1163 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 1164 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

Amendment 1165 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 1 – point e

(e) human genetic, genomic and proteomic data. This data shall only be used for the purposes in points (a), (b) or (c) of paragraph 1 of Article 34;

Amendment 1166 #

Proposal for a regulation
Article 33 – paragraph 1 – point e

(e) extracts from human genetic, genomic and proteomic data, such as genetic markers;

Amendment 1167 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

~~(f) person generated electronic health data, including medical devices, wellness applications or other digital health applications;~~deleted

Amendment 1168 #

~~(f) person generated electronic health data, including medical devices, wellness applications or other digital health applications;~~deleted

Amendment 1169 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 33 – paragraph 1 – point f

~~(f) person generated electronic health data, including medical devices, wellness applications or other digital health applications;~~deleted

Amendment 1170 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

~~(f) person generated electronic health data, including medical devices, wellness applications or other digital health applications;~~deleted

Amendment 1171 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person -generated electronic health data, including medical devices~~, wellness applications or other digital health applications~~;

Amendment 1172 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data~~, including~~ via medical devices~~, wellness applications or other digital health applications;~~

Amendment 1173 #

Sophia IN 'T VELD, Abir AL-SAHLANI, Emma WIESNER, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data~~, including~~ from medical devices~~, wellness applications or other digital health applications~~;

Amendment 1174 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data~~, including~~ from medical devices~~, wellness applications or other digital health applications~~;

Amendment 1175 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data, including medical devices~~, wellness applications or other digital health applications~~;

Amendment 1176 #

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data~~, including~~ from medical devices, wellness applications or other digital health applications;

Amendment 1177 #

Proposal for a regulation
Article 33 – paragraph 1 – point g

~~(g) identification data related to health professionals involved in the treatment of a natural person;~~deleted

Amendment 1178 #

Proposal for a regulation
Article 33 – paragraph 1 – point g

~~(g) identification data related to health professionals involved in the treatment of a natural person;~~deleted

Amendment 1179 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 33 – paragraph 1 – point g

(g) identification data related to health professionals involved in ~~the treatment of a natural person~~research should be limited to data which are absolutely necessary;

Amendment 1180 #

Proposal for a regulation
Article 33 – paragraph 1 – point g

(g) identification data related to health professionals involved in ~~the treatment of a natural person~~research should be limited to data which is absolutely necessary;

Amendment 1181 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point h

(h) population wide health data registries (public health registries) and patient demographic data;

Amendment 1182 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point h

(h) population wide electronic health data registries (public health registries);

Amendment 1183 #

Proposal for a regulation
Article 33 – paragraph 1 – point i

(i) electronic health data from medical registries ~~for specific diseases~~;

Amendment 1184 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

~~(j) electronic health data from clinical trials;~~deleted

Amendment 1185 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from ~~clinical trials~~fully completed clinical trials, in accordance with definitions in Article 2(2) and Article 2(26) of Regulation (EU) No 536/2014;

Amendment 1186 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from ~~clinical trials~~fully completed clinical trials in accordance with definitions in Article 2(2) and Article 2(26) of Regulation (EU) No 536/2014;

Amendment 1187 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from ~~clinical trials~~fully completed clinical trials in accordance with definitions in Article 2(2) and Article 2(26) of Regulation (EU) No 536/2014;

Amendment 1188 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from ~~clinical trials~~fully concluded or terminated clinical trials, in accordance with Regulation 536/2014;

Amendment 1189 #

Proposal for a regulation
Article 33 – paragraph 1 – point j

(j) electronic health data from clinical trials in so far as they have been completed;

Amendment 1190 #

Proposal for a regulation
Article 33 – paragraph 1 – point j a (new)

(j a) Data referred to in paragraph 1(j) should be made available in the format outlined in Annex IV in Regulation No 536/2014 or, if requested by the public sector, as defined in the Data Act Article 15 (a) or (b).

Amendment 1191 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point j b (new)

(j b) Regarding electronic health data referred to in paragraph 1(j) of this Article, a summary of results of the clinical trial will be published and individual patient data may be shared, in accordance with Article 37(4) of Regulation (EU) No 536/2014.

Amendment 1192 #

Proposal for a regulation
Article 33 – paragraph 1 – point k

(k) electronic health data from medical devices and from registries for medicinal products and medical devices, including medical audio and video material;

Amendment 1193 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point l

(l) research cohorts, questionnaires and surveys related to health, including patient-reported outcome measures and patient-reported experience measures;

Amendment 1194 #

Proposal for a regulation
Article 33 – paragraph 1 – point l

(l) research cohorts, questionnaires and surveys related to health, including patient-reported outcomes and experience measures (PROMs and PREMs);

Amendment 1195 #

Proposal for a regulation
Article 33 – paragraph 1 – point l

(l) data from research cohorts, questionnaires and surveys related to health;

Amendment 1196 #

(l) data from research cohorts, questionnaires and surveys related to health;

Amendment 1197 #

Proposal for a regulation
Article 33 – paragraph 1 – point l

(l) data from research cohorts, questionnaires and surveys related to health;

Amendment 1198 #

Christian DOLESCHAL

Proposal for a regulation
Article 33 – paragraph 1 – point m

~~(m) electronic health data from biobanks and dedicated databases;~~deleted

Amendment 1199 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1200 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1201 #

Sophia IN 'T VELD, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1202 #

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1203 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1204 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1205 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1206 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1207 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

Amendment 1208 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

(n) electronic data related to insurance status, professional status, education~~, lifestyle, wellness and behaviour data relevant to health~~;

Amendment 1209 #

Proposal for a regulation
Article 33 – paragraph 1 – point n

(n) electronic data related to insurance status, professional status, education, and lifestyle~~, wellness and behaviour~~ data relevant to health;

Amendment 1210 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

1a. Data in categories (b) and (l) shall only be made available if the data have been collected systematically and comprehensively from data subjects. The fact that a public body, a body governed by public law or a public undertaking within the meaning of Regulation (EU) 2022/868 [Data Governance Act] is involved in the collection of data shall not constitute predominantly public funding of data collection. Data holders shall not be obliged to make unlisted categories of data available for secondary use in accordance with the provisions of this Chapter.

Amendment 1211 #

Proposal for a regulation
Article 33 – paragraph 1 a (new)

1 a. Data holders have the right to refuse access to the data referred to in par.1 for one of the following reasons: a) if there are legal or contractual impediments that prevent the data holder from sharing; b) if it could compromise the scientific integrity of a scientific research study, including a clinical trial; c) if it could compromise the protection of data entailing IP rights (including trade secrets) or commercial property, with the scope of each category of data to be further clarified;

Amendment 1212 #

Proposal for a regulation
Article 33 – paragraph 1 a (new)

1 a. Data holders have the right to refuse access to their data if there are legal or contractual impediments that prevent them from sharing, if it could compromise the scientific integrity of a scientific research study, including a clinical trial, or if it could compromise the protection of IP rights (including trade secrets) or commercial property.

Amendment 1213 #

Proposal for a regulation
Article 33 – paragraph 1 a (new)

1 a. The data made available by data holders needs to be gender-aggregated and gender sensitive for research purposes, as well as analysed in a gender sensitive manner.

Amendment 1214 #

Proposal for a regulation
Article 33 – paragraph 1 a (new)

1 a. Health data of natural persons registered by health professionals in accordance with Article 7 shall be requested from the EHR systems concerned.

Amendment 1215 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 1 a (new)

1 a. This Regulation shall not apply to activities concerning public security, defence and national security.

Amendment 1216 #

Proposal for a regulation
Article 33 – paragraph 2

Amendment 1217 #

Proposal for a regulation
Article 33 – paragraph 2

2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. The requirement in the first subparagraph shall not apply to data holders who fall within the category of small enterprises in the context of health professional practices. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).

Amendment 1218 #

Proposal for a regulation
Article 33 – paragraph 2

2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. nor to the category of small enterprises in the context of health professional practices. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).

Amendment 1219 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 2

2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro enterprises and small enterprises in the context of healthcare professionals’ practices and pharmacies as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).

Amendment 1220 #

Proposal for a regulation
Article 33 – paragraph 2

2. The requirement in the first subparagraph shall not apply to data holders that qualify as micro and small enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59in the context of healthcare provision. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).

Amendment 1221 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 2

2. The requirement in the first sentence of the first subparagraph shall not apply to data holders that qualify as micro enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC59. _________________ 59 Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003, p. 36).

Amendment 1222 #

Proposal for a regulation
Article 33 – paragraph 2 a (new)

2 a. The Commission, together with the Member States, will define measures to protect the personal data of healthcare professionals involved in the treatment of a natural person, in order to prevent the possibility of identifying which prescriptions doctors administer to their patients.

Amendment 1223 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES

Proposal for a regulation
Article 33 – paragraph 3

Amendment 1224 #

Proposal for a regulation
Article 33 – paragraph 3

3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, including real-world data and real-world evidence, collected by entities and bodies in the health or care sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies.

Amendment 1225 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 33 – paragraph 3

3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, collected by entities and bodies in the health ~~or care~~ sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies.

Amendment 1226 #

Proposal for a regulation
Article 33 – paragraph 3

3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, collected by entities and bodies in the health or care sectors, including public ~~and private~~ providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies.

Amendment 1227 #

Proposal for a regulation
Article 33 – paragraph 3

3. The electronic health data referred to in paragraph 1 shall cover data processed for the provision of health or care or for public health, research, ~~innovation,~~ policy making, official statistics, patient safety or regulatory purposes, collected by entities and bodies in the health or care sectors, including public and private providers of health or care, entities or bodies performing research in relation to these sectors, and Union institutions, bodies, offices and agencies.

Amendment 1228 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 3 a (new)

3 a. When electronic health data is made available for secondary use through health data access bodies, the beneficiary shall respect the principle of open science, and provide open access to research or processing results, following the principle ‘as open as possible, as closed as necessary’, in full respect of this Regulation and other applicable laws. Derogations from the open access requirements and open access practices shall be duly justified. The Commission shall closely monitor this, and any derogations shall be made public on the Commission’s web-portal.

Amendment 1229 #

Proposal for a regulation
Article 33 – paragraph 3 a (new)

3 a. The natural person shall receive information about the benefits of providing access to their health data for secondary use.

Amendment 1230 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 33 – paragraph 4

Amendment 1231 #

Proposal for a regulation
Article 33 – paragraph 4

4. ~~Electronic health data entailing~~Without prejudice to the law relating to the protectedion of intellectual property and ~~trade secrets from private enterprises shall be made available for secondary use~~industrial property (including of trade secrets) (“IP rights”) and commercial property, electronic health data entailing protected IP rights from private enterprises shall be made available for secondary use. Data sharing should be based on a data sharing agreement persuant to Articles 46.6(g) and 46A between data holders and data users that respects the conditions of use listed in article 33(4a). Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights ~~and~~, including trade secrets, shall be taken in advance. The data holder shall identify the data which are protected as trade secrets. When no agreement is reached regarding the necessary measures to preserve the confidentiality of trade secrets or the recepient fails to implement those measures, the data holder is entitled to refuse the user’s access to data which are protected as trade secrets.

Amendment 1232 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from ~~private enterprise~~health data holders shall be made available for secondary use. For data defined under Article 33 (k) (medical devices) where data holder can demonstrate that data are derived or inferred by means of complex proprietary algorithms and can lead to reverse engineering, data holder should be entitled to refer to data coordinator as established under Article 31 of Regulation (Data Act) to request a restriction or limitation of the sharing of data. Where such data is made available for secondary use, all measures necessary to preserve ~~the~~IP rights and confidentiality of ~~IP rights and~~ trade secrets shall be taken. This regulation is without prejudice to Union and national legal acts providing for the protection of intellectual property rights, including Directive 2001/29/EC, Directive 2004/48/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.

Amendment 1233 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use. Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights and trade secrets shall be takenWithout prejudice to the law relating to the protection of intellectual property, industrial property and commercial property rights, and subject to other provisions of this Regulation, electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use only if all measures necessary to preserve the confidentiality of IP rights (including trade secrets) are taken. Data sharing should be based on a data sharing agreement that respects the provisions of Union legislation, in particular of Directive on the Protection of Trade Secrets (Directive (EU) 2016/943, Article 6(2)(e) of the Data Act, Article 39 of TRIPS, and of Articles 9, 11 and 13 Directive 2004/48 on the enforcement of intellectual property rights in relation to preliminary injunctions, injunctions and damages.

Amendment 1234 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 4

4. ~~Electronic health data entailing~~Without prejudice to the law relating to the protectedion of intellectual property and ~~trade secre~~industrial property (including of trade secrets)(“IP rights”) and commercial property, and subject to other provisions of this Regulation, electronic health data entailing protected IP rights from private enterprises shall be made available for secondary use. Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights ~~and~~(including trade secrets) shall be taken. Data sharing for secondary use shall be based on a data sharing agreement pursuant to Articles 46.6(g) and 46a.

Amendment 1235 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from ~~private enterprise~~health data holders shall be made available for secondary use. Where such data is made available for secondary use, all technical and organisational measures necessary to preserve the confidentiality of IP rights and confidentiality of trade secrets shall be taken by the health data access body and in consultation with the data holder. This regulation is without prejudice to existing relevant Union legislation, including Directive 2004/48/EC, Directive 2001/29/EC, Directive (EU) 2016/943 and Directive (EU) 2019/790.

Amendment 1236 #

Proposal for a regulation
Article 33 – paragraph 4

4. EWithout prejudice to applicable legislation on intellectual property rights, regulatory data protection and trade secrets, electronic health data entailing protected intellectual property ~~and~~, regulatory data protection or trade secrets from private enterprises shall be made available for secondary use. Where such data is made available for secondary use, all measures necessary to preserve the confidentiality of IP rights, protected regulatory data and trade secrets shall be taken.

Amendment 1237 #

Axel VOSS

Proposal for a regulation
Article 33 – paragraph 4

Amendment 1238 #

Proposal for a regulation
Article 33 – paragraph 4

Amendment 1239 #

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall only be made available for secondary use~~. Where such data is made available for secondary use,~~ when all measures necessary to preserve the confidentiality of IP rights and trade secrets shallve been taken.

Amendment 1240 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 4

4. Electronic health data entailing protected intellectual property and trade secrets from private enterprises shall be made available for secondary use~~. Where such data is made available for secondary use,~~ if and to the extent that all measures necessary to preserve the confidentiality of IP rights and trade secrets ~~shall~~can be taken., for example by taking the following measures:

Amendment 1241 #

Proposal for a regulation
Article 33 – paragraph 4 a (new)

4 a. Health data holders shall, when making available to health data access bodies relevant electronic health data pursuant to Article 41(1) which contains intellectual property or trade secrets, inform the data access body that this is the case and indicate which parts of the datasets are concerned.

Amendment 1242 #

Proposal for a regulation
Article 33 – paragraph 4 a (new)

4 a. Given its ability to further decode confidential patient information, constitutional (germline) genomic data must be strongly protected, and it should be processed separately from somatic molecular data.

Amendment 1243 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 4 a (new)

4a. Extending the period for making data available to 24 months in order to allow for registration of property rights; or

Amendment 1244 #

Proposal for a regulation
Article 33 – paragraph 4 b (new)

4 b. Should the health data access body be in no position to ensure the protection of IP rights and the confidentiality of trade secrets, it shall refuse the granting of the relevant health data access permit to the health data user.

Amendment 1245 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 4 b (new)

4b. Processing data to ensure that trade secrets are redacted.

Amendment 1246 #

Proposal for a regulation
Article 33 – paragraph 4 c (new)

4 c. Health data holders and health data users may conclude data sharing agreements with regards to the exchange of data containing IP and trade secrets. Such negotiations shall be overseen by the relevant health data access body.

Amendment 1247 #

Proposal for a regulation
Article 33 – paragraph 4 d (new)

4 d. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights and trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall take all specific technical and organisational measures necessary to preserve the confidentiality of such data.

Amendment 1248 #

Proposal for a regulation
Article 33 – paragraph 5

~~5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.~~deleted

Amendment 1249 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK

Amendment 1250 #

Proposal for a regulation
Article 33 – paragraph 5

Amendment 1251 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 5

Amendment 1252 #

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down~~ Natural persons that are subjects to secondary use of health data shall have the right to decline the processing of their health data. Health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons must be offered the possibility to restrict full or partial access to their personal health data for all or parts of secondary use. Data subjects should indicate this decision to the health data access bodies. In situation where natural persons explicitly express their wish to use opt-out mechanism to data holders, data holders shall direct natural persons to the health data access bodies, which shall provide an opt-out template for the data subject. The exercise of this right to opt-out shall not affect the lawfulness of the processing th~~is Chapter to provide access to electronic health data~~at took place under Chapter IV before the individual opted-out. The opt-out mechanism shall function without prejudice to Article 21(6) of Regulation (EU) 2016/679, whereby the right to object may be restricted when the processing of personal data is necessary for the performance of a task carried out for reasons of public interest.

Amendment 1253 #

Proposal for a regulation
Article 33 – paragraph 5

5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data. Natural persons persons that are subjects to secondary use of health data shall have the right to decline the processing of their health data. Health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons must be offered the possibility to explicitly express their wish not to have all or part of their personal electronic health data processed for some or all secondary use purposes. In situation where natural persons explicitly express their wish to use opt-out mechanism to data holders, data holders shall direct natural persons to the health data access bodies. The exercise of this right to opt-out shall not affect the lawfulness of the processing that took place under this Chapter IV before the individual opted-out.

Amendment 1254 #

Proposal for a regulation
Article 33 – paragraph 5

5. Where the explicit consent of the natural person is required by ~~national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.~~ Member State law pursuant to paragraph 4 of Article 9 of Regulation (EU) 2016/679, health data access bodies shall ensure the related obligations are met prior to providing access to electronic health data pursuant to Chapter IV of this Regulation. Where Member State law, pursuant to the same provision, excludes the giving of consent for certain data categories or processing purposes, the data must not be processed under the provisions of this Chapter.

Amendment 1255 #

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data~~Natural persons that are subjects to secondary use of health data shall have the right to decline the processing of their health data, except for the uses covered under Article 34(1) (a)-(c). In all other cases, health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons must be offered the possibility to explicitly express their wish not to have all or part of their personal electronic health data processed for some or all secondary use purposes. In situation where natural persons explicitly express their wish to use the opt-out mechanism to data holders, data holders shall direct natural persons to the health data access bodies.

Amendment 1256 #

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data~~Natural persons that are subjects to secondary use of health data shall have the right to decline the processing of their health data. Health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons must be offered the possibility to explicitly express their wish not to have all or part of their personal electronic health data processed for some or all secondary use purposes. Health data access bodies shall maintain an opt-out register for this purpose. In situation where natural persons explicitly express their wish to use opt-out mechanism to data holders, data holders shall direct natural persons to the health data access bodies.

Amendment 1257 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodie~~An accessible and easily understandable mechanism shall be provided to natural persons, whereby they shall be asked for their consent to have their health data processed for some or all of the purposes of secondary use, by one or more data users. If a natural person does not give explicit consent, their health data shall not be processed for secondary use. Natural persons shall re~~ly o~~tain the ~~obligations laid down in this Chapter to provide access to electronic health data.~~ right to withdraw their consent at any moment. Where data users process electronic health data solely on the basis of consent within the meaning of Article 4(11) of Regulation (EU) 2016/679, the scope of all possible processing should be determined by the scope of the prior obtained consent.

Amendment 1258 #

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.~~To the extent the electronic health data referred to in paragraph 1(a) includes personal data, the individual concerned shall be offered an additional safeguard in the form of a right to opt-out from the use of his personal data under Chapter IV of this regulation. The exercise of this right to opt-out shall not affect the lawfulness of the processing that took place under this Chapter IV before the individual opted-out

Amendment 1259 #

Proposal for a regulation
Article 33 – paragraph 5

5. Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data. Health data access bodies shall in general use an opt-out regime for consent. An opt- in regime shall be put in place as an exception for consent from people with rare diseases.

Amendment 1260 #

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies~~As a matter of principle, the right to object is to be granted to natural persons whose health data is used for secondary purposes, so that they are able to fully consent to the use of the said health data. This right shall be freely ~~on the obligations laid down in this Chapter to provide access to electronic health data~~exercised, without constraint, by the user, who may at any time decide to review the choice they made regarding the use of their health data for secondary purposes.

Amendment 1261 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where t~~The consent of the natural person ~~is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data.~~ s or their representatives must be sought for the processing of all or part of the electronic health data for secondary use. They shall also have the right to refuse, or alter their decision on, the processing of health data for secondary use, without this in any way affecting the quality of the healthcare received.

Amendment 1262 #

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data~~Natural persons shall have the right to decline the processing of their health data. Health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons must be offered the possibility to explicitly express their wish not to have their personal electronic health data processed for secondary use purposes.

Amendment 1263 #

Sophia IN 'T VELD, Emma WIESNER, Abir AL-SAHLANI

Proposal for a regulation
Article 33 – paragraph 5

5. ~~Where the consent of the natural person is required by national law, health data access bodies shall rely~~Health data access bodies shall ensure that national requirements for access to electronic health data, such as the consent of natural persons, a right to object to the disclosure onf the ~~obligations laid down in~~ ir health data or the involvement of ethics ~~Chapter to~~committees, are met before provideing access to electronic health data.

Amendment 1264 #

Proposal for a regulation
Article 33 – paragraph 5

Amendment 1265 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 5 a (new)

5 a. Natural persons shall have the right to decline the processing of parts or all of their electronic health data for secondary use. In this regard, health data access bodies shall provide an easily understandable and accessible opt-out mechanism in a user-friendly format whereby natural persons have the option to explicitly remove parts or all of their electronic health data to be processed for some or all secondary use purposes.

Amendment 1266 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 33 – paragraph 5 a (new)

5 a. Health data access bodies shall provide for an accessible and easily understandable opt-out mechanism, whereby natural persons shall be required to explicitly express their wish not to have their personal electronic health data processed for secondary use.

Amendment 1267 #

Proposal for a regulation
Article 33 – paragraph 5 a (new)

Amendment 1268 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 5 b (new)

5 b. For the categories of electronic health data referred to in (e) and (m) of the first paragraph, health data access bodies shall only provide this health data for secondary use processing after natural persons have explicitly consented to its use. Such an opt-in mechanism shall be easily understandable and accessible and provided for in a user-friendly format whereby data subjects are made aware of the sensitive nature of the data.

Amendment 1269 #

Proposal for a regulation
Article 33 – paragraph 6

6. Where a public sector body obtains data in emergency situations as defined in Article 15, point (a) or (b) of the Regulation […] [Data Act COM/2022/68 final], in accordance with the rules laid down in that Regulation, it may be supported by a health data access body or a pseudonymisation body to provide technical support to process the data or combing it with other data for joint analysis.

Amendment 1270 #

Proposal for a regulation
Article 33 – paragraph 6

6. Where a public sector body obtains data in emergency situations as defined in Article 15, point (a) or (b) of the Regulation […] [Data Act COM/2022/68 final], in accordance with the rules laid down in that Regulation, it may be supported by a health data access body to provide technical support to process the data or combining it with other data for joint analysis.

Amendment 1271 #

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 1272 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 1273 #

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 1274 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 1275 #

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 1276 #

Proposal for a regulation
Article 33 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data.~~

Amendment 1277 #

Proposal for a regulation
Article 33 – paragraph 7

7. The Commission shall periodically review the list in paragraph 1. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list in paragraph 1 to adapt it to the evolution of available electronic health data. The EHDS Board shall be consulted as part of the periodical review.

Amendment 1278 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 33 – paragraph 8

Amendment 1279 #

Proposal for a regulation
Article 33 – paragraph 8

Amendment 1280 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 33 – paragraph 8

Amendment 1281 #

Proposal for a regulation
Article 33 – paragraph 8

8. Health data access bodies may provide access to additional categories of electronic health data that they have been entrusted with pursuant to national law or based on voluntary cooperation with the relevant data holders at national level~~, in particular to electronic health data held by private entities in the health sector~~.

Amendment 1282 #

Proposal for a regulation
Article 33 – paragraph 8

8. Health data access bodies may provide access to additional categories of electronic health data that they have been entrusted with pursuant to national law ~~or based on voluntary cooperation with the relevant data holders at national level~~, in particular to electronic health data held by private entities in the health sector, in accordance with the relevant security and data protection provisions.

Amendment 1283 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 33 – paragraph 8 a (new)

8 a. Provided that it complies with conditions of relevant articles of the Regulation (EU) 2016/679, it should also be possible in secondary use of data to combine individual’s electronic health data with other types of data, for example consumer behavioural data for research purposes as long as the data is anonymised.

Amendment 1284 #

Proposal for a regulation
Article 33 – paragraph 8 a (new)

8 a. Regarding the electronic health data referred to in paragraph 1(j) of this Article, a summary of results of the clinical trial shall be published, and individual patient data may be shared, in accordance with Article 37(4) of Regulation (EU) No 536/2014.

Amendment 1285 #

Proposal for a regulation
Article 33 – paragraph 8 a (new)

8a. Electronic health data from biobanks and dedicated databases, as well as human genetic, genomic and proteomic data, may be shared by the data holder on a voluntary basis in accordance with the rules of this Regulation.

Amendment 1286 #

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 to a health data user only with the explicit consent from the data subject in the case of personal data. Without such consent, any health data may only be made accessible after it has been fully and irreversibly anonymised, where necessary by aggregating the health data of several groups of persons. In addition, any data may only be made accessible where the intended purpose of processing pursued by the applicant complies with:

Amendment 1287 #

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 ~~where the intended purpose of~~to a health data user where the processing ~~pursued~~of the data by the applicant ~~complies with:~~ is necessary for one of the following purposes, and in accordance with Article 6(1)(c) and Article 9(2)(g), (h), (i) and (j) of Regulation (EU) 2016/679:

Amendment 1288 #

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 ~~where the intended purpose of~~to a health data user where the processing ~~pursued~~of the data by the applicant ~~complies with~~is necessary for one of the following purposes, in accordance with Article 6(1)(c) and Article 9(2)(g), (h), (i) and (j) of Regulation (EU) 2016/679:

Amendment 1289 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant is of public interest and complies with: :

Amendment 1290 #

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 to a health data user where the intended purpose of processing ~~pursued by the applicant complies with~~is one or more of the following:

Amendment 1291 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. Health data access bodies shall only provide access to electronic health data referred to in Article 33 ~~where the intended purpose of processing pursued by the applicant complies with~~to a health data user willing to processing for the following purposes:

Amendment 1292 #

Proposal for a regulation
Article 34 – paragraph 1 – introductory part

1. ~~Health data ac~~Application processing bodies shall only ~~provid~~authorise access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant complies with:

Amendment 1293 #

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices, identification of environmental factors on health, identification of work related risks and evaluation of preventive measure taken;

Amendment 1294 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) ~~activities for reasons of public interest in the area of public and occupational health, such as~~the protection against serious cross- border threats to health, ~~public health surveillance or~~and ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices;

Amendment 1295 #

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) activities for reasons of public interest in the area of public and occupational health, such as protection against serious cross-border threats to health, public health surveillance, monitoring and evaluating health programmes or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices;

Amendment 1296 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point a

Amendment 1297 #

Proposal for a regulation
Article 34 – paragraph 1 – point a

(a) activities for reasons of public interest in the area of public and occupational health~~, such as~~: protection against serious cross-border threats to health, public health surveillance or ensuring high levels of quality and safety of healthcare and of medicinal products or medical devices;

Amendment 1298 #

Proposal for a regulation
Article 34 – paragraph 1 – point b

(b) to support public sector bodies ~~or Union institutions, agencies and bodies including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates~~in the health or care sector;

Amendment 1299 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 34 – paragraph 1 – point b

(b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates, where processing is necessary for reasons of substantial public interest;

Amendment 1300 #

Proposal for a regulation
Article 34 – paragraph 1 – point b

(b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, as well as, where national laws apply, professional associations, in the health or care sector to carry out their tasks defined in their mandates;

Amendment 1301 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point b

(b) to support public sector bodies or Union institutions, agencies and bodies including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates, where this is necessary to meet a substantial public interest;

Amendment 1302 #

Proposal for a regulation
Article 34 – paragraph 1 – point b

Amendment 1303 #

Proposal for a regulation
Article 34 – paragraph 1 – point b

(b) to support public sector bodies or Union institutions, agencies and bodies, including regulatory authorities and professional associations, in the health or care sector to carry out their tasks defined in their mandates;

Amendment 1304 #

Proposal for a regulation
Article 34 – paragraph 1 – point c

(c) to produce national, multi-national and Union level official statistics ~~related to health or care sectors~~as defined in Regulation (EU) 223/2009 related to health or care sectors; such as levels of vaccination coverage both for cross-border health emergencies and routine immunisation;

Amendment 1305 #

Proposal for a regulation
Article 34 – paragraph 1 – point c

(c) to produce national, multi-national and Union level official statistics as defined in Regulation (EU) 223/2009 related to health or care sectors;

Amendment 1306 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 34 – paragraph 1 – point c

(c) to produce national, multi-national and Union level official, gender sensitive statistics related to health or care sectors;

Amendment 1307 #

Proposal for a regulation
Article 34 – paragraph 1 – point c

(c) to produce national, multi-national, regional, local and Union level official statistics related to health or care sectors;

Amendment 1308 #

Proposal for a regulation
Article 34 – paragraph 1 – point d

~~(d) education or teaching activities in health or care sectors;~~deleted

Amendment 1309 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point d

~~(d) education or teaching activities in health or care sectors;~~deleted

Amendment 1310 #

Proposal for a regulation
Article 34 – paragraph 1 – point d

(d) higher education or, continuing proffessional development or higher education teaching activities in health or care sectors;

Amendment 1311 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 34 – paragraph 1 – point d

(d) ~~education or~~university and post-university teaching activities in health or care sectors;

Amendment 1312 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point e

(e) scientific research and development related to health or care sectors for the prevention, early detection, diagnosis, treatment, rehabilitation, supportive care or healthcare management, including behavioural, fundamental, exploratory or applied health research;

Amendment 1313 #

Proposal for a regulation
Article 34 – paragraph 1 – point e

(e) scientific research ~~related to health or care sectors~~demonstrably linked to health or care sectors, such as prevention, early detection, diagnosis, treatment, rehabilitation or healthcare management, including fundamental, exploratory or applied healthcare research;

Amendment 1314 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 34 – paragraph 1 – point e

(e) scientific research related to health or care sectors for prevention, early detection, diagnosis, treatment, rehabilitation or healthcare management, including fundamental, exploratory or applied healthcare research;

Amendment 1315 #

Proposal for a regulation
Article 34 – paragraph 1 – point e

(e) scientific research related to health or care sectors, contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 1316 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 34 – paragraph 1 – point e

(e) scientific research related to health or care sectors for the purpose of improving medical diagnostics or health services or the development of new products and services;

Amendment 1317 #

Proposal for a regulation
Article 34 – paragraph 1 – point e

(e) scientific research related to public health or care sectors;

Amendment 1318 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

Amendment 1319 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

Amendment 1320 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

Amendment 1321 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

Amendment 1322 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;, and ensuring benefit to the end-users of the innovation, such as patients, healthcare professionals and health administrators, which is defined in partnership with them.

Amendment 1323 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices; and ensuring benefit to end-users of the innovation, such as patients, health professionals and health administrators.

Amendment 1324 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services demonstrably contributing to public health or social security, or ensuring high levels of quality and safety of health or care, of medicinal products or of medical devices, including scientific research into their efficiency and efficacy and post-market safety monitoring;

Amendment 1325 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health or social security and intended for healthcare or long-term care purposes, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 1326 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

Amendment 1327 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) ~~development and innovation activities for products or~~acitivities for the development, placing on the market, advancement and seurv~~ices contributing to public health or social security, or ensuring high levels of quality and safety of~~eillance of products or services related to health or care~~, of medicinal products or of medical device~~ sectors;

Amendment 1328 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health ~~or social security,~~ or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 1329 #

Proposal for a regulation
Article 34 – paragraph 1 – point f

Amendment 1330 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1331 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1332 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1333 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1334 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1335 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices; and ensuring benefit to the end-users, such as patients, healthcare professionals and health administrators, which is defined in partnership with them;

Amendment 1336 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices and ensuring benefit to the end-users, such as patients, healthcare professionals and health administrators;

Amendment 1337 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, in vitro diagnostic medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products ~~or of~~, medical devices or in vitro diagnostic medical devices;

Amendment 1338 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1339 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security and intended for healthcare or long-term care purposes, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 1340 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, demonstrably contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 1341 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, and AI systems ~~and digital health applications~~, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

Amendment 1342 #

Proposal for a regulation
Article 34 – paragraph 1 – point g

Amendment 1343 #

Proposal for a regulation
Article 34 – paragraph 1 – point h

~~(h) providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.~~deleted

Amendment 1344 #

Proposal for a regulation
Article 34 – paragraph 1 – point h

~~(h) providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.~~deleted

Amendment 1345 #

Sophia IN 'T VELD, Emma WIESNER, Abir AL-SAHLANI, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 34 – paragraph 1 – point h

~~(h) providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.~~deleted

Amendment 1346 #

Proposal for a regulation
Article 34 – paragraph 1 – point h

~~(h) providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.~~deleted

Amendment 1347 #

Proposal for a regulation
Article 34 – paragraph 1 – point h

(h) providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.; analyze general trends and patterns in population health status to develop more competitive rates for insurance products

Amendment 1348 #

Proposal for a regulation
Article 34 – paragraph 1 – point h

(h) providing personalised healthcare ~~consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons~~.

Amendment 1349 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point h

(h) improving delivery of healthcare, optimising patient pathways and providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons and real world evidence.

Amendment 1350 #

Proposal for a regulation
Article 34 – paragraph 1 – point h

(h) improving delivery of care, optimising patient pathway and providing personalised healthcare consisting in assessing, maintaining or restoring the state of health of natural persons, based on the health data of other natural persons.

Amendment 1351 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 1 – point h a (new)

(h a) the need to analyse received data in gender sensitive manner.

Amendment 1352 #

Proposal for a regulation
Article 34 – paragraph 1 a (new)

1 a. The purposes referred to in paragraph 1 shall be compatible with the purposes for which data were originally collected pursuant to Article 6(4) of Regulation (EU) 2016/679.

Amendment 1353 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 2

2. ~~Access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant fulfils one of t~~The purposes referred to in points (a) to (c) of paragraph 1 shall ~~only be granted to~~be reserved for public sector bodies and Union institutions, bodies, offices and agencies exercising their tasks conferred to them by Union or national law, including where processing of data for carrying out these tasks is done by a third party on behalf of that public sector body or of Union institutions, agencies and bodies.

Amendment 1354 #

Proposal for a regulation
Article 34 – paragraph 2

2. Access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant fulfils one of the purposes referred to in points (a) to (c) of paragraph 1 shall only be granted to public sector bodies and Union institutions, bodies, offices and agencies exercising their tasks conferred to them by Union or national law, including where processing of data for carrying out these tasks is done by a third party on behalf of that public sector body or of Union institutions, agencies and bodies, meaning that the provisions of the GDPR must be respected.

Amendment 1355 #

Proposal for a regulation
Article 34 – paragraph 2

2. Access to electronic health data referred to in Article 33 where the intended purpose of processing pursued by the applicant fulfils one of the purposes referred to in points (a) toand (cb) of paragraph 1 shall only be granted to public sector bodies and Union institutions, bodies, offices and agencies exercising their tasks conferred to them by Union or national law, including where processing of data for carrying out these tasks is done by a third party on behalf of that public sector body or of Union institutions, agencies and bodies.

Amendment 1356 #

Proposal for a regulation
Article 34 – paragraph 2 a (new)

2 a. In accordance with Article 21(6) of Regulation (EU) 2016/679, where personal data are processed for statistical or scientific research purposes as referred to in points (c), (e) and (h) of paragraph 1, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Amendment 1357 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 34 – paragraph 2 a (new)

2 a. Where data subjects wish to generally or partially opt-out of having their personal electronic health data processed for secondary use, in accordance with Article 33(5), for any of the purposes listed in paragraph 1 (d), (e), (f), (g) and (h), they shall indicate so to the health data access body.

Amendment 1358 #

Proposal for a regulation
Article 34 – paragraph 4

4. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights and trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall take all specific measures necessary to preserve the confidentiality of such data.deleted

Amendment 1359 #

Proposal for a regulation
Article 34 – paragraph 4

4. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights ~~and~~, regulatory data protection or trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall, upon consultation with the data holder, take all specific measures necessary to preserve the confidentiality of such data.

Amendment 1360 #

Proposal for a regulation
Article 34 – paragraph 4

4. Public sector bodies or Union institutions, agencies and bodies that obtain access to electronic health data entailing IP rights and trade secrets in the exercise of the tasks conferred to them by Union law or national law, ~~shall~~must take all specific measures necessary to preserve the confidentiality of such data.

Amendment 1361 #

Proposal for a regulation
Article 34 – paragraph 4

4. Public sector bodies or Union institutions, agencies and bodies that obtain access to non-personal electronic health data entailing IP rights and trade secrets in the exercise of the tasks conferred to them by Union law or national law, shall take all specific measures necessary to preserve the confidentiality of such data.

Amendment 1362 #

Proposal for a regulation
Article 34 – paragraph 4 a (new)

4 a. Neither the use nor registration of electronic health data for secondary purposes in the European Health Data Space shall hinder the development of research programmes by curtailing the use of shared data between two or more teams within the same country or across several countries.

Amendment 1363 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

4 a. Scientific research referred to in Article 34 point (e) of paragraph 1, as well as further research based on results of research through secondary use of health data according to this Regulation, shall provide a public return and be publicly accessible.

Amendment 1364 #

Proposal for a regulation
Article 35 – title

Prohibited purposes of secondary use of electronic health data

Amendment 1365 #

Proposal for a regulation
Article 35 – paragraph 1 – introductory part

Seeking ~~access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited:~~ or gaining access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for any purposes not listed in Article 34 shall be prohibited and subject to penalties laid down in Articles 43 and 69. Seeking or gaining access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall constitute an aggravated case of breaching the rules of this Regulation, and shall be subject to higher penalties, in accordance with point (i) of paragraph 2a of Article 69: (Linked to article 69)

Amendment 1366 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 35 – paragraph 1 – introductory part

Seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited and subject to sanction applicable in the jurisdiction of the Member State in which the offence occurred:

Amendment 1367 #

Proposal for a regulation
Article 35 – paragraph 1 – introductory part

Seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 46 for the following purposes shall be prohibited and subject to effective, proportionate and dissuasive sanctions:

Amendment 1368 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 35 – paragraph 1 – point a

(a) taking decisions detrimental to a natural person based on their electronic health data, such as offers of employment, offering less favourable terms in the provision of goods or services such as insurance or other financial services; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;

Amendment 1369 #

Proposal for a regulation
Article 35 – paragraph 1 – point a

(a) a) taking decisions detrimental to a natural person based on their electronic health data, including but not limited to offers of employment, offering less favourable terms in the provision of goods or services; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;

Amendment 1370 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 35 – paragraph 1 – point a

(a) taking decisions detrimental to a natural person based on their electronic health data; ~~in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;~~

Amendment 1371 #

Proposal for a regulation
Article 35 – paragraph 1 – point a

(a) taking decisions detrimental to a natural person or a group of natural persons based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;

Amendment 1372 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point a

Amendment 1373 #

Proposal for a regulation
Article 35 – paragraph 1 – point a

(a) taking any decision~~s detrimental~~ related to a natural person based on their electronic health data; in order to qualify as “decisions”, they must produce legal effects or similarly significantly affect those natural persons;

Amendment 1374 #

Lídia PEREIRA

Proposal for a regulation
Article 35.º – paragraph 1 – point b

~~(b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance contract or to modify their contributions and insurance premiums;~~deleted

Amendment 1375 #

Proposal for a regulation
Article 35 – paragraph 1 – point b

(b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance contract or to modify their contributions and insurance premiums; except for purposes consistent with scientific research activities, such as the analysis of general trends and patterns in the state of population health, and the development and innovation of products and services in the health or care sector, including in particular the purposes set forth in Article 34 points (e), (f), and (h)

Amendment 1376 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point b

(b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance contract or to modify their contributions and insurance premiums or taking any other decisions in relation to a natural person or groups of natural persons to discriminate on the basis of the health data obtained;

Amendment 1377 #

Proposal for a regulation
Article 35 – paragraph 1 – point b

(b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance or credit contract or to modify their contributions and insurance premiums or conditions of loans or exclude them from the benefit of participating in clinical trials;

Amendment 1378 #

Proposal for a regulation
Article 35 – paragraph 1 – point b

(b) taking decisions in relation to a natural person or groups of natural persons to exclude them from the benefit of an insurance contract, of a bank loan and its present or future terms, or to modify their contributions and insurance premiums;

Amendment 1379 #

Proposal for a regulation
Article 35 – paragraph 1 – point b

Amendment 1380 #

Proposal for a regulation
Article 35 – paragraph 1 – point b

Amendment 1381 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 35 – paragraph 1 – point c

(c) advertising or marketing activities towards health professionals, organisations in health or natural persons with the exception of communication in line with approved regulatory information or to provide up-to date, verifiable and complete scientific information to health care professionals for educational purpose in line with Directive 2001/83/EC;

Amendment 1382 #

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1383 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 35 – paragraph 1 – point c

(c) advertising or marketing activities or, any other economic or financial activity aimed at making corporative profits, towards health professionals, organisations in health or natural persons;

Amendment 1384 #

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1385 #

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1386 #

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1387 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1388 #

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1389 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1390 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 35 – paragraph 1 – point c

Amendment 1391 #

Proposal for a regulation
Article 35 – paragraph 1 – point c a (new)

(c a) developing or conducting any activity aimed at profiling of or discriminating against individuals;

Amendment 1392 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point e

(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco and nicotine products, or goods or services which are designed or modified in such a way that they ~~contravene public order or morality~~incite addiction, harm public health and environment or contravene public order or morality or result in behavioural changes that reduce the freedom of choice or security of the natural persons.

Amendment 1393 #

Proposal for a regulation
Article 35 – paragraph 1 – point e

(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco and nicotine products, weaponries or products, or goods or services which are designed or modified in such a way that they incite chemical, behavioural or any other type of addiction or that they contravene public order or morality.

Amendment 1394 #

Proposal for a regulation
Article 35 – paragraph 1 – point e

(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, or tobacco products~~, or goods or services which are designed or modified in such a way that they contravene public order or morality~~.

Amendment 1395 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

Proposal for a regulation
Article 35 – paragraph 1 – point e

(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco products or those that may cause addiction, or goods or services which are designed or modified in such a way that they contravene public order or morality.

Amendment 1396 #

Proposal for a regulation
Article 35 – paragraph 1 – point e

Amendment 1397 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 35 – paragraph 1 – point e

(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, tobacco or nicotine or vaping products, or goods or services which are designed or modified in such a way that they contravene public order or morality.

Amendment 1398 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) unfair commercial use or other unfair competition, in accordance with Article 39 of TRIPS; using data from private enterprises in regulatory or reimbursement submissions for any generic or biosimilar product without an agreement from the private sector data holder while the data holder’s referenced product is under patent or regulatory data protection (including such use of data outside of the EU), or equivalent protected data of nonmedicinal products such as medical devices and software medical devices

Amendment 1399 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) calculating reimbursement, costs or expenditures relating to healthcare provision to be borne by natural persons, private or public insurance, or public bodies, including, but not limited to, the development and amendment of healthcare provider payment systems;

Amendment 1400 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) all acts of unfair competition or unfair commercial use, in accordance with Article 10bis of the Paris Convention for the Protection of Industrial Property and Article 39 of the Agreement on Trade-Related Aspects of Intellectual Property;

Amendment 1401 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(ea) to obtain strategic information about a competitor, such as the production method behind their product or service.

Amendment 1402 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) automated individual decision- making, including profiling, in accordance with Article 22 of the Regulation (EU) 2016/679;

Amendment 1403 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) automated individual decision- making, including profiling, in accordance with Article 22 of the Regulation (EU) 2016/679.

Amendment 1404 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) automated individual decision- making, including profiling, in accordance with Article 22 of the Regulation (EU) 2016/679.

Amendment 1405 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(ea) reconstructing the identity of natural persons from datasets shared under this Regulation;

Amendment 1406 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) Unfair commercial use or other unfair competitions, in accordance with Article 39 of TRIPS;

Amendment 1407 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) unfair commercial use or other unfair competition, in accordance with Article 39 of TRIPS Agreement;

Amendment 1408 #

Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)

(e a) data of pharmaceutical prescriptions or medical devices used, by commercial name.

Amendment 1409 #

Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)

(e b) using data from private enterprises in regulatory or reimbursement submissions for any generic or biosimilar product without an agreement from the private sector data holder while the data holder's referenced product is under patent or regulatory data protection (including such use of data outside of the EU) or equivalent protected data of non- medicinal products, such as medical devices and software medical devices.

Amendment 1410 #

Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)

(e b) using data from private enterprises in regulatory or reimbursement submissions for any generic or biosimilar product without an agreement from the private sector data holder while the data holder’s referenced product is under patent or regulatory data protection (including such use of data outside of the EU), or equivalent protected data of non- medicinal products such as medical devices and software medical devices.

Amendment 1411 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)

(eb) profiling of natural persons solely from the datasets shared under this Regulation or in combination with other data;

Amendment 1412 #

Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)

(e b) data of pharmaceutical prescriptions or medical devices by commercial name, with the exception of usage by public authorities.

Amendment 1413 #

Proposal for a regulation
Article 35 – paragraph 1 – point e b (new)

(e b) automated individual decision- making, including profiling, in accordance with Article 22 of the Regulation (EU) 2016/679.

Amendment 1414 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point e c (new)

Amendment 1415 #

Proposal for a regulation
Article 35 – paragraph 1 – point e c (new)

(e c) national defense and security.

Amendment 1416 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 35 – paragraph 1 – point e d (new)

(ed) the sale of electronic health data made available under this Regulation.

Amendment 1417 #

Proposal for a regulation
Article 35 – paragraph 1 – point e d (new)

(e d) confidential data used by public bodies which are market regulators.

Amendment 1418 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 35 – paragraph 1 a (new)

Any other misuse of electronic health data, including its use for permissible purposes other than those specified in the data permit or data request, shall also be prohibited and subject to effective, proportionate and dissuasive sanctions.

Amendment 1419 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 35 – paragraph 1 a (new)

The infringement by secondary use data users of the purposes defined in the previous paragraph shall entail the termination of access and processing electronic health data obtained via a data permit issued pursuant Articles 43 and 46.

Amendment 1420 #

Proposal for a regulation
Article 35 – paragraph 1 a (new)

This Regulation shall not apply to activities concerning public security, defence and national security.

Amendment 1421 #

Proposal for a regulation
Article 35 – paragraph 1 a (new)

This Regulation shall not apply to activities concerning public security, defence and national security

Amendment 1422 #

Proposal for a regulation
Article 36 – title

~~Health data access bodies~~Bodies involved in accessing health data

Amendment 1423 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

1. Member States shall each designate one or more ~~health data access bodies~~bodies involved in accessing health data that are responsible for granting access to electronic health data for secondary use. Member States may either establish one or more new public sector bodies or rely on existing public sector bodies or on internal services of public sector bodies or private legal persons that fulfil the conditions set out in this Article. Where a Member State designates several ~~health data access bodies~~bodies involved in accessing health data, it shall designate one ~~health data access~~ body to act as coordinator, with responsibility for coordinating requests with the other ~~health data access bodies.~~bodies involved in accessing health data. The following legally and organisationally independent bodies may be involved in accessing electronic health data:

Amendment 1424 #

Proposal for a regulation
Article 36 – paragraph 1

1. Health data access bodies shall be public entities or bodies. Member States shall designate one or more public health data access bodies responsible for granting access to electronic health data for secondary use. Member States may either establish one or more new public sector bodies or rely on existing public sector bodies or on internal services of public sector bodies that fulfil the conditions set out in this Article. Where a Member State designates several health data access bodies, it shall designate one health data access body to act as coordinator, with responsibility for coordinating requests with the other health data access bodies.

Amendment 1425 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 1

1. Member States shall designate one or more health data access bodies responsible for ~~granting access to electronic health data for secondary use~~carrying out the tasks referred to in Articles 37, 38 and 39 of this Regulation. Member States may either establish one or more new public sector bodies or rely on existing public sector bodies or on internal services of public sector bodies that fulfil the conditions set out in this Article. Where a Member State designates several health data access bodies, it shall designate one health data access body to act as coordinator, with responsibility for coordinating data access applications and requests with the other health data access bodies.

Amendment 1426 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 1 a (new)

1 a. Health data access bodies shall consist of two distinct parts, which shall be legally and organisationally separate from each other: (a) Authorisation bodies, which decide about data access applications pursuant to Article 37(1) and make the data accessible to authorised data users in a secure processing environment; (b) Trust bodies, which receive the electronic health data from data holders pursuant to Article 37(1a) and are responsible for disclosing the data to the authorisation bodies.

Amendment 1427 #

Proposal for a regulation
Article 36 – paragraph 1 a (new)

1 a. Each health data access body shall contribute to the consistent application of this Regulation throughout the Union. For that purpose, the health data access bodies shall cooperate with each other and with the supervisory authorities under Regulation (EU) 2016/679 as well as with the Commission and where relevant with the EDPB and the EDPS.

Amendment 1428 #

Proposal for a regulation
Article 36 – paragraph 1 a (new)

1a. Application processing bodies, which may be administered by both public and private bodies.

Amendment 1429 #

Proposal for a regulation
Article 36 – paragraph 1 b (new)

1b. Pseudonymisation bodies, which shall be administered by national public bodies; the European Union shall also create an independent European pseudonymisation body.

Amendment 1430 #

Proposal for a regulation
Article 36 – paragraph 1 c (new)

1c. Access bodies, which shall be administered by national public bodies.

Amendment 1431 #

Proposal for a regulation
Article 36 – paragraph 2

2. Member States shall ensure that ~~2. each health data access body~~each body involved in accessing health data is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers. Certification shall be required for approval and designation as an application processing body. Application processing bodies shall carry out their tasks in an impartial, transparent, consistent and timely manner. Senior managers and staff members of the authorities responsible shall not engage in any activity that may conflict with their independence of judgment or integrity in carrying out the tasks entrusted to them.

Amendment 1432 #

Proposal for a regulation
Article 36 – paragraph 2

2. Member States shall ensure that each health data access body is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers. This shall include sufficient administrative, technical and scientific personnel, including expertise in relevant areas such as data management, data protection, data science, healthcare and intellectual property rights.

Amendment 1433 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 2

2. Member States shall ensure that each health data access body is provided with ~~the hum~~human resources with necessary legal an,d technical expertise, including ethical boards and committees, and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers.

Amendment 1434 #

Proposal for a regulation
Article 36 – paragraph 2

2. Member States shall ensure that each health data access body is provided with adequathe human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and the exercise of its powers, including those related to the participation in the EHDS Board.

Amendment 1435 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 36 – paragraph 2

Amendment 1436 #

Proposal for a regulation
Article 36 – paragraph 2

Amendment 1437 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 2 a (new)

2 a. Member States shall provide for each member of their data access body to be appointed by means of a transparent procedure by: their parliament; their government; their head of State; or an independent body entrusted with the appointment under Member State law. Members as well as staff shall have the qualifications, experience and skills required to perform their duties and exercise their powers, in particular in the area of ethics, cybersecurity, protection of intellectual property and trade secrets, healthcare, scientific research, artificial intelligence and other relevant areas, as well as the protection of personal data and specifically data concerning health.

Amendment 1438 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 2 a (new)

2 a. The Commission shall be empowered to adopt delegated acts for the provision of a uniform pseudonymisation procedure.

Amendment 1439 #

Proposal for a regulation
Article 36 – paragraph 2 b (new)

2 b. The health data access bodies shall set up application review committees, composed of at least 3 persons, to examine each health data access application. The composition of such committees shall be diverse and tailored to the specific cases and expertise required and shall include one expert in ethics. For applications that pose very minimal ethical or social risks, health data access bodies may set up simplified ethics assessment procedure.

Amendment 1440 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 2 c (new)

2 c. The Commission shall, in consultation and cooperation with relevant experts, create guidelines with minimum standards for the work of the review committees.

Amendment 1441 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 2 d (new)

2 d. Each Member State shall ensure that each health data access body chooses and has its own staff which shall be subject to the exclusive direction of the member or members of the data access body concerned. The duties of a member shall end in the event of the expiry of the term of office, resignation or compulsory retirement, in accordance with the law of the Member State concerned. A member shall be dismissed only in cases of serious misconduct or if the member no longer fulfils the conditions required for the performance of the duties.

Amendment 1442 #

Proposal for a regulation
Article 36 – paragraph 3

3. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients and consumers, data holders and data users~~. Staff~~, and with data protection experts. Health data access bodies shall actively cooperate with the authorities responsible for the application of EU and national data protection legislation. Staff members of health data access bodies shall hav~~oid any conflicts of interes~~e no direct or indirect economic, financial or personal conflicts of interest that might be considered prejudicial to their independence and, in particular, that they are not in a situation that may, directly or indirectly, affect the impartiality of their professional conduct. Health data access bodies shall not be bound by any instructions, when making their decisions.

Amendment 1443 #

Proposal for a regulation
Article 36 – paragraph 3

3. Essential health stakeholders’ representatives, including patient organisations, shall be present in the governance and decision-making structures of the health data access bodies. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall ~~not be bound by any instructions~~actively cooperate with the relevant bodies or authorities responsible for the application of EU and national data protection legislation, when making their decisions.

Amendment 1444 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 3

3. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data should be trained at local level on how to operate the Health Data Space. Appropriate funding should be ensured by the Member State for regular trainings and regular digital literacy courses as means to reduce fragmentation and build trust. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions. and a conflict of interest policy should be put into place

Amendment 1445 #

Proposal for a regulation
Article 36 – paragraph 3

3. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instrucHealth data access bodies and their members and staff, including application review committees shall act with complete independence in performing their tasks and exercising their powers in accordance with this Regulation. They shall avoid any conflicts of interest and remain free from external influence, whether direct or indirect, and shall neither seek nor take instructions from anybody. Members of health data access bodies, including application review committees, shall refrain from any action incompatible with their duties and shall not, during their term of office, engage in any incompatible occupations, whe~~n making~~ their ~~decisions~~gainful or not.

Amendment 1446 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 36 – paragraph 3

Amendment 1447 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 36 – paragraph 3

3. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Stakeholders' representatives, including health professionals, patients and consummers' organisations, shall take part in the governance and decision-making structures of the health data access bodies. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions.

Amendment 1448 #

Maite PAGAZAURTUNDÚA, Susana SOLÍS PÉREZ, Michal ŠIMEČKA

Proposal for a regulation
Article 36 – paragraph 3

Amendment 1449 #

Proposal for a regulation
Article 36 – paragraph 3

Amendment 1450 #

Proposal for a regulation
Article 36 – paragraph 3

Amendment 1451 #

Proposal for a regulation
Article 36 – paragraph 3

3. In the performance of their tasks, ~~health data access bodies~~the bodies involved in accessing health data shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of ~~health data access bodies shall avoid any conflicts of interest. Health data access bodies~~bodies involved in accessing health data shall avoid any conflicts of interest. Bodies involved in accessing health data shall not be bound by any instructions, when making their decisions.

Amendment 1452 #

Proposal for a regulation
Article 36 – paragraph 3 a (new)

3 a. Member States shall determine and publish the selection procedure for health stakeholders referred to in paragraph 3. They shall ensure that the procedure is transparent and does not allow for conflicts of interest.

Amendment 1453 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 36 – paragraph 4

4. Member States shall communicate to the Commission the identity of the ~~health data access~~ bodies designated pursuant to paragraph 1 by the date of application of this Regulation. They shall also communicate to the Commission any subsequent modification of the identity of those bodies. The Commission and the Member States shall make this information publicly available.

Amendment 1454 #

Proposal for a regulation
Article 36 – paragraph 4 a (new)

4 a. The Member States shall determine the selection procedure for health stakeholders referred to in paragraph 3 through an open, transparent and inclusive process.

Amendment 1455 #

Proposal for a regulation
Article 37 – title

Tasks of ~~health data access bodies~~bodies involved in accessing health data

Amendment 1456 #

Proposal for a regulation
Article 37 – paragraph 1 – introductory part

1. HThe authorisation bodies within the health data access bodies shall carry out the following tasks:

Amendment 1457 #

Proposal for a regulation
Article 37 – paragraph 1 – introductory part

1. ~~Health data access bodies~~Bodies involved in accessing health data shall carry out the following tasks:

Amendment 1458 #

Proposal for a regulation
Article 37 – paragraph 1 – point a

(a) decide on data access applications pursuant to Article 45, authorise and issue data permits pursuant to Article 46 to access electronic health data falling within their national remit for secondary use and decide on data requests in accordance with Chapter II of Regulation […] [Data Governance Act COM/2020/767 final] and this Chapter. This includes deciding on whether the data shall be made accessible in anonymised or pseudonymised form, based on its own thorough assessment of any reasons provided by the data applicant pursuant to paragraph (d) of paragraph 2 of Article 45;

Amendment 1459 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point a

Amendment 1460 #

Proposal for a regulation
Article 37 – paragraph 1 – point a

(a) decide on data access applications pursuant to Article 45, authorise and issue data permits pursuant to Article 46 to access electronic health data falling within their national remit for secondary use and decide on data requests in accordance with Chapter II of Regulation […] [Data Governance Act COM/2020/767 final] and this Chapter where the application concerns anonymised electronic health data; where the application concerns pseudonymised electronic health data, the decision-making shall be done in close cooperation with relevant supervisory authorities under Regulation (EU) 2016/679;

Amendment 1461 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point a a (new)

(a a) authorise and issue data permits pursuant to Article 46 to access electronic health data falling within their national remit for secondary use and decide on data requests in accordance with Chapter II of Regulation […] [Data Governance Act COM/2020/767 final] and this Chapter;

Amendment 1462 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point a b (new)

(a b) request electronic health data referred to in Article 33 from relevant health data holders pursuant to a data permit or a data request granted;

Amendment 1463 #

Proposal for a regulation
Article 37 – paragraph 1 – point b

(b) access bodies shall support public sector bodies in carrying out the tasks enshrined in their mandate, based on national or Union law;

Amendment 1464 #

Proposal for a regulation
Article 37 – paragraph 1 – point c

(c) support Union institutions, bodies, offices and agencies in carrying out the tasks enshrined in their mandate ~~of Union institutions, bodies, offices and agencies, based on national or~~, based on Union law;

Amendment 1465 #

Proposal for a regulation
Article 37 – paragraph 1 – point c

Amendment 1466 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point d

(d) process electronic health data for the purposes set out in Article 34, including the collection, combination, preparation and disclosure of those data for secondary use on the basis of a data permit;deleted

Amendment 1467 #

Proposal for a regulation
Article 37 – paragraph 1 – point d

(d) process electronic health data ~~for the purposes set out~~referred to in Article 343, including gathe ~~collection~~ring, combination, preparation ~~and disclosure~~, anonymisation and pseudonymisation of those data for secondary use on the basis of a data permit;

Amendment 1468 #

Proposal for a regulation
Article 37 – paragraph 1 – point d

Amendment 1469 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point d

Amendment 1470 #

Proposal for a regulation
Article 37 – paragraph 1 – point e

~~(e) process electronic health data from other relevant data holders based on a data permit or a data request for a purposes laid down in Article 34;~~deleted

Amendment 1471 #

Proposal for a regulation
Article 37 – paragraph 1 – point e

~~(e) process electronic health data from other relevant data holders based on a data permit or a data request for a purposes laid down in Article 34;~~deleted

Amendment 1472 #

Proposal for a regulation
Article 37 – paragraph 1 – point e

(e) access bodies shall process electronic health data from other relevant data holders based on a data permit or a data request for a purposes laid down in Article 34;

Amendment 1473 #

Proposal for a regulation
Article 37 – paragraph 1 – point f

~~(f) take all measures necessary to preserve the confidentiality of IP rights and of trade secrets;~~deleted

Amendment 1474 #

Proposal for a regulation
Article 37 – paragraph 1 – point f

(f) take all measures necessary to preserve the confidentiality of IP rights and of trade secrets included in, but not limited to the Directive on the Protection of Trade Secrets (Directive (EU) 2016/943);

Amendment 1475 #

Proposal for a regulation
Article 37 – paragraph 1 – point f

(f) bodies involved in accessing health data shall take all measures necessary to preserve the confidentiality of IP rights and of trade secrets;

Amendment 1476 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point f

(f) take all measures necessary to preserve the confidentiality of IP rights and of trade secrets and of protected regulatory data;

Amendment 1477 #

Proposal for a regulation
Article 37 – paragraph 1 – point f

(f) take all measures necessary to preserve IP rights and the confidentiality of ~~IP rights and of~~ trade secrets;

Amendment 1478 #

Proposal for a regulation
Article 37 – paragraph 1 – point g

(g) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;deleted

Amendment 1479 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point g

(g) ~~gather and compile or provide access to~~where electronic health data are not accessed directly between data holder and data user, or where the data of a number of holders need to be merged, the access bodies concerned, with the assistance of pseudonymisation bodies, shall gather and compile the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;

Amendment 1480 #

Proposal for a regulation
Article 37 – paragraph 1 – point g

(g) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation and put those data at the disposal ofbased on a data permit, provide access to health data referred to in Article 33 to health data users in a secure processing environment in accordance with the requirements laid down in Article 50 and store the data for the period of the duration of the data permit;

Amendment 1481 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 37 – paragraph 1 – point g

(g) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation, ensuring a secure sharing environment, and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;

Amendment 1482 #

Proposal for a regulation
Article 37 – paragraph 1 – point h

~~(h) contribute to data altruism activities in accordance with Article 40;~~deleted

Amendment 1483 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

(i) support the development of AI systems, the training, testing and validating of AI systems and the development of harmonised standards and guidelines under Regulation […] [AI Act COM/2021/206 final] for the training, testing and validation of AI systems in health;deleted

Amendment 1484 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

Amendment 1485 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

Amendment 1486 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

Amendment 1487 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

(i) provide with expertise to support the development of AI systems, the training, testing and validating of AI systems and the development of harmonised standards and guidelines under Regulation […] [AI Act COM/2021/206 final] for the training, testing and validation of AI systems in health;

Amendment 1488 #

Proposal for a regulation
Article 37 – paragraph 1 – point i

Amendment 1489 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 37 – paragraph 1 – point j

~~(j) cooperate with and supervise data holders to ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;~~deleted

Amendment 1490 #

Proposal for a regulation
Article 37 – paragraph 1 – point j

(j) cooperate with and supervise data holders to enable them to enact their rights to opt-out of data processing for secondary use as referred to in Article 33(5a) and to opt-in for data processing for the specific categories of data referred to in Article 33(5b) ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;

Amendment 1491 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 1 – point j

(j) cooperate with and supervise data holders to, assist them in order to ensure respect of data subjects' consent as referred to in Article 33(5), and ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;

Amendment 1492 #

Proposal for a regulation
Article 37 – paragraph 1 – point j

(j) cooperate with and supervise data holders to ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56, as well as support them in order to ensure respect of the right to opt-out of data subjects referred to in Article 33(5);

Amendment 1493 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point j

(j) application processing bodies shall cooperate with and supervise data holders to ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;

Amendment 1494 #

Proposal for a regulation
Article 37 – paragraph 1 – point k

(k) maintain a management system to record and process data access applications, data requests, the decisions on these applications and the data permits issued and data requests answered, providing at least information on the name of the data applicant, the purpose of access, the date of issuance, duration of the data permit and a description of the data application or the data request;

Amendment 1495 #

Proposal for a regulation
Article 37 – paragraph 1 – point k

Amendment 1496 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point l

(l) application processing and access bodies shall jointly maintain a public information system to comply with the obligations laid down in Article 38;

Amendment 1497 #

Proposal for a regulation
Article 37 – paragraph 1 – point m

(m) cooperate at Union and national level to lay down a common approach, technical requirements and appropriate measures and requirements for accessing electronic health data in a secure processing environment;

Amendment 1498 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 1 – point m

(m) cooperate at Union ~~and nat~~, national and, where applicable, regional level to lay down appropriate measures and requirements for accessing electronic health data in a secure processing environment;

Amendment 1499 #

Proposal for a regulation
Article 37 – paragraph 1 – point m

(m) access bodies shall cooperate at Union and national level to lay down appropriate measures and requirements for accessing electronic health data in a secure processing environment;

Amendment 1500 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 1 – point n

(n) cooperate at Union and national level and provide advice to the Commission on techniques and best practices for the secondary use of electronic health data use and management;

Amendment 1501 #

Proposal for a regulation
Article 37 – paragraph 1 – point n

(n) cooperate at Union ~~and nat~~, national and, where applicable, regional level and provide advice to the Commission on techniques and best practices for electronic health data use and management;

Amendment 1502 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point n

(n) cooperate at Union and national level and provide advice to the Commission on techniques and best practices for the secondary use of electronic health data ~~use~~ and management;

Amendment 1503 #

Proposal for a regulation
Article 37 – paragraph 1 – point n

(n) access bodies shall cooperate at Union and national level and provide advice to the Commission on techniques and best practices for electronic health data use and management;

Amendment 1504 #

Proposal for a regulation
Article 37 – paragraph 1 – point o

~~(o) facilitate cross-border access to electronic health data for secondary use hosted in other Member States through HealthData@EU and cooperate closely with each other and with the Commission.~~deleted

Amendment 1505 #

Proposal for a regulation
Article 37 – paragraph 1 – point o

Amendment 1506 #

Proposal for a regulation
Article 37 – paragraph 1 – point p

(p) inform the data holder when electronic health data made available for secondary use entails their intellectual property, trade secrets or regulatory data and upon request send to the data holder free of charge, by the expiry of the data permit, a copy of the corrected, annotated or enriched dataset, as applicable, and a description of the operations performed on the original dataset;

Amendment 1507 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point q – introductory part

(q) application processing bodies shall make public, through electronic means:

Amendment 1508 #

Proposal for a regulation
Article 37 – paragraph 1 – point q – point i

(i) a national dataset catalogue ~~that shall include details about the source and nature of electronic health data,~~ in accordance with Articles 55, 56 and 58, of this Regulation and the conditions for making electronic health data available. The national dataset catalogue shall also be made available to single information points under Article 8 of Regulation […] [Data Governance Act COM/2020/767 final];

Amendment 1509 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 1 – point q – point i

(i) a ~~national~~ dataset catalogue that shall include details about the source and nature of electronic health data, in accordance with Articles 56 and 58, and the conditions for making electronic health data available. The national dataset catalogue shall also be made available to single information points under Article 8 of Regulation […] [Data Governance Act COM/2020/767 final];

Amendment 1510 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point q – point ii

(ii) all ~~data permits, requests and applications on their websites within 30 working d~~health data applications and requests without undue delays after ~~issuance of the data permit or reply to a data request~~their reception;

Amendment 1511 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point q – point ii a (new)

(ii a) all health data permits or requests granted as well as denied, together with justification, within 30 working days after their issuance;

Amendment 1512 #

Proposal for a regulation
Article 37 – paragraph 1 – point q – point iii

~~(iii) penalties applied pursuant to Article 43;~~deleted

Amendment 1513 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 1 – point q – point iii

(iii) penalties applied pursuant to Article ~~43;~~69; (Due to alignment of art. 43 with art. 69)

Amendment 1514 #

Proposal for a regulation
Article 37 – paragraph 1 – point q – point iv a (new)

(iv a) a list of data users whose data permits had to be terminated due to their infringement of Article 35;

Amendment 1515 #

Proposal for a regulation
Article 37 – paragraph 1 – point q a (new)

(qa) access bodies shall make public through electronic means the sanctions imposed under Article 43;

Amendment 1516 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 1 – point r

(r) bodies involved in accessing health data shall fulfil obligations towards natural persons pursuant to Article 38;

Amendment 1517 #

Proposal for a regulation
Article 37 – paragraph 1 – point r a (new)

(r a) monitor and supervise compliance by data users and data holders with the requirements laid down in this Chapter; where personal data are concerned, the monitoring and compliance shall be carried out in close cooperation with relevant supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725; monitoring and supervision shall include regular audits on health data users regarding their processing of electronic health data in the secure processing environment;

Amendment 1518 #

Proposal for a regulation
Article 37 – paragraph 1 – point s

Amendment 1519 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 1 – point t

Amendment 1520 #

Proposal for a regulation
Article 37 – paragraph 1 – point t a (new)

(t a) terminate the data permit to a secondary use data user in case it contravened the purposes defined in Article 35.

Amendment 1521 #

Proposal for a regulation
Article 37 – paragraph 1 a (new)

1 a. The trust bodies within the health data access bodies shall carry out the following tasks: (a) process electronic health data for the purposes set out in Article 34, including the collection, combination, preparation and disclosure of those data for secondary use on the basis of a data permit; (b) process electronic health data from other relevant data holders based on a data permit or a data request for a purpose laid down in Article 34; (c) take all measures necessary to preserve the confidentiality of IP rights and of trade secrets; (d) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50; (e) contribute to data altruism activities in accordance with Article 40; (f) support the development of AI systems, the training, testing and validating of AI systems and the development of harmonised standards and guidelines under Regulation […] [AI Act COM/2021/206 final] for the training, testing and validation of AI systems in health; (g) cooperate with and supervise data holders to ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;assist data holders to ensure they fully respect any refusals or restrictions for access for primary use pursuant to paragraphs 9 and 9a of Article 3; (h) facilitate cross-border access to anonymised electronic health data for secondary use hosted in other Member States through HealthData@EU and cooperate closely with each other and with the Commission.

Amendment 1522 #

Proposal for a regulation
Article 37 – paragraph 2 – introductory part

2. In the exercise of their tasks, ~~health data access bodies shall~~bodies involved in accessing health data shall proceed as follows:

Amendment 1523 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 2 – point a

(a) cooperate with supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 in relation to personal electronic health data ~~and the EHDS Board~~;

Amendment 1524 #

Proposal for a regulation
Article 37 – paragraph 2 – point a a (new)

(a a) immediately notify the relevant supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of any potential issue related to the processing of personal electronic health data for secondary use to ensure application and enforcement of this Regulation and relevant provisions of the aforementioned Regulations, including penalties.

Amendment 1525 #

Proposal for a regulation
Article 37 – paragraph 2 – point b

Amendment 1526 #

Proposal for a regulation
Article 37 – paragraph 2 – point b

(b) inform the relevant supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 where a health data access body has imposed penalties or other measures pursuant to Article 4369 in relation to processing personal electronic health data ~~and~~, or where such processing refers to an attempt to re-identify an individual or unlawful processing of personal electronic health data; (Due to alignment between art. 43 and art. 69)

Amendment 1527 #

Proposal for a regulation
Article 37 – paragraph 2 – point c

Amendment 1528 #

Proposal for a regulation
Article 37 – paragraph 2 – point c

Amendment 1529 #

Proposal for a regulation
Article 37 – paragraph 2 – point c

(c) cooperate with stakeholders, including patient and consumer organisations, representatives from natural persons, health professionals, researchers, and ethical committees, where applicable in accordance with Union and national law;

Amendment 1530 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 2 – point d

Amendment 1531 #

Proposal for a regulation
Article 37 – paragraph 2 – point d

(d) cooperate with other ~~national~~ competent bodies, including the national competent bodies supervising data altruism organisations under Regulation […] [Data Governance Act COM/2020/767 final], the competent authorities under Regulation […] [Data Act COM/2022/68 final] and the national competent authorities for Regulations (EU) 2017/745 and Regulation […] [AI Act COM/2021/206 final] .

Amendment 1532 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 37 – paragraph 2 – point d a (new)

(d a) cooperate with European institutions and agencies, where applicable in accordance with Union law.

Amendment 1533 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 37 – paragraph 3

3. The health data access bodies ~~may~~shall provide assistance to public sector bodies where those public sector bodies access electronic health data on the basis of Article 14 of Regulation […] [Data Act COM/2022/68 final].

Amendment 1534 #

Proposal for a regulation
Article 37 – paragraph 4

~~4. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the list of tasks in paragraph 1 of this Article, to reflect the evolution of activities performed by health data access bodies.~~

Amendment 1535 #

Proposal for a regulation
Article 37 – paragraph 4

4. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of tasks in paragraph 1 of this Article, to reflect the evolution of activities performed by health data access bodies in the field of health covered by this Regulation.

Amendment 1536 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Erik POULSEN, Asger CHRISTENSEN, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 37 – paragraph 4 – subparagraph 1 (new)

The Commission shall adopt guidelines on the functioning of the health data access bodies to ensure coherent processes among them.

Amendment 1537 #

Proposal for a regulation
Article 37 – paragraph 4 a (new)

4 a. The EDPB shall provide health data acces bodies with specific guidelines and minimum standards of anonymisation and pseudonymisation for the purposes in this Regulation in order to ensure the same level of quality of anonymisation and pseudonymisation across Member States. The guidelines shall be based on state-of- the-art technology in this regard, which in turn shall be used by the health data access bodies when carrying out their task of anonymisation or pseudonymisation of electronic health data. The guidelines shall be regularly updated, in line with technological progress in this field.

Amendment 1538 #

Proposal for a regulation
Article 37 – paragraph 4 a (new)

4 a. Following open and public consultations, the Commission shall adopt guidelines on the functioning of the health data access bodies to ensure coherent processes among them.

Amendment 1539 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 38 – title

Obligations of ~~health data access bodies~~bodies involved in accessing health data towards natural persons

Amendment 1540 #

Proposal for a regulation
Article 38 – paragraph 1 – introductory part

1. Health data access bodies shall make publicly available and easily searchable and accessible the conditions under which electronic health data is made available for secondary use, with information concerning:

Amendment 1541 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 38 – paragraph 1 – introductory part

1. ~~Health data ac~~Application processing bodies shall make publicly available and easily searchable the conditions under which electronic health data is made available for secondary use, with information concerning:

Amendment 1542 #

Proposal for a regulation
Article 38 – paragraph 1 – point c

(c) the applicable rights of natural persons in relation to secondary use of electronic health data, in particular the right to opt-out pursuant to Article 33(5), including detailed and understandable information on how to exercise those rights;

Amendment 1543 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 38 – paragraph 1 – point c

(c) the applicable rights of natural persons in relation to secondary use of electronic health data, including the right to opt-out referred to in Article 33(5a) and the right to opt-in for the categories of data referred to in Article 33(5b);

Amendment 1544 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

(c) the applicable rights of natural persons in relation to secondary use of electronic health data, in particular the right to opt-out pursuant to Article 33, including detailed information on how to exercise them;

Amendment 1545 #

Proposal for a regulation
Article 38 – paragraph 1 – point c

(c) the applicable rights of natural persons in relation to secondary use of electronic health data, including the rights laid down in Chapter III of Regulation (EU) 2016/679;

Amendment 1546 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 38 – paragraph 1 – point c

(c) the applicable rights of natural persons in relation to secondary use of electronic health data, including the rights pursuant to Regulation (EU) 2016/679;

Amendment 1547 #

Proposal for a regulation
Article 38 – paragraph 1 – point d

(d) the ~~arrangement~~modalities for natural persons to exercise their rights in accordance with Chapter III of Regulation (EU) 2016/679;

Amendment 1548 #

Proposal for a regulation
Article 38 – paragraph 1 – point d a (new)

(d a) the identity and the contact details of the health data access body and, where applicable, other information required pursuant to Article 13(1), point (a), of Regulation (EU) 2016/679;

Amendment 1549 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 38 – paragraph 1 – point d a (new)

(d a) the identity and the contact details of the health data access body and, where applicable, other information required pursuant to Article 13(1), point (a), of Regulation (EU) 2016/679.

Amendment 1550 #

Proposal for a regulation
Article 38 – paragraph 1 – point d a (new)

(d a) the record on who has been granted access to the data, the legal basis and the purpose, in accordance with Union and national law;

Amendment 1551 #

Proposal for a regulation
Article 38 – paragraph 1 – point e a (new)

(e a) the record on who has been granted access to which sets of electronic health data and a justification regarding the purposes for processing them as referred to in Article 34(1), Union and national law.

Amendment 1552 #

Proposal for a regulation
Article 38 – paragraph 1 – point e a (new)

Amendment 1553 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 38 – paragraph 1 – point e a (new)

(e a) The record on who has been granted access to the data, the legal basis and the purpose, in accordance with Union and national law.

Amendment 1554 #

Proposal for a regulation
Article 38 – paragraph 1 – point e a (new)

(e a) The mention to whom has been granted access to the data and the purpose of the use.

Amendment 1555 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 38 – paragraph 2

Amendment 1556 #

Proposal for a regulation
Article 38 – paragraph 2

2. Health data access bodies shall ~~not be obliged to provide the specific information under~~comply with the obligations laid down in Article 14(1) to (4) of Regulation (EU) 2016/679. Natural persons shall have the possibility to choose whether to receive notifications when their data are being used for secondary purpose, as well as the periodicity of such notifications.Where, with regards to obligations laid down in Article 14(1) to (4) of Regulation (EU) 2016/679 ~~to eac~~a health ndat~~ural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued~~a access body decides to make use of the exception laid down in Article 14(5), point (b), of the same Regulation, it shall make sure to make the information as referred to in Article 14(1) to (4) of Regulation (EU) 2016/679 publicly available on its website in an aggregated form, allowing natural persons to understand whether their data are being made available for secondary use pursuant to ~~Article 46~~data permits.

Amendment 1557 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 38 – paragraph 2

2. Health data access bodies shall not be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46. Health data access bodies shall establish protocols to facilitate access for all natural persons to the specific information concerning the use of their data, especially in the case of pseudonymised or anonymised data where the lack of information could affect the fundamental rights of the natural person.

Amendment 1558 #

Proposal for a regulation
Article 38 – paragraph 2

2. HAt the request of a natural person or a group representing natural persons, health data access bodies shall not be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46.

Amendment 1559 #

Proposal for a regulation
Article 38 – paragraph 2

2. Health data access bodies shall ~~not~~ be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit ~~and shall provide general public information on all the data permits issued pursuant to Article 46~~.

Amendment 1560 #

Proposal for a regulation
Article 38 – paragraph 2

2. HAt the request of a natural person or a group representing natural persons, health data access bodies shall ~~not~~ be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 ~~to each natural person~~ concerning the use of their health data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46.

Amendment 1561 #

Proposal for a regulation
Article 38 – paragraph 2

2. ~~Health data access bodies~~Bodies involved in accessing health data shall not be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit ~~and~~. Application processing bodies shall provide general public information on all the data permits issued pursuant to Article 46.

Amendment 1562 #

Proposal for a regulation
Article 38 – paragraph 2

2. Health data access bodies shall ~~not~~ be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46.

Amendment 1563 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 38 – paragraph 2

2. Health data access bodies shall ~~not be obliged to~~ provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46.

Amendment 1564 #

Proposal for a regulation
Article 38 – paragraph 3

3. Where a health data access body is informed by a health data user of a clinically significant finding that may i~~mpact on~~nfluence the health status of a natural person, as referred to in Article 41a(5) of this Regulation, the health data access body ~~may~~shall inform ~~the natural person and his or~~ , where applicable, the treating health professional of the natural person concerned about that finding. Where relevant, ther treating health professional ~~about that finding~~shall take due regard to the expressed wish of the natural person not to be informed.

Amendment 1565 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 38 – paragraph 3

3. Where a health data access body is informed by a data user of a finding that may impact on the health of a natural person, the health data access body ~~may~~shall inform the natural person and his or her treating health professional about that finding, while respecting the principles of medical confidentiality and professional secrecy. In accordance with Article 23(1), point (i), of Regulation (EU) 2016/679, Member States may by law restrict the scope of the obligation to inform the natural person whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their information for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have an impact on them.

Amendment 1566 #

Proposal for a regulation
Article 38 – paragraph 3

3. ~~Where a health data access body is~~Data users shall inform the health data access bodies of conclusive findings that arise from the secondary use of natural persons’ health data. Health data access bodies shall provide an accessible and easily understandable mechanism for natural persons to express their explicit will to be informed by a data user of a finding that may impact on the health of athat natural person~~, the health data access body may inform the natural person and his or her treating health professional about~~. Electronic health records shall notify the health professionals with the appropriate competence to communicate to the natural person about that finding to better evaluate thate finding and its consequences.

Amendment 1567 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 38 – paragraph 3

3. Where a health data access body is informed by a data user of a finding that may impact on the health of a natural person, the health data access body ~~may~~shall inform the natural person ~~and his or her treating health professional about that finding.~~ , if that person has given their prior consent for this, along with his or her treating health professional, that this finding exists, and shall give that natural person the opportunity to authorise or prohibit the exchange of information on that finding and on future findings.

Amendment 1568 #

Proposal for a regulation
Article 38 – paragraph 3

Amendment 1569 #

Proposal for a regulation
Article 38 – paragraph 3

3. Where a health data access body is informed by a data user of a finding that may impact on the health of a natural person, the health data access body ~~may~~shall notify the data holder in order for them to inform the natural person and his or her treating health professional about that finding.

Amendment 1570 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 38 – paragraph 3

3. Where a ~~health data ac~~n application processing body is informed by a data user of a finding that may impact on the health of a natural person, ~~the health data access body may~~it may, together with the pseudonymisation body and the data holder, inform the natural person and his or her treating health professional about that finding.

Amendment 1571 #

Proposal for a regulation
Article 38 – paragraph 4

4. Member States shall regularly inform the public at large about the role and benefits of health data access bodies, as well as the risks and consequences linked with individual and collective digital health data rights arising from this Regulation.

Amendment 1572 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 38 – paragraph 4

Amendment 1573 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 38 – paragraph 4

Amendment 1574 #

Proposal for a regulation
Article 38 – paragraph 4

Amendment 1575 #

Proposal for a regulation
Article 38 – paragraph 4

4. Member States shall regularly inform the public at large about the role ~~and benefits of health data access bodies~~of the health data access bodies and the benefits and risk of sharing health data for research and decision-making.

Amendment 1576 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 38 – paragraph 4

4. Member States shall regularly inform the public at large about the role, risks and benefits of the secondary use of health data and the role of health data access bodies.

Amendment 1577 #

Proposal for a regulation
Article 38 – paragraph 4

4. Member States and, where applicable, regions shall regularly inform the public at large about the role and benefits of health data access bodies.

Amendment 1578 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 38 – paragraph 4

4. Member States shall regularly inform the public at large about the role and benefits of ~~health data access bodies~~bodies involved in accessing health data.

Amendment 1579 #

Proposal for a regulation
Article 38 – paragraph 4 a (new)

4 a. Health data access bodies shall introduce easy and accessible means for natural persons to lodge complaints, both individually and collectively. Health data access bodies shall inform the complainants at all stages of the process. Health data access bodies shall duly inform about this right in the most visible manner through electronic means.

Amendment 1580 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 38 – paragraph 4 b (new)

4 b. Natural persons shall be able to seek an effective judicial remedy against a legally binding decision of a health data access body concerning them. Health data access bodies shall duly inform about this right in the most visible manner through electronic means.

Amendment 1581 #

Proposal for a regulation
Article 38 a (new)

Article 38 a Right to lodge a complaint with a health data access body 1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the health data access body, where their rights laid down in this Regulation are affected. Where the complaint concerns the rights of natural persons pursuant to Article 38(1), point (d), of this Regulation, the health data access body shall inform and send a copy of the complaint to the supervisory authorities under Regulation (EU) 2016/679. 2. The health data access body with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken. 3. Health data access body shall cooperate to handle and resolve complaints, including by exchanging all relevant information by electronic means, without undue delay.

Amendment 1582 #

Proposal for a regulation
Article 38 a (new)

Article 38 a Right to lodge a complaint with a health data access body 1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the health data access body, where their rights laid down in this Regulation are affected. Where the complaint concerns the rights of natural persons pursuant to Article 38(1), point (d), of this Regulation, the health data access body shall send a copy of the complaint to the supervisory authorities under Regulation (EU) 2016/679. 2. The health data access body with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken. 3. Health data access body shall cooperate to handle and resolve complaints, including by exchanging all relevant information by electronic means, without undue delay.

Amendment 1583 #

Proposal for a regulation
Article 38 a (new)

Amendment 1584 #

Proposal for a regulation
Article 38 b (new)

Article 38 b Right to an effective remedy against a health data access body 1. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a health data access body concerning them. 2. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy where the health data access body which is competent pursuant to Article 37 does not handle a complaint or does not inform the natural or legal person within three months on the progress or outcome of the complaint lodged pursuant to Article 38a. 3. Proceedings against a health data access body shall be brought before the courts of the Member State where the health data access body is established.

Amendment 1585 #

Proposal for a regulation
Article 38 b (new)

Amendment 1586 #

Proposal for a regulation
Article 38 b (new)

Amendment 1587 #

Proposal for a regulation
Article 38 c (new)

Article 38 c Right to compensation 1. Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the entity responsible for the infringement. 2. Any entity processing electronic health data shall be liable for the damage caused by infringing this Regulation.

Amendment 1588 #

Proposal for a regulation
Article 39 – title

Reporting by ~~health data access bodies~~bodies involved in accessing health data

Amendment 1589 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 39 – paragraph 1 – introductory part

1. Each ~~health data access body~~body involved in accessing health data shall publish an annual activity report which shall contain at least the following in relation to its respective tasks:

Amendment 159 #

Draft legislative resolution
Citation 2

— having regard to Article 294(2) and Articles 16, 114 and 11468 of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C9- 0167/2022),

Amendment 1590 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 39 – paragraph 1 – introductory part

1. Each health data access body shall publish an annual activity report that shall include summary data only which shall contain at least the following:

Amendment 1591 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 39 – paragraph 1 – point a

(a) information relating to the data access applications ~~for electronic health~~and data ~~acc~~requests submitted, such as the types of applicants, number of data permits granted or refused, purposes of access and categories of electronic health data accessed, and a summary of the results of the electronic health data uses, where applicable;

Amendment 1592 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 39 – paragraph 1 – point b

Amendment 1593 #

Proposal for a regulation
Article 39 – paragraph 1 – point c

(c) information on the fulfilment of regulatory and contractual commitments by data users and data holders, as well as ~~penalties imposed~~the number and amount of penalties imposed by health data access bodies or supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725;

Amendment 1594 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 39 – paragraph 1 – point d

(d) information on audits carried out on data users to ensure compliance of the processing ~~with~~in the secure processing environment as referred to in Article 50 of this Regulation,

Amendment 1595 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 39 – paragraph 1 – point e

(e) information on third party audits on compliance of secure processing environments with the defined standards, specifications and requirements, as referred to in Article 50(3) of this Regulation;

Amendment 1596 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 39 – paragraph 1 – point j

~~(j) satisfaction from applicants requesting access to data;~~deleted

Amendment 1597 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 39 – paragraph 1 – point n a (new)

(n a) a list of data users whose data permits had to be terminated due to their infringement of Article 35.

Amendment 1598 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 39 – paragraph 1 a (new)

1 a. Data holders should be consulted prior to any results or output of the secondary use being made publicly available to allow for vetting for any unauthorised disclosure related to the IP rights, trade secrets and confidential information of data holders.

Amendment 1599 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 39 – paragraph 2

2. The report shall be transmitted to the Commission, the Council and the European Parliament and made publicly available.

Amendment 160 #

Draft legislative resolution
Citation 4 a (new)

— Having regard to the WHO One Health Initiative,

Amendment 1600 #

Proposal for a regulation
Article 39 – paragraph 2

2. The report shall be transmitted to the Commission, which shall make it publicly available on its website.

Amendment 1601 #

Proposal for a regulation
Article 39 – paragraph 2

2. The reports shall be transmitted to the Commission.

Amendment 1602 #

Proposal for a regulation
Article 39 – paragraph 3

~~3. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to modify the content of the annual activity report.~~

Amendment 1603 #

Proposal for a regulation
Article 39 – paragraph 3

~~3. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to modify the content of the annual activity report.~~

Amendment 1604 #

Proposal for a regulation
Article 39 – paragraph 3

~~3. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to modify the content of the annual activity report.~~

Amendment 1605 #

Proposal for a regulation
Article 39 – paragraph 3

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to modify the content of ~~the~~ annual activity reports.

Amendment 1606 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 40 – paragraph 1

1. When processing personal electronic health data, data altruism organisations shall comply with the rules set out in Chapter IV of Regulation […] [Data Governance Act COM/2020/767 final]. Where data altruism organisations process personal electronic health data using a secure processing envirThis Regulation shall be without prejudice to the processing of datasets based on conmsent, ~~such environments shall also comply with the requirements set out in Article 50 of this Regulation~~including in particular altruistic consent pursuant to [Data Governance Act COM/2020/767 final].

Amendment 1607 #

1. When processing personal electronic health data, data altruism organisations shall comply with the rules set out in Chapter IV of Regulation […] [Data Governance Act COM/2020/767 final]. Where data altruism organisationsIn addition to rules regarding data altruism estabished by Regulation (EU) 2022/868, where recognised data altruism organisations under Chapter IV of that Regulation process personal electronic health data using a secure processing environment, such environments shall also comply with the requirements set out in Article 50 of this Regulation.

Amendment 1608 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 40 – paragraph 1

1. When processing personal electronic health data, data altruism organisations shall comply with the rules set out in Chapter IV of Regulation […] [Data Governance Act COM/2020/767 final]. Whe~~re data altruism organisations process personal electronic health data using~~n processing electronic health data, data altruism organisations shall make use of a secure processing environment, ~~such environments shall~~and also comply with the requirements set out in Article 50 of this Regulation.

Amendment 1609 #

Proposal for a regulation
Article 40 – paragraph 2

2. Health data access bodies shall support the competent authorities designated in accordance with Article 23 of Regulation ~~[…] [Data Governance Act COM/2020/767 final]~~(EU) 2022/868 in the monitoring of entities carrying out data altruism activities, where electronic health data are concerned.

Amendment 161 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Draft legislative resolution
Citation 8 a (new)

— Having regard to the Commission's communication of 3 February 2021 on Europe's Beating Cancer Plan (COM(2021)0044),

Amendment 1610 #

Proposal for a regulation
Article 41 – paragraph 1

1. ~~Where a~~(1) Health data holder ~~is obliged to make~~s shall make relevant electronic health data ~~available~~ under Article 33 ~~or under other Union law or national legislation implementing Union law, it~~available upon request to the health data access body pursuant to a data permit issued or data request granted by such a body. Health data holders shall cooperate in good faith with the health data access bodies, where relevant.

Amendment 1611 #

Proposal for a regulation
Article 41 – paragraph 1

1. Where a health data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate, in compliance with the requirements set out in Article 32 of Regulation (EU) 2016/679, and in good faith with the health data access bodies, where relevant.

Amendment 1612 #

Proposal for a regulation
Article 41 – paragraph 1

1. Where a data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate in compliance with the requirements set out in Article 32 of Regulation (EU) 2016/679, and in good faith with the health data access bodies, where relevant.

Amendment 1613 #

Proposal for a regulation
Article 41 – paragraph 1

1. Where a data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall, where relevant, cooperate in good faith with the health data access bodies~~, w~~ and othere relevant actors involved.

Amendment 1614 #

Proposal for a regulation
Article 41 – paragraph 1

1. Where a data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate in good faith with the health data access bodies or data users, where relevant.

Amendment 1615 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 41 – paragraph 1

1. Where a data holder is obliged to make electronic health data available ~~under Article 33 or under other Union law or national legislation implementing Union law~~to a health data access body under Article 33, it shall cooperate in good faith with the health data access bodies, where relevant.

Amendment 1616 #

Proposal for a regulation
Article 41 – paragraph 1 a (new)

1 a. The health data holder shall put the electronic health data at the disposal of the health data access body within 2 months from receiving the request from the health data access body. In justified cases, after consultation with the health data holder concerned, that period may be extended by the health data access body for a maximum of 2 months. The extention might be shorter than 2 months.

Amendment 1617 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 41 – paragraph 1 b (new)

1 b. Paragraphs 1 and 1a constitute a legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 and/or Article 5(1) point (b) of Regulation (EU) 2018/1725 for the health data holder to make available the electronic health data to the health data acces body, in line with Article 9(2) point (h), (i) and (j) of Regulation (EU) 2016/679 and/or Article 10(2) point (h), (i) and (j) of Regulation (EU) 2018/1725.

Amendment 1618 #

Proposal for a regulation
Article 41 – paragraph 2

2. The data holder shall communicate to the ~~health data ac~~application processing body a general description of the dataset it holds in accordance with Article 55.

Amendment 1619 #

Proposal for a regulation
Article 41 – paragraph 2 a (new)

2 a. Paragraph 1 constitutes a legal obligation in the sense of Article 6(1)(c) of Regulation 2016/679 for the data holder to disclose personal electronic health data to the health data access body, in combination with Article 9(2), points (h), (i) and (j), of Regulation 2016/679.

Amendment 162 #

Draft legislative resolution
Citation 8 a (new)

— Having regard to the Commission's communication of 3 February 2021 on Europe’s Beating Cancer Plan (COM(2021)0044),

Amendment 1620 #

Proposal for a regulation
Article 41 – paragraph 2 a (new)

2 a. Paragraph 1 constitutes a legal obligation in the sense of Article 6(1)(c) of Regulation 2016/679 for the data holder to disclose personal electronic health data to the health data access body, in accordance with Article 9(2), points (h), (i) and (j), of Regulation 2016/679.

Amendment 1621 #

Proposal for a regulation
Article 41 – paragraph 3

3. Where a data quality and utility label accompanies the dataset pursuant to Article 56, the data holder shall provide sufficient documentation to the ~~health data ac~~application processing body for that body to confirm the accuracy of the label.

Amendment 1622 #

Proposal for a regulation
Article 41 – paragraph 3 a (new)

3 a. Where the health data access body finds that the purpose pursuant to the data access application under Article 45 can be fulfilled with anonymised data, the health data access body shall anonymise the data. Where the health data access body finds that the purpose pursuant to the data access application under Article 45 cannot be fulfilled with anonymised data, because it requires combination of data from different data holders, the data holder shall request the explicit consent from each data subject. Only data for which explicit consent has been given shall be put at the disposal of health data access bodies. Both anonymisation and pseudonymisation shall be done following the procedures and requirements pursuant to Article 44(3a). After having anonymised or pseudonymised the data, the health data access body shall delete the fully identifiable data.

Amendment 1623 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 41 – paragraph 3 b (new)

3 b. By derogation from paragraph 3a, where the anonymisation can be done in an automated procedure that does not require an unreasonable effort, the data holder shall anonymise the data following the procedures and requirements pursuant to Article 44(3a), before putting it at the disposal of the health data access body.

Amendment 1624 #

Proposal for a regulation
Article 41 – paragraph 4

4. The data holder shall put the electronic health data at the disposal of the health data access body within 2 months from receiving the request from the health data access body. In exceptional cases, that period may be extended by the health data access body for an additional period of 2 months.deleted

Amendment 1625 #

Proposal for a regulation
Article 41 – paragraph 4

4. ~~The data holder shall put the electronic health data at the disposal of the health data access body within 2 months from receiv~~Where the data holder has a processing environment that meets the conditions of the secure processing environment in accordance with Article 50, the data holder shall make the electronic health data available to the data user through that processing environment, using the pseudonymisation body as an intermediary; where the data holder does not have such a processing environment, the data holder shall put the electronic health data at the disposal of the health data access body, using the pseudonymisation body as an intermediary. The electronic health data shall be made available by the data holder withing t~~he request from the health data ac~~wo months of receipt of the application from the application processing body. In exceptional cases, thate two-month period may be extended by ~~the health data access body for an additional period of 2 months~~a further two months by the application processing body.

Amendment 1626 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 41 – paragraph 4

4. The data holder shall put the electronic health data referred to in paragraph 1 at the disposal of the health data access body within 23 months from receiving the request from the health data access body, taking into account the different technical features between the categories referred to in Article 33(1) and how those can affect the timeframe for the delivery of the data. In exceptional cases, that period may be extended by the health data access body for an additional period of 23 months.

Amendment 1627 #

Proposal for a regulation
Article 41 – paragraph 4

4. The data holder shall put the electronic health data at the disposal of the health data access body within 23 months from receiving the request from the health data access body. In exceptional cases, that period may be extended by the health data access body for an additional period of 2 months.

Amendment 1628 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 41 – paragraph 7

~~7. The Commission is empowered to adopt~~ delegated ~~acts in accordance with Article 67 to amend the duties of the data holders in this Article, to reflect the evolution of activities performed by data holders.~~

Amendment 1629 #

Proposal for a regulation
Article 41 – paragraph 7 a (new)

7 a. This Article shall not apply to health data holders that qualify as microenterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC.Microentreprises may, however, notify the relevant data access body about their wish to voluntarily contribute to the secondary use of health data. This Article shall apply to small enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC 1 year from entry into force of this Regulation.

Amendment 163 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Draft legislative resolution
Citation 8 b (new)

— Having regard to the EU's Framework Programme for Research and Innovation 2021-2027 (Horizon Europe) and the dedicated Horizon Europe Mission on Cancer,

Amendment 1630 #

Proposal for a regulation
Article 41 a (new)

Article 41 a Duties of health data users 1. Health data users may access and process the electronic health data for secondary use referred to in Article 33 only in accordance with the data permit issued by the health data access body in line with Article 46 of this Regulation. 2. Health data users shall not seek access to and process electronic health data obtained via a data permit issued in line with Article 46 of this Regulation for the purposes referred to in Article 35. 3. Health data users shall not re-identify or seek to re-identify the natural persons to which the electronic health data belong which they obtained based on the data permit or data request. Such conduct shall be considered a serious breach of this Regulation. 4. Health data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. In justified cases, especially cases referred to in Article 34(1), point (e), this period may be extended by the relevant health data access body, after consultation with the health data user. The health data users shall inform the health data access bodies from which a data permit was obtained about the results or output and provide them with necessary support in order to make them public also on health data access bodies’ websites, without prejudice to IP rights, the confidentiality of trade secrets and relevant Union legislation. Whenever the health data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS. 5. Without prejudice to paragraph 2, health data users shall inform the health data access body of any clinically significant findings that may influence the health status of the natural persons whose data are included in the dataset. 6. ECDC and EMA shall, in consultation and cooperation with relevant stakeholders, including representatives of patients, health professionals and researchers, create guidelines in order to help health data users to fulfil their obligation under paragraph 3, especially to determine whether their findings are clinically significant. 7. Health data users shall cooperate in good faith with the health data access bodies, where relevant.

Amendment 1631 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 42 – paragraph 1

Amendment 1632 #

Proposal for a regulation
Article 42 – paragraph 1

1. Health data access bodies ~~and single data holders~~ may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to set up, data enrichment, maintainance or updating of the dataset and conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]. No fees should be charged to public health authorities, at local, regional or national level or to address public health research, including but not limited to, epidemiological surveillance or monitoring of health projects and programmes.

Amendment 1633 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 42 – paragraph 1

1. Health data access bodies and single data holders may charge fees to health data users for making electronic health data available for secondary use. ~~Any fees shall include and~~In the case of health data access bodies, any fees shall be derived from the costs related to conducting the procedure for ~~requests, including for~~ assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, ~~in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]~~gathering, combining, preparing, anonymisation or pseudonymisation of the electronic health data or commercially confidential data for secondary use and maintaining of the secure processing environment;

Amendment 1634 #

Proposal for a regulation
Article 42 – paragraph 1

1. Health data access bodies ~~and single data holders~~ may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final], as well as the technical and operational costs to prepare the data sets, including anonymization and pseudonymization, and to make them available.

Amendment 1635 #

Proposal for a regulation
Article 42 – paragraph 1

1. HApplication processing bodies, health data access bodies and single data holders may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]

Amendment 1636 #

Proposal for a regulation
Article 42 – paragraph 1

1. Health data access bodies ~~and single data holders~~ may charge fees for making electronic health data available for secondary use. Any fees shall include and be derived from the costs related to conducting the procedure for requests, including for assessing a data application or a data request, granting, refusing or amending a data permit pursuant to Articles 45 and 46 or providing an answer to a data request pursuant to Article 47, in accordance with Article 6 of Regulation […] [Data Governance Act COM/2020/767 final]

Amendment 1637 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 42 – paragraph 2

2. Where the data in question are not held by the health data access ~~body or a public sector~~ body, the fees may also include compensation for ~~part of the costs for~~ collecting the electronic health data ~~specifically under this Regulation~~ in addition to the fees that may be charged pursuant to paragraph 1. The part of the fees linked to the health data holder’s costs shall be paid to the health data holder and shall also reflect market value of the data in question.

Amendment 1638 #

Proposal for a regulation
Article 42 – paragraph 2

2. WIn the case of health data holders, where the data in question are not held by the data access body or a public sector body, the fees may ~~also include compensation for part of the costs for collect~~be derived from the costs for gathering and preparing the electronic health data for secondary use specifically under this Regulation ~~in addition to the fees that may be charged pursuant to paragraph 1. The part of the fees linked to the data holder’s costs shall be paid to the data holder~~.

Amendment 1639 #

Proposal for a regulation
Article 42 – paragraph 2

2. Where the data in question are not held by the health data access body or a public sector body, the fees may also include compensation for part of the costs for collecting the electronic health data specifically under this Regulation in addition to the fees that may be charged pursuant to paragraph 1. The part of the fees linked to the health data holder’s costs shall be paid to the data holder and shall correspond to the fees’ market value.

Amendment 164 #

Draft legislative resolution
Citation 8 b (new)

— Having regard to the EU’s Framework Programme for Research and Innovation 2021-2027 (Horizon Europe) and the dedicated Horizon Europe Mission on Cancer,

Amendment 1640 #

Proposal for a regulation
Article 42 – paragraph 2

2. Where the data in question are not held by the health data access body ~~or a public sector body,~~ the fees may also include compensation for ~~part of the costs for~~ collecting the electronic health data ~~specifically under this Regulation~~ in addition to the fees that may be charged pursuant to paragraph 1. The part of the fees linked to the health data holder’s costs shall be paid to the health data holder and shall also reflect market value of the data in question.

Amendment 1641 #

Proposal for a regulation
Article 42 – paragraph 2

2. Where the data in question are not held by the data access body or a public sector body, the fees may also include compensation for ~~part of the costs for~~ collecting the electronic health data specifically under this Regulation in addition to the fees that may be charged pursuant to paragraph 1. The part of the fees linked to the data holder’s costs shall be paid to the data holder.

Amendment 1642 #

Amendment 1643 #

Proposal for a regulation
Article 42 – paragraph 3

3. The electronic health data referred to in Article 33(1), point (o), shall be made available to a new user ~~free of charge or~~ against a fee matching the compensation for the costs of the human and technical resources used to enrich the electronic health data. That fee shall be paid to the entity that enriched the electronic health data.

Amendment 1644 #

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate to the cost of collecting and making electronic health data available for secondary use, objectively justified and shall not restrict competition. The fees shall be calculated according to objective criteria, in particular the completeness and representativeness of the data, the number of patients concerned, the scarcity of the data and the cost of any processes used to make the data accessible, such as anonymisation. The support received by the data holder from donations, public national or Union ~~fund~~grants, to set up, develop or update tat dataset shall be excluded from this calculation. The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees, by reducing those fees proportionately to their size or budget.

Amendment 1645 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate ~~to the cost~~workload of collecting and making electronic health data available for secondary use, objectively justified and shall not restrict competition. ~~The support received by the data holder from donations, public national or Union funds, to set up, develop or update tat dataset shall be excluded from this calculation.~~ The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees~~, by reducing those fees proportionately to their size or budget~~.

Amendment 1646 #

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate to the cost of collecting, set up, data enrichment, maintainance or updating of the dataset and making electronic health data available for secondary use, objectively justified and shall not restrict competition. The support received by the data holder from donations, public national or Union funds, to set up, develop or update that dataset shall be excluded from this calculation. The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees, by reducing those fees proportionately to their size or budget.

Amendment 1647 #

Proposal for a regulation
Article 42 – paragraph 4

Amendment 1648 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate to the cost of collecting and making electronic health data available for secondary use, objectively justified and shall not restrict competition. The support received by the data holder from donations, public national or Union funds, to set up, develop or update tat dataset shall be excluded from this calculation. The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, academic and educational institutions, non-commercial entities and healthcare providers shall be taken into account when setting the fees, by reducing those fees proportionately to their size or budget.

Amendment 1649 #

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent ~~and~~, non-discriminatory, proportionate to the cost of ~~collecting and~~ making electronic health data available for secondary use, objectively justified and shall not restrict competition. The support received by the data holder from donations, public national or Union funds, to set up, develop or update tat dataset shall be excluded from this calculation. The specific interests and needs of SMEs and start-ups, public bodies, Union institutions, bodies, offices and agencies involved in scientific research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees, by reducing those fees proportionately to their size or budget.

Amendment 165 #

Draft legislative resolution
Citation 8 c (new)

— Having regard to the European Parliament resolution of 16 February 2022 on strengthening Europe in the fight against cancer – towards a comprehensive and coordinated strategy (2020/2267(INI)), and the work of the Special Committee on Beating Cancer (BECA) in its mandate,

Amendment 1650 #

Proposal for a regulation
Article 42 – paragraph 4

4. Any fees charged to data users pursuant to this Article by the health data access bodies or data holders shall be transparent and proportionate to the cost of collecting and making electronic health data available for secondary use, objectively justified and shall not restrict competition. The support received by the data holder from donations, public national or Union funds, to set up, develop or update that dataset shall be excluded from this calculation. The specific interests and needs of SMEs, public bodies, Union institutions, bodies, offices and agencies involved in research, health policy or analysis, educational institutions and healthcare providers shall be taken into account when setting the fees, by ~~reduc~~aligning those fees proportionately towith their size or budget.

Amendment 1651 #

Proposal for a regulation
Article 42 – paragraph 5

Amendment 1652 #

Proposal for a regulation
Article 42 – paragraph 5

5. Where data holders and data users do not agree on the level of the fees within 1 month of the data permit being granted, the health data access body may set the fees in proportion to the cost of making available electronic health data for secondary use. Where the data users are non-commercial entities, their size and financial resources shall be taken into account when the fees are set. Where the data holder or the data user disagree with the fee set out by the health data access body, they shall have access to dispute settlement bodies set out in accordance with Article 10 of the Regulation […] [Data Act COM/2022/68 final].

Amendment 1653 #

Proposal for a regulation
Article 42 – paragraph 5

5. Where data holders and data users do not agree on the level of the fees within 1 month of the data permit being granted, the ~~health data ac~~application processing body may set the fees in proportion to the cost of making available electronic health data for secondary use. Where the data holder or the data user disagree with the fee set out by the ~~health data ac~~application processing body, they shall have access to dispute settlement bodies set out in accordance with Article 10 of the Regulation […] [Data Act COM/2022/68 final].

Amendment 1654 #

Proposal for a regulation
Article 42 – paragraph 5 a (new)

5 a. The profits generated from the collection or use of health data shall be put to the benefit of Member States’ health systems.

Amendment 1655 #

Proposal for a regulation
Article 42 – paragraph 6

6. The Commission may, by means of implementing acts, lay down principles and rules for the fee policies and fee structures. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).deleted

Amendment 1656 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 42 – paragraph 6

6. The Commission ~~may~~shall, by means of ~~implementing~~delegated acts, lay down principles and rules for the fee policies and fee structures. Those ~~implementing~~delegated acts shall be adopted in accordance with the ~~advisory~~ procedure referred to in Article 6~~8(2)~~7.

Amendment 1657 #

Proposal for a regulation
Article 42 – paragraph 6

6. The Commission ~~may~~shall, by means of implementing acts, lay down principles and rules for the fee policies and fee structures. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 1658 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – title

~~Penalties~~Enforcement by health data access bodies

Amendment 1659 #

Proposal for a regulation
Article 43 – paragraph 1

~~1. Health data access bodies shall monitor and supervise compliance by data users and data holders with the requirements laid down in this Chapter.~~deleted

Amendment 166 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Draft legislative resolution
Citation 8 c (new)

— Having regard to its resolution of 16 February 2022 on strenghtening Europe in the fight against cancer - towards a comprehensive and coordinated strategy (2020/2267(INI)), and the work of the Special Committee on Beating Cancer (BECA) in its mandate,

Amendment 1660 #

Proposal for a regulation
Article 43 – paragraph 2

2. When requesting from data users and data holders the information that is necessary to verify compliance with this Chapter, the health data access bodies shall be proportionate to the performance of the compliance verificationcarrying out its monitoring and supervisory tasks to verify compliance with this Chapter, as referred to in Article 37(1), point (ra), the health data access bodies shall request information from data holders and users that is necessary for the performance of the task.

Amendment 1661 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – paragraph 2

2. When requesting from data users and data holders as well as other bodies involved in accessing health data the information that is necessary to verify compliance with this Chapter, the health data access bodies shall be proportionate to the performance of the compliance verification task.

Amendment 1662 #

3. Where health data access bodies find that a data user or data holder does not comply with the requirements of this Chapter, they shall immediately notify the data user or data holder of those findings and shall give it the opportunity to state its views within ~~2 months.~~4 weeks. Where the finding of non-compliance concerns personal electronic health data, the health data access body shall immediately inform supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of this finding to ensure application and enforcement of this Regulation and relevant provisions of the aforementioned Regulations, including penalties;

Amendment 1663 #

Proposal for a regulation
Article 43 – paragraph 4

4. Health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to fine up to 10% of the data user's annual turnover for the previous financial year or revoke the data permit and to exclude the data user from any access to electronic health data for a period of up to 5 years. Where an EU institution, body or agency is the data user, the power to impose such penalties shall rest with the European Data Protection Supervisor, after notification from the health data access body.

Amendment 1664 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 43 – paragraph 4

4. HNotwithstanding the right for Member States to impose penalties in accordance with Article 69, health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to revoke the data permit and to exclude the data user from any access to electronic health data for a period of up to 5 years.

Amendment 1665 #

4. Health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to revoke the data permit and to exclude the data user from any access to electronic health data for a period of up to 5 years, and fines shall be imposed in accordance with Article 83 of the Regulation (EU) 2016/679.

Amendment 1666 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – paragraph 4

4. Health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to revoke the data permit and to exclude the data user from any access to electronic health data for a period of up to 5 years., and fines shall be imposed in accordance with Article 83 of the Regulation (EU) 2016/679

Amendment 1667 #

Proposal for a regulation
Article 43 – paragraph 4

4. Health data access bodies shall have the power to revoke the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately ~~or within a reasonable time limit,~~ and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. ~~In this regard, t~~The health data access bodies shall be able, where appropriate, ~~to revoke the data permit and~~ to exclude the data user from any access to electronic health data within the EHDS for a period of up to 5 years.

Amendment 1668 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 43 – paragraph 4

4. Health data access bodies shall have the power to ~~revok~~declare the data permit issued pursuant to Article 46 invalid and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able, where appropriate, to ~~revok~~declare the data permit invalid and to exclude the data user from any access to electronic health data for a period of up to 5 years.

Amendment 1669 #

Proposal for a regulation
Article 43 – paragraph 4

4. Health data access bodies shall have the power to ~~revok~~terminate the data permit issued pursuant to Article 46 and stop the affected electronic health data processing operation carried out by the data user in order to ensure the cessation of the non- compliance referred to in paragraph 3, immediately or within a reasonable time limit, and shall take appropriate and proportionate measures aimed at ensuring compliant processing by the data users. In this regard, the health data access bodies shall be able~~, where appropriate, to revoke~~ to terminate the data permit and to exclude the data user from any access to electronic health data for a period of up to 5 years.

Amendment 167 #

Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 16, 114 and 11468 thereof,

Amendment 1670 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 43 – paragraph 4 a (new)

4 a. Any natural person affected by a breach of the data permit issued pursuant to Articles 35 and 46 shall have the right to an effective judicial remedy before a tribunal in accordance with Article 47 of the Charter of Fundamental Rights of the European Union.

Amendment 1671 #

Proposal for a regulation
Article 43 – paragraph 5

5. Where data holders withhold the electronic health data from health data access bodies with the manifest intention of obstructing the use of electronic health data, or do not respect the deadlines set out in Article 41, the health data access body shall have the power to fine the data holder with fines for each day of delay, which shall be transparent and proportionate. The amount of the fines shall be established by the health data access body. In case of repeated breaches by the data holder of the obligation of loyal cooperation with the health data access body, that body can exclude the data holder from participation in the EHDS for a period of up to 5 years. Where a data holder has been excluded from the participation in the EHDS pursuant to this Article, following manifest intention of obstructing the secondary use of electronic health data, it shall not have the right to provide access to health data in accordance with Article 49.

Amendment 1672 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – paragraph 5

Amendment 1673 #

Proposal for a regulation
Article 43 – paragraph 5

Amendment 1674 #

Proposal for a regulation
Article 43 – paragraph 5

Amendment 1675 #

Proposal for a regulation
Article 43 – paragraph 5

Amendment 1676 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 43 – paragraph 5

5. Where data holders withhold the electronic health data from health data access bodies with the manifest intention of obstructing the use of electronic health data, or do not respect the deadlines set out in Article 41, the health data access body shall have the power to fine the data holder with fines for each day of delay, which shall be transparent and proportionate. The amount of the fines shall be established by the health data access body in accordance with the tasks of the EHDS Board, set out in Article 65 of this Regulation. In case of repeated breaches by the data holder of the obligation of loyal cooperation with the health data access body, that body can exclude the data holder from participation in the EHDS for a period of up to 5 years. Where a data holder has been excluded from the participation in the EHDS pursuant to this Article, following manifest intention of obstructing the secondary use of electronic health data, it shall not have the right to provide access to health data in accordance with Article 49.

Amendment 1677 #

Proposal for a regulation
Article 43 – paragraph 5 a (new)

5 a. Any natural person affected by a breach of the data permit issued pursuant to Articles 35 and 46 should have the right to an effective judicial remedy before a tribunal in accordance with Article 47 of the Charter of Fundamental Rights of the European Union.

Amendment 1678 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – paragraph 6

6. The health data access body shall communicate the measures imposed pursuant to paragraphs 4 and 5 and the reasons on which they are based to the data user or holder concerned, without delay, and shall lay down a reasonable period for the data user or holder to comply with those measures.

Amendment 1679 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 43 – paragraph 7

7. Any penalties and measures imposed pursuant to paragraph 4 shall be made available to other health data access bodies and publicly available on the Commission’s website.

Amendment 168 #

Proposal for a regulation
Citation 1

Having regard to the Treaty on the Functioning of the European Union, and in particular Articles 16, 114 and 11468 thereof,

Amendment 1680 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – paragraph 7

7. Any penalties and measures imposed pursuant to paragraph 4 shall be ~~made available~~notified to other health data access bodies.

Amendment 1681 #

Proposal for a regulation
Article 43 – paragraph 8

8. The Commission may, by means of implementing act, set out the architecture of an IT tool aimed to support and make transparent to other health data access bodies the activities referred to in this Article, especially penalties and exclusions. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). Accordingly, the Commission should provide guidance on the penalty calculation system.

Amendment 1682 #

Proposal for a regulation
Article 43 – paragraph 9

~~9. Any natural or legal person affected by a decision of a health data access body shall have the right to an effective judicial remedy against such decision.~~deleted

Amendment 1683 #

Proposal for a regulation
Article 43 – paragraph 10

10. The Commission ~~may~~shall issues guidelines on penalties to be applied by the health data access bodies, in line with the principles set out in Article 69.

Amendment 1684 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 43 – paragraph 10

10. The Commission ~~may~~, without undue delay, shall issues guidelines on penalties to be applied by the health data access bodies.

Amendment 1685 #

Proposal for a regulation
Article 43 – paragraph 10

10. The Commission ~~may~~shall issues guidelines on penalties to be applied by the health data access bodies.

Amendment 1686 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 43 – paragraph 10

10. The Commission ~~may~~shall issues guidelines on penalties to be applied by the health data access bodies.

Amendment 1687 #

Proposal for a regulation
Article 43 – paragraph 10

10. The Commission ~~may~~shall issues guidelines on penalties to be applied by the health data access bodies.

Amendment 1688 #

Proposal for a regulation
Article 43 – paragraph 10 a (new)

10 a. Data holders lawfully protecting their IP rights and commercial property shall not be subject to fines while any disputes concerning the protection of industrial and commercial property are being resolved, in order to avoid conflicting obligations.

Amendment 1689 #

Proposal for a regulation
Article 43 – paragraph 10 b (new)

10 b. Data holders that breach the Regulation are subject to fines.

Amendment 169 #

Sophia IN 'T VELD, Emma WIESNER, Abir AL-SAHLANI

Proposal for a regulation
Citation 2

Having regard to the proposal from the European Commission, reject the proposal for a regulation on the European Health Data Space.

Amendment 1690 #

Proposal for a regulation
Article 44 – paragraph 1

1. The health data access body shall ensure that access is only provided to requested electronic health data relevant for the purpose of processing indicated in the data access application by the data user from natural persons who have explicitly given access to their right data under Article 33(5) and in line with the data permit granted.

Amendment 1691 #

Proposal for a regulation
Article 44 – paragraph 1

1. The health data access body shall ensure that access is only provided to requested electronic health data ~~relevant for~~that are adequate, relevant and limited to what is necessary in relation to the purpose of processing indicated in the data access application by the data user and in line with the data permit granted.

Amendment 1692 #

Proposal for a regulation
Article 44 – paragraph 1

1. The health data access body shall ensure that access is only provided to requested electronic health data ~~relevant~~necessary and relevant and as long as needed for the purpose of processing indicated in the data access application by the data user and in line with the data permit granted.

Amendment 1693 #

Proposal for a regulation
Article 44 – paragraph 1

1. The health data access body shall ensure that access is only provided to requested electronic health data that is necessary and relevant for the purpose of processing indicated in the data access application by the data user and in line with the data permit granted.

Amendment 1694 #

Proposal for a regulation
Article 44 – paragraph 1

1. The health data access body or the data holder shall ensure that access is only provided to requested electronic health data relevant for the purpose of processing indicated in the data access application by the data user and in line with the data permit granted.

Amendment 1695 #

Proposal for a regulation
Article 44 – paragraph 1 a (new)

1 a. Data anonymisation shall be carried out as much as possible by health data holders, following a common methodology, ensuring that the process is reduced at the level of health data access bodies.

Amendment 1696 #

Proposal for a regulation
Article 44 – paragraph 2

Amendment 1697 #

Proposal for a regulation
Article 44 – paragraph 2

2. The health data access bodies shall provide the electronic health data in an anonymised format, where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user. The health data access bodies shall indicate the entity in charge of the anonymization and the anonymization standard applied. Special safeguards shall be applied in the case of rare diseases. Data users shall not attempt to re-identify the data subject of the anonymised data.

Amendment 1698 #

Proposal for a regulation
Article 44 – paragraph 2

2. The health data access bodies shall provide the electronic health data in an anonymised format, where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user. The health data access bodies shall specify which entity has been tasked with anonymisation and which anonymisation standard has been applied. Specific provisions shall be put in place for data on rare diseases.

Amendment 1699 #

Proposal for a regulation
Article 44 – paragraph 2

2. The health data access bodies shall provide the electronic health data in an anonymised format~~, where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user.~~:

Amendment 170 #

Proposal for a regulation
Recital 1

(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes that would benefit the society such as research, innovation, policy- making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in ~~conformity with Union value~~existing EU regulations on the protection of health data and respect for individual and collective freedoms.

Amendment 1700 #

Proposal for a regulation
Article 44 – paragraph 2

2. The health data access bodies or data holders shall provide the electronic health data in an anonymised format, where appropriate using the pseudonymisation body as an intermediary, where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user.

Amendment 1701 #

Proposal for a regulation
Article 44 – paragraph 2

2. The health data access bodies shall always provide the electronic health data in an anonymised format, where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user.

Amendment 1702 #

Proposal for a regulation
Article 44 – paragraph 2 – point a (new)

(a) where the purpose of processing by the data user can be achieved with such data, taking into account the information provided by the data user, or

Amendment 1703 #

Proposal for a regulation
Article 44 – paragraph 2 – point b (new)

(b) where the data subject has not given explicit consent for the secondary use of their personal data.

Amendment 1704 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.deleted

Amendment 1705 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. For that purpose, health data access points shall verify in advance the compliance of the pseudonymisation of the data for processing by the data user with Article 6 and, where relevant, Article 9 of Regulation (EU) 2016/679. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1706 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. For that purpose, health data access points shall verify in advance the compliance of the pseudonymisation of the data for processing by the data user with Article 6 or Article 9 of Regulation (EU) 2016/679. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1707 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the ~~purpose of the data user’s~~data user has demonstrated that the purpose of processing cannot be achieved with anonymised data, ~~taking into account the information provided by the data user~~in line with Article 46(1c), the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be ~~subject to appropriat~~considered a particularly serious breach of this Regulation and shall be subject to effective, proportionate and dissuasive penalties.

Amendment 1708 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, or for the purpose of the evaluation of the benefits and risks of medicinal products or of the identification and assessment of threats to human health posed by infectious diseases, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information ~~necessary~~required to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1709 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. ~~The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.~~

Amendment 171 #

Proposal for a regulation
Recital 1

(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to ~~improve~~grant access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for the improvement for other purposes that would benefit the society such as research, innovation, policy- making, health threats preparedness and control, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal and technical framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in conformity with Union values.

Amendment 1710 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format where the data subject has given their explicit consent. The information necessary to reverse the pseudonymisation shall be available only to ~~the health data access body~~data holder. Data users shall not re- identify the electronic health data provided to them in anonymised or pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring anonymisation or pseudonymisation shall be subject to appropriate penalties.

Amendment 1711 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information ~~necessary~~required to reverse the pseudonymisation shall be available only to the health data access body, which will eliminate it after pseudonymisation completion. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1712 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies or the data holder shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the ~~heal~~pseudonymisation body or the data ~~access body~~holder. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the ~~heal~~pseudonymisation body’s or the data ~~access body~~holder’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1713 #

Proposal for a regulation
Article 44 – paragraph 3

3. WOnly in the exceptional cases where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1714 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring anonymisation and pseudonymisation shall be subject to appropriate penalties.

Amendment 1715 #

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data ~~access body~~holder. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.

Amendment 1716 #

Proposal for a regulation
Article 44 – paragraph 3 – point 1 (new)

(1) 4. The health data access body may, where necessary, provide personally identifiable electronic health data in accordance with Regulation (EU) 2016/679 and national law.

Amendment 1717 #

Proposal for a regulation
Article 44 – paragraph 3 a (new)

3 a. Taking into account the state of the art and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the health data access body shall apply appropriate anonymisation or pseudonymisation techniques to ensure a high level of security, appropriate to the risk of re-identification.

Amendment 1718 #

Proposal for a regulation
Article 44 – paragraph 3 a (new)

Amendment 1719 #

Proposal for a regulation
Article 44 – paragraph 3 a (new)

Amendment 172 #

Proposal for a regulation
Recital 1

(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes that would benefit the society such as research, innovation, policy- making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data), and in line with the objectives of the WHO One Health Initiative. In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in conformity with Union values.

Amendment 1720 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 44 – paragraph 3 a (new)

3 a. The Commission shall, by means of implementing acts, set out the procedures and requirements, and provide technical tools, for a unified and irreversible procedure for anonymising and pseudonymising the electronic health data. Those implementing act sshall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 1721 #

Proposal for a regulation
Article 44 – paragraph 3 a (new)

3 a. In providing anonymised and pseudonymised datasets, health data access bodies shall follow the state-of-the- art in anonymisation and pseudonymisation technologies. The European Health Data Space Board, together with the digital health authorities, shall discuss and create norms and standards for data holders to apply.

Amendment 1722 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 44 – paragraph 3 a (new)

3 a. The anonymisation or pseudonymisation required for sharing data sets for secondary use shall be subject to minimum quality requirements, to ensure its robustness and avoid data to be exposed for abusive purposes.

Amendment 1723 #

Proposal for a regulation
Article 44 – paragraph 3 a (new)

3 a. The failure by the data user to respect the measures of the health data access body ensuring anonymisation and pseudonymisation shall be subject to appropriate penalties pursuant Article 43.

Amendment 1724 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 1

1. Any natural or legal person with a demonstrable link to the health or care sector and specifically activities relevant for the purposes listed in Article 34(1) of this Regulation may submit a data access application for the purposes referred to in Article 34.

Amendment 1725 #

Proposal for a regulation
Article 45 – paragraph 1

1. Any ~~natural or legal person~~entity active in the area of health care, public health, or scientific or medical research may submit a data access application for the purposes referred to in Article 34.

Amendment 1726 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 1

1. ~~Any natural or legal person~~Union citizens and third-country nationals legally residing in the EU or legal person established in the EU may submit a data access application for the purposes referred to in Article 34.

Amendment 1727 #

Proposal for a regulation
Article 45 – paragraph 2 – point -a (new)

(-a) the applicant´s identity, description of professional functions and operations, including the identity of the concrete persons who will have access to electronic health data, if a data permit is granted;

Amendment 1728 #

Proposal for a regulation
Article 45 – paragraph 2 – point -a (new)

(-a) a description of the applicant's identity, professional function and operation, including the identity of who will have access to the electronic health data;

Amendment 1729 #

Proposal for a regulation
Article 45 – paragraph 2 – point -a a (new)

(-a a) a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, unless the data access application only concerns aggregated data that makes the re- identification of a natural person impossible;

Amendment 173 #

Proposal for a regulation
Recital 1

(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes that would benefit the society such as research, innovation, policy- making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’), as well as the clarification of access to those data, in conformity with Union values.

Amendment 1730 #

Proposal for a regulation
Article 45 – paragraph 2 – point a

(a) a detailed explanation of the intended use of the electronic health data, including ~~for which of~~: (i) the purposes referred to in Article ~~34(1) access is sought;~~ 9(2), points (i) and (j), of Regulation (EU) 2016/679, combined with Article 34(1); (ii) demonstrable evidence that the stated purpose is of public interest.

Amendment 1731 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point a

(a) a detailed explanation of the intended use of the electronic health data, including for which of the purposes referred to in Article 9(2) of Regulation (EU) 2016/679, in combination with Article 34(1), access is ~~sought~~necessary;

Amendment 1732 #

Proposal for a regulation
Article 45 – paragraph 2 – point a

(a) a detailed plan and explanation of the intended use of the electronic health data, including for which of the purposes referred to in Article 34(1) access is sought;

Amendment 1733 #

Proposal for a regulation
Article 45 – paragraph 2 – point a

(a) a detailed explanation of the intended use and benefit related to that use of the electronic health data, including ~~for which of the purposes referred to in Article 34(1) access is sought;~~:

Amendment 1734 #

Proposal for a regulation
Article 45 – paragraph 2 – point a – point i (new)

i) the purposes referred to in Article 9 (2), points (i) and (j), of Regulation 2016/679, combined with Article 34(1);

Amendment 1735 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point a – point ii (new)

ii) demonstrable evidence that the stated purpose is of public interest.

Amendment 1736 #

Proposal for a regulation
Article 45 – paragraph 2 – point a a (new)

(a a) a declaration that the applicant has sufficient experience to manage the intended uses of the data requested, consistent with ethical practice and applicable laws and regulations;

Amendment 1737 #

Proposal for a regulation
Article 45 – paragraph 2 – point a a (new)

(a a) a description of the applicant’s identity, professional function and operation, including the identity of who will have access to the electronic health data;

Amendment 1738 #

Proposal for a regulation
Article 45 – paragraph 2 – point a a (new)

(a a) a description of the applicant's identity, professional function and operation, including the identity of anyone with access to the electronic health data;

Amendment 1739 #

Proposal for a regulation
Article 45 – paragraph 2 – point a a (new)

(a a) demonstrable evidence that the stated purpose is of public interest;

Amendment 174 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 1

(1) The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes in the health sector that would benefit the society such as research, innovation, policy- making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). In addition, the goal is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in conformity with Union values.

Amendment 1740 #

Proposal for a regulation
Article 45 – paragraph 2 – point a b (new)

(a b) a detailed explanation of the expected benefits related to the use;

Amendment 1741 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point b

(b) a description of the requested electronic health data, their timeframe, format and data sources, where possible, including geographical coverage where data is requested from several Member States;

Amendment 1742 #

Proposal for a regulation
Article 45 – paragraph 2 – point c

(c) an indication whether electronic health data ~~should~~need to be made available in a~~n anonymised form~~ pseudonymised format and the reason why the envisaged purpose for processing cannot be pursued using anonymised data;

Amendment 1743 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point c

Amendment 1744 #

Proposal for a regulation
Article 45 – paragraph 2 – point c

Amendment 1745 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point d

~~(d) where applicable, an explanation of the reasons for seeking access to electronic health data in a pseudonymised format;~~deleted

Amendment 1746 #

Proposal for a regulation
Article 45 – paragraph 2 – point e

(e) a description of the safeguards planned to prevent any other use or misuse of the electronic health data, including attempts to re-identify natural persons whose data are part of the dataset;

Amendment 1747 #

Proposal for a regulation
Article 45 – paragraph 2 – point e

(e) a description of the safeguards planned to prevent any other use or any misuse of the electronic health data, including the re-identification of natural persons in the dataset;

Amendment 1748 #

Proposal for a regulation
Article 45 – paragraph 2 – point e

(e) a description of the safeguards planned to prevent any other misuse of the electronic health data, including the re- identification of natural persons in the dataset;

Amendment 1749 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 45 – paragraph 2 – point f

(f) a description of the ~~safeguards planned to protect the rights and interests of the data holder and of the natural persons concerned~~necessary technical and organizational measures pursuant to Article 32 of Regulation (EU) 2016/679;

Amendment 175 #

Proposal for a regulation
Recital 1 a (new)

(1 a) In line with the One Health and Health in All Policies principles, legally defined in Article 3 of the Regulation (EU) No 2022/2371 of the European Parliament and of the Council of 23 November 2022 on serious cross-border threats to health and repealing Decision No 1082/2013/EU, the protection of human health is a matter which has a cross-cutting dimension and is relevant to numerous Union policies and activities. Following these two principles, the Union has created, develops and monitors its EHDS.

Amendment 1750 #

Proposal for a regulation
Article 45 – paragraph 2 – point f a (new)

(f a) a description of the necessary technical and organizational measures pursuant to Article 32 of Regulation (EU) 2016/679;

Amendment 1751 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 45 – paragraph 2 – point f b (new)

(f b) a description of how the data applicant is qualified vis-à-vis the intended purposes of data use, such as professional qualifications to demonstrate appropriate expertise;

Amendment 1752 #

Proposal for a regulation
Article 45 – paragraph 2 – point g

(g) an justified estimation of the period during which the electronic health data is needed for processing;

Amendment 1753 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point h

(h) a description of the free and open- source tools and computing resources needed for a secure environment.

Amendment 1754 #

Proposal for a regulation
Article 45 – paragraph 2 – point h a (new)

(h a) where applicable, information on the assessment of ethical aspects of the processing and evidence of ethics approval obtained by the competent ethics committee in line with national law;

Amendment 1755 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 45 – paragraph 2 – point h a (new)

(h a) all information under Article 14 of Regulation (EU) 2016/679 and information regarding the exercise of the rights of natural persons according to Chapter III of Regulation (EU) 2016/67;

Amendment 1756 #

Proposal for a regulation
Article 45 – paragraph 2 – point h a (new)

(h a) a communication plan defining audiences and tools to publicly inform on the results or outcomes of the access to the data in accordance with Article 46(11);

Amendment 1757 #

Proposal for a regulation
Article 45 – paragraph 2 – point h a (new)

(h a) a communication plan defining audiences and tools to publicly inform on the results or outcomes of the access to the data in accordance with Article 46(11).

Amendment 1758 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 2 – point h b (new)

(h b) a signed agreement pledging to respect the common code of ethical conduct for the secondary uses of personal health data as developed by the EHDS Board in accordance with Article 65(2), point (g).

Amendment 1759 #

Proposal for a regulation
Article 45 – paragraph 2 – point h b (new)

(h b) a declaration that the intended uses of the data requested do not pose a risk of stigmatisation or dignitary harm to both individuals and the groups implicated in the dataset requested;

Amendment 176 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 1 a (new)

(1 a) The EHDS constitutes a key component for the creation of a strong and resilient European Health Union to better protect the health of European citizens, prevent and address future pandemics and improve resilience of Europe’s health systems.

Amendment 1760 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 45 – paragraph 2 – point h b (new)

(h b) provide the specified information under Article 14 of Regulation (EU) 2016/679 and facilitate the exercise of the rights of natural persons with Chapter III of Regulation (EU) 2016/67.

Amendment 1761 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 45 – paragraph 2 – point h c (new)

(h c) information, such as but not limited to professional qualifications, which justify the data applicant's suitability to use the requested data for the intended purpose.

Amendment 1762 #

Proposal for a regulation
Article 45 – paragraph 2 a (new)

2 a. Data users that are private entities shall have a proven track-record of trustworthy and successful involvement in medical research or education. They shall submit a declaration setting out their vested interest in the processing as described in point a of paragraph 1.

Amendment 1763 #

Proposal for a regulation
Article 45 – paragraph 3

3. Data users seeking access to electronic health data from more than one Member State shall ~~submit a single application to one of the concerned health data access bodies of their choice which shall be responsible for sharing the request wit~~be able to submit the applications through other health data access bodies and authorised participants in HealthData@EU referred to in Article 52, which have been identified in the data access application. For requests to access electronic health data from more than one Member States, the health data access body shall notify the other relevant health data access bodies of the receipt of an application relevant to them within 15 days from the date of receipt of the data access application HealthData@EU referred to in Article 52 by indicating what data they request from wich Member State.

Amendment 1764 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 3

3. Data users seeking access to electronic health data from more than one Member State shall submit a single application to one of the concerned ~~health data ac~~application processing bodies of their choice which shall be responsible for sharing the request with other ~~health data ac~~application processing bodies and authorised participants in HealthData@EU referred to in Article 52, which have been identified in the data access application. For requests to access electronic health data from more than one Member States, the ~~health data ac~~application processing body shall notify the other relevant ~~health data ac~~application processing bodies of the receipt of an application relevant to them within 15 days from the date of receipt of the data access application.

Amendment 1765 #

Proposal for a regulation
Article 45 – paragraph 3

3. Data users seeking access to electronic health data from more than one Member State shall submit a single application to one of the concerned health data access bodies of their choice which shall be responsible for sharing the ~~request~~application with the other health data access bodies and authorised participants in HealthData@EU referred to in Article 52, which have been identified in the data access application. ~~For requests to access electronic health data from more than one Member States~~In such a case, the health data access body shall notify the other relevant health data access bodies of the receipt of an application relevant to them within 15 days from the date of receipt of the data access application.

Amendment 1766 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 45 – paragraph 3

3. Data users seeking access to electronic health data from more than one Member State shall submit a single application to one of the concerned health data access bodies of their choice which shall be responsible for sharing the request with other health data access bodies and authorised participants in HealthData@EU referred to in Article 52, which have been identified in the data access application. For requests to access electronic health data from more than one Member States, the health data access body shall notify the other relevant health data access bodies of the receipt of an application relevant to them within 1530 days from the date of receipt of the data access application.

Amendment 1767 #

Proposal for a regulation
Article 45 – paragraph 4 – introductory part

4. Where the applicant intends to access the personal electronic health data in a pseudonymised format or non- personal data, the following additional information shall be provided together with the data access application:

Amendment 1768 #

Proposal for a regulation
Article 45 – paragraph 4 – introductory part

4. Where the applicant ~~intend~~requests to access the personal electronic health data in a pseudonymised format, the following additional information shall be provided together with the data access application:

Amendment 1769 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of how the processing would comply with ~~Article 6(1) of~~applicable Union and national law on data protection and privacy, notably Regulation (EU) 2016/679 and, where relevant, Regulation (EU) 201~~6/679~~8/1725;

Amendment 177 #

Proposal for a regulation
Recital 1 b (new)

(1 b) This Regulation should work horizontally with other European programs such as the Digital Europe Programme, Connecting Europe Facility and Horizon Europe. The European Commission should ensure that other European programs complement and facilitate the implementation of the European Health Data Space.

Amendment 1770 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of how the processing would comply with Article 6(1) and 9(2) of Regulation (EU) 2016/679 or Articles 5(1) and 10(2) of Regulation (EU) 2018/1725;

Amendment 1771 #

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of how the processing would comply with Article 6(1) and, where applicable, Article 9 of Regulation (EU) 2016/679;

Amendment 1772 #

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of ~~how the processing would comply with~~the legal basis on which the processing is to be carried out within the meaning of Article 6(1) of Regulation (EU) 2016/679;

Amendment 1773 #

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of how the processing would comply with Article 6(1) or Article 9 of Regulation (EU) 2016/679;

Amendment 1774 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 4 – point a

(a) a description of how the processing would comply with ~~Article 6(1) of~~ Regulation (EU) 2016/679;

Amendment 1775 #

Proposal for a regulation
Article 45 – paragraph 4 – point a a (new)

(a a) a detailed demonstration that the purpose of processing cannot be achieved with anonymised data;

Amendment 1776 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 4 – point b

~~(b) information on the assessment of ethical aspects of the processing, where applicable and in line with national law.~~deleted

Amendment 1777 #

Proposal for a regulation
Article 45 – paragraph 4 – point b

(b) information on the assessment of ethical aspects of the processing~~, where applicable and in line with national law~~.

Amendment 1778 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 5 – subparagraph 1

For the implementation of the tasks referred to in Article 37(1), points (b) and (c), the public sector bodies and the Union institutions, bodies, offices and agencies shall provide the same information as requested under Article 45(2)~~, except for point (g), where they shall submit information concerning the period for which the data can be accessed, the frequency of that access or the frequency of the data updates~~.

Amendment 1779 #

Proposal for a regulation
Article 45 – paragraph 5 – subparagraph 2

Where the public sector bodies and the Union institutions, bodies, offices and agencies intend to access the electronic health data in pseudonymised format, a description of how the processing would comply with Article 6(1) of Regulation (EU) 2016/679 or Article 5(1) of Regulation (EU) 2018/1725, as applicable, shall also be provided.deleted

Amendment 178 #

Proposal for a regulation
Recital 2

(2) The COVID-19 pandemic has highlighted the imperative of having timely access to electronic health data for health threats preparedness and response, as well as for diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, and ultimately would have helped to save lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural approach at Member States and Union level. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).deleted

Amendment 1780 #

Proposal for a regulation
Article 45 – paragraph 5 – subparagraph 2

Where the public sector bodies and the Union institutions, bodies, offices and agencies intend to access the electronic health data in pseudonymised format, a description of how the processing would comply with Article 6(1) and Article 9 of Regulation (EU) 2016/679, or Article 5(1) and Article 10 of Regulation (EU) 2018/1725, as applicable, shall also be provided.

Amendment 1781 #

Proposal for a regulation
Article 45 – paragraph 5 – subparagraph 2

Amendment 1782 #

Proposal for a regulation
Article 45 – paragraph 6

6. The Commission may, by means of 6. implementing acts, set out the templates for the data access application referred to in this Article, the data permit referred to in Article 46 and the data request referred to in Article 47. These templates shall be developed with the aim to limit unnecessary bureaucratic burden for applicants to the greatest possible extent. Those implementing acts shall be adopted in accordance with the procedure referred to in Article 68(2).

Amendment 1783 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 45 – paragraph 6

6. The Commission ~~may~~shall, by means of implementing acts, set out the templates for the data access application referred to in this Article, the data permit referred to in Article 46 and the data request referred to in Article 47. Those implementing acts shall be adopted in accordance with the procedure referred to in Article 68(2) and shall be limited to what is strictly necessary to avoid any unnecessary administrative burden.

Amendment 1784 #

Proposal for a regulation
Article 45 – paragraph 6

6. The Commission ~~may~~, assisted by the EHDS Board set out in Article 64, shall, by means of implementing acts, set out the templates for the data access application referred to in this Article, the data permit referred to in Article 46 and the data request referred to in Article 47. Those implementing acts shall be adopted in accordance with the procedure referred to in Article 68(2).

Amendment 1785 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 6

6. The Commission ~~may~~shall, by means of implementing acts, set out the templates for the data access application referred to in this Article, the data permit referred to in Article 46 and the data request referred to in Article 47. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68(2a).

Amendment 1786 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 45 – paragraph 7

7. The Commission is empowered to 7. adopt delegated acts in accordance with Article 67 to amend the list of information in paragraphs 2, 4, 5 ~~and 6~~ of this Article, to ensure the adequacy of the list for processing a data access application at national or cross-border level.

Amendment 1787 #

Proposal for a regulation
Article 46 – paragraph 1

1. Health data access bodies shall ~~assess if the application fulfils one of the purposes listed in~~grant access to electronic health data only if the application fulfils all of the following criteria: (a) the purposes described in the data access application correspond to at least one of the purposes listed in Article 9(2) of Regulation (EU) 2016/679, combined with Article 34(1) of this Regulation~~, if~~; (b) the requested data is necessary and relevant for the purpose ~~list~~described in the ~~application and if the requirements in this Chapter are fulfill~~data access application; (c) the processing complies with applicable Union and national data protection law. The health data access bodies shall consult the relevant data protection authorities on this matter; (d) the information provided byin the applica~~nt. If that is the case, the health data access body shall issue a data permit.~~ tion demonstrates sufficient safeguards to protect the rights and interests of the data holder and of the natural persons concerned and to prevent any other use or misuse of the data, including the re-identification of natural persons.

Amendment 1788 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 46 – paragraph 1

1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, ~~the health data access body shall issue a data permit~~and only after any data sharing agreement(s) on mutually agreed terms required by this Regulation, such as set out in Article 46a, are signed, the health data access body shall issue a data permit. However, any assessments by health data access bodies of an application concerning any data under Article 33(4) shall require the health data access bodies to consult the data holder(s).

Amendment 1789 #

Proposal for a regulation
Article 46 – paragraph 1

Amendment 179 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 2

(2) The COVID-19 pandemic has highlighted the imperative of having timely access to quality electronic health data for health threats preparedness and response, as well as for prevention, diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, to reduced costs and an improved response to health threats and ultimately would have helped to save more lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural and systemicapproach at Member States and Union level. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).

Amendment 1790 #

Proposal for a regulation
Article 46 – paragraph 1

1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary, adequate, and proportionate for the purpose listed in the application, if it received a favourable opinion from an authorised ethics committee, where applicable, or after conducting a data protection impact assessment, and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the health data access body shall issue a data permit.

Amendment 1791 #

Proposal for a regulation
Article 46 – paragraph 1

Amendment 1792 #

Proposal for a regulation
Article 46 – paragraph 1

Amendment 1793 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Amendment 1794 #

Proposal for a regulation
Article 46 – paragraph 1

1. HWhen health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the health data access body shall issue a data permit.decide whether to grant or refuse a data permit, they shall assess if the health data access application referred to in Article 45 fulfils the following criteria:

Amendment 1795 #

Proposal for a regulation
Article 46 – paragraph 1

1. ~~Health data ac~~Application processing bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant. If that is the case, the ~~health data ac~~application processing body shall issue a data permit.

Amendment 1796 #

Proposal for a regulation
Article 46 – paragraph 1 – point a (new)

(a) the purposes described in the application match one of the purposes listed in Article 9(2) of Regulation (EU) 2016/679 in combination with Article 34(1) of this Regulation;

Amendment 1797 #

Proposal for a regulation
Article 46 – paragraph 1 – point b (new)

(b) the requested data is necessary, adequate and proportionate for the purpose listed in the application;

Amendment 1798 #

Proposal for a regulation
Article 46 – paragraph 1 – point c (new)

(c) the processing complies with applicable Union and national data protection law. The health data access bodies shall seek the advice from the competent data protection authorities for this matter;

Amendment 1799 #

Proposal for a regulation
Article 46 – paragraph 1 – point d (new)

(d) the information provided in the application demonstrates sufficient safeguards planned to protect the rights and interests of the health data holder and of the natural persons concerned and to prevent any misuse;

Amendment 180 #

Proposal for a regulation
Recital 2

(2) The COVID-19 pandemic has highlighted the imperative of having timely access to electronic health data for health threats preparedness and response, as well as for diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, and ultimately would have helped to save lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural approach at Member States and Union level, including appropriate measures on access to, and protection of, patients' personal data. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).

Amendment 1800 #

Proposal for a regulation
Article 46 – paragraph 1 – point e (new)

(e) the information on the assessment of ethical aspects of the processing, where applicable, is in line with national law;

Amendment 1801 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 1 – point f (new)

(f) other requirements in this Chapter.

Amendment 1802 #

Proposal for a regulation
Article 46 – paragraph 1 a (new)

1 a. (a) the purpose described in the health data access application is one of the purposes listed in Article 34(1) of this Regulation, regardless of whether the health data access application concerns anonymised or pseudonymised data; (b) the requested data is necessary for the purpose or purposes listed in the health data access application; (c) where electronic health data is requested in pseudonymised format, the information provided by the applicant demonstrates that the purposes of processing described in the application, and which are in line with point (a) of this paragraph, cannot be achieved with electronic health data in anonymised format; (d) the processing of pseudonymised electronic health data, if the data permit would be granted, will be in line with Articles 6(1) and 9(2) of Regulation (EU) 2016/679 or Articles 5(1) and 10(2) of Regulation (EU) 2018/1725; (e) the applicant demonstrates sufficient safeguards to prevent any other use or misuse of the electronic health data and to protect the rights and interests of the data holder and of the natural persons concerned; (f) all other requirements in this Chapter are fulfilled by the applicant. In this process, the health data access bodies shall also take into consideration the history of applications from the same applicant. The health data access bodies shall ensure that the data will not be used for something a reasonable participant would find objectionable, or uses that health data access bodies would have reason to believe participants within the dataset would find objectionable.

Amendment 1803 #

Proposal for a regulation
Article 46 – paragraph 1 a (new)

1 a. Furthermore, when the health data access bodies make their decisions to grant or refuse access to electronic health data, they shall assess if the applicant fulfils the following criteria: (a) the purposes described in the data access application match one or more of the purposes listed in Article 34(1) of this Regulation; (b) the requested data is necessary for the purpose described in the data access application; (c) the processing complies with applicable Union and national data protection law.The health data access bodies shall seek the advice from the competent data protection authorities for this matter; (d) the information provided in the application demonstrates sufficient safeguards planned to protect the rights and interests of the health data holder and of the natural persons concerned and to prevent any misuse (e) the information on the assessment of ethical aspects of the processing, where applicable, is in line with national law; (f) the option of individuals to opt-out with respect to the secondary use of their personal health data; (g) other requirements in this Chapter.

Amendment 1804 #

Proposal for a regulation
Article 46 – paragraph 1 a (new)

1 a. Nothwithstanding paragpraph 1, health data access bodies may, exceptionally and with due justification, refuse to grant data permit on any of the following grounds: (a) national security; (b) defence; (c) public security; (d) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; (e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security; (f) the protection of the data subject or the rights and freedoms of others.

Amendment 1805 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 2

2. Health data access bodies shall refuse all applications including one or more purposes listed in Article 35 ~~or where requirements in this Chapter are not met~~, all applications that do not fulfill the criteria referred to in paragraph 1 or where requirements in this Chapter are not met. The data authorisation shall not be granted for personal electronic health data where the data subject has not given consent pursuant to Article 33(5).

Amendment 1806 #

Proposal for a regulation
Article 46 – paragraph 2

2. HIf the health data access bod~~ies shall refuse all applications including one or more purposes listed in Article 35 or~~y in its independent assessment concludes that the requirements listed in paragraph 1 of this Article are met, as well as all other requirements of this Chapter, the health data access body shall grant the health data permit. Health data access bodies shall refuse all applications where the requirements in this Chapter are not met.

Amendment 1807 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 46 – paragraph 2

2. Health data access bodies shall refuse all applications including one or more purposes listed in Article 35 or, applications where the necessity of processing for the intended purpose has not been sufficiently demonstrated, applications that do not sufficiently provide safeguards on re-identification, and applications where requirements in this Chapter are not met.

Amendment 1808 #

2. Health data access bodies shall refuse all applications including one or more purposes listed in Article 35 or where requirements in this Chapter are not met. The data authorisation shall not be granted where the data subject opted-out to the processing pursuant to Article 33(5).

Amendment 1809 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 46 – paragraph 2

2. Health data access bodies shall refuse all applications including one or more purposes listed in Article 35 or where requirements in this Chapter are not met, including in the event a data holder permissibly refuses to give access to its data under Article 33(1).

Amendment 181 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR

Proposal for a regulation
Recital 2

(2) The COVID-19 pandemic has highlighted the imperative of having timely access to quality electronic health data for health threats preparedness and response, as well as for prevention, diagnosis and treatment and secondary use of health data. Such timely access would have contributed, through efficient public health surveillance and monitoring, to a more effective management of the pandemic, and ultimately would have helped to save lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/126941, to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of the pandemic, but this was only an emergency solution, showing the need for a structural approach at Member States and Union level. _________________ 41 Commission Implementing Decision (EU) 2019/1269 of 26 July 2019 amending Implementing Decision 2014/287/EU setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (OJ L 200, 29.7.2019, p. 35).

Amendment 1810 #

Proposal for a regulation
Article 46 – paragraph 2

2. ~~Health data ac~~Application processing bodies shall refuse all applications including one or more purposes listed in Article 35 or where requirements in this Chapter are not met.

Amendment 1811 #

Proposal for a regulation
Article 46 – paragraph 3

3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. If the health data access body finds that the data access application is incomplete, it shall notify the data user and indicate the documents to be filed subsequently. If the data user does not fullfill this request within 4 weeks, a permit will not be granted. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.

Amendment 1812 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 46 – paragraph 3

Amendment 1813 #

Proposal for a regulation
Article 46 – paragraph 3

3. A health data access body shall issue or refuse a data permit within 26 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application ~~by 2 additional months~~ where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. ~~Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.~~

Amendment 1814 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 3

3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation ~~[…] [Data Governance Act COM/2020/767 final]~~(EU) 2022/868, the health data access body may extend the period for responding to a data access application by 2a maximum of 3 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. ~~Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued.~~

Amendment 1815 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 46 – paragraph 3

Amendment 1816 #

Proposal for a regulation
Article 46 – paragraph 3

3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from ~~that~~ Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. ~~Where a health data access body fails to provide a decision within the time limit, the data permit shall be issued~~.

Amendment 1817 #

Proposal for a regulation
Article 46 – paragraph 3

Amendment 1818 #

Proposal for a regulation
Article 46 – paragraph 3

Amendment 1819 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 46 – paragraph 3

Amendment 182 #

Proposal for a regulation
Recital 2 a (new)

(2 a) It is important to bear in mind that health data is not a natural resource that is available for exploitation, but a very sensitive resource which can put individuals, families and companies at risk. Among other relevant legal provisions, this Regulations sets out that electronic health data should be stored in the territory of the Union. It also seeks to ensure the right of every patient to have their data stored with the doctor or therapist of their choice, not remotely, but accessible, and ensure that it is not at risk of hacking. Finally, patients should be asked to give their consent to share their data. Therefore, patients should be asked to be totally in charge of their data and if they want to share it.

Amendment 1820 #

Proposal for a regulation
Article 46 – paragraph 3

3. A ~~health data ac~~n application processing body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the ~~health data ac~~application processing body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a ~~health data ac~~n application processing body fails to provide a decision within the time limit, the data permit shall be issued.

Amendment 1821 #

Proposal for a regulation
Article 46 – paragraph 3

3. A health data access body shall issue or refuse a data permit within 2 months of receiving the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final], the health data access body may extend the period for responding to a data access application by 2 additional months where necessary, taking into account the complexity of the request. In such cases, the health data access body shall notify the applicant as soon as possible that more time is needed for examining the application, together with the reasons for the delay. Where a health data access body fails to provide a decision within the time limit, the data permit shall not be issued.

Amendment 1822 #

Proposal for a regulation
Article 46 – paragraph 3 a (new)

3 a. The supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 shall have the possibility to scrutinise and, if necessary, overturn any data permit request issued by a health data access body, in line with the powers conferred to them by the respective Regulations.

Amendment 1823 #

Proposal for a regulation
Article 46 – paragraph 4

4. Following the issuance of the data permit, the ~~health data ac~~application processing body shall ~~immediately request the electronic health data from the data holder~~call on the data holder to transmit the electronic health data to the health data access body, or to make it available to the data user, via the pseudonymisation body without delay. The health data access body or the data holder shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless the health data access body specifies that it will provide the data within a longer specified timeframe.

Amendment 1824 #

Proposal for a regulation
Article 46 – paragraph 4

4. Following the issuance of the data permit, the health data access body shall immediately request the electronic health data from the data holder and inform them whether the data shall be made accessible in anonymised or pseudonymised form. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless the health data access body specifies that it will provide the data within a longer specified timeframe due to circumstances beyond its control.

Amendment 1825 #

4. Following the issuance of the data permit, the health data access body shall ~~immediately~~, without undue delay, request the electronic health data from the data holder. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders~~, unless the health data access body specifies that it will provide the data within a longer specified timeframe~~.

Amendment 1826 #

Proposal for a regulation
Article 46 – paragraph 4

4. Following the issuance of the data permit, the health data access body shall immediately request the electronic health data from the data holder. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders~~, unless the health data access body specifies that it will provide the data within a longer specified timeframe~~.

Amendment 1827 #

Proposal for a regulation
Article 46 – paragraph 4

Amendment 1828 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 5

5. When the ~~health data ac~~application processing body refuses to issue a data permit, it shall provide a justification for the refusal to the applicant.

Amendment 1829 #

Proposal for a regulation
Article 46 – paragraph 6 – point a

(a) ~~typ~~categories and format of electronic health data accessed, covered by the data permit, including their sources;

Amendment 183 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 3

(3) The COVID-19 crisis strongly anchored the work of the eHealth Network, a voluntary network of digital health authorities, as the main pillar for the development of mobile contact tracing and warning applications and the technical aspects of the EU Digital COVID Certificates. It also highlighted the need for sharing electronic health data that are findable, accessible, interoperable and reusable (‘FAIR principles’), and ensuring that electronic health data are as open as possible and as closed as necessary. Synergies between the EHDS, the European Open Science Cloud42and the European Research Infrastructures should be ensured, as well as lessons learned from data sharing solutions developed under the European COVID-19 Data Platform. _________________ 42 EOSC Portal (eosc-portal.eu).deleted

Amendment 1830 #

Proposal for a regulation
Article 46 – paragraph 6 – point b

(b) a detailed description of the purpose for which data are made available;

Amendment 1831 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 6 – point b a (new)

(b a) the identity of the applicant as well as the concrete persons who are authorised to have access to the electronic health data in the secure processing environment;

Amendment 1832 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 6 – point e

(e) fees to be paid by the data user to the health data access body;

Amendment 1833 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 46 – paragraph 6 – point f a (new)

(f a) when required, signed data sharing agreements, as set out in Article 46a;

Amendment 1834 #

Proposal for a regulation
Article 46 – paragraph 6 – point f a (new)

(f a) When required, signed data sharing agreements, as set out in Article 46a;

Amendment 1835 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 46 – paragraph 6 a (new)

6 a. Relevant bodies or authorities competent pursuant to applicable data protection legislation shall have the possibility to scrutinise and, if necessary, overturn the assessment of the data processing legal basis of data permit requests made to the health data access bodies.

Amendment 1836 #

Proposal for a regulation
Article 46 – paragraph 7

7. Data users shall have the right to access and process the electronic health data in accordance with the data permit delivered to them on the basis of this Regulation. Pursuant to Article 9)(1), point (j), of Regulation (EU)2016/679, where the permit allows data users to process personal electronic health data, data users shall have a right to process such data, subject to the safeguards and limitations set out in this Regulation and the permit.

Amendment 1837 #

Proposal for a regulation
Article 46 – paragraph 7

7. Data users shall have the right to access and process the electronic health data in accordance with the data permit delivered to them on the basis of this Regulation, after they have demonstrated that the security measures pursuant to in Article 52, points (e) and (f), are effectively implemented.

Amendment 1838 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 7

7. Data users shall have the right to access and process the electronic health data in accordance with the data permit delivered to them on the basis of this Regulation only after they have demonstrated the effective implementation of their security measures referred to in Article 45(2), points (e) and (f).

Amendment 1839 #

Proposal for a regulation
Article 46 – paragraph 8

8. The Commission is empowered to adopt delegated acts to amend the list of aspects to be covered by a data permit in paragraph 76 of this Article, in accordance with the procedure set out in Article 67.

Amendment 184 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 3

(3) The COVID-19 crisis strongly anchored the work of the eHealth Network, a voluntary network of digital health authorities, as the main pillar for the development of mobile contact tracing and warning applications and the technical aspects of the EU Digital COVID Certificates. It also highlighted the value of access to real time data to steer effective policy responses and the need for sharing electronic health data that are findable, accessible, interoperable and reusable (‘FAIR principles’), and ensuring that electronic health data are as open as possible and as closed as necessary. Synergies between the EHDS, the European Open Science Cloud42and the European Research Infrastructures should be ensured, as well as lessons learned from data sharing solutions developed under the European COVID-19 Data Platform. _________________ 42 EOSC Portal (eosc-portal.eu).

Amendment 1840 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 9

9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 5 years. This duration may be extended once, at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit, for a period which cannot exceed 5 years. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 5 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted ~~within 6 months~~ following the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body for a period of 5 years.

Amendment 1841 #

Proposal for a regulation
Article 46 – paragraph 9

9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 510 years. This duration may be extended once, at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit, for a period which cannot exceed 52 years. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 5 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted within 6 months following the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body.

Amendment 1842 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 46 – paragraph 9

9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 5 years. This duration may be extended once, at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit, for a period which cannot exceed 5 years. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 5 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted ~~within 6 months following~~immediately after the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body.

Amendment 1843 #

Proposal for a regulation
Article 46 – paragraph 9

9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 5 years. This duration may be extended once, at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit, for a period which cannot exceed 5 years. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 5 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted ~~within 6 months following~~immediately after the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body.

Amendment 1844 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 9

9. A data permit shall be issued for the duration necessary to fulfil the requested purposes which shall not exceed 510 years. This duration may be extended once, for no more than 2 years at the request of the data user, based on arguments and documents to justify this extension provided, 1 month before the expiry of the data permit~~, for a period which cannot exceed 5 years~~. By way of derogation from Article 42, the health data access body may charge increasing fees to reflect the costs and risks of storing electronic health data for a longer period of time exceeding the initial 510 years. In order to reduce such costs and fees, the health data access body may also propose to the data user to store the dataset in storage system with reduced capabilities. The data within the secure processing environment shall be deleted within 6 months following the expiry of the data permit. Upon request of the data user, the formula on the creation of the requested dataset shall be stored by the health data access body.

Amendment 1845 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.deleted

Amendment 1846 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output (in accordance with the definition of results/outputs under Article 2) of the secondary use of electronic health data, including information relevant for the provision of healthcare~~, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47~~ and in compliance with minimum requirements of what needs to be published, but such that this will not prejudice the IP rights in the secondary use results/outputs, particularly if the secondary use is for development or innovation as referred to in Article 34(f) , no later than 18 months after the completion of the electronic health data processing with a possible extension to 24 months if requested by data users due to sensitivity of health data in relation to IP rights. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 1847 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output (in accordance with the definition of results /outputs under Article 2) of the secondary use of electronic health data on a voluntary basis, including information relevant for the provision of healthcare and in compliance with minimum requirements of what needs to be published, but such that this will not prejudice the IP rights in the secondary use results/outputs, particularly if the secondary use is for development or innovation as referred to in Article 34(f), no later than 18 months after the completion of the electronic health data processing ~~or after having received the answer to the data request referred to in Article 47~~with a possible extension to 24 months. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 1848 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS. Where the output of the secondary use of the electronic health data is not comprehensive from the perspective of the underlying project, data users shall indicate where follow-up information is available.

Amendment 1849 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. Data users shall not be obliged to make public results or output in a way that compromises intellectual property rights contained therein. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 185 #

Proposal for a regulation
Recital 3

(3) The COVID-19 crisis strongly anchored the work of the eHealth Network, a voluntary network of digital health authorities, as the main pillar for the development of mobile contact tracing and warning applications and the technical aspects of the EU Digital COVID Certificates. It also highlighted the need for sharing electronic health data that are findable, accessible, interoperable and reusable (‘FAIR principles’), and ensuring that electronic health data are as open as possible and as closed as necessary so as to protect patients' personal data and information. Synergies between the EHDS, the European Open Science Cloud42and the European Research Infrastructures should be ensured, as well as lessons learned from data sharing solutions developed under the European COVID-19 Data Platform. _________________ 42 EOSC Portal (eosc-portal.eu).

Amendment 1850 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public on health data access bodies’ websites without compromising on IP rights and trade secrets defined in relevant Union legislation. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 1851 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 182 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public in lay summaries on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 1852 #

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 182 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the health data access bodies from which a data permit was obtained and support them to make the information public in lay summaries on health data access bodies’ websites. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 1853 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 11

11. Data users shall make public the results or output of the secondary use of electronic health data, including information relevant for the provision of healthcare, no later than 18 months after the completion of the electronic health data processing or after having received the answer to the data request referred to in Article 47. Those results or output shall only contain anonymised data. The data user shall inform the ~~health data ac~~application processing bodies from which a data permit was obtained and support them to make the information public on the~~alth data ac~~ application processing bodies’ websites or on a central website. Whenever the data users have used electronic health data in accordance with this Chapter, they shall acknowledge the electronic health data sources and the fact that electronic health data has been obtained in the context of the EHDS.

Amendment 1854 #

Proposal for a regulation
Article 46 – paragraph 12

~~12. Data users shall inform the health data access body of any clinically significant findings that may influence the health status of the natural persons whose data are included in the dataset.~~deleted

Amendment 1855 #

Proposal for a regulation
Article 46 – paragraph 12

12. Data users shall inform the health data access body of any clinically significant findings that may influence the health status of the natural persons whose data are included in the dataset and where natural persons have explicitly given their consent.

Amendment 1856 #

Proposal for a regulation
Article 46 – paragraph 12

12. Data users shall inform the ~~health data ac~~application processing body of any clinically significant findings that may influence the health status of the natural persons whose data are included in the dataset.

Amendment 1857 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 46 – paragraph 14

14. The liability of health data access bodies ~~as joint controller~~or of the data holder as joint controller, depending on who makes the data available to the data user, is limited to the scope of the issued data permit until the completion of the processing activity.

Amendment 1858 #

Proposal for a regulation
Article 46 – paragraph 14

14. The liability of health data access bodies as ~~joint~~ controller is limited to the scope of the issued data permit ~~until the completion of the processing activity~~and in accordance with Article 51.

Amendment 1859 #

Proposal for a regulation
Article 46 – paragraph 14 a (new)

14 a. The authorities competent pursuant to applicable data protection legislation shall have the possibility to scrutinise and, if necessary, overturn the assessment of the data processing legal basis of data permit requests made to the health data access bodies.

Amendment 186 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Recital 3 a (new)

(3 a) Given the extreme sensitivity of information regarding person’s physical and mental health, this Regulation seeks to provide sufficient safeguards on both EU and national level to ensure a high degree of data privacy, security, confidentiality and ethical use. Such safeguards are necessary to promote trust in safe handling of natural person’s health data for primary and secondary use. To achieve these objectives, pursuant to Article 9(4) of Regulation (EU) 2016/679, Member States may impose additional restrictions to the rights and obligations laid down in Chapters II and IV of this Regulation.

Amendment 1860 #

Proposal for a regulation
Article 46 a (new)

Article 46 a Data sharing agreement for electronic health data 1. In order for electronic health data entailing IP rights, including trade secrets, and commercial property from private enterprises to be made available for secondary use, the data user must sign a data sharing agreement with each private enterprise data holder. Such electronic health data shall not be made available to any data user for the purposes of secondary use unless and until the data user has signed the data sharing agreement. 2. The data sharing agreement shall set out all necessary measures to protect all IP rights, including trade secrets, and commercial property entailed in the electronic health data and additional conditions of access requested by the data holder. In particular, without limitations, it may include any or all of: a. a restriction on any use of the electronic health data outside the scope of the secondary use purposes specified in the data permit, including for any prohibited secondary use as set out in this Regulation, including Article 35; b. an undertaking by the data user to preserve and not infringe or misappropriate the IP rights, including trade secrets, of the data holder, including to (i) preserve the confidentiality of the data holder’s confidential information, including trade secrets, and (ii) not perform or enable any reverse engineering or other activity to identify the confidential information, including trade secrets, of the data holder; c. provisions to ensure the confidentiality of the electronic health data and confidential information, including trade secrets, of the data holder. For example, (i) a right of prior review by the data holder of any public disclosures or applications for registerable IP rights, including patent applications, intended by or on behalf of the data user(s), including under this Regulation, that relates to or arises from the use of the electronic health data, including the results or outputs, including the right to delay or prohibit the publication, and (ii) data security requirements reasonably required by the data holder; d. a requirement for the data user to notify the data holder of the creation of any new IP right from its use of the electronic health data and for granting the data holder non-exclusive, fully-paid up and royalty-free licence rights enabling the data holder and its affiliates to use any new IP right, results and outputs for its own business purposes. Such licence shall only be sub-licensable to third parties working in collaboration with, or on behalf of, the data holder or one of its affiliates for the aforesaid purposes. Such a licence shall be non- transferable, except where needed in order to commercialise an existing product of the data holder or any of its affiliates; e. audit rights for the data holder to ensure compliance of the processing with the data sharing agreement; f. the data holder to own all and any derived data created by the data user(s), a requirement for the data user to assign to and notify the data holder of any derived data and to enable the data holder to obtain a copy of it, and the rights, obligations and undertakings of, and the restrictions on, the data user as it relates to the electronic health data and confidential information, (including trade secrets, of the data holder to apply mutatis mutandis to any and all derived data. [‘Derived data’ means the improved, corrected, or enriched dataset provided to the data holder in accordance with Article 37(1)(p), as well as any new or different form of the original electronic health data created by the data user(s), including any alternative or different representation or abstraction of the original data or any new form which would enable the original data to be identified or reverse engineered]; g. the right of the data holder to terminate the data sharing agreement, and of the right to use the data, in the event of a breach of the terms of the data sharing agreement by the data user.

Amendment 1861 #

Proposal for a regulation
Article 46 a (new)

Article 46 a 1. In order for electronic health data entailing IP rights, including trade secrets, and commercial property from private enterprises to be made available for secondary use, the data user must sign a data sharing agreement with each private enterprise data holder. Such electronic health data shall not be made available to any data user for the purposes of secondary use unless and until the data user has signed the data sharing agreement. 2. The data sharing agreement shall set out all necessary measures to protect all IP rights, including trade secrets, and commercial property entailed in the electronic health data and additional conditions of access requested by the data holder. In particular, without limitations, it may include any or all of: a. a restriction on any use of the electronic health data outside the scope of the secondary use purposes specified in the data permit, including for any prohibited secondary use as set out in this Regulation, including Article 35; b. an undertaking by the data user to preserve and not infringe or misappropriate the IP rights, including trade secrets, of the data holder, including to (i) preserve the confidentiality of the data holder’s confidential information, including trade secrets, and (ii) not perform or enable any reverse engineering or other activity to identify the confidential information, including trade secrets, of the data holder; c. provisions to ensure the confidentiality of the electronic health data and confidential information, including trade secrets, of the data holder. For example, (i) a right of prior review by the data holder of any public disclosures or applications for registerable IP rights, including patent applications, intended by or on behalf of the data user(s), including under this Regulation, that relates to or arises from the use of the electronic health data,(including the results or outputs, including the right to delay or prohibit the publication, and (ii) data security requirements reasonably required by the data holder; d. a requirement for the data user to notify the data holder of the creation of any new IP from its use of the electronic health data and for granting the data holder non-exclusive, fully-paid up and royalty-free licence rights enabling the data holder and its affiliates to use any new IP, results and outputs for its own business purposes. Such licence shall only be sub-licensable to third parties working in collaboration with, or on behalf of, the data holder or one of its affiliates for the aforesaid purposes. Such a licence shall be non-transferable, except where needed in order to commercialise an existing product of the data holder or any of its affiliates; e. audit rights for the data holder to ensure compliance of the processing with the data sharing agreement; f. the data holder to own all and any derived data created by the data user(s), a requirement for the data user to assign to and notify the data holder of any derived data and to enable the data holder to obtain a copy of it, and the rights, obligations and undertakings of, and the restrictions on, the data user as it relates to the electronic health data and confidential information, including trade secrets, of the data holder to apply mutatis mutandis to any and all derived data.

Amendment 187 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 4

(4) The processing of personal electronic health data is subject to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council43and, for Union institutions and bodies, Regulation (EU) 2018/1725 of the European Parliament and of the Council44and Regulation (EU)2022/868 of the European Parliament and Council44a. References to the provisions of Regulation (EU) 2016/679 should be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions and bodies, where relevant. _________________ 43 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1). 44 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39). 44a Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (OJ L 152,3.6.2022, p.1)

Amendment 188 #

Proposal for a regulation
Recital 4

Amendment 189 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Recital 4 a (new)

(4a) Personal health data is to be processed in a lawful, fair and transparent manner in respect of the data subject and in a manner that ensures proper security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Amendment 190 #

Proposal for a regulation
Recital 4 a (new)

(4 a) The European Health Data Space implementation should comply with the European ethical principles for digital health adopted by the eHealth network on January 26, 2022. Monitoring the application of the ethical principles should be part of the tasks of the European Health Data Space Board.

Amendment 191 #

Proposal for a regulation
Recital 5

(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, such as behaviour, environmental, physical influences, medical care, social or educational factors. Electronic health data also includes data that has been initially collected for research, statistics, policy making or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.

Amendment 192 #

Proposal for a regulation
Recital 5

Amendment 193 #

Proposal for a regulation
Recital 5

Amendment 194 #

Proposal for a regulation
Recital 5

(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an appropriate and secure electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, ~~including~~the necessary treatment, especially when this is long-term, and which also relates to the provision of associated health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, such as behaviour, environmental, physical influences, medical care, social or educational factors. Electronic health data also includes data that has been initially collected for research, statistics, policy making or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.

Amendment 195 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 5

(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, ~~such as behaviour, environmental, physical influences, medical care, social or educational factors~~medical care. Electronic health data also includes data that has been initially collected for research, statistics~~, policy making~~ or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.

Amendment 196 #

Proposal for a regulation
Recital 5

(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, such as behaviour, environmental, physical influences, medical care, social or educational factors. Electronic health data also includes data that has been initially collected for research, statistics, threat assessment, policy making or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.

Amendment 197 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 5 a (new)

(5 a) Improving digital health literacy for both natural persons and their healthcare professionals is key in order to achieve trust, safety and appropriate use of health data and hence achieving a successful implementation of this Regulation. Improving digital health literacy is fundamental in order to empower natural persons to have true control over their health data and actively manage their health and care, and understand the implications of disclosing such data for both primary and secondary use. Particular attention should be given to vulnerable populations, including migrants, the elderly and persons with disabilities. Healthcare professionals and IT operators should have sufficient training in working with new digital infrastructures to ensure cybersecurity and ethical management of health data.

Amendment 198 #

Proposal for a regulation
Recital 6

~~(6)~~ Chapter III of Regulation (EU) ~~(6)~~ 2016/679 sets out specific provisions concerning the rights of natural persons in relation to the processing of their personal data. EHDS builds upon these rights and further develops some of them. The EHDS should support the coherent implementation of those rights as applied to electronic health data, regardless of the Member State in which the personal electronic health data are processed, type of healthcare provider, sources of data or Member State of affiliation of the natural person. The rights and rules related to the primary use of personal electronic health data under Chapter II and III of this Regulation concern all categories of those data, irrespective of how they have been collected or who has provided hem, of the legal ground for the processing under Regulation (EU) 2016/679 or the status of the controller as a public or ~~private~~ganisation, or a private non-profit organisation, of the legal ground for their processing.

Amendment 199 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public ~~and private~~ healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. In this respect, and in order to avoid administrative fragmentation and to achieve a sufficiently interoperable, understandable and user-friendly system in all Member States and regions, appropriate funding and administrative support at Union level should be considered. Allowing for a fully decentralised federated data system at Union level has the potential to save infrastructure costs and to mitigate privacy concerns, as well as push the privacy-efficiency trade-off further out, generating the same efficiency levels for more privacy. Federated learning systems bring the algorithms to the data and researchers can retrieve only derived data, not the underlying individual electronic health registers.

Amendment 200 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, and other complementary exams of diagnosis and therapeutics, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). To this end, Member States should ensure a common standard for health care data exchange to ensure and facilitate the data exchange and translation to the Union official languages. However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. In this respect, appropriate funding and appropriate support at EU level should be considered as a means to reduce fragmentation, heterogeneity, and division and to achieve a system that is user-friendly and intuitive in all countries.

Amendment 201 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. The implementation cost for connecting healthcare professionals to the EHDS should not be carried by healthcare professionals alone. To this end, Member States should ensure that EU financial incentives as well as national ressources are evenly and fairly distributed.

Amendment 202 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it. Electronic health records and the technological infrastructures that support them shall be retained, where possible, and Member States shall further their interoperability and compliance with the provisions of this Regulation.

Amendment 203 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it. To enable free movement of personal health data in the Union, Member States shall ensure their EHR systems are interoperable within the Member States and can operate with the EHR systems of other Member States as well as with MyHealth@EU.

Amendment 204 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided secure health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it. Those data also need to be properly secured and protected against cyberattacks.

Amendment 205 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in ~~electronic~~ health records, which typically con~~tain~~sist of an electronic collection of a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed in both an electronic or analogue format, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems ~~or wellness applications~~ are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in a cross-border context, Union action is needed in order to ensure individuals have improved access to their own personal electronic health data and are empowered to share it.

Amendment 206 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data, ac~~ross the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union a~~tion to offer better protection is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it if they wish to do so and under conditions respecting anonymity and the principle that no profit should be made.

Amendment 207 #

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems ~~or wellness applications~~ are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it.

Amendment 208 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems ~~or wellness applications~~ are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it.

Amendment 209 #

Proposal for a regulation
Recital 8

(8) The right of access to data by a natural person, established by Article 15 of Regulation (EU) 2016/679, should be further developed in the health sector. Under Regulation (EU) 2016/679, controllers do not have to provide access immediately. While patient portals, mobile applications and other personal health data access services exist in many places, including national solutions in some Member States, the right of access to health data is still commonly implemented in many places through the provision of the requested health data in paper format or as scanned documents, which is time- consuming. This may severely impair timely access to health data by natural persons, and may have a negative impact on natural persons who need such access immediately due to urgent circumstances pertaining to their health condition. Appropriate Union funding should be granted to Member States transpose the information on Article 5(1) to electronic format. All health data prior to the implementation of this Regulation shall be inserted in electronic health records with the support of Member States and without additional burden to healthcare professionals.

Amendment 210 #

Proposal for a regulation
Recital 8

Amendment 211 #

Proposal for a regulation
Recital 8

(8) The right of access to data by a natural person, established by Article 15 of Regulation (EU) 2016/679, should be further developed in the health sector, in parallel with the measures on access to, and protection, of those data. Under Regulation (EU) 2016/679, controllers do not have to provide access immediately. While patient portals, mobile applications and other personal health data access services exist in many places, including national solutions in some Member States, the right of access to health data is still commonly implemented in many places through the provision of the requested health data in paper format or as scanned documents, which is time- consuming. This may severely impair timely access to health data by natural persons, and may have a negative impact on natural persons who need such access immediately due to urgent circumstances pertaining to their health condition.

Amendment 212 #

Proposal for a regulation
Recital 9

~~[...]~~deleted

Amendment 213 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 9

(9) At the same time, it should be considered that immediate access to certain types of personal electronic health data may be harmful for the safety of natural persons, unethical or inappropriate. For example, it could be unethical to inform a patient through an electronic channel about a diagnosis with an incurable disease that is likely to lead to their swift passing instead of providing this information in a consultation with the patient first. Therefore, a possibility for limited exceptions in the implementation of this right should be ensured. Such an exception may be imposed by the Member States where this exception constitutes a necessary and proportionate measure in a democratic society, in line with the requirements of Article 23 of Regulation (EU) 2016/679. Such restrictions should be implemented by delaying the display of the concerned personal electronic health data to the natural person for a limited period. Where health data is only available on paper, if the effort to make data available electronically is disproportionate, there should be no obligation that such health data is converted into electronic format by Member States. Any digital transformation in the healthcare sector should aim to be inclusive and benefit also natural persons with limited ability to access and use digital services. Natural persons should be able to provide an authorisation to the natural persons of their choice, such as to their relatives or other close natural persons, enabling them to access or control access to their personal electronic health data or to use digital health services on their behalf. Such authorisations may also be useful for convenience reasons in other situations. Proxy services should be established by Member States to implement these authorisations, and they should be linked to personal health data access services, such as patient portals on patient-facing mobile applications. The proxy services should also enable guardians to act on behalf of their dependent children; in such situations, authorisations could be automatic. In order to take into account cases in which the display of some personal electronic health data of minors to their guardians could be contrary to the interests or will of the minor, Member States should be able to provide for such limitations and safeguards in national law, as well as the necessary technical implementation. Personal health data access services, such as patient portals or mobile applications, should make use of such authorisations and thus enable authorised natural persons to access personal electronic health data falling within the remit of the authorisation, in order for them to produce the desired effect.

Amendment 214 #

Proposal for a regulation
Recital 9

(9) At the same time, it should be considered that immediate access to certain types of personal electronic health data may be harmful for the safety of natural persons, unethical or inappropriate. For example, it could be unethical to inform a patient through an electronic channel about a diagnosis with an incurable disease that is likely to lead to their swift passing instead of providing this information in a consultation with the patient first. Therefore, a possibility for limited exceptions in the implementation of this right should be ensured. Such an exception may be imposed by the Member States where this exception constitutes a necessary and proportionate measure in a democratic society, in line with the requirements of Article 23 of Regulation (EU) 2016/679. Such restrictions should be implemented by delaying the display of the concerned personal electronic health data to the natural person for a limited period~~. Where health data is only available on paper, if the effort to make data available electronically is disproportionate, there should be no obligation that such health data is converted~~ until the moment of contact between the patient and the health professional. The availability of health data prior to the implementation of this regulation should happen in a timely manner into electronic format through a process facilitated by Member States. Any digital transformation in the healthcare sector should aim to be inclusive and benefit also natural persons with limited ability to access and use digital services. Natural persons should be able to provide an authorisation to the natural persons of their choice, such as to their relatives or other close natural persons, enabling them to access or control access to their personal electronic health data or to use digital health services on their behalf. Such authorisations may also be useful for convenience reasons in other situations. Proxy services should be established by Member States to implement these authorisations, and they should be linked to personal health data access services, such as patient portals on patient-facing mobile applications. The proxy services should also enable guardians to act on behalf of their dependent children; in such situations, authorisations could be automatic. In order to take into account cases in which the display of some personal electronic health data of minors to their guardians could be contrary to the interests or will of the minor, Member States should be able to provide for such limitations and safeguards in national law, as well as the necessary technical implementation. Personal health data access services, such as patient portals or mobile applications, should make use of such authorisations and thus enable authorised natural persons to access personal electronic health data falling within the remit of the authorisation, in order for them to produce the desired effect.

Amendment 215 #

Proposal for a regulation
Recital 9

(9) At the same time, it should be considered that immediate access to certain types of personal electronic health data may be harmful for the safety of natural persons, unethical or inappropriate. For example, it could be unethical to inform a patient through an electronic channel about a diagnosis with an incurable disease that is likely to lead to their swift passing instead of providing this information in a consultation with the patient first. Therefore, a possibility for limited exceptions in the implementation of this right should be ensured. Such an exception may be imposed by the Member States where this exception constitutes a necessary and proportionate measure in a democratic society, in line with the requirements of Article 23 of Regulation (EU) 2016/679. Such restrictions should be implemented by delaying the display of the concerned personal electronic health data to the natural person for a limited period. Where health data is only available on paper, if the effort to make data available electronically is disproportionate, there should be no obligation that such health data is converted into electronic format by Member States. Any digital transformation in the healthcare sector ~~should~~must aim to be inclusive and benefit also natural persons with limited ability to access and use digital services. Natural persons ~~should~~must be able to provide an authorisation to the natural persons of their choice, such as to their relatives or other close natural persons, enabling them to access or control access to their personal electronic health data or to use digital health services on their behalf. Such authorisations may also be useful for convenience reasons in other situations. Proxy services should be established by Member States to implement these authorisations, and they should be linked to personal health data access services, such as patient portals on patient-facing mobile applications. The proxy services should also enable guardians to act on behalf of their dependent children; in such situations, authorisations could be automatic. In order to take into account cases in which the display of some personal electronic health data of minors to their guardians could be contrary to the interests or will of the minor, Member States should be able to provide for such limitations and safeguards in national law, as well as the necessary technical implementation. Personal health data access services, such as patient portals or mobile applications, should make use of such authorisations and thus enable authorised natural persons to access personal electronic health data falling within the remit of the authorisation, in order for them to produce the desired effect.

Amendment 216 #

Proposal for a regulation
Recital 10

(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be ~~clearly marked to indicate the source of such additional data~~validated by a registered healthcare professional of relevant specialisation responsible for the natural person’s treatment. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural persons should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and~~, where relevant,~~ implemented by the data controllers on a case by case basis~~, if necessary~~ involving health professionals responsible for the natural person’s treatment.

Amendment 217 #

Proposal for a regulation
Recital 10

(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data. Specifically relevant fields in the EHR should be clearly marked, such as patient ID, allergies, laboratory data, medical images, medical alerts, and current medication. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.

Amendment 218 #

Proposal for a regulation
Recital 10

(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data. Specifically relevant fields in the EHR should be clearly marked, such as patient ID, allergies, laboratory data, medical alerts, co- morbility and current medications. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.

Amendment 219 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 10

(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. In any case, a clearly distinct section in the clinical history separate from the information recorded by professionals should be created. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.

Amendment 220 #

Proposal for a regulation
Recital 10

(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data until a relevant health professional validates the information, which would then be marked as confirmed by a health professional. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis, if necessary involving health professionals.

Amendment 221 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 10

(10) Some Member States allow natural persons to add electronic health data to their EHRs or to store additional information in their separate personal health record that can be accessed by health professionals. However, this is not a common practice in all Member States and therefore should be established by the EHDS across the EU. Information inserted by natural persons may not be as reliable as electronic health data entered and verified by health professionals, therefore it should be clearly marked to indicate the source of such additional data and does not have the same clinical or legal value as information provided by a healthcare professional. Enabling natural persons to more easily and quickly access their electronic health data also further enables them to notice possible errors such as incorrect information or incorrectly attributed patient records and have them rectified using their rights under Regulation (EU) 2016/679. In such cases, natural person should be enabled to request rectification of the incorrect electronic health data online, immediately and free of charge, for example through the personal health data access service. Data rectification requests should be assessed and, where relevant, implemented by the data controllers on case by case basis~~, if necessary~~ involving health professionals.

Amendment 222 #

Proposal for a regulation
Recital 11

(11) Natural persons should be further empowered to exchange and to provide access to personal electronic health data to the health professionals of their choice, going beyond the right to data portability as established in Article 20 of Regulation (EU) 2016/679. This is necessary to tackle objective difficulties and obstacles in the current state of play. Under Regulation (EU) 2016/679, portability is limited only to data processed based on consent or contract, which excludes data processed under other legal bases, such as when the processing is based on law, for example when their processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. It only concerns data provided by the data subject to a controller, excluding many inferred or indirect data, such as diagnoses, or tests. Finally, under Regulation (EU) 2016/679, the natural person has the right to have the personal data transmitted directly from one controller to another only where technically feasible and if the appropriate protection measures and complied with. That Regulation, however, does not impose an obligation to make this direct transmission technically feasible. All these elements limit the data portability and may limit its benefits for provision of high- quality, safe and efficient healthcare services to the natural person.

Amendment 223 #

Proposal for a regulation
Recital 11

(11) Natural persons should be further empowered to exchange, in a voluntary and informed manner, and to provide access to personal electronic health data to the health professionals of their choice, going beyond the right to data portability as established in Article 20 of Regulation (EU) 2016/679. This is necessary to tackle objective difficulties and obstacles in the current state of play. Under Regulation (EU) 2016/679, portability is limited only to data processed based on consent or contract, which excludes data processed under other legal bases, such as when the processing is based on law, for example when their processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. It only concerns data provided by the data subject to a controller, excluding many inferred or indirect data, such as diagnoses, or tests. Finally, under Regulation (EU) 2016/679, the natural person has the right to have the personal data transmitted directly from one controller to another only where technically feasible. That Regulation, however, does not impose an obligation to make this direct transmission technically feasible. All these elements limit the data portability and may limit its benefits for provision of high-quality, safe and efficient healthcare services to the natural person.

Amendment 224 #

Sara CERDAS, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Monika BEŇOVÁ, Tudor CIUHODARU, Heléne FRITZON

Proposal for a regulation
Recital 12

(12) Natural persons should be able to exercise control over the transmission of personal electronic health data to other healthcare providers and be informed of the patient safety risks associated with limiting access to health data. Healthcare providers and other organisations providing EHRs should facilitate the exercise of this right. Stakeholders such as healthcare providers, digital health service providers, manufacturers of EHR systems or medical devices should not limit or block the exercise of the right of portability because of the use of proprietary standards or other measures taken to limit the portability. For these reasons, the framework laid down by this Regulation builds on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their electronic health data, including inferred data, irrespective of the legal basis for processing the electronic health data. This right should apply to electronic health data processed by public or private controllers, irrespective of the legal basis for processing the data ~~under~~ in accordance with the Regulation (EU) 2016/679. This right should apply to all electronic health data. For this purpose, providers of electronic health records shall keep a record of who has accessed which data in the last 24 months.

Amendment 225 #

Proposal for a regulation
Recital 12

(12) Natural persons should be able to exercise control over the transmission of personal electronic health data to other healthcare providers. Healthcare providers and other organisations providing EHRs should facilitate the exercise of this right. Stakeholders such as healthcare providers, digital health service providers, manufacturers of EHR systems or medical devices should not limit or block the exercise of the right of portability because of the use of proprietary standards or other measures taken to limit the portability. Healthcare providers must follow data minimization principles when requesting personal health data, limiting it to the strictly necessary and justified data for a given service. For these reasons, the framework laid down by this Regulation builds on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their electronic health data, including inferred data, irrespective of the legal basis for processing the electronic health data. This right should apply to electronic health data processed by public or private controllers, irrespective of the legal basis for processing the data under in accordance with the Regulation (EU) 2016/679. This right should apply to all electronic health data.

Amendment 226 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 12

(12) Natural persons ~~should~~must be able to exercise control over the transmission of personal electronic health data to other healthcare providers. Healthcare providers and other organisations providing EHRs should facilitate the exercise of this right. Stakeholders such as healthcare providers, digital health service providers, manufacturers of EHR systems or medical devices should not limit or block the exercise of the right of portability because of the use of proprietary standards or other measures taken to limit the portability. For these reasons, the framework laid down by this Regulation builds on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their electronic health data, including inferred data, irrespective of the legal basis for processing the electronic health data. This right should apply to electronic health data processed by public or private controllers, irrespective of the legal basis for processing the data under in accordance with the Regulation (EU) 2016/679. This right should apply to all electronic health data.

Amendment 227 #

Proposal for a regulation
Recital 12

(12) Natural persons should be able to exercise control over the transmission of personal electronic health data to other healthcare providers. Healthcare providers and other organisations providing EHRs should facilitate the exercise of this right. Stakeholders such as healthcare providers, digital health service providers, manufacturers of EHR systems or medical devices should not limit or block the exercise of the right of portability because of the use of proprietary standards or other measures taken to limit the portability. For these reasons, the framework laid down by this Regulation builds on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their electronic health data, including inferred data, irrespective of the legal basis for processing the electronic health data. This right should apply to electronic health data processed by public ~~or private~~ controllers, irrespective of the legal basis for processing the data under in accordance with the Regulation (EU) 2016/679. This right should apply to all electronic health data.

Amendment 228 #

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts~~. Such selective sharing~~, or they may want to wholly refuse access to their personal electronic health data by electronic health data access services and health professional access services. Such selective and patient-centric control of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law, together with patient- centric guidance to natural persons in relation to the use of electronic health records and primary use of their personal electronic health data. Guidance should be tailored to the patient’s level of digital health literacy, with specific care for vulnerable groups, such as migrants, the elderly, and persons with disabilities. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.

Amendment 229 #

Proposal for a regulation
Recital 13

(13) Natural persons ~~may not want to allow access to some parts of~~have the right to deny access to their personal electronic health data while enabling access to other ~~part~~s so that they can be consulted by clearly identified people and organisations. Such selective sharing of personal electronic health data should be supported~~. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. A~~ if natural persons have clearly and voluntarily agreed to such sharing, and in particular according to Regulation (EU) 2016/679, where vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should ~~in principle~~ take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider can, which would thus be imposed on other Member States that do not ~~tak~~have the ~~data into account when providing health service~~same mechanisms.

Amendment 230 #

Proposal for a regulation
Recital 13

(13) Natural persons ~~may not want to allow~~have the right to deny access to some parts or all of their personal electronic health data while enabling access to other parts so that they can be consulted by clearly identified people and organisations. Such selective sharing of personal electronic health data should be supported~~. However, such restrictions may have l~~ only ife th~~reatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. A~~e natural persons have clearly and voluntarily agreed to such sharing, and in particular according to Regulation (EU) 2016/679, where vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. These situations must be expressly identified and defined. Processing of personal electronic health data based on the vital interest of another natural person should ~~in principle~~ take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider can and be applied to the national laws of other Member States which do not ~~tak~~have the ~~data into account when providing health service~~same mechanisms.

Amendment 231 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services. In this sense, health professionals will be able to know that they are not endowed with entire access to electronic health records, a consideration they shall take into account when dealing with patients.

Amendment 232 #

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported but the restrictions on information should be easily identifiable by health professionals in the EHR in order to take due regard to the fact that the information is incomplete, when treating the patient. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.

Amendment 233 #

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Given the unequal access to sexual and reproductive healthcare among the Member States, natural persons should always retain the right to withhold that kind of information from their doctors. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.

Amendment 234 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services. Health professionals will be able to check that they do not have access to part of the electronic health records when caring for their patients.

Amendment 235 #

Proposal for a regulation
Recital 13

(13) Natural persons may not want to allow access to some parts of their personal electronic health data while enabling access to other parts. Such selective sharing of personal electronic health data should be supported. However, such restrictions may have life threatening consequences and, therefore, access to personal electronic health data should be possible to protect vital interests as an emergency override. According to Regulation (EU) 2016/679, vital interests refer to situations in which it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person dependent on that information. Processing of personal electronic health data based on the vital interest of another natural person should in principle take place only where the processing cannot be manifestly based on another legal basis. More specific legal provisions on the mechanisms of restrictions placed by the natural person on parts of their personal electronic health data should be provided by Member States in national law. Because the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, he/she should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services.

Amendment 236 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 14

(14) In the context of the EHDS, natural persons should be able to exercise their rights ~~as they are enshrined in~~without prejudice to Regulation (EU) 2016/679. The supervisory authorities established pursuant to Article 51 of Regulation (EU) 2016/679 should remain competent, in particular to monitor the processing of personal electronic health data and to address any complaints lodged by the natural persons. In order to carry out their tasks in the health sector and uphold the natural persons’ rights, digital health authorities should cooperate with the supervisory authorities under Regulation (EU) 2016/679.

Amendment 237 #

Proposal for a regulation
Recital 15

(15) Article 9(2), point (h), of Regulation (EU) 2016/679 provides for exceptions where the processing of senstitive data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health care or treatment or the management of health care systems and services on the basis of Union or Member State law. This Regulation should provide conditions and safeguards for the processing of electronic health data by healthcare providers and health professionals in line with Article 9(2), point (h), of Regulation (EU) 2016/679 with the purpose of accessing personal electronic health data provided by the natural person or transmitted from other healthcare providers. However, this Regulation should be without prejudice to the national laws concerning the processing of health data, including the legislation establishing categories of health professionals that can process different categories of electronic health data.

Amendment 238 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care ~~and~~, avoiding duplications and errors and reducing costs. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as appropriate electronic and digital devices and health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. None of the provisions in this Regulation should be interpreted as limiting the obligation of healthcare professionals to conduct themselves in accordance with the applicable codes of conduct, deontological guidelines or other provisions governing ethical conduct with respect to sharing or accessing information, particularly in life- threatening or extreme situations.

Amendment 239 #

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. None of the provisions of this regulation shall be construed as limiting health professionals’ obligation to behave in line with the relevant codes of conduct, ethical guidelines or other provisions governing ethical conduct with regard to the exchanging of, or access to, information, particularly in extreme or life-threatening situations.

Amendment 240 #

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format via commonly accepted open standards and open data formats, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties~~. Moreover, t~~ on a need to know basis in regards to the person under their treatment, irrespective of the Member State of affiliation and treatment. Moreover, the Commission and the Member States should agree on time- based targets to implement improved health data interoperability across the Union. The access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format.

Amendment 241 #

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format. This Regulation shall not limit the obligation of health professionals to comply with codes of conduct, ethical guidelines or other ethical provisions governing the exchange or access to information.

Amendment 242 #

Proposal for a regulation
Recital 16

(16) Timely and full access of health professionals to the medical records of patients is fundamental for ensuring continuity of care and avoiding duplications and errors. However, due to a lack of interoperability, in many cases, health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs for both health systems and natural persons and may lead to worse health outcomes for natural persons. Electronic health data made available in interoperable format, which can be transmitted between healthcare providers, provided that access to that data is properly secured, can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as health professional portals, to use personal electronic health data for the exercise of their duties. Moreover, the access to personal health records should be transparent to the natural persons and natural persons should be able to exercise full control over such access, including by limiting access to all or part of the personal electronic health data in their records. Health professionals should refrain from hindering the implementation of the rights of natural persons, such as refusing to take into account electronic health data originating from another Member State and provided in the interoperable and reliable European electronic health record exchange format.

Amendment 243 #

Proposal for a regulation
Recital 17

(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, hospital discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded. The Commission should be empowered to extend the list of priority categories, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general.

Amendment 244 #

Proposal for a regulation
Recital 17

Amendment 245 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 17

(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, hospital discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission, especially in the case of cross-border patients or of people who find themselves in another Member State for a limited period of time and may need healthcare assistance for a variety of reasons. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded. The Commission should be empowered to extend the list of priority categories, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general, for cross-border patients or people who find themselves in another Member State for a limited period of time and may need healthcare assistance for a variety of reasons.

Amendment 246 #

Proposal for a regulation
Recital 17

(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, hospital discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded~~. The Commission should be empowered to extend the list of priority categories~~, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general.

Amendment 247 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 17

(17) The relevance of different categories of electronic health data for different healthcare scenarios varies. Different categories have also achieved different levels of maturity in standardisation, and therefore the implementation of mechanisms for their exchange may be more or less complex depending on the category. Therefore, the improvement of interoperability and data sharing should be gradual and prioritisation of categories of electronic health data is needed. Categories of electronic health data such as patient summary, electronic prescription and dispensation, laboratory results and reports, h~~ospital~~ealth units discharge reports, medical images and reports have been selected by the eHealth Network as most relevant for the majority of healthcare situations and should be considered as priority categories for Member States to implement access to them and their transmission. When further needs for the exchange of more categories of electronic health data are identified for healthcare purposes, the list of priority categories should be expanded. The Commission should be empowered to extend the list of priority categories, after analysing relevant aspects related to the necessity and possibility for the exchange of new datasets, such as their support by systems established nationally or regionally by the Member States. Particular attention should be given to the data exchange in border regions of neighbouring Member States where the provision of cross-border health services is more frequent and needs even quicker procedures than across the Union in general.

Amendment 248 #

Proposal for a regulation
Recital 18

(18) Access and sharing of electronic health data should be enabled for all the data that exist in the EHR of a natural person, only when t~~echnically feasible~~he person in question has given their explicit consent. However, some electronic health data may not be structured or coded, and the transmission between healthcare providers may be limited or only possible in formats that do not allow for translation (when data is shared cross-borders). In order to provide enough time to prepare for implementation, dates of deferred application should be determined to allow for achieving legal, organisational, semantic and technical readiness for the transmission of different categories of electronic health data. When need for the exchange of new categories of electronic health data is identified, related dates of application should be determined in order to allow for the implementation of this exchange.

Amendment 249 #

Proposal for a regulation
Recital 18 a (new)

(18 a) In order to avoid an exponential quantitative increase in the risks of misuse (intentional or accidental) of individual citizens’ health data, a risk management plan should be defined and the ethical and deontological aspects of medical practice in this context of interoperability in the primary use of data and all ethical aspects and respect for citizens' autonomy in the secondary use of health data should be taken into account.

Amendment 250 #

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format~~. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, a~~ as well as to give them better control over accessing and sharing their personal electronic health data. To this end, Member States should retain the right to require user consent, or at least provide the possibility for natural persons, to refuse the registration of their electronic health file by all or selected healthcare professionals in an EHR system. Such mechanisms are~~ferred to in the Policy Programme “Path to the Digital Decade”~~ key trust safeguards in the system that secure greater decentralization and user- centricity over their data. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format based on commonly accepted open standards and open data formats, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 251 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results, chronic diseases and/or conditions and their medication and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. Such way of electronic format of data could also be a renewed European Health Insurance Card with an access tool to health data that is interoperable in all Member States. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 252 #

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider or a pharmacy by a natural person, with her total knowledge and consent, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 253 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accesible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider ~~or a pharmacy~~ by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 254 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 19

(19) The level of availability of personal health and genetic data in an electronic format varies between Member States. The EHDS should make it easier for natural persons to have those data available in electronic format. This would also contribute to the achievement of the target of 100% of Union citizens having access to their electronic health records by 2030, as referred to in the Policy Programme “Path to the Digital Decade”. In order to make electronic health data accessible and transmissible, such data should be accessed and transmitted in an interoperable common European electronic health record exchange format, at least for certain categories of electronic health data, such as patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports, subject to transition periods. Where personal electronic health data is made available to a healthcare provider ~~or a pharmacy~~ by a natural person, or is transmitted by another data controller in the European electronic health record exchange format, the electronic health data should be read and accepted for the provision of healthcare or for dispensation of a medicinal product, thus supporting the provision of the health care services or the dispensation of the electronic prescription. Commission Recommendation (EU) 2019/24345provides the foundations for such a common European electronic health record exchange format. The use of European electronic health record exchange format should become more generalised at EU and national level. While the eHealth Network under Article 14 of Directive 2011/24/EU of the European Parliament and of the Council46recommended Member States to use the European electronic health record exchange format in procurements, in order to improve interoperability, uptake was limited in practice, resulting in fragmented landscape and uneven access to and portability of electronic health data. _________________ 45 Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (OJ L 39, 11.2.2019, p. 18). 46 Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’' rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).

Amendment 255 #

Proposal for a regulation
Recital 19 a (new)

(19 a) The interoperability of the EHDS should contribute to high quality of European health data sets.

Amendment 256 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 20

(20) While EHR systems are widely spread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare providers that register health data in electronic format. In order to support the implementation of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and according to specific data quality requirements. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data. The Commission should be empowered to adopt implementing acts for determining additional aspects related to the registration of electronic health data, such as categories of healthcare providers that are to register health data electronically, categories of data to be registered electronically, or data quality requirements.

Amendment 257 #

Proposal for a regulation
Recital 20

(20) While EHR systems are widely spread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare providers that register health data in electronic format. In order to support the implementation of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and according to specific data quality requirements, including measures on access to, and the protection of, those data. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data. The Commission should be empowered to adopt implementing acts for determining additional aspects related to the registration of electronic health data, such as categories of healthcare providers that are to register health data electronically, categories of data to be registered electronically, or data quality and data security requirements.

Amendment 258 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 20

(20) While EHR systems are widely spread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare pro~~vider~~fessionals that register health data in electronic format. In order to support the implementation of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and according to specific data quality requirements. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data. The Commission should be empowered to adopt ~~implementing~~delegated acts for determining additional aspects related to the registration of electronic health data, such as categories of healthcare pro~~vider~~fessionals that are to register health data electronically, categories of data to be registered electronically, or data quality requirements.

Amendment 259 #

Proposal for a regulation
Recital 20 a (new)

(20 a) In order to support the successful implementation of the EHDS and the execution of an effective landscape of European health data cooperation, the European Commission and Member States should agree on time-based targets to implement improved health data interoperability across the European Union with a range of targets and milestones to be reviewed and assessed in an annual report.

Amendment 260 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 21

(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services (including telemedicine) that they provide and reimburse. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health services such as telemedicine, including online pharmacy services. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.deleted

Amendment 261 #

Proposal for a regulation
Recital 21

(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services ~~(including telemedicine) that~~that they provide and reimburse. Telemedicine and online pharmacy services have they p~~rovide and reimburse~~otential to reduce health inequalities and reinforce the free movement of european citizens across borders. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health services such as telemedicine~~, including~~ and online pharmacy services. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.

Amendment 262 #

Proposal for a regulation
Recital 21

Amendment 263 #

Proposal for a regulation
Recital 21

Amendment 264 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 21

(21) Under Article 168 of the Treaty Member States are responsible for their health policy, in particular for decisions on the services (including telemedicine) that they provide and reimburse. Different reimbursement policies should, however, not constitute barriers to the free movement of digital health services such as telemedicine~~, including online pharmacy services~~. When digital services accompany the physical provision of a healthcare service, the digital service should be included in the overall care provision.

Amendment 265 #

Proposal for a regulation
Recital 21 a (new)

(21 a) Telemedicine is becoming an increasingly important tool that can provide patients access to care and tackle inequities. Digital and other technological tools can minimize the circumstance of remote care, however, telemedicine should not be viewed as a replacement for in-person medicine, as there are certain conditions and procedures that require physical examination and intervention.

Amendment 266 #

Proposal for a regulation
Recital 22

(22) Regulation (EU) No 910/2014 of the European Parliament and of the Council47lays down the conditions under which Members States perform identification of natural persons in cross- border situations using identification means issued by another Member State, establishing rules for the mutual recognition of such electronic identification means. The EHDS requires a secure access to electronic health data, including in cross-border scenarios where the health professional and the natural person are from different Member States, to avoid cases of unauthorised access. At the same time, the existence of different means of electronic identification should not be a barrier for exercising the rights of natural persons and health professionals.Digital Health Authorities, including at regional and local level, should also support digital health literacy and public awareness, while ensuring that the implementation of this Regulation contributes to reducing inequalities and does not discriminate against vulnerable populations. The rollout of interoperable, cross-border identification and authentication mechanisms for natural persons and health professionals across the EHDS requires strengthening cooperation at Union level in the European Health Data Space Board (‘EHDS Board’).As the rights of the natural persons in relation to the access and transmission of personal electronic health data should be implemented uniformly across the Union, a strong governance and coordination is necessary at both Union and Member State level. Member States should establish relevant digital health authorities for the planning and implementation of standards for electronic health data access, transmission and enforcement of rights of natural persons and health professionals. In addition, governance elements are needed in Member States to facilitate the participation of national actors in the cooperation at Union level, channelling expertise and advising the design of solutions necessary to achieve the goals of the EHDS. Digital health authorities exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. Digital health authorities should be established in all Member States, as separate organisations or as part of the currently existing authorities. The EHDS Board, digital health authorities and health data access bodies should establish transparent methods for stakeholder engagement, particularly with representatives of patients, consumers and healthcare professionals.The EHDS Board, digital health authorities and health data access bodies should adhere to a high degree of transparency of its outputs and all its members, observers and experts should act independently, in the public interest and be free from any external influence that might affect the impartiality of their professional conduct. _________________ 47 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

Amendment 267 #

Proposal for a regulation
Recital 22

(22) Regulation (EU) No 910/2014 of the European Parliament and of the Council47lays down the conditions under which Members States perform identification of natural persons in cross- border situations using identification means issued by another Member State, establishing rules for the mutual recognition of such electronic identification means. The EHDS requires a secure access to electronic health data, including in cross-border scenarios where the health professional and the natural person are from different Member States, to avoid cases of unauthorised access. At the same time, the existence of different means of electronic identification should not be a barrier for exercising the rights of natural persons and health professionals. The rollout of interoperable, cross-border identification and authentication mechanisms for natural persons and health professionals across the EHDS requires strengthening cooperation at Union level in the European Health Data Space Board (‘EHDS Board’).As the rights of the natural persons in relation to the access and transmission of personal electronic health data should be implemented uniformly across the Union, a strong governance and coordination is necessary at both Union and Member State level. Member States should establish relevant digital health authorities for the planning and implementation of standards for electronic health data access, transmission and enforcement of rights of natural persons and health professionals. Digital Health Authorities should be in charge of promoting digital literacy and public awareness, while ensuring that the implementation of this Regulation contributes to reducing inequalities and does not discriminate against people lacking digital skills.In addition, governance elements are needed in Member States to facilitate the participation of national actors in the cooperation at Union level, channelling expertise and advising the design of solutions necessary to achieve the goals of the EHDS. Digital health authorities exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. Digital health authorities should be established in all Member States, as separate organisations or as part of the currently existing authorities. _________________ 47 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

Amendment 268 #

Proposal for a regulation
Recital 22

(22) Regulation (EU) No 910/2014 of the European Parliament and of the Council47 lays down the conditions under which Members States perform identification of natural persons in cross- border situations using identification means issued by another Member State, establishing rules for the mutual recognition of such electronic identification means. The EHDS requires a secure access to electronic health data, including in cross-border scenarios where the health professional and the natural person are from different Member States, to avoid cases of unauthorised access. At the same time, the existence of different means of electronic identification should not be a barrier for exercising the rights of natural persons and health professionals. The rollout of interoperable, cross-border identification and authentication mechanisms for natural persons and health professionals across the EHDS requires strengthening cooperation at Union level in the European Health Data Space Board (‘EHDS Board’).As the rights of the natural persons in relation to the access and transmission of personal electronic health data should be implemented uniformly across the Union, a strong governance and coordination is necessary at both Union and Member State level. Member States should establish relevant digital health authorities for the planning and implementation of standards for electronic health data access, transmission and enforcement of rights of natural persons and health professionals. Digital Health Authorities should also be in charge of promoting digital literacy and public awareness, while ensuring that the implementation of this Regulation contributes to reducing inequalities and does not discriminate against people lacking digital skills. In addition, governance elements are needed in Member States to facilitate the participation of national actors in the cooperation at Union level, channelling expertise and advising the design of solutions necessary to achieve the goals of the EHDS. Digital health authorities exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. Digital health authorities should be established in all Member States, as separate organisations or as part of the currently existing authorities. _________________ 47 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

Amendment 269 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 22

(22) Regulation (EU) No 910/2014 of the European Parliament and of the Council47lays down the conditions under which Members States perform identification of natural persons in cross- border situations using identification means issued by another Member State, establishing rules for the mutual recognition of such electronic identification means. The EHDS requires a secure access to electronic health data, including in cross-border scenarios where the health professional and the natural person are from different Member States, to avoid cases of unauthorised access. At the same time, the existence of different means of electronic identification should not be a barrier for exercising the rights of natural persons and health professionals. The rollout of interoperable, cross-border identification and authentication mechanisms for natural persons and health professionals across the EHDS requires strengthening cooperation at Union level in the European Health Data Space Board (‘EHDS Board’). As the rights of the natural persons in relation to the access and transmission of personal electronic health data should be implemented uniformly across the Union, a strong governance and coordination is necessary at both Union and Member State level. As a condition for the implementation of the EHDS,Member States should establish relevant digital health authorities for the planning and implementation of standards for electronic health data access, transmission and enforcement of rights of natural persons and health professionals, which should apply the same level of digital security requirements in order to ensure an optimal level of health data protection for users. In addition, governance elements are needed in Member States to facilitate the participation of national actors in the cooperation at Union level, channelling expertise and advising the design of solutions necessary to achieve the goals of the EHDS. Digital health authorities exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. Digital health authorities should be established in all Member States, as separate organisations or as part of the currently existing authorities. _________________ 47 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

Amendment 270 #

Proposal for a regulation
Recital 22

(22) Regulation (EU) No 910/2014 of the European Parliament and of the Council47lays down the conditions under which Members States perform identification of natural persons in cross- border situations using identification means issued by another Member State, establishing rules for the mutual recognition of such electronic identification means. The EHDS requires a secure access to electronic health data, including in cross-border scenarios where the health professional and the natural person are from different Member States, to avoid cases of unauthorised access. At the same time, the existence of different means of electronic identification should not be a barrier for exercising the rights of natural persons and health professionals. The rollout of interoperable, cross-border identification and authentication mechanisms for natural persons and health professionals across the EHDS requires strengthening cooperation at Union level in the European Health Data Space Board (‘EHDS Board’). In the future, the identification and authentication for access to EHR should be facilitated by the new eID system that will be set up under the revised Regulation (EU) No 910/2014.As the rights of the natural persons in relation to the access and transmission of personal electronic health data should be implemented uniformly across the Union, a strong governance and coordination is necessary at both Union and Member State level. Member States should establish relevant digital health authorities for the planning and implementation of standards for electronic health data access, transmission and enforcement of rights of natural persons and health professionals. In addition, governance elements are needed in Member States to facilitate the participation of national actors in the cooperation at Union level, channelling expertise and advising the design of solutions necessary to achieve the goals of the EHDS. Digital health authorities exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. Digital health authorities should be established in all Member States, as separate organisations or as part of the currently existing authorities. _________________ 47 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

Amendment 271 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. Digital health authorities should ensure that appropriate training initiatives are undertaken at the local level. In particular, health professionals should be informed and trained with respect to their rights and obligations under the present Regulation. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, healthcare professionals, manufacturers of EHR systems and wellness applications, as well as other stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.

Amendment 272 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with ~~insurance bodies,~~ healthcare providers, manufacturers of EHR systems ~~and wellness applications~~, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity ~~or e-ID~~ authorities.

Amendment 273 #

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, and regional~~, and local~~ technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems and wellness applications, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.

Amendment 274 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with insurance bodies, healthcare providers, manufacturers of EHR systems ~~and wellness applications~~, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.

Amendment 275 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States and, where applicable, regions in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data. Finally, in order to guarantee the linguistic rights of natural persons to access and make use of their personal electronic health data, MyHealth@EU should be accessible in the language of preference of the natural person, including all officially recognised languages in Member States.

Amendment 276 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. ~~To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should~~Member States who so wish should be able to join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. ~~The infrastructure should be gradually expanded to support further categories of electronic health data.~~

Amendment 277 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers ~~and pharmacies~~ to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data, and funding as well as other means of European level support should be considered.

Amendment 278 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence, or when they work in a Member State other than the one in which they live. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.

Amendment 279 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. ~~To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure~~All Member States who wish to shall be able to join the digital infrastructure MyHealth@EU and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.

Amendment 280 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare and ensure patient safety when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers and pharmacies to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.

Amendment 281 #

Proposal for a regulation
Recital 24

(24) Access to and transmission of electronic health data is relevant in cross- border healthcare situations, as it may support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to get health care. In many border regions, some specialised health care services may be available closer across the border rather than in the same Member State. An infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. A voluntary infrastructure for that purpose, MyHealth@EU, has been established as part of the actions provided for in Article 14 of Directive 2011/24/EU. Through MyHealth@EU, Member States started to provide natural persons with the possibility to share their personal electronic health data with healthcare providers when travelling abroad. To further support such possibilities, the participation of Member States in the digital infrastructure MyHealth@EU should become mandatory. All Member States should join the infrastructure and connect healthcare providers ~~and pharmacies~~ to it, as this is necessary for the implementation of the rights of natural persons to access and make use of their personal electronic health data regardless of the Member State. The infrastructure should be gradually expanded to support further categories of electronic health data.

Amendment 282 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 25

(25) In the context of MyHealth@EU, a central ~~platform~~open source platform licensed under an open source licence should provide a common infrastructure for the Member States to ensure connectivity and interoperability in an efficient and secure way. In order to guarantee compliance with data protection rules and to provide a risk management framework for the transmission of personal electronic health data, the Commission should, by means of implementing acts, allocate specific responsibilities among the Member States, as joint controllers, and prescribe its own obligations, as processor. Furthermore, to ensure the technological sovereignty of the Union and ensure the highest security standards, the platform should be licenced under an open source licence in line with the Open Source Strategy 2020-2023 (C(2020) 7149 final) and Commission decision 2021/C 495 I/01. This would increase transparency and ensure consumer trust and confidence in the platform.

Amendment 283 #

Proposal for a regulation
Recital 25

(25) In the context of MyHealth@EU, a central platform should provide a common infrastructure for the Member States and all their regions to ensure connectivity and interoperability in an efficient and secure way. In order to guarantee compliance with data protection rules and to provide a risk management framework for the transmission of personal electronic health data, the Commission should, by means of implementing acts, allocate specific responsibilities among the Member States, as joint controllers, and prescribe its own obligations, as processor. Where applicable, regions with health competences should also be entrusted such tasks.

Amendment 284 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 25

(25) In the context of MyHealth@EU, a central platform, whose infrastructure shall be managed by a European actor on European soil, should provide a common infrastructure for the Member States to ensure connectivity and interoperability in an efficient and secure way. In order to guarantee compliance with data protection rules and to provide a risk management framework for the transmission of personal electronic health data, the Commission should, by means of implementing acts, allocate specific responsibilities among the Member States, as joint controllers, and prescribe its own obligations, as processor.

Amendment 285 #

Proposal for a regulation
Recital 25

Amendment 286 #

Proposal for a regulation
Recital 26

(26) In addition to services in MyHealth@EU for the exchange of personal electronic health data based on the European electronic health record exchange format, other services or supplementary infrastructures may be needed for example in cases of public health emergencies or where the architecture of MyHealth@EU is not suitable for the implementation of some use cases. Examples of such use cases include support for vaccination card functionalities, including the exchange of information on vaccination plans, or verification of vaccination certificates or other health-related certificates. This would be also important for introducing additional functionality for handling public health crises, such as support for contact tracing for the purposes of containing infectious diseases. Connection of national contact points for digital health of third countries or interoperability with digital systems established at international level should be subject to a check ensuring the compliance of the national contact point with the technical specifications, data protection rules and other requirements of MyHealth@EU. A decision to connect a national contact point of a third country should be taken by data controllers in the joint controllership group for MyHealth@EU.deleted

Amendment 287 #

Proposal for a regulation
Recital 26

Amendment 288 #

Proposal for a regulation
Recital 26

(26) In addition to services in MyHealth@EU for the exchange of personal electronic health data based on the European electronic health record exchange format, other services or supplementary infrastructures may be needed for example in cases of public health emergencies or where the architecture of MyHealth@EU is not suitable for the implementation of some use cases. Examples of such use cases include support for vaccination card functionalities, including the exchange of information on vaccination plans, or verification of vaccination certificates or other health-related certificates. This would be also important for introducing additional functionality for handling public health crises, such as support for contact tracing for the purposes of containing infectious diseases. Furthermore, in accordance with the strenghtened role of the European Center for Diseases Control and Prevention (ECDC), Member States should ensure that the ECDC receives real-time and comparable data on vaccination, including vaccination coverage listed on the ECDC vaccine schedule and vaccine-preventable disease surveillance. Connection of national contact points for digital health of third countries or interoperability with digital systems established at international level should be subject to a check ensuring the compliance of the national contact point with the technical specifications, data protection rules and other requirements of MyHealth@EU. A decision to connect a national contact point of a third country should be taken by data controllers in the joint controllership group for MyHealth@EU.

Amendment 289 #

Proposal for a regulation
Recital 26

(26) In addition to services in MyHealth@EU for the exchange of personal electronic health data based on the European electronic health record exchange format, other services or supplementary infrastructures may be needed for example in cases of public health emergencies or where the architecture of MyHealth@EU is not suitable for the implementation of some use cases. Examples of such use cases include support for vaccination card functionalities, including the exchange of information on vaccination plans, or verification of vaccination certificates or other health-related certificates. This would be also important for introducing additional functionality for handling public health crises, such as support for contact tracing for the purposes of containing infectious diseases. Furthermore, in accordance with the strengthened role of the European Center for Diseases Control and Prevention (ECDC), Member States should ensure that the ECDC receives real-time and comparable data on vaccination including vaccination coverage listed on the ECDC vaccine schedule and vaccine preventable disease surveillance. Connection of national contact points for digital health of third countries or interoperability with digital systems established at international level should be subject to a check ensuring the compliance of the national contact point with the technical specifications, data protection rules and other requirements of MyHealth@EU. A decision to connect a national contact point of a third country should be taken by data controllers in the joint controllership group for MyHealth@EU.

Amendment 290 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. At the same time, the EU should invest in and promote the equal development of a basic understanding of digital health/data literacy and skills (e-health, m-health literacy) in the Member States for the public at large to empower the citizen in healthcare and the citizen’s knowledge on their health data. Citizens need to understand that they have the right to give and revoke an approval to use their data. Digital health/data literacy and skills should be promoted in the formation for healthcare professionals and a point of attention in (continued) education. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory self-certification scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this self- certification, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15). If patients engage virtually with their healthcare providers, patients need to understand the privacy and security policies and also how to keep their information private and secure. The staff, working in a healthcare organisation, need to understand the privacy and security policies of the organization. Regular security awareness training is essential to cybersecurity in healthcare so that members of the staff are aware of threats and what to do in case of actual security incidents.

Amendment 291 #

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union~~. To that end, a mandatory self-certification scheme~~, as well as to instill the trust of citizens. To that end, a mandatory conformity assessment by notified bodies for EHR systems processing one or more priority categories of electronic health data should be ~~establish~~conducted to overcome market fragmentation while ensuring ~~a proportionate approach. Through this self- certification,~~compliance with robust security and data protection requirements. Through this conformity assessment, notified bodies should ascertain that EHR systems ~~should~~ prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).

Amendment 292 #

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory ~~self-certification schem~~conformity assessment procedure for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this ~~self- certification~~procedure, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. Considering the sensitive data that will be processed via these systems, a self-certification regime is not an adequate option. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).

Amendment 293 #

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store in the Member States of the Union and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory self-certification scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this self- certification, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).

Amendment 294 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory ~~self-~~third-party certification scheme by an independent body for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this ~~self-~~ certification, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).

Amendment 295 #

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory ~~self-certification~~third party assessment scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this ~~self- certification~~third party assessment, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).

Amendment 296 #

Proposal for a regulation
Recital 27

(27) In order to ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market of the Union should be able to store and transmit, in a secure way, high quality electronic health data. This is a key principle of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory ex-ante self-certification scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this self- certification, EHR systems should prove compliance with essential requirements on interoperability and security, set at Union level. In relation to security, essential requirements should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as cybersecurity schemes under Regulation (EU) 2019/881 of the European Parliament and of the Council48. _________________ 48 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (OJ L 151, 7.6.2019, p. 15).

Amendment 297 #

Proposal for a regulation
Recital 27 a (new)

(27 a) EHDS relies on national and European electronic health record systems, databases, and registries. In this regard, obligations are set out in Chapter III of this Regulation. It should however be recognized, that setting up obligations is not sufficient for creating a future- proof framework, which supports Europe's leadership position in health data usage and reap its benefits for citizens, industry, and other interests. As a supplement to obligations, there should be more research into the digital technology on which electronic health record systems, databases and registries are built in order to foster innovation.

Amendment 298 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Recital 28

(28) While EHR systems specifically intended by the manufacturer to be used for processing one or more specific categories of electronic health data should be subject to mandatory ~~self-~~third-party certification scheme by an independent body, software for general purposes should not be considered as EHR systems, even when used in a healthcare setting, and should therefore not be required to comply with the provisions of Chapter III.

Amendment 299 #

Proposal for a regulation
Recital 28

(28) While EHR systems specifically intended by the manufacturer to be used for processing one or more specific categories of electronic health data should be subject to a mandatory ~~self-certification~~conformity assessment by a notified body, software for general purposes should not be considered as EHR systems, even when used in a healthcare setting, and should therefore not be required to comply with the provisions of Chapter III.

Amendment 300 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 28

(28) While EHR systems specifically intended by the manufacturer to be used for processing one or more specific categories of electronic health data should be subject to mandatory ~~self-certification~~third party assessment, software for general purposes should not be considered as EHR systems, even when used in a healthcare setting, and should therefore not be required to comply with the provisions of Chapter III.

Amendment 301 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Recital 28 a (new)

(28a) Manufacturers of EHR systems which are not primarily intended to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records shall be encouraged to allow data generated by their device or software to be stored on the EHR system.

Amendment 302 #

Proposal for a regulation
Recital 30

(30) To further support interoperability and security, Member States may maintain or define specific rules for the procurement, reimbursement, financing or use of EHR systems at national level in the context of the organisation, delivery or financing of health services. Such specific rules should not impede the free movement of EHR systems in the Union. Some Member States have introduced mandatory certification of EHR systems or mandatory interoperability testing for their connection to national digital health services. Such requirements are commonly reflected in procurements organised by healthcare providers, national or regional authorities. Mandatory certification of EHR systems at Union level via a conformity assessment procedure should establish a baseline that can be used in procurements at national level.

Amendment 303 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 33

(33) Compliance with essential requirements on interoperability and security should be demonstrated by the manufacturers of EHR systems through the implementation of common specifications. To that end, implementing powers should be conferred on the Commission to determine such common specifications regarding datasets, coding systems, technical specifications, including standards, specifications and profiles for data exchange, as well as requirements and principles related to security, confidentiality, integrity, patient safety and protection of personal data as well as specifications and requirements related to identification management and the use of electronic identification. Digital health authorities should contribute to the development of such common specifications and base their discussion on previous debates.

Amendment 304 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 34

(34) In order to ensure an appropriate and effective enforcement of the requirements and obligations laid down in Chapter III of this Regulation, the system of market surveillance and compliance of products established by Regulation (EU) 2019/1020 should apply. Depending on the organisation defined at national level, such market surveillance activities could be carried out by the digital health authorities ensuring the proper implementation of Chapter II, notified bodies for EHR systems or a separate market surveillance authority responsible for EHR systems. While designating digital health authorities or national notified bodies as market surveillance authorities could have important practical advantages for the implementation of health and care, any conflicts of interest should be avoided, for instance by separating different tasks.

Amendment 305 #

Proposal for a regulation
Recital 35

Amendment 306 #

Proposal for a regulation
Recital 35

Amendment 307 #

Proposal for a regulation
Recital 35

Amendment 308 #

Proposal for a regulation
Recital 35

Amendment 309 #

Proposal for a regulation
Recital 35

Amendment 310 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 35

(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntary labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. Labelling schemes may also include information for users on data protection rights and an indication of whether the application provider or browser operator has access in any way to the data generated by the application. The Commission may set out in implementing acts the details regarding the format and content of such label.

Amendment 311 #

Proposal for a regulation
Recital 35

(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A ~~volunta~~mandatory labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. Such labelling schemes should also include information for users on data protection rights and an indication of whether the provider of the app or the browser operator has access to data generated by the app in any way. The Commission ~~may~~should set out in implementing acts the details regarding the format and content of such label.

Amendment 312 #

Proposal for a regulation
Recital 35

Amendment 313 #

Proposal for a regulation
Recital 36

(36) The distribution of information on certified EHR systems ~~and labelled wellness applications~~ is necessary to enable procurers and users of such products to find interoperable solutions for their specific needs. A database of interoperable EHR systems ~~and wellness applications,~~ which are not falling within the scope of Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final] should therefore be established at Union level, similar to the European database on medical devices (Eudamed) established by Regulation (EU) 2017/745. The objectives of the EU database of interoperable EHR systems ~~and wellness applications~~ should be to enhance overall transparency, to avoid multiple reporting requirements and to streamline and facilitate the flow of information. For medical devices and AI systems, the registration should be maintained under the existing databases established respectively under Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final], but the compliance with interoperability requirements should be indicated when claimed by manufacturers, to provide information to procurers.

Amendment 314 #

Proposal for a regulation
Recital 36

Amendment 315 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 36

Amendment 316 #

Proposal for a regulation
Recital 36 a (new)

(36 a) The uptake of real-world data and real-world evidence, including patient reported outcomes, for evidence-based regulatory and policy purposes as well as for research, health technology assessment and clinical objectives should be encouraged. Real-world data and real- world evidence have the potential to complement randomised clinical trial data and is particularly relevant when assessing safety and medicinal effectiveness of innovative products, such as, but not limited to Advanced Therapies Medicinal Products (ATMPs), particularly in the rare disease domain.

Amendment 317 #

Proposal for a regulation
Recital 36 a (new)

(36 a) For the purpose of the evaluation of the benefits and risks of medicinal products and of the identification and assessment of threats to human health posed by infectious diseases, the EMA and the ECDC shall be granted rapid access to the health data within the EHDS.

Amendment 318 #

Proposal for a regulation
Recital 37

(37) For the secondary use of the clinical data for research, innovation, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically: for processing of electronic health data held by the data holder pursuant to this Regulation, this Regulation creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing the data by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to the health data access bodies (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguards. In this context, the data permits issued by the health data access bodies are an administrative decision defining the conditions for the access to the datapersonal electronic health data for research and development, policy making, regulatory purposes, patient safety or the treatment of natural persons, the requirements provided for in Regulation (EU) 2016/679 for a Union law should be used as a basis. For processing of personal electronic health data for secondary use, a legal basis set out in points (a), (c), (e) of Article 6(1) combined with a further legal basis set out in Article 9(2) of Regulation (EU) 2016/679 is required. The most relevant processing grounds listed in Article 9(2) of Regulation (EU) 2016/679 in this context concern the consent of the data subject (point (a)), substantial public interest (point (g)), the provision of health or social care (point (h)), public interest in the area of public health (point (i)), and research (point (j)). Hence, this Regulation provides the specific legal basis for such processing in accordance with Article 9(2) (a), (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 in combination with Articles 9(2) (a), (g), (h), (i) and (j) of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. For processing of electronic health data held by the data holder pursuant to this Regulation, this Regulation creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing the data by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. The data permits issued by the health data access bodies are an administrative decision defining the conditions for the access to the data, in accordance with Regulation (EU) 2016/679 and this Regulation.

Amendment 319 #

Proposal for a regulation
Recital 37

(37) For the secondary use ~~of the~~, not requiring consent, of certain clinical data for health-related research, innovation, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of, not requiring consent, of certain health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to that health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically: for processing of certain electronic health data held by the data holder pursuant to this Regulation, this Regulation, in certain cases, creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing theat data, for secondary use, by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to ~~the health data access bodies~~bodies involved in accessing health data (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. This applies equally to the activities of the application processing body that examines and, where appropriate, approves data access applications by data users, without storing health data itself, and to the activities of the pseudonymisation body that pseudonymises the electronic health data prior to storage at health data access bodies. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which certain electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguards. In this context, the data permits issued by the ~~health data ac~~application processing bodies are an administrative decision defining the conditions for the access to the data.

Amendment 320 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 37

Amendment 321 #

Stelios KYMPOUROPOULOS

Proposal for a regulation
Recital 37

(37) For the secondary use of the clinical data for research, innovation, health professionals' training, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically: for processing of electronic health data held by the data holder pursuant to this Regulation, this Regulation creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing the data by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to the health data access bodies (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguards. In this context, the data permits issued by the health data access bodies are an administrative decision defining the conditions for the access to the data.

Amendment 322 #

Proposal for a regulation
Recital 37

(37) For the secondary use of the clinical data for research, innovation, scientific development, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically: for processing of electronic health data held by the data holder pursuant to this Regulation, this Regulation creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing the data by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to the health data access bodies (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguards. In this context, the data permits issued by the health data access bodies are an administrative decision defining the conditions for the access to the data.

Amendment 323 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 37

(37) For the secondary use of the ~~clinical~~electronic health data for research, innovation, policy making, regulatory purposes, patient safety or the treatment of other natural persons, the possibilities offered by Regulation (EU) 2016/679 for a Union law should be used as a basis and rules and mechanisms and providing suitable and specific measures to safeguard the rights and freedoms of the natural persons. This Regulation provides the legal basis in accordance with Articles 9(2) (g), (h), (i) and (j) of Regulation (EU) 2016/679 for the secondary use of health data, establishing the safeguards for processing, in terms of lawful purposes, trusted governance for providing access to health data (through health data access bodies) and processing in a secure environment, as well as modalities for data processing, set out in the data permit. At the same time, the data applicant should demonstrate a legal basis pursuant to Article 6 of Regulation (EU) 2016/679, based on which they could request access to data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV. More specifically:, for processing of electronic health data held by the data holder pursuant to this Regulation, this Regulation creates the legal obligation in the sense of Article 6(1) point (c) of Regulation (EU) 2016/679 for disclosing the data by the data holder to health data access bodies, while the legal basis for the purpose of the initial processing (e.g. delivery of care) is unaffected. This Regulation also meets the conditions for such processing pursuant to Articles 9(2) (h),(i),(j) of the Regulation (EU) 2016/679. This Regulation assigns tasks in the public interest to the health data access bodies (running the secure processing environment, processing data before they are used, etc.) in the sense of Article 6(1)(e) of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2)(h),(i),(j) of the Regulation (EU) 2016/679. Therefore, in this case, this Regulation provides the legal basis under Article 6 and meets the requirements of Article 9 of that Regulation on the conditions under which electronic health data can be processed. In the case where the user has access to electronic health data (for secondary use of data for one of the purposes defined in this Regulation), the data user should demonstrate its legal basis pursuant to Articles 6(1), points (e) or (f), of Regulation (EU) 2016/679 and explain the specific legal basis on which it relies as part of the application for access to electronic health data pursuant to this Regulation: on the basis of the applicable legislation, where the legal basis under Regulation (EU) 2016/679 is Article 6(1), point (e), or on Article 6(1), point (f), of Regulation (EU) 2016/679. If the user relies upon a legal basis offered by Article 6(1), point (e), it should make reference to another EU or national law, different from this Regulation, mandating the user to process personal health data for the compliance of its tasks. If the lawful ground for processing by the user is Article 6(1), point (f), of Regulation (EU) 2016/679, in this case it is this Regulation that provides the safeguards. In this context, the data permits issued by the health data access bodies are an administrative decision defining the conditions for the access to the data.

Amendment 324 #

Proposal for a regulation
Recital 37

Amendment 325 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data ~~should~~might also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy- making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use that would benefit the public interest.

Amendment 326 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use. Provided that it complies with conditions of relevant articles of the Regulation (EU) 2016/679, it should also be possible to combine individual’s electronic health data with other types of data, for example consumer behavioural data for research purposes as long as the data is anonymised.

Amendment 327 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use, while excluding banking organisations, insurance companies and any other private profit-making actor whose main activity is not scientific research or any work strictly related to healthcare from the list of entities which may collect such health data.

Amendment 328 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, aggregated genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and ~~doctor~~healthcare professionals to use those data for different purposes, including research, ~~innovation~~development, policy-making, regulatory purposes, and patient safety ~~or personalised medicine~~. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders, except for micro enterprises and small enterprises in the context of healthcare professionals’ practices and pharmacies, should contribute to this effort in making different categories of electronic health data they are holding available for secondary use. Likewise, beneficiaries should respect the principle of open science and provide open access to research or processing results.

Amendment 329 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, health surveillance, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health- related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use insofar as such effort is always conducted through effective and secured processes, such as aggregation and randomisations and with due respect to professional duties, including but not limited to, confidentiality duties.

Amendment 330 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, files on the COVID pandemic and other events with a major impact on public health, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use.

Amendment 331 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, health professionals, regulators and doctors to use those data for different purposes, including research, innovation, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use in full respect of the rules on confidentiality.

Amendment 332 #

Proposal for a regulation
Recital 38

(38) In the context of the EHDS, the electronic health data already exists and is being collected by healthcare providers, professional associations, public institutions, regulators, researchers, insurers etc. in the course of their activities. Some categories of data are collected primarily for the provisions of healthcare (e.g. electronic health records, genetic data, claims data, etc.), others are collected also for other purposes such as research, statistics, patient safety, regulatory activities or policy making (e.g. disease registries, policy making registries, registries concerning the side effects of medicinal products or medical devices, etc.). For instance, European databases that facilitate data (re)use are available in some areas, such as cancer (European Cancer Information System) or rare diseases (European Platform on Rare Disease Registration, ERN registries, etc.). These data should also be made available for secondary use. However, much of the existing health-related data is not made available for purposes other than that for which they were collected. This limits the ability of researchers, innovators, policy- makers, regulators and doctors to use those data for different purposes, including research, innovation, scientific development, policy-making, regulatory purposes, patient safety or personalised medicine. In order to fully unleash the benefits of the secondary use of electronic health data, all data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use.

Amendment 333 #

Stelios KYMPOUROPOULOS

(38 a) Taking into consideration the emerging use of extended reality technologies, such as but not limited to virtual and augmented reality, and their widespread use in the future, the EHDS regulation should strengthen the connection between the data collected by these technologies and the EHR systems, for the use of clinical data for research, innovation, policy making, patient safety or the treatment of other natural persons, and also training of health professionals.

Amendment 334 #

Proposal for a regulation
Recital 38 a (new)

(38a) The collection and processing of electronic health data for secondary use will only be done with the consent of the patient or their representative. Similarly, under this Regulation, patients will have the possibility to alter or restrict access to all or to parts of their personal data for all or certain types of secondary uses.

Amendment 335 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that, with the patient’s exclusive consent, can be processed for secondary use, should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data that are related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person-generated data, such as data from medical devices, wellness applications or other wearables and digital health applicationshave a direct, known impact on health. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 336 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices, wellness applications or other wearables and digital health applications. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 337 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person-generated data, such as data from medical devices, wellness applications or other wearables and digital health applications. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 338 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (~~for example~~ consumption of different substances, ~~homelessness, health insurance, minimum income, professional status, behaviour,~~ including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person-generated data, such as data from medical devices~~, wellness applications or other wearables and digital health applications~~. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 339 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices, wellness applications or other wearables and digital health applications, which must comply with the data security measures. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 340 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices, wellness applications or other wearables and digital health applications. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset for research and innovation activities. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 341 #

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as non- personal data with an impact on health (for example consumption of different substances, homelessness, health insurance, minimum income, professional status, behaviour, including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person- generated data, such as data from medical devices~~, wellness applications or other wearables and digital health applications~~. The data user who benefits from access to datasets provided under this Regulation pursuant to a data permit could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

Amendment 342 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Recital 39 a (new)

(39 a) A relationship of trust between patients and health or care providers is a paramount element of the provision of health or social care or treatment. It is within that delicate context that the patient and/or the legitimate legal representative of the patient should have a say in the processing of their health data for secondary use. It is necessary to empower patients - data subjects - by giving them the possibility to restrict full or partial access to their personal health data for secondary use. Moreover, it is imperative to provide them with the sufficient information regarding this possibility. Therefore, an opt-out option for the patients and/or the legitimate legal representative of the patient for secondary use of their electronic health data should be envisaged, as the purpose of the secondary processing causes the patient's individual interests to prevail over the general interest of society.

Amendment 343 #

Proposal for a regulation
Recital 39 a (new)

(39 a) A relationship of trust between patients and health or care providers is a crucial element of the provision of health or social care or treatment. It is within that delicate context that patients should have a say in the processing of their electronic health records for secondary use. It is appropriate to empower patients by giving them the possibility to restrict access to all or parts of their electronic health record for all or parts of secondary use and to provide for obligations to clearly inform individuals of this possibility. Therefore, an opt-out for individuals for secondary use of their electronic health records should be envisaged.

Amendment 344 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 40

(40) The data holders can be public, non for profit or ~~private~~ health or care providers, public, non for profit and ~~private~~ organisations, associations or other entities, public ~~and private~~ entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public ~~or private~~ entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protection. However, pPublic authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.

Amendment 345 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 40

Amendment 346 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Recital 40

Amendment 347 #

Proposal for a regulation
Recital 40

(40) The data holders can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protection. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sectorAs such, they are controllers in the meaning of Regulation (EU) 2016/679 in the health or care sector since they process personal electronic health data. In order to avoid a disproportionate burden on small entities, micro-enterprises and small enterprises in healthcare professional setting are excluded from the obligation to make their data available for secondary use in the framework of EHDS. It should be noted that making anonymised data available for secondary use will require additional resources for healthcare systems, including often understaffed public hospitals. This additional burden for public entities should be addressed and minimised to the greatest possible extent during the implementation phase of the EHDS and, where necessary, allocation of additional resources should be ensured. To safeguard the long-term sustainability and durability of European healthcare systems and the provision of public goods across the Union, sufficient and adequate return to public investment in the field of health must be ensured via adequate societal access to access products and services developed via the EHDS framework on a just, fair, transparent, and redistributive basis that can contribute to greater social justice. The public good nature of European healthcare systems and equality of access need to be safeguarded by demonstrating the public value stemming from private investments via the EHDS framework and by enhancing the role of public institutions in the field. Likewise, when electronic health data is made available for secondary use, research and processing results should be made publicly available based on the principles of open science so that society at large can access relevant results in the field, enhance transparency, and further contribute to new innovative products and services that can benefit society at large. Data generated by individuals and shared through the EHDS must be considered a public investment. Uses that are detrimental to individuals, in particular to vulnerable groups, should be prohibited and subject to aggravated penalties. In light of possible future risks, a moratorium on certain uses and users should be made possible.

Amendment 348 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 40

Amendment 349 #

Proposal for a regulation
Recital 40

(40) The data holders in the context of secondary use of electronic health data can be public, non for profit or private health or care providers, public, non for profit and private organisations, associations or other entities, public and private entities that carry out research with regards to the health sector that process the categories of health and health related data mentioned above. In order to avoid a disproportionate burden on small entities, micro-enterprises are excluded from the obligation to make their data available for secondary use in the framework of EHDS. The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in area where the collection of such data is fragmented of difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefitting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies should be provided by the level of confidentiality protection in accordance with TRIPS and Directive (EU) 2016/943. often enjoy copyright protection or similar types of protection. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.

Amendment 350 #

Proposal for a regulation
Recital 40

Amendment 351 #

Proposal for a regulation
Recital 40

Amendment 352 #

Proposal for a regulation
Recital 40 a (new)

(40 a) The public or private entities often receive public funding, from national or Union funds to collect and process electronic health data for research, statistics (official or not) or other similar purposes, including in areas where the collection of such data is fragmented or difficult, such as rare diseases, cancer etc. Such data, collected and processed by data holders with the support of Union or national public funding, should be made available by data holders to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policy making benefiting the society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. At the same time, data benefiting from specific legal protection such as intellectual property from medical device companies or pharmaceutical companies often enjoy copyright protection or similar types of protection. However, public authorities and regulators should have access to such data, for instance in the event of pandemics, to verify defective devices and protect human health. In times of severe public health concerns (for example, PIP breast implants fraud) it appeared very difficult for public authorities to get access to such data to understand the causes and knowledge of manufacturer concerning the defects of some devices. The COVID-19 pandemic also revealed the difficulty for policy makers to have access to health data and other data related to health. Such data should be made available for public and regulatory activities, supporting public bodies to carry out their legal mandate, while complying with, where relevant and possible, the protection enjoyed by commercial data. Specific rules in relation to the secondary use of health data should be provided. Data altruism activities may be carried out by different entities, in the context of Regulation […] [Data Governance Act COM/2020/767 final] and taking into account the specificities of the health sector.

Amendment 353 #

Proposal for a regulation
Recital 40 a (new)

(40 a) Clinical trials are of utmost importance for fostering innovation within Europe in the benefit of European patients. In order to incentivise continuous European leadership in this domain, the sharing of the clinical trials data through the EHDS for secondary use should not compromise the scientific integrity of and investment in these clinical trials, in line with Regulation (EU) 536/2014.

Amendment 354 #

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research~~, innovation~~ and development, policy making, ~~educational activities,~~ patient safety, or regulatory activities ~~or personalised medicine,~~ in line with the purposes set out in this Regulation. Access to data for secondary use should ~~contribute to the general interest of the society~~be based on the data subject's explicit consent in the case of personal data and contribute to the general interest of the society as well as to high quality, accessibility and affordability of medical products. Without the data subject’s consent, any health data may only be made accessible after it has been fully and irreversibly anonymised by the data holder, where necessary by aggregating the health data of several persons. Real world evidence collected through the EHDS should in no way substitute data generated in clinical trials, which remain a gold standard in terms of data generation for regulatory purposes. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies which are necessary to meet a substantial public interest, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remains at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), ~~development and innovation, producing goods and services for the~~related to health or care sectors for the prevention, early detection, diagnosis, treatment, rehabilitation, supportive care or health or care ~~sectors, such as innovation activities or training of AI algorithms that could protect~~management. It should also contribute to development activities aimed at producing goods and services for the health or care ~~of natural person~~sectors. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, to profile and discriminate against individuals, or develop harmful products should be prohibited.

Amendment 355 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ

Proposal for a regulation
Recital 41

Amendment 356 #

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Particularly, the secondary use of health data for research and development purposes should contribute to a return to society in the form of new medicines, medical devices, health care products and services at affordable and fair prices for European citizens, as well as enhancing access and availability of such in all Member States. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public health bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. ~~Public bodies and Union institutions, bodies, offices and agencies~~National public health authorities and European Union agencies related to health may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. POther public sector bodies from Member States and European Union institutions, bodies, offices and agencies may carry out such research activities by using third parties, including sub- contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 357 #

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society and lead to better, more affordable and accessible health products and services for all natural persons. For this purpose, pharmaceutical and medical devices companies must be fully transparent about the uses of EHDS data and their contribution to product development. In addition, to maximise public return, data access requests should include commitments on the availability and affordability of end products such as medicines. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 358 #

Proposal for a regulation
Recital 41

Amendment 359 #

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data for research, innovation, policy making, educational activities and information campaigns on a range of health matters, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities and the measures on access to, and the security of, personal data are strictly complied with. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access, be this limited or not, depending on the situation, to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 360 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, private, not for profit entities, as well as individual researchers to have access to health data ~~for research, innovation, policy making, educational activities, patient safety, regulatory activiti~~in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society and lead to better, more affordable and accessible health products and services for ~~personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society~~all natural persons. For this purpose pharmaceutical and medical devices companies must be fully transparent about the uses of EHDS data and its contribution to product development. In addition, to maximise public return, data access requests should include commitments on the availability and affordability of end products such as medicines. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural personsof public interest. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 361 #

Proposal for a regulation
Recital 41

(41) The secondary use of health data under EHDS should enable the public, ~~private,~~ not for profit entities, as well as individual researchers to have access to health data for research, innovation, scientific development, policy making, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes set out in this Regulation. Access to data for secondary use should contribute to the general interest of the society. Activities for which access in the context of this Regulation is lawful may include using the electronic health data for tasks carried out by public bodies, such as exercise of public duty, including public health surveillance, planning and reporting duties, health policy making, ensuring patient safety, quality of care, and the sustainability of health care systems. Public bodies and Union institutions, bodies, offices and agencies may require to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, which is provided by this Regulation. Public sector bodies may carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remain at all time the supervisor of these activities. The provision of the data should also support activities related to scientific research (including private non-profit research), development and innovation, producing goods and services for the health or care sectors, such as innovation activities or training of AI algorithms that could protect the health or care of natural persons. In some cases, the information of some natural persons (such as genomic information of natural persons with a certain disease) could support the diagnosis or treatment of other natural persons. There is a need for public bodies to go beyond the emergency scope of Chapter V of Regulation […] [Data Act COM/2022/68 final]. However, the public sector bodies may request the support of health data access bodies for processing or linking data. This Regulation provides a channel for public sector bodies to obtain access to information that they require for fulfilling their tasks assigned to them by law, but does not extend the mandate of such public sector bodies. Any attempt to use the data for any measures detrimental to the natural person, to increase insurance premiums, to advertise products or treatments, or develop harmful products should be prohibited.

Amendment 362 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 41 a (new)

(41 a) Natural persons should be empowered to and have a right to control their electronic health data under this Regulation. Therefore the possibility for data subjects to decline the processing of all or parts of their health data for secondary use for some or all purposes should be provided. An easily understandable and accessible opt-out mechanism in a user-friendly format should be provided in this regard. Natural persons who opt-out of the processing of some or all of their health data for secondary use should not preclude their possibility to reconsider and provide some or all of their health data for secondary use at a later point.

Amendment 363 #

Pernille WEISS, Peter LIESE, Stelios KYMPOUROPOULOS

(41a) The secondary use of electronic health data is essential to furthering research, finding new treatments and improving European patients’ health. The sharing of that data promises to foster collaboration between research and development teams from one or more Member States, particularly in certain fields such as cancer, mental illness and rare diseases.

Amendment 364 #

Proposal for a regulation
Recital 41 a (new)

(41 a) Cross-border research collaborations are of great importance across medical research fields, including for research into childhood cancer and rare diseases. As such, the use of electronic health data for secondary purposes through the European Health Data Space should empower the development of collaborative research by supporting the use of data between two or more teams within the same Member State or cross-border.

Amendment 365 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 41 b (new)

(41 b) Due to the highly sensitive nature of certain types of electronic health data, where full anonymisation is not possible and therefore the risk of re-identification of the data subject is high, additional safeguards should be provided for. An opt-in mechanism whereby data subjects explicitly consent or give their permission to the processing of part or all of such data for some or all secondary use purposes should be envisaged. This is particularly relevant for human genetic, genomic and proteomic data, as well as data from biobanks. Where data subjects explicitly consent to the use of parts or all of this data for some or all secondary use purposes, they should be made aware of the sensitive nature of the data they are sharing.

Amendment 366 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 41 c (new)

(41 c) Different demographics have varying degrees of digital literacy which may hamper their ability to enact their rights to control their electronic health data. In addition to the right for natural persons to authorise another natural person of their choice to access or control their electronic health data on their behalf, Member States should charge digital health authorities with the creation of targeted national digital literacy programmes to maximise social inclusion and to ensure all natural persons can effectively exercise their rights under this Regulation.

Amendment 367 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 42

(42) The establishment of one or more health data access bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data. Member States should therefore establish one or more health data access body, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies should be designated as a coordinator in case there are more than one data access body. Where a Member State establishes several bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one health data access body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other health data access bodies, the EHDS Board and the Commission. Health data access bodies may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization) but should have the same functions, responsibilities and capabilities. Health data access bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that the health data access body cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each health data access body should be provided with the financial, technical and human resources, premises and infrastructure necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Given the central role of the health data access bodies in the context of secondary use of electronic health data, and especially the decision-making on granting or refusing a health data permit and preparing the data to make it available to health data users, their members and staff should have the necessary qualifications, experience and skills, in particular in the area of ethics, cybersecurity, protection of intellectual property and trade secrets, healthcare, scientific research, artificial intelligence and other relevant areas, as well as the protection of personal data and specifically data concerning health. In addition, the decision-making process regarding the granting or refusal of the health data permit should involve ethical considerations. Each health data access body should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks to the competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health data.

Amendment 368 #

Proposal for a regulation
Recital 42

(42) The establishment of one or more health data access bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data. Member States should therefore establish one or more health data access body, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies should be designated as a coordinator in case there are more than one data access body. Likewise, despite Member States’ constitutional, organisational and administrative specificities, health data access bodies should at least consist of authorization bodies to decide on the validity of data access applications and data requests, and of trust bodies that receive the electronic health data from data holders and disclose it to authorisation bodies. Where a Member State establishes several bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one health data access body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other health data access bodies, the EHDS Board and the Commission. Health data access bodies may vary in terms of organisation and size (spanning from a dedicated full- fledged organization to a unit or department in an existing organization) but should have the same functions, responsibilities and capabilities. Health data access bodies should not be influenced in their decisions on access to electronic data for secondary use and their staff should not have any conflict of interest that is prejudicial to their independence and impartial conduct. However, their independence should not mean that the health data access body cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each health data access body should be provided with the financial and human resources, legal and technical expertise, including ethical boards and committees premises and infrastructure necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Each health data access body should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks to the competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health data.

Amendment 369 #

(42) ~~The establishment of one or more~~In order to increase the level of data protection and citizens' trust in connection with the secondary use of data, health data acprocess ~~bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data~~ing steps should be divided up among legally distinct entities for (i) the pseudonymisation of health data (‘pseudonymisation bodies’), (ii) the storage and processing of health data (‘health data access bodies’) and (iii) health data access applications (‘application processing bodies’). Member States should therefore establish one or more ~~health data access body~~such bodies in each case, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies involved should be designated as a coordinator for Union-wide cooperation in case there are more than one data access body. Where a Member State establishes several such bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one ~~health data access~~ body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other ~~health data access bodies, the EHDS Board and the Commission. Health data access bodies~~bodies involved in accessing health data, the EHDS Board and the Commission. The bodies involved in accessing health data may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization or private bodies) but should have the same functions, responsibilities and capabilities. ~~Health data ac~~Application processing bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that ~~the health data ac~~application processing bodyies cannot be subject to control or monitoring mechanisms regarding ~~its~~their financial expenditure or to judicial review. Each ~~health data ac~~application processing body should be provided with the necessary financial and human resources, premises and infrastructure ~~necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Each health data access body~~, or any private application processing body should be reimbursed the necessary appropriate level of expenditure, for the effective performance of its tasks, including those related to cooperation with other bodies involved in accessing health data throughout the Union. All bodies involved in the secondary use of health data should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks toWith regard to application processing bodies, a certification system should be set up to ensure their competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health datace and uniform assessment standards for data use applications.

Amendment 370 #

Proposal for a regulation
Recital 42

(42) The establishment of one or more health data access bodies, supporting access to electronic health data in Member States, is an essential component for promoting the secondary use of health- related data. Member States should therefore establish one or more health data access body, for instance to reflect their constitutional, organisational and administrative structure. However, one of these health data access bodies should be designated as a coordinator in case there are more than one data access body. Where a Member State establishes several bodies, it should lay down rules at national level to ensure the coordinated participation of those bodies in the EHDS Board. That Member State should in particular designate one health data access body to function as a single contact point for the effective participation of those bodies, and ensure swift and smooth cooperation with other health data access bodies, the EHDS Board and the Commission. Health data access bodies may vary in terms of organisation and size (spanning from a dedicated full-fledged organization to a unit or department in an existing organization) but should have the same functions, responsibilities and capabilities, and comply with all the measures on access to, and the security of, personal medical data. Health data access bodies should not be influenced in their decisions on access to electronic data for secondary use. However, their independence should not mean that the health data access body cannot be subject to control or monitoring mechanisms regarding its financial expenditure or to judicial review. Each health data access body should be provided with the financial and human resources, premises and infrastructure necessary for the effective performance of its tasks, including those related to cooperation with other health data access bodies throughout the Union. Each health data access body should have a separate, public annual budget, which may be part of the overall state or national budget. In order to enable better access to health data and complementing Article 7(3) of Regulation […] of the European Parliament and of the Council [Data Governance Act COM/2020/767 final], Member States should entrust health data access bodies with powers to take decisions on access to and secondary use of health data. This could consist in allocating new tasks to the competent bodies designated by Member States under Article 7(1) of Regulation […] [Data Governance Act COM/2020/767 final] or in designating existing or new sectoral bodies responsible for such tasks in relation to access to health data.

Amendment 371 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 43

(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Those supervisory authorities should remain the only competent authorities responsible for personal data protection issues and their decisions should not be conditioned or overruled by the health data access bodies. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.

Amendment 372 #

Proposal for a regulation
Recital 43

(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested state-of-the-art techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. In this regard, health data access bodies should cooperate across borders and converge on common definitions and techniques. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.

Amendment 373 #

Proposal for a regulation
Recital 43

(43) The health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, the health data access bodies should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation. The health data access bodies should also cooperate with stakeholders, including patient organisations. The selection procedure for health stakeholders should be transparent, public, and free of any conflict of interest. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulation (EU) 2016/679 apply and the supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 should be tasked with enforcing these rules. Moreover, given that health data are sensitive data and in a duty of loyal cooperation, the health data access bodies should duly and expeditiously inform the data protection authorities of any issues related to the data processing for secondary use, including penalties. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, support the development of AI in health and promote the development of common standards. They should apply tested techniques that ensure electronic health data is processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. Health data access bodies can prepare datasets to the data user requirement linked to the issued data permit. This includes rules for anonymization of microdata sets.

Amendment 374 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Amendment 375 #

Proposal for a regulation
Recital 44

(44) ~~Considering the administrative burden for health data access bodies to~~Health data access bodies should comply with the obligations laid down in Article 14 paragraphs (1), (2), (3) and (4) of Regulation (EU) 2016/679 and inform the natural persons whose data are used in data projects within a secure processing environment~~, t~~. The exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 ~~should~~may apply. TWhere~~fore~~ such exceptions are applied, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed, allowing natural persons to understand whether their data are being made available for secondary use pursuant to data permits. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the health data access body, which should inform the ~~data subject or his health professional~~health professional of the data subject concerned. Natural persons should be able to access the results of different research projects on the website of the health data access body, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.

Amendment 376 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 44

(44) Considering the administrative burden for health data access bodies to inform the natural persons whose data are used in data projects within a secure processing environment, the exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 should apply. Therefore, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the health data access body, which should inform the data subject or his health professional, with due regard for the stated wish of the data subject not to be contacted. Natural persons should be able to access the results of different research projects on the website of the health data access body, ~~ideally~~ in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.

Amendment 377 #

Proposal for a regulation
Recital 44

(44) Considering the administrative burden for health data access bodies, application processing bodies and pseudonymisation bodies to inform the natural persons whose data are used in data projects within a secure processing environment, the exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 should apply. Therefore, ~~health data access bodies~~bodies involved in accessing health data should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the ~~health data ac~~data holder, if appropriate with the involvement of the application processing body, which, with the involvement of the pseudonymisation body, should inform the data subject or his health professional. Natural persons should be able to access the results of different research projects on the website of the ~~health data ac~~application processing body or a central website, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each ~~health data ac~~application processing body should publish an annual activity report providing an overview of its activities.

Amendment 378 #

Proposal for a regulation
Recital 44

(44) Considering the administrative burden for health data access bodies to inform the natural persons whose data are used in data projects within a secure processing environment, the exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 should apply. Therefore, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned, while fully respecting the principles of medical confidentiality and professional secrecy. In this case, the data user should inform the health data access body, which should inform the data subject or his health professional. Natural persons should be able to access the results of different research projects on the website of the health data access body, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.

Amendment 379 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 44

(44) Considering the administrative burden for health data access bodies to inform the natural persons whose data are used in data projects within a secure processing environment, the exceptions provided for in Article 14(5) of Regulation (EU) 2016/679 should apply. Therefore, health data access bodies should provide general information concerning the conditions for the secondary use of their health data containing the information items listed in Article 14(1) and, where necessary to ensure fair and transparent processing, Article 14(2) of Regulation (EU) 2016/679, e.g. information on the purpose and the data categories processed. Exceptions from this rule should be made when the results of the research could assist in the treatment of the natural person concerned. In this case, the data user should inform the health data access body, which should inform the data subject or his health professional, with due regard for the stated preference of the data subject to not be contacted. Natural persons should be able to access the results of different research projects on the website of the health data access body, ideally in an easily searchable manner. The list of the data permits should also be made public. In order to promote transparency in their operation, each health data access body should publish an annual activity report providing an overview of its activities.

Amendment 380 #

Proposal for a regulation
Recital 46

(46) In order to support the secondary use of electronic health data, the data holders should refrain from withholding the data, requesting unjustified fees that are not transparent nor proportionate with the costs for making data available (and, where relevant, with marginal costs for data collection), requesting the data users to co- publish the research or other practices that could dissuade the data users from requesting the data. Where ethical approval is necessary for providing a data permit, its evaluation should be based on its own merits. On the other hand, ~~Union institutions, bodies, offices and~~national public health authorities, European Union agencies, including EMA, ECDC and ~~the Commission,~~EMCDDA have very important and insightful data. Access to data of such institutions~~, bodies, offices~~ and agencies should be granted through the health data access body where the controller is located.

Amendment 381 #

Proposal for a regulation
Recital 47

(47) Health data access bodies and single data holders should be allowed to charge fees based on the provisions of Regulation […] [Data Governance Act COM/2020/767 final] in relation to their tasks. Such fees may take into account the situation and interest of SMEs, individual researchers or public bodies. Data holders should be allowed to also charge fees for making data available. Such fees should reflect the costs for providing such services but not be significantly higher or unjustified. Private data holders may also charge fees for the collection of data. In order to ensure a harmonised approach concerning fee policies and structure, the Commission may adopt implementing acts. Provisions in Article 10 of the Regulation [Data Act COM/2022/68 final] should apply for fees charged under this Regulation.

Amendment 382 #

Proposal for a regulation
Recital 47

Amendment 383 #

Proposal for a regulation
Recital 47

(47) Health data access bodies ~~and single data holders~~ should be allowed to charge fees based on the provisions of Regulation […] [Data Governance Act COM/2020/767 final] in relation to their tasks. Such fees may take into account the situation and interest of SMEs, individual researchers or public bodies. Data holders should be allowed to also charge fees for making data available. Such fees should reflect the costs for providing such services. Private data holders may also charge fees for the collection of data. In order to ensure a harmonised approach concerning fee policies and structure, the Commission may adopt implementing acts. Provisions in Article 10 of the Regulation [Data Act COM/2022/68 final] should apply for fees charged under this Regulation.

Amendment 384 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 47

(47) Health data access bodies ~~and single data holders~~ should be allowed to charge fees based on the provisions of Regulation […] [Data Governance Act COM/2020/767 final] in relation to their tasks. Such fees may take into account the situation and interest of SMEs, individual researchers or public bodies. Data holders should be allowed to also charge fees for making data available. Such fees should reflect the costs for providing such services. Private data holders may also charge fees for the collection of data. In order to ensure a harmonised approach concerning fee policies and structure, the Commission may adopt ~~implementing~~delegated acts. Provisions in Article 10 of the Regulation [Data Act COM/2022/68 final] should apply for fees charged under this Regulation.

Amendment 385 #

Proposal for a regulation
Recital 47

(47) Health data access bodies and single data holders should be allowed to charge fees based on the provisions of Regulation […] [Data Governance Act COM/2020/767 final] in relation to their tasks. Such fees may take into account the situation and interest of SMEs, individual researchers or public bodies. Data holders should be allowed to also charge fees for making data available. Such fees should reflect the costs for providing such services. ~~Private d~~Data holders may also charge fees for the collection of data. In order to ensure a harmonised approach concerning fee policies and structure, the Commission may adopt implementing acts. Provisions in Article 10 of the Regulation [Data Act COM/2022/68 final] should apply for fees charged under this Regulation.

Amendment 386 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 48

(48) In order to strengthen the enforcement of the rules on the secondary use of electronic health data, appropriate measures that can lead to penalties or temporary or definitive exclusions from the EHDS framework of the data users or data holders that do not comply with their obligations. The health data access body should be empowered to verify compliance and give data users and holders the opportunity to reply to any findings and to remedy any infringement. TWhe ~~imposition of penalties should be subject to appropriate procedural safeguards~~n deciding on the amount of the penalty for each individual case, Member States should take into acco~~rdance with the general principles of law of the relevant Member State, including effective judicial protection and due process~~unt the margins and criteria set out in this Regulation.

Amendment 387 #

Proposal for a regulation
Recital 48

(48) In order to strengthen the enforcement of the rules on the secondary use of electronic health data, appropriate measures that can lead to penalties or temporary or definitive exclusions from the EHDS framework ofr even fines directed to the data users or data holders that do not comply with their obligations. The health data access body should be empowered to verify compliance and give data users and holders the opportunity to reply to any findings and to remedy any infringement. The imposition of penalties should be subject to appropriate procedural safeguards in accordance with the general principles of law of the relevant Member State, including effective judicial protection and due process.

Amendment 388 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 48

Amendment 389 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, common standards for data anonymisation shall be further developed and the use of anonymised electronic health data which is devoid of any personal data should be made available, when possible ~~and if the data user asks it~~, with data that cannot be anonymised or pseudonymized being excluded of reuse possibilities. Requests of pseudonymised data should be duly justified. When providing access to a pseudonymised or anonymised dataset, a Data Access Body should follow state-of- the-art anonymisation/pseudonymisation technology. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s)'s professional, with due regard for the stated wish of the data subject not to be contacted. Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 390 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when ~~possible and if the data user asks it~~the purpose of processing by the data user can be achieved with such data and the data subject has not given explicit consent for the secondary use of his/her personal data. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. To this end, the Commission can adopt implementing acts to identify the procedures and requirements for a unified and irreversible procedure for anonymising and pseudonymising electronic health data. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 391 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Recital 49

Amendment 392 #

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data ~~which is devoid of any personal data should be made available~~that ensures, to the maximum extent possible, by making use of state-of-the-art technologies, that a person cannot be reidentified, should be made available by the health data access bodies when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 393 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by asking for their explicit consent for the data to be used and by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available ~~when possible and if the data user asks it~~. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s), if the natural person has agreed in advance to receive such information. Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 394 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s), with due regard for the stated preference of the data subject to not be contacted. Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 395 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it and the request is duly justified. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 396 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the permanent encryption key can only be held by the ~~health data access~~pseudonymisation body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the ~~health data ac~~application processing bodyies, which in turn would request the pseudonymisation body to inform the concerned natural person(s)~~. Moreover,~~ about this. Moreover, via the application processing bodies the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 397 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity and must ensure the total protection of that data. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 398 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format -e.g data encryption- and the encryption key can only be held by the health data access body. Data users should not attempt to re- identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 399 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it ~~should~~must clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data ~~should~~must only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users ~~should~~must not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 400 #

Proposal for a regulation
Recital 49

(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available ~~when possible and if the data user asks it~~. If the data user needs to use personal electronic health data, it should clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data should only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users should not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the relevant health professional of the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request~~, including~~ in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.

Amendment 401 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR

Proposal for a regulation
Recital 50

(50) In order to ensure that all health data access bodies issue permits in a similar way, it is necessary to establish a standard common process for the issuance of data permits, with similar requests in different Member States. The applicant should provide health data access bodies with several information elements that would help the body evaluate the request and decide if the applicant may receive a data permit for secondary use of data, also ensuring coherence between different health data access bodies. Such information include: the legal basis under Regulation (EU) 2016/679 to request access to data (exercise of a task in the public interest assigned by law or legitimate interest), applicant´s identity, purposes for which the data would be used and detailed plan and explanation of the intended use and expected benefits related to the use, description of the needed data and possible data sources, a description of the tools needed to process the data, as well as characteristics of the secure environment that are needed. The applicant should also provide a declaration of having sufficient experience to manage the intended uses of the data requested, consistent with ethical practice and applicable laws and regulations as well as a declaration that the intended uses of the data request do not pose a risk of stigmatisation or dignity harm to both individuals and the groups implicated in the dataset requested. Where data is requested in pseudonymised format, the data applicant should explain why this is necessary and why anonymous data would not suffice. An ethical assessment may be requested based on national law. The health data access bodies and, where relevant data holders, should assist data users in the selection of the suitable datasets or data sources for the intended purpose of secondary use. Where the applicant needs anonymised statistical data, it should submit a data request application, requiring the health data access body to provide directly the result. In order to ensure a harmonised approach between health data access bodies, the Commission should support the harmonisation of data application, as well as data request.

Amendment 402 #

Proposal for a regulation
Recital 50

(50) In order to ensure that all health data access bodies issue permits in a similar way, it is necessary to establish a standard common process for the issuance of data permits, with similar requests in different Member States. The applicant should provide health data access bodies with several information elements that would help the body evaluate the request and decide if the applicant may receive a data permit for secondary use of data, also ensuring coherence between different health data access bodies. Such information include: a description of the applicant’s identity, professional function, and operation, the legal basis under Regulation (EU) 2016/679 to request access to data (exercise of a task in the public interest assigned by law or legitimate interest), purposes for which the data would be used, description of the needed data and possible data sources, a description of the tools needed to process the data, as well as characteristics of the ~~sec~~free and open source ~~environment that are needed~~tools and computing resources that are needed for the secure environment. Where data is requested in pseudonymised format, the data applicant should explain why this is necessary and why anonymous data would not suffice. An ethical assessment may be requested based on national law. The health data access bodies and, where relevant data holders, should assist data users in the selection of the suitable datasets or data sources for the intended purpose of secondary use. Where the applicant needs anonymised statistical data, it should submit a data request application, requiring the health data access body to provide directly the result. In order to ensure a harmonised approach between health data access bodies, the Commission should support the harmonisation of data application, as well as data request.

Amendment 403 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Recital 50

(50) In order to ensure that all ~~health data ac~~application processing bodies responsible for access to health data issue permits in a similar way, it is necessary to establish a standard common process for the issuance of data permits, with similar requests in different Member States. The applicant should provide the~~alth data ac~~ application processing bodies with several information elements that would help the body evaluate the request and decide if the applicant may receive a data permit for secondary use of data, also ensuring coherence between different ~~health data ac~~application processing bodies. Such information include: the legal basis under Regulation (EU) 2016/679 to request access to data (exercise of a task in the public interest assigned by law or legitimate interest), purposes for which the data would be used, description of the needed data and possible data sources, a description of the tools needed to process the data, as well as characteristics of the secure environment that are needed. Where data is requested in pseudonymised format, the data applicant should explain why this is necessary and why anonymous data would not suffice. An ethical assessment may be requested based on national law. ~~The health data ac~~Application processing bodies and, where relevant, data holders, should assist data users in the selection of the suitable datasets or data sources for the intended purpose of secondary use. Where the applicant needs anonymised statistical data, it should submit a data request application, requiring the ~~health data ac~~application processing body to provide directly the result with the assistance of the access body. In order to ensure a harmonised approach between ~~health data ac~~application processing bodies, the Commission should support the harmonisation of data application, as well as data request.

Amendment 404 #

Proposal for a regulation
Recital 51

(51) As the resources of health data access bodies are limited, they can apply prioritisation rules, for instance prioritising public institutions before private non- profit entities, but they should not make any discrimination between the national or from organisations from other Member States or, where applicable, regions with health legislative and executive competences, within the same category of priorities. The data user should be able to extend the duration of the data permit in order, for example, to allow access to the datasets to reviewers of scientific publication or to enable additional analysis of the dataset based on the initial findings. This would require an amendment of the data permit and may be subject to an additonal fee. However, in all the cases, the data permit should reflect theses additionals uses of the dataset. Preferably, the data user should mention them in their initial request for the issuance of the data permit. In order to ensure a harmonised approach between health data access bodies, the Commission should support the harmonisation of data permit.

Amendment 405 #

Proposal for a regulation
Recital 51

(51) As the resources of health data access bodies are limited, they can apply prioritisation rules~~, for instance prioritising public institutions before private entities,~~ but they should not make any discrimination between the national or from organisations from other Member States within the same category of priorities. The data user should be able to extend the duration of the data permit in order, for example, to allow access to the datasets to reviewers of scientific publication or to enable additional analysis of the dataset based on the initial findings. This would require an amendment of the data permit and may be subject to an additonal fee. However, in all the cases, the data permit should reflect theses additionals uses of the dataset. Preferably, the data user should mention them in their initial request for the issuance of the data permit. In order to ensure a harmonised approach between health data access bodies, the Commission should support the harmonisation of data permit.

Amendment 406 #

Proposal for a regulation
Recital 51

(51) As the resources of health data access bodies are limited, they can apply prioritisation rules, for instance prioritising public institutions before private entities, but they should not make any discrimination between the national or from organisations from other Member States within the same category of priorities. The data user should be able to extend the duration of the data permit by a maximum period of two additional months in order, for example, to allow access to the datasets to reviewers of scientific publication or to enable additional analysis of the dataset based on the initial findings. This would require an amendment of the data permit and may be subject to an additonal fee. However, in all the cases, the data permit should reflect theses additionals uses of the dataset. Preferably, the data user should mention them in their initial request for the issuance of the data permit. In order to ensure a harmonised approach between health data access bodies, the Commission should support the harmonisation of data permit.

Amendment 407 #

Proposal for a regulation
Recital 51

(51) As the resources of ~~health data ac~~application processing bodies are limited, they can apply prioritisation rules, for instance prioritising ~~public institutions before private entiti~~research projects on specific diseases, but they should not make any discrimination between the national or from organisations from other Member States within the same category of priorities. The data user should be able to extend the duration of the data permit in order, for example, to allow access to the datasets to reviewers of scientific publication or to enable additional analysis of the dataset based on the initial findings. This would require an amendment of the data permit and may be subject to an additonal fee. However, in all the cases, the data permit should reflect theses additionals uses of the dataset. Preferably, the data user should mention them in their initial request for the issuance of the data permit. In order to ensure a harmonised approach between ~~health data access~~ bodies, the Commission should support the harmonisation of data permit.

Amendment 408 #

Proposal for a regulation
Recital 52

(52) As the COVID-19 crisis has shown, the Union institutions, bodies, offices and agencies, especially the Commission, need access to health data for a longer period and on a recurring basis. This is may be the case not only in specific circumstances in times of crisis but also to provide scientific evidence and technical support for Union policies on a regular basis. Access to such data may be required in specific Member States or throughout the whole territory of the Union.deleted

Amendment 409 #

Proposal for a regulation
Recital 52

Amendment 410 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 52

(52) As the COVID-19 crisis has shown, the Union institutions, bodies, offices and agencies, especially the Commission, need access to health data for a longer period and on a recurring basis. This is may be the case ~~not only in~~for specific circumstances stipulated by Union or Member States law in times of crisis ~~but also~~and to provide scientific evidence and technical support for Union policies on a regular basis. Access to such data may be required in specific Member States or throughout the whole territory of the Union.

Amendment 411 #

Proposal for a regulation
Recital 52

Amendment 412 #

Proposal for a regulation
Recital 53

Amendment 413 #

Proposal for a regulation
Recital 53

Amendment 414 #

Proposal for a regulation
Recital 53

Amendment 415 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 53

Amendment 416 #

Proposal for a regulation
Recital 53

Amendment 417 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 53

Amendment 418 #

Proposal for a regulation
Recital 53

Amendment 419 #

Proposal for a regulation
Recital 53

(53) ~~For requests to access electronic health data from a single data holder in a single Member State and in order to alieviate the administrative burden for heath data ac~~Access to health data should be arranged directly between the data holder and the data user. In this case, in principle, only the application processing bodies of managing such request, the data user should be able to request this data directly from the data holder and the data holder should be able to issue a data permit while complying with all the requirements and safeguards linked to such request and permit. Multi- country requests and requests requiring combination of datasets from severaly is involved in making electronic health data available and the data holder takes over the operational tasks of the pseudonymisation and access body if the data holder can make that possible. However, the pseudonymisation body may involve the data holder~~s s~~. Should a~~lways be channelled through health data access bodies. The data holder should report to the health data access bodies about any data permits or~~ secure processing environment not be available to the data user for making the data available, access should be provided via the relevant health data ~~requ~~accests ~~they provide~~body.

Amendment 420 #

Proposal for a regulation
Recital 54

(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing high common security standards in order to promote the security and interoperability of the various secure environments as well as the regular updating of these security measures to keep pace with IT developments and to counter attacks on databases.

Amendment 421 #

Proposal for a regulation
Recital 54

(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment based on free and open-source software. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.

Amendment 422 #

Proposal for a regulation
Recital 54

(54) Given the sensitivity of electronic health data, data users should ~~not~~only have a~~n unrestricted access to such data~~ccess to the data required for the purpose for which they requested access. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.

Amendment 423 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 54

(54) Given the sensitivity of electronic health data, data users should ~~not~~only have ~~an un~~restricted access to such data, in accordance with the data minimisation principle. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body ~~or, where relevant, single data holder~~ should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.

Amendment 424 #

Proposal for a regulation
Recital 54

(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body ~~or, where relevant, single data holder~~ should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.

Amendment 425 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950 or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services.The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces.~~For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants.~~ For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 426 #

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data holders, the health data access bodies and the health data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter intoshould each, in their turn, be deemed a controller for a specific part of the process and according to their respective roles in it, meaning that the health data holder should be considered a controller for the processing of personal electronic health data while carrying out its obligation under Article 41 (1) and (1a), health data access body should be considered a controller for the processing of personal electronic health data while carrying out its task referred to in Article 37(1) (d) of this Regulation and health data user, including Union institutions, bodies, offices and agencies, should be deemed a controller for the processing of personal electronic health data in the secure processing environment pursuant to a data permit. In this case, the health data access body should be deemed a processor. In order to achieve an inclusive and sustainable framework for multi- country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social, etc.. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 427 #

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. However, the use of such a template shall not relieve health data access bodies or the data users from any of their duties and responsibilities. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected ~~whenever possible~~. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 428 #

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border and interconnected infrastructure should be established. Sharing a federated cloud represents a good basis. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 429 #

Proposal for a regulation
Recital 55

(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural and consumersectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).

Amendment 430 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 56

Amendment 431 #

Proposal for a regulation
Recital 57

(57) The authorisation process to gain access to personal health data in different Member States can be repetitive and cumbersome for data users. Whenever possible, synergies should be established to reduce the burden and barriers for data users. One way to achieve this aim is to adhere to the “single application” principle whereby, with one application, the data user obtains authorisation from multiple health data access bodies in different Member States.

Amendment 432 #

Proposal for a regulation
Recital 57

Amendment 433 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 58

Amendment 434 #

Proposal for a regulation
Recital 61

(61) Cooperation and work is ongoing between different professional organisations, the Commission and other institutions to set up minimum data fields and other characteristics of different datasets (registries for instance). This work is more advanced in areas such as cancer, rare diseases, cardiovascular and metabolic diseases, risk factors assessment and statistics and shall be taken into account when defining new standards and disease-specific harmonised templates for structured data elements.. However, many datasets are not harmonised, raising comparability issues and making cross- border research difficult. Therefore, more detailed rules should be set out in implementing acts to ensure a harmonised provision, coding and registration of electronic health data. Member States should work towards delivering sustainable economic and social benefits of European electronic health systems and services and interoperable applications, with a view to achieving a high level of trust and security, enhancing continuity of healthcare and ensuring access to safe and high-quality healthcare. Existing health data infrastructures and registries put in place by institutions and stakeholders can contribute to defining and implementing data standards, to ensuring interoperability and must be leveraged to allow continuity and build on existing expertise.

Amendment 435 #

Proposal for a regulation
Recital 61

(61) Cooperation and work is ongoing between different professional organisations, the Commission and other institutions to set up minimum data fields and other characteristics of different datasets (registries for instance). This work is more advanced in areas such as cancer, rare diseases, and statistics and shall be taken into account when defining new standards. However, many datasets are not harmonised, raising comparability issues and making cross-border research difficult. For example, the terminology used in disease classification (essential for providing a diagnosis) varies across member states, where adoption of the latest update to the International Classification of Diseases could improve interoperability of such patient data. Therefore, more detailed rules should be set out in implementing acts to ensure a harmonised provision, coding and registration of electronic health data. Member States should work towards delivering sustainable economic and social benefits of European electronic health systems and services and interoperable applications, with a view to achieving a high level of trust and security, enhancing continuity of healthcare and ensuring access to safe and high-quality healthcare.

Amendment 436 #

Proposal for a regulation
Recital 61 a (new)

(61 a) It should be supported that new common standards are based on existing harmonised standards, or where relevant international standards, and shall be adopted only after consulting all relevant stakeholders. Notably, existing health data infrastructures and registries created and run by various stakeholders can contribute to defining and implementing common standards. This should be leveraged to allow for continuity and build on existing expertise.

Amendment 437 #

Proposal for a regulation
Recital 62

(62) The Commission should support Member States in building capacity, interoperability and effectiveness in the area of digital health systems for primary and secondary use of electronic health data. Member States should be supported to strengthen their capacity and improve the interoperability of their digital health systems within and between Member States. Activities at Union level, such as benchmarking and exchange of best practices are relevant measures in this respect.

Amendment 438 #

Proposal for a regulation
Recital 63

(63) The use of funds should also contribute to attaining the objectives of the EHDS. Public procurers, national competent authorities in the Member States, including digital health authorities and health data access bodies, as well as the Commission should make references to applicable technical specifications, standards and profiles on interoperability, security and data quality, as well as other requirements developed under this Regulation when defining the conditions for public procurement, calls for proposals and allocation of Union funds, including structural and cohesion funds. To procure or fund services provided by controllers and processors established in the Union that process personal electronic health data, they are required to demonstrate that they will store the data in the Union and that they are not subject to third country legislation that conflicts with Union data protection rules.

Amendment 439 #

Proposal for a regulation
Recital 63

(63) The use of funds should also contribute to attaining the objectives of the EHDS. Public procurers, national competent authorities in the Member States, including digital health authorities and health data access bodies, as well as the Commission should make references to applicable technical specifications, standards and profiles on interoperability, security and data quality, as well as other requirements developed under this Regulation when defining the conditions for public procurement, calls for proposals and allocation of Union funds, including structural and cohesion funds. EU funds must be distributed adequately and sufficiently among the Member States, ensuring its well-endowment and taking into account different levels of health system digitalisation and the costs involved in making national data infrastructures interoperable and compatible with the requirements of the EHDS.

Amendment 440 #

Proposal for a regulation
Recital 63

(63) The use of funds should also contribute to attaining the objectives of the EHDS. Public procurers, national competent authorities in the Member States, including digital health authorities and health data access bodies, as well as the Commission should make references to applicable technical specifications, standards and profiles on interoperability, security and data quality, as well as other requirements developed under this Regulation when defining the conditions for public procurement, calls for proposals and allocation of Union funds, including structural and cohesion funds. The Union funds should be distributed among Member States on the basis of the levels of digitalisation of their health systems and the financial effort they have to make to implement the provisions of this Regulation.

Amendment 441 #

Proposal for a regulation
Recital 63

Amendment 442 #

Proposal for a regulation
Recital 63 a (new)

(63 a) The initial Union funding to achieve a timely application of the EHDS is limited to what can be mobilised under the 2021-2027 Multiannual Financial Framework (MFF) where 220 million EUR can be made available under the EU4Health and Digital Europe programmes. The successful and coherent application of the EHDS across all Member States will however require a higher funding. The implementation of the EHDS requires appropriate investments in capacity bulding and training and a well-funded commitment to public consultation and engagement. The Commission should therefore mobilise further resources for the EHDS as part of the review of the 2021-2027 MFF and for the forthcoming MFF under the principle that new initiatives should be matched with new funding.

Amendment 443 #

Proposal for a regulation
Recital 64

Amendment 444 #

Proposal for a regulation
Recital 64

(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. More broadly, it will have to be ensured that all Member States using the EHDS – hosting and transferring users’ health data – have the physical infrastructure required, geographically located within the European Union. It will therefore need to be checked that the facilities supporting the IT systems for the EHDS application are owned by entities originating in the European Union. This thus implies that the storage, processing and transfer of health data will be governed by EU law, offering users, as well as public and private bodies, the highest level of protection in terms of rights and freedoms.

Amendment 445 #

Proposal for a regulation
Recital 64

(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. In case of mixed datasets, where personal and non- personal data are inextricably linked, and where a distinction between categories of personal and non-personal data is difficult to apply and results in the possibility to infer personal data from non-personal data, protections of Regulation (EU) 2016/679 and of this Regulation concerning personal electronic health data should be applicable.

Amendment 446 #

Proposal for a regulation
Recital 64

(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. In case of mixed datasets, where personal and non- personal data are inextricably linked, the protections in EU data protection legislation and in this Regulation concerning personal electronic health data shall be fully applicable.

Amendment 447 #

Proposal for a regulation
Recital 64

(64) Certain categories of electronic health data can remain particularly sensitive even when they are in anonymised format and thus non-personal, as already specifically foreseen in the Data Governance Act. Even in situations of the use of state of the art anonymization techniques, there remains a residual risk that the capacity to re-identify could be or become available, beyond the means reasonably likely to be used. Such residual risk is present in relation to rare diseases (a life-threatening or chronically debilitating condition affecting not more than five in 10 thousand persons in the Union), where the limited numbers of case reduce the possibility to fully aggregate the published data in order to preserve the privacy of natural persons while also maintaining an appropriate level of granularity in order to remain meaningful. It can affect different types of health data depending on the level of granularity and description of the characteristics of data subjects, the number of people affected or and for instance in cases of data included in electronic health records, disease registries, biobanks, person generated data etc. where the identification characteristics are broader and where, in combination with other information (e.g. in very small geographical areas) or through the technological evolution of methods which had not been available at the moment of anonymisation, can lead to the re- identification of the data subjects using means that are beyond those reasonably likely to be used. The realisation of such risk of re-identification of natural persons would present a major concern and is likely to put the acceptance of the policy and rules on secondary use provided for in this Regulation at risk. This underlines the need for a harmonized interpretation of anonymisation and pseudonymisation across Member States. Furthermore, aggregation techniques are less tested for non-personal data containing for example trade secrets, as in the reporting on clinical trials, and enforcement of breaches of trade secrets outside the Union is more difficult in the absence of a sufficient international protection standard. Therefore, for these types of health data, there remains a risk for re-identification after the anonymisation or aggregation, which could not be reasonably mitigated initially. This falls within the criteria indicated in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final]. These types of health data would thus fall within the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final] for transfer to third countries. The protective measures, proportional to the risk of re-identification, would need to take into account the specificities of different data categories or of different anonymization or aggregation techniques and will be detailed in the context of the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 448 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 64 a (new)

(64 a) The functioning of the EHDS involves processing of a large quantity of personal and non-personal data of a highly sensitive nature. Article 8(3) of the Charter requires control over its processing by an independent authority. Such a control of compliance with the requirements of protection and security by an independent supervisory authority, carried out on the basis of Union law, is an essential component of the protection of individuals with regard to the processing of personal data and cannot be fully ensured in the absence of a requirement to retain the electronic health data in question within the Union. Therefore, bearing in mind the need to mitigate the risks of unlawful access and ineffective supervision, in compliance with the principle of proportionality, this Regulation should require Member States to store electronic health data within the territory of the Union. Such harmonisation of storage requirements should ensure a uniform high level of protection for data subjects across the Union, preserve the proper functioning of the internal market, in line with Article 114 TFEU on which this Regulation is based and serve to enhance citizens’ trust in the EHDS.

Amendment 449 #

Proposal for a regulation
Recital 64 a (new)

(64 a) Re-identification of natural persons should be considered a particularly serious breach of this Regulation. Member States should consider criminalising re-identification as well as disclosure of de-anonymised health data by health data users to serve as a deterrent measure.

Amendment 450 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 64 a (new)

(64 a) Member States should consider criminalising unauthorised re- identification and disclosure of de- identified personal data to serve as a deterrent measure.

Amendment 451 #

Proposal for a regulation
Recital 64 b (new)

(64 b) An obligation to store electronic health data in the Union does not preclude transfers of those data to third countries or international organisations. Indeed, it is possible to reconcile a general requirement to store personal data in the Union with specific transfers being allowed in compliance with Union law on personal data protection, for instance in the context of scientific research, disbursement of care or international cooperation. In particular, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by Regulation (EU) 2016/679 should not be undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. Transfers of personal health data to third countries and international organisations may only be carried out in full compliance with Chapter V of Regulation (EU) 2016/679. Hence, controllers and processors processing personal electronic health data remain subject to Article 48 of that Regulation on transfers or disclosures not authorised by Union law and should comply with this provision in case of an access request stemming from a third country. In accordance with and under the conditions of Article 9(4) of Regulation (EU) 2016/679, Member States can maintain or introduce further conditions, including limitations, to transfers of personal health data to third countries or international organisations.

Amendment 452 #

Proposal for a regulation
Recital 64 c (new)

(64 c) Further rules should be provided on transfers of non-personal health data to third countries or international organisations, where they are deemed highly sensitive within the meaning of Article 5(13) of Regulation (EU) 2022/868 on the Data Governance Act.

Amendment 453 #

Proposal for a regulation
Recital 64 d (new)

(64 d) Electronic health data provide valuable information to anyone who processes it. Access to electronic health data for entities from third countries should take place only on the basis of the reciprocity principle. Making available health data to a third country may take place only where the Commission has established by means of a delegated act that the third country concerned allows for the use of health data by Union entities under the same conditions and with the same safeguards as within the Union. The Commission should monitor such decisions, and should provide for a periodic review mechanism of their functioning. The Commission may recognise that a third country no longer ensures access on the same terms and revoke its decision.

Amendment 454 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Recital 65

(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Board should consist of representatives from digital health authorities, European Data Protection Board, European Data Protection Supervisor, European Medicines Agency, European Centre for Disease Prevention and Control, healthcare professionals, patient organizations, social security institutions and the health industry. All Board members have the same rights and responsibilities. Furthermore, experts of the European Parliament should be invited to attend the meetings of the EHDS Board. The EHDS Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].

Amendment 455 #

Proposal for a regulation
Recital 65

(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities ~~and chair it. It~~. The EHDS Board should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. An advisory forum should be set up to advise the EHDS Board it in the fulfilment of its tasks by providing stakeholder input in matters pertaining to this Regulation. The advisory forum should be composed of representatives of patients, health professionals, industry, scientific researchers and academia, have a balanced composition and represent the views of different relevant stakeholders. Commercial and non-commercial interests should be balanced. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].

Amendment 456 #

Proposal for a regulation
Recital 65

(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act]. Given the tasks of the EHDS Board, its members should be only representatives of national or Union authorities. An advisory group with representatives of external stakeholders (such as industry, patients organisations, etc.) could be established, without voting rights in the EHDS Board.

Amendment 457 #

Proposal for a regulation
Recital 65

(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed, which can be granted limited or permanent access to data provided that they respect the security of that data. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].

Amendment 458 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 65

(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient, independent, and public interest driven working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].

Amendment 459 #

Proposal for a regulation
Recital 65 a (new)

(65 a) The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report elaborated together with the European Commission.

Amendment 460 #

Proposal for a regulation
Recital 69 a (new)

(69 a) In accordance with Article 42 of Regulation (EU) 2018/1725, the Commission should, when preparing delegated acts or implementing acts, consult the European Data Protection Supervisor where there is an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data, and, in cases where such an act is of particular importance for the protection of individuals’ rights and freedoms with regard to the processing of personal data, the Commission should also consult the European Data Protection Board. The Commission should moreover consult the European Data Protection Board in the cases specified in Regulation (EU) 2016/679 and when relevant in the context of this Regulation.

Amendment 461 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Recital 70

Amendment 462 #

Proposal for a regulation
Recital 70

Amendment 463 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Recital 71

(71) In order to assess whether this Regulation reaches its objectives effectively and efficiently, is coherent and still relevant and provides added value at Union level the Commission should carry out an evaluation of this Regulation. The Commission should carry out a partial evaluation of this Regulation 5 years after its entry into force, ~~on the self-certification of EHR systems,~~ and an overall evaluation 7 years after the entry into force of this Regulation. The Commission should submit reports on its main findings following each evaluation to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions.

Amendment 464 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Recital 71

(71) In order to assess whether this Regulation reaches its objectives effectively and efficiently, is coherent and still relevant and provides added value at Union level the Commission should carry out an evaluation of this Regulation. The Commission should carry out a partial evaluation of this Regulation 53 years after its entry into force, ~~on the self-certification of EHR systems,~~ and an overall evaluation 75 years after the entry into force of this Regulation. The Commission should submit reports on its main findings following each evaluation to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions.

Amendment 465 #

Erik POULSEN, Asger CHRISTENSEN

Proposal for a regulation
Recital 71

(71) In order to assess whether this Regulation reaches its objectives effectively and efficiently, is coherent and still relevant and provides added value at Union level the Commission should carry out an evaluation of this Regulation. The Commission should carry out a partial evaluation of this Regulation 5 years after its entry into force, on the ~~self-~~certification of EHR systems, and an overall evaluation 7 years after the entry into force of this Regulation. The Commission should submit reports on its main findings following each evaluation to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions.

Amendment 466 #

Proposal for a regulation
Article 1 – paragraph 1

1. This Regulation establishes the European Health Data Space (‘EHDS’) by providing for rules, common standards and practices, infrastructures and a governance framework for the primary and secondary use of electronic health data. The European Health Data Space (‘EHDS’) shall, with respect for the principle of subsidiarity, complement and not replace Member States' national rules and policy principles for the use of both primary and secondary health data.

Amendment 467 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 1 – paragraph 1

1. This Regulation establishes the European Health Data Space (‘EHDS’) by providing for rules, interoperable common standards ~~and~~, practices, and infrastructures and a governance framework for the primary and secondary use of electronic health data.

Amendment 468 #

Proposal for a regulation
Article 1 – paragraph 2 – introductory part

2. This Regulation: a) strengthens the rights of natural persons in relation to the availability and control of their electronic health data; b) lays down rules for the placing on the market, making available on the market or putting into service of electronic health records systems (‘EHR systems’) in the Union; c) lays down rules and mechanisms supporting the secondary use of electronic health data; d) establishes a mandatory cross-border infrastructure enabling the primary use of electronic health data across the continuum of care in the Union for patient safety, research and policy- making. e) establishes a mandatory cross-border infrastructure for the secondary use of electronic health data across the health care continuum in the Union for patient safety, research and policy-making.

Amendment 469 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) strengthens the protection and rights of natural persons in relation to the availability, sharing and control of their electronic health data, which must remain mainly anonymous and thus non- personal, except in the event of a life- threatening emergency or with the express agreement of the natural person;

Amendment 470 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) strengthens the rights of natural persons in relation to the availability and control of their electronic health data, both in the primary as in the secondary use thereof;

Amendment 471 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) strengthens the rights of natural persons in relation to the availability ~~and~~, control and security of their electronic health data;

Amendment 472 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) strengthens the rights of natural persons in relation to the availability, sharing and control of their electronic health data;

Amendment 473 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) s~~trengthen~~pecifies the rights of natural persons in relation to the availability and control of their electronic health data;

Amendment 474 #

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) ~~strengthen~~outlines the rights of natural persons in relation to the availability and control of their electronic health data;

Amendment 475 #

Proposal for a regulation
Article 1 – paragraph 2 – point b

(b) lays down rules for the placing on the market, making available on the market or putting into service of electronic health records systems (‘EHR systems’) in the Union for all electronic health applications that use data and produce wearables, health apps, telemedicine platforms, etc., with those data;

Amendment 476 #

Proposal for a regulation
Article 1 – paragraph 2 – point b

(b) lays down rules for the placing on the market, making available on the market or putting into service of electronic health records systems (‘EHR systems’) in the Union, with the appropriate security measures;

Amendment 477 #

Proposal for a regulation
Article 1 – paragraph 2 – point b

Amendment 478 #

Proposal for a regulation
Article 1 – paragraph 2 – point d

(d) establishes a mandatory cross- border infrastructure enabling the primary use of electronic health data across the Union that complies with the GDPR;

Amendment 479 #

Proposal for a regulation
Article 1 – paragraph 2 – point e

(e) establishes a mandatory cross- border infrastructure for the secondary use of electronic health data that complies with the GDPR.

Amendment 480 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems ~~and~~, medical devices, wellness applications and other digital health applications that are able to process electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health and that are placed on the market and put into service in the Union and the users of such products;

Amendment 481 #

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems and products claiming interoperability with EHR systems, including medical devices, high-risk AI systems and wellness applications placed on the market and put into service in the Union and the users of such products;

Amendment 482 #

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems and ~~wellness application~~of medical devices placed on the market and put into service in the Union and the users of such products;

Amendment 483 #

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems ~~and wellness applications~~ placed on the market and put into service in the Union and the users of such products;

Amendment 484 #

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems ~~and wellness applications~~ placed on the market and put into service in the Union and the users of such products;

Amendment 485 #

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems ~~and wellness applications~~ placed on the market and put into service in the Union and the users of such products;

Amendment 486 #

Proposal for a regulation
Article 1 – paragraph 3 – point b

(b) controllers and processors established in the Union processing electronic health data of ~~Union citizens and third-country nationals legally residing in the territories of Member States~~persons in the EU;

Amendment 487 #

Proposal for a regulation
Article 1 – paragraph 3 – point b

(b) ~~contr~~data hollders and ~~processo~~data users established in the Union processing electronic health data of Union citizens and third-country nationals legally residing in the territories of Member States;

Amendment 488 #

~~(c) controllers and processors established in a third country that has been connected to or are interoperable with MyHealth@EU, pursuant to Article 12(5);~~deleted

Amendment 489 #

Proposal for a regulation
Article 1 – paragraph 3 – point d

(d) data users to whom electronic health data are made available by data holders in the Union or third countries or international institutions.

Amendment 490 #

Proposal for a regulation
Article 1 – paragraph 3 a (new)

3 a. This Regulation shall not affect the application of Regulations (EU) 2016/679, (EU) 2018/1725, (EU) No 536/2014 and Directive 2002/58/EC.

Amendment 491 #

Proposal for a regulation
Article 1 – paragraph 3 b (new)

3 b. References to the provisions of Regulation (EU) 2016/679 shall be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions and bodies, where relevant.

Amendment 492 #

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation shall be without prejudice to other Union legal acts regarding access to, sharing of or secondary use of electronic health data, or requirements related to the processing of data in relation to electronic health data, in particular Regulations (EU) 2016/679, (EU) 2018/1725, […] [Data Governance Act COM/2020/767 final] and […] [Data Act COM/2022/68 final] and Directive 2002/58/EC.

Amendment 493 #

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation shall be without prejudice to other Union legal acts regarding access to, sharing of or secondary use of electronic health data, or requirements related to the processing of data in relation to electronic health data, in particular Regulations (EU) 2016/679, (EU) 2018/1725, ~~[…] [Data Governance Act COM/2020/767 final] and […] [Data Act COM/2022/68 final].~~(EU) 2022/868 and […] [Data Act COM/2022/68 final]. (This amendment applies throughout the text)

Amendment 494 #

Proposal for a regulation
Article 1 – paragraph 4

4. This Regulation shall be without prejudice to other Union legal acts regarding access to, sharing of or secondary use of electronic health data, or requirements related to the processing of data in relation to electronic health data, in particular Regulations (EU) 2016/679, (EU) 2018/1725, ~~[…] [Data Governance Act COM/2020/767 final]~~(EU) 2022/868, Directive 2002/58/EC, and […] [Data Act COM/2022/68 final].

Amendment 495 #

Proposal for a regulation
Article 1 – paragraph 4 a (new)

4 a. Pursuant to Article 9(4) of Regulation (EU) 2016/679, Member States may impose further restrictions on the processing of personal health data laid down in Chapters II and IV of this Regulation.

Amendment 496 #

Proposal for a regulation
Article 1 – paragraph 4 a (new)

4 a. This regulation shall be without prejudice to the Directive on the Protection of Trade Secrets (Directive (EU) 2016/943) which shall take precedence.

Amendment 497 #

Proposal for a regulation
Article 1 – paragraph 6

6. This Regulation shall not affect the rights and obligations laid down in Union or national law concerning data processing for the purposes of reporting, complying with information requests or demonstrating or verifying compliance with legal obligations and shall be without prejudice to the rights and obligations arising from the GDPR.

Amendment 498 #

Proposal for a regulation
Article 1 – paragraph 6 a (new)

6 a. This Regulation shall not apply to activities concerning defence and national security.

Amendment 499 #

Proposal for a regulation
Article 1 – paragraph 6 b (new)

6 b. This Regulation shall be without prejudice to Regulations (EU) 2016/679, (EU) 2018/1725, (EU) No 536/2014 and Directive 2022/58/EC.

Amendment 500 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 1 – introductory part

1. For the purposes of this Regulation, the following definitions shall apply:

Amendment 501 #

Proposal for a regulation
Article 2 – paragraph 1 – point a

(a) the definitions inof ‘personal data’, ‘processing’, ‘pseudonymisation’, ‘controller’, ‘processor’, ‘genetic data’, ‘data concerning health’, ‘cross-border processing’, ‘international organisation’ pursuant to Article 4 (1), (2), (5), (7), (8), (13), (15), (23), and (26) of Regulation (EU) 2016/679;

Amendment 502 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 1 – point a

(a) the definitions, including those of ‘personal data’, ‘processing’, ‘pseudonymisation’, ‘controller’, ‘processor’, ‘third party’, ‘consent’, ‘genetic data’, ‘data concerning health’, ‘supervisory authority’, ‘international organisation’ in Regulation (EU) 2016/679;

Amendment 503 #

Proposal for a regulation
Article 2 – paragraph 1 – point f a (new)

(f a) the definitions of ‘One Health’ and ‘Health in All Policies’ pursuant to Article 3 of the Regulation (EU) No 2022/2371 of the European Parliament and of the Council of 23 November 2022 on serious cross-border threats to health and repealing Decision No 1082/2013/EU;

Amendment 504 #

Sophia IN 'T VELD, Abir AL-SAHLANI, Emma WIESNER, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 2 – paragraph 2 – point a

(a) ‘personal electronic health data’ means data concerning health and genetic data as defined in Regulation (EU) 2016/679~~, as well as data referring to determinants of health, or data processed in relation to the provision of healthcare services,~~ processed in an electronic form;

Amendment 505 #

Proposal for a regulation
Article 2 – paragraph 2 – point a

(a) ‘personal electronic health data’ means data concerning health and genetic data as defined in Regulation (EU) 2016/679, ~~as well as data referring to determinants of health, or data processed in relation to the provision of healthcare services,~~ processed in an electronic form;

Amendment 506 #

Proposal for a regulation
Article 2 – paragraph 2 – point a

Amendment 507 #

Lídia PEREIRA

Proposal for a regulation
Article 2.º – paragraph 2 – point a

Amendment 508 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point a

Amendment 509 #

Proposal for a regulation
Article 2 – paragraph 2 – point a

Amendment 510 #

Proposal for a regulation
Article 2 – paragraph 2 – point a

(a) ‘personal electronic health data’ means data con~~cern~~stituting health data and genetic data as defined in Regulation (EU) 2016/679, as well as data referring to determinants of health, or data processed in relation to the provision of healthcare services, processed in an electronic form;

Amendment 511 #

Proposal for a regulation
Article 2 – paragraph 2 – point a

(a) ‘personal electronic health data’ means data concerning physical or mental health, and genetic data as defined in Regulation (EU) 2016/679, as well as data referring to determinants of health, ~~or data processed in relation to the provision of healthcare services,~~that are processed in an electronic form;

Amendment 512 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data concerning health and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679; where such data are part of a mixed dataset where personal and non-personal data are inextricably linked, the entire dataset shall be considered as personal electronic health data;

Amendment 513 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

Amendment 514 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data concerning health and aggregated genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 515 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data ~~concerning health and genetic data in electronic format~~relevant for health research in electronic format that have been irreversibly anonymised and data that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 516 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point b

Amendment 517 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data con~~cern~~stituting health data and genetic data in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 518 #

Proposal for a regulation
Article 2 – paragraph 2 – point b

(b) ‘non-personal electronic health data’ means data concerning health ~~and genetic data~~ in electronic format that falls outside the definition of personal data provided in Article 4(1) of Regulation (EU) 2016/679;

Amendment 519 #

Proposal for a regulation
Article 2 – paragraph 2 – point c

(c) ‘electronic health data’ means personal or non-personal electronic health data; processed by providers in the context of healthcare. Such data may include actionable health data, which is collected and processed by providers in the context of healthcare which provides clinical measurements/values that are usable by patients, healthcare professionals and researchers.

Amendment 520 #

Proposal for a regulation
Article 2 – paragraph 2 – point c a (new)

(ca) ‘anonymous electronic health data’ means health-related electronic data which do not refer to an identified or identifiable natural person or personal data processed in such a way that the data subject is not, or is no longer, identifiable;

Amendment 521 #

Proposal for a regulation
Article 2 – paragraph 2 – point c b (new)

(cb) 'consent' means any freely given, specific, informed and unambiguous indication of the wishes of the data subject or of their representative by which they agree, in the form of a statement or clear affirmative action, to the processing of the personal data relating to them; where the processing has multiple purposes, consent must be given for each of those purposes;

Amendment 522 #

Proposal for a regulation
Article 2 – paragraph 2 – point c c (new)

(cc) 'genetic data' means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

Amendment 523 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point d

(d) ‘'primary use of electronic health data’' means the processing of personal electronic health data for the provision of health services to assess, maintain or restore the state of health of the natural person to whom that data relates, including the prescription, dispensation and provision of medicinal products and medical devices, improvement of personalised care, as well as for relevant social security, administrative or reimbursement services;

Amendment 524 #

Proposal for a regulation
Article 2 – paragraph 2 – point d

(d) ‘primary use of electronic health data’ means the processing of personal electronic health data for the provision of health services to assess, maintain or restore the state of health of the natural person to whom that data relates, including the prescription, dispensation and provision of medicinal products and medical devices, as well as for ~~relevant social security, administrative or reimbursement~~administration relevant for the provision of healthcare services;

Amendment 525 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point d

(d) ‘primary use of electronic health data’ means the processing of personal electronic health data for the provision of health services to assess, maintain or restore the state of health of the natural person to whom that data relates, including the prescription, dispensation and provision of medicinal products and medical devices, as well as for relevant social security, and administrative ~~or reimbursement~~ services;

Amendment 526 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means: (i) the processing of electronic health data ~~for purposes set out in Chapter IV of this Regulation. The data used may include~~which was personal electronic health data initially collected in the context of primary use, ~~but also electronic health data collected for the purpose of the secondary use;~~for purposes set out in Chapter IV of this Regulation, thereby constituting further processing within the meaning of Regulation (EU) 2016/679; or (ii) the processing of electronic health data which does not fall under (i) and was originally collected for the purposes set out in Chapter IV of this Regulation.

Amendment 527 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means the processing of electronic health data for purposes set out in Chapter IV of this Regulation. ~~The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use;~~

Amendment 528 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means the compatible further processing of electronic health data for purposes set out in Chapter IV of this Regulation, and, where such electronic health data is personal data, in accordance with Article 5(1)(b) of Regulation (EU) 2016/679. The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use;

Amendment 529 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means the processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use. Secondary use of personal electronic health data shall have Article 9(2) of Regulation (EU) 2016/679 as its legal basis;

Amendment 530 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means the processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may include personal electronic health data initially collected in the context of primary use, exclusively where the patient has given prior consent for such use, but also electronic health data collected for the purpose of the secondary use;

Amendment 531 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means the processing of electronic health data for purposes set out in Chapter IV of this Regulation. ~~The data used may include~~Secondary use of personal electronic health data ~~initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use;~~shall have Article 6(1)(e) of Regulation (EU) 2016/679 as its legal basis.

Amendment 532 #

Proposal for a regulation
Article 2 – paragraph 2 – point e

(e) ‘secondary use of electronic health data’ means the further processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for other purpose ~~of the secondary use~~s;

Amendment 533 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point e a (new)

(ea) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Amendment 534 #

Proposal for a regulation
Article 2 – paragraph 2 – point f

Amendment 535 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point f

(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to interact towards mutually beneficial goals using commonly accepted open standards and open data formats, involving the exchange of information and knowledge without changing the content of the data between these organisations, software applications or devices, through the processes they support;

Amendment 536 #

Proposal for a regulation
Article 2 – paragraph 2 – point f

(f) ‘interoperability’ means the ability of organisations as well as software applications or devices from the same manufacturer or different manufacturers to ~~interact towards mutually beneficial goals, involving the exchange of information and knowledge~~process, exchange and use data in order to perform their functions in an accurate, effective and consistent manner without changing the content of the data between these organisations, software applications or devices, through the processes they support;

Amendment 537 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point g

(g) ‘European electronic health record exchange format’ means a structured, commonly used and machine-readable format that allows transmission of personal electronic health data between different software applications, devices and healthcare providers; that format shall be easy to read, consolidated and accessible when sent to a natural person in accordance with Article 3 of this Regulation;

Amendment 538 #

Proposal for a regulation
Article 2 – paragraph 2 – point g

Amendment 539 #

Proposal for a regulation
Article 2 – paragraph 2 – point h

Amendment 540 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point h

Amendment 541 #

Proposal for a regulation
Article 2 – paragraph 2 – point j

(j) ‘health professional access service’ means a service, supported by an EHR system, that enables health professionals to access data of natural persons under their ~~treatment~~care and with authorised permission to do so;

Amendment 542 #

Proposal for a regulation
Article 2 – paragraph 2 – point k

~~(k) ‘data recipient’ means a natural or legal person that receives data from another controller in the context of the primary use of electronic health data;~~deleted

Amendment 543 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point k

(k) ‘health data recipient’ means a natural or legal person that receives data from another controller in the context of the primary use of electronic health data;

Amendment 544 #

Proposal for a regulation
Article 2 – paragraph 2 – point k

(k) ‘health data recipient’ means ~~a natural or legal person that receives data from another controller~~recipient as defined in Article 4(9) of Regulation (EU) 2016/679, in the context of the primary use of electronic health data;

Amendment 545 #

Proposal for a regulation
Article 2 – paragraph 2 – point l

(l) ‘telemedicine’ means the provision of healthcare services, including remote care and online pharmacies, through the use of information and communication technologies, in situations where the health professional and the patient (or several health professionals) are not in the same location;deleted

Amendment 546 #

Proposal for a regulation
Article 2 – paragraph 2 – point l

Amendment 547 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point l

Amendment 548 #

Proposal for a regulation
Article 2 – paragraph 2 – point l

(l) ‘telemedicine’ means the provision of healthcare services, including remote care ~~and online pharmacies~~, through the use of information and communication technologies, in situations where the health professional and the patient (or several health professionals) are not in the same location;

Amendment 549 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point m

(m) ‘EHR’ (electronic health record) means any collection of ~~electronic~~the past or present electronic mental and physical health data related to a natural person and collected in the health system, processed for ~~healthcare~~the purpose of the provision of healthcare services or research purposes;

Amendment 550 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point m

(m) ‘EHR’ (electronic health record) means a collection of electronic health data related to a natural person and collected in the health system, processed for the purpose of the provision of healthcare ~~purpos~~services;

Amendment 551 #

Proposal for a regulation
Article 2 – paragraph 2 – point m

Amendment 552 #

Proposal for a regulation
Article 2 – paragraph 2 – point m

Amendment 553 #

Proposal for a regulation
Article 2 – paragraph 2 – point m

(m) ‘EHR’ (electronic health record) means a collection of ~~electronic health~~ dataset related to a natural person and collected in the health system, processed for healthcare purposes;

Amendment 554 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance or software intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records; with a view to ensuring that data are completely secure, they must be stored and backed up entirely in an EU Member State;

Amendment 555 #

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance or ~~softwar~~other article whose primary purpose intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records or that can be reasonably expected by the manufacturer to be used for these purposes;

Amendment 556 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance or software the primary purpose of which, intended by the manufacturer ~~to be used for~~, is storing, intermediating, importing, exporting, converting, editing or viewing electronic health records between health professionals;

Amendment 557 #

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any ~~applianc~~product (hardware or software) primarily intended by the manufacturer to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records;

Amendment 558 #

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance or software intended by the ~~manufactur~~healthcare provider to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records;

Amendment 559 #

Proposal for a regulation
Article 2 – paragraph 2 – point n

(n) ‘EHR system’ (electronic health record system) means any appliance or software ~~intended by the manufacturer~~whose primary purpose is to be used for storing, intermediating, importing, exporting, converting, editing or viewing electronic health records;

Amendment 560 #

Proposal for a regulation
Article 2 – paragraph 2 – point o

Amendment 561 #

Proposal for a regulation
Article 2 – paragraph 2 – point o

Amendment 562 #

Proposal for a regulation
Article 2 – paragraph 2 – point o

Amendment 563 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point o

Amendment 564 #

Proposal for a regulation
Article 2 – paragraph 2 – point o

(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for ~~other purposes than healthcare, such as well-being and pursuing healthy life- styl~~a healthy lifestyle, well-being purposes or that can be reasonably expected by the manufacturer for these purposes;

Amendment 565 #

Proposal for a regulation
Article 2 – paragraph 2 – point q – introductory part

(q) ‘serious incident’ means any malfunction or deterioration in the characteristics or performance of an EHR system made available on the market that directly or indirectly le~~ads, might have led or might~~d, leads, was or is likely to lead to any of the following:

Amendment 566 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point q – point i

(i) the death of a natural person or serious damage to a natural person’s health or rights;

Amendment 567 #

Proposal for a regulation
Article 2 – paragraph 2 – point s

(s) ‘central platform for digital health’ means an interoperability platform providing services to support and facilitate the exchange of electronic health data between national or, where applicable, regional contact points for digital health;

Amendment 568 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point u a (new)

(u a) ‘regional contact point for secondary use of electronic health data’ means an organisational and technical gateway enabling the cross-border secondary use of electronic health data, under the responsibility of a region with health competences within a Member State;

Amendment 569 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point v

(v) ‘central platform for secondary use of electronic health data’ means an interoperability platform established by the Commission, providing services to support and facilitate the exchange of information between ~~national~~ contact points for secondary use of electronic health data;

Amendment 570 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point x

(x) ‘HealthData@EU’ means the infrastructure connecting national or, where applicable, regional contact points for secondary use of electronic health data and the central platform;

Amendment 571 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has the right or obligation,o has the right or obligation to make available the relevant and appropriate data pursuant to the relevant requirements laid down in this Regulation. This should be in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or, in the case of non-personal data, through control of the technical design of a product and related services~~, the ability to make available, including to register, provide, restrict access or exchange certain data;~~. This definition should be supported by Annex [xxx] with the following specifications: a) The definition of "data holder" shall not include all entities that have an obligation to share data for any purpose (e.g. an obligation to share data with regulators to ensure rugulatory compliance); b) The definition of "data holder" shall not include all entities which simply process data for technical reasons (e.g. if an entity only holds data transiently in order to process it on the instructions of others); c) In the context of a clinical trial, the sponsor of the clinical trial will always be the sole data holder of electronic clinical trial data. Where the sponsor is located outside of the EU, its EU legal representative will assume the role of data holder or other designated entity established within the Community.

Amendment 572 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘data holder’ means a~~ny natural or legal person, which is an entity or a body~~ controller as set out in Regulation (EU) 2016/679 in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies whoich are a controller as set out in Regulation (EU) 2018/1725 which hasve the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, to process personal electronic health data or in the case of non-personal health data, through control of the technical design of athe product and related services~~, the ability to make~~ and as allowed by contract with natural or legal person owning, renting or leasing the product or related service, the ability to make the relevant and appropriate data pursuant to the relevant requirements laid down in this Regulation available, including to register, provide, restrict access or exchange certain data;

Amendment 573 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘health data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has either: (i) the right or obligation, in accordance with ~~this Regulation,~~ applicable Union law or national legislation ~~implementing Union law, or in the~~, to process personal electronic health data for the provision of health or casre o~~f non-personal data, through control of the technical design of a product and related services,~~r for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, in its capacity as a controller; or (ii) the ability to make available, including to register, provide, restrict access or exchange ~~cer~~electronic health data that do not constitute personal data in ~~data~~the meaning of Article 4 (1) of Regulation (EU) 2016/679, through control of the technical design of a product and related services;

Amendment 574 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

Amendment 575 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘data holder’ means a~~ny natural or legal person, which is an entity or a body~~ controller in the meaning of Regulation (EU) 2016/679 in the health or care or social security sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies whoich are a controller in the meaning of Regulation (EU) 2018/1725, which has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, to process personal health data, or in the case of non-personal health data, through control of the technical design of a product and related services, the lawful ability to make available, including to register, provide, restrict access or exchange certain data;

Amendment 576 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

Amendment 577 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, with the exception of personal data processors as defined in Article 28 of Regulation (EU) 2016/679, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data, through control of the technical design of a product and related services, the ability to make available, including to register, provide, restrict access or exchange certain data;

Amendment 578 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘health data holder’ means any natural or legal person, which is an entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies, whoich: (i) has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data, through control of the technical design of a product and related services, the ability to make available, including to register, provide, restrict access or exchange certain data; to process electronic health data; or (ii) the ability to make available, including to register, provide, restrict access or exchange non-personal electronic health data through control of the technical design of a product and related services.

Amendment 579 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point y

Amendment 580 #

Proposal for a regulation
Article 2 – paragraph 2 – point y

(y) ‘data holder’ means any natural or legal person, which is an public entity or a body in the health or care sector, or performing research in relation to these sectors, as well as Union institutions, bodies, offices and agencies who has the right or obligation, in accordance with this Regulation, applicable Union law or national legislation implementing Union law, or in the case of non-personal data, through control of the technical design of a product and related services, the ability to make available, including to register, provide, restrict access or exchange certain data;

Amendment 581 #

Proposal for a regulation
Article 2 – paragraph 2 – point y – point i (new)

i) the right or obligation, in accordance with applicable Union law or national legislation, to process personal electronic health data for the provision of health or care or for public health, research, innovation, policy making, official statistics, patient safety or regulatory purposes, in its capacity as a controller; or

Amendment 582 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point y – point ii (new)

ii) the ability to make available, including to register, provide, restrict access or exchange electronic health data that do not constitute personal data in the meaning of Article 4 (1) of Regulation (EU) 2016/679, through control of the technical design of a product and related services;

Amendment 583 #

Proposal for a regulation
Article 2 – paragraph 2 – point z

(z) ‘health data user’ means a natural or legal person ~~who has lawful access to~~as well as Union institutions, bodies, offices and agencies, who has been granted access, in accordance with this Regulation, to one or more of the categories of personal or non- personal electronic health data for secondary use;

Amendment 584 #

Proposal for a regulation
Article 2 – paragraph 2 – point z

(z) ‘data user’ means a natural or legal person, including public authorities and EU institutions, bodies or agencies, who has lawful access to personal or non- personal electronic health data for secondary use, pursuant to a data permit in accordance with this Regulation;

Amendment 585 #

Proposal for a regulation
Article 2 – paragraph 2 – point z

(z) ‘health data user’ means a natural or legal person who has lawful access to personal or non-personal electronic health data for secondary use pursuant to a health data permit or a health data request in accordance with this Regulation;

Amendment 586 #

Proposal for a regulation
Article 2 – paragraph 2 – point z

(z) ‘health data user’ means a natural or legal person who has lawful access to personal or non-personal electronic health data for secondary use;

Amendment 587 #

Proposal for a regulation
Article 2 – paragraph 2 – point z a (new)

(z a) ‘health data applicant’ means a natural or legal person who has submitted a health data access application for access to personal or non-personal electronic health data for secondary use in accordance with this Regulation;

Amendment 588 #

Proposal for a regulation
Article 2 – paragraph 2 – point aa

(aa) ‘data permit’ means an administrative decision issued to a data user by a health data access body or data holder to process the electronic health data specified in the data permit for the secondary use purposes specified in the data permit based on conditions laid down in this Regulation; this permit applies only to data for the publication of which the patient has given prior consent;

Amendment 589 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 2 – paragraph 2 – point aa

(aa) ‘health data permit’ means an administrative decision issued to a data user by a health data access body or data holder to process the electronic health data specified in the data permit for the secondary use purposes specified in the data permit based on conditions laid down in this Regulation;

Amendment 590 #

Proposal for a regulation
Article 2 – paragraph 2 – point aa

(aa) ‘health data permit’ means an administrative decision issued to a data user by a health data access body ~~or data holder~~ to process the electronic health data specified in the data permit for the secondary use purposes specified in the data permit based on conditions laid down in this Regulation;

Amendment 591 #

Proposal for a regulation
Article 2 – paragraph 2 – point aa

Amendment 592 #

(aa) ‘data permit’ means an administrative decision issued to a data user by a health data access body ~~or data holder~~ to process the electronic health data specified in the data permit for the secondary use purposes specified in the data permit based on conditions laid down in this Regulation;

Amendment 593 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point ab

(ab) ‘health dataset’ means a structured collection of electronic health data;

Amendment 594 #

Proposal for a regulation
Article 2 – paragraph 2 – point ac

(ac) ‘dataset catalogue’ means a collection of datasets descriptions, which is arranged in a systematic manner ~~and consists of a user-oriented public part, where information concerning individual dataset parameters is accessible by electronic means through an online portal~~;

Amendment 595 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point ac

(ac) ‘health dataset catalogue’ means a collection of datasets descriptions, which is arranged in a systematic manner and consists of a user-oriented public part, where information concerning individual dataset parameters is accessible by electronic means through an online portal;

Amendment 596 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) ‘public sector body’ means national, regional or local authorities of the Member States, and bodies governed by public law of the Member States, or associations formed by one or more such authorities or one or more such bodies and Union institutions, bodies, offices and agencies when carrying out tasks enshrined in their mandate;

Amendment 597 #

Amendment 598 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) ‘innovation activities’ means new products, services and models foreseen to improve health outcomes, cost efficiency and any other areas as recognised by the end-users of the innovation such as patients, healthcare professionals and health administrators.

Amendment 599 #

Stelios KYMPOUROPOULOS

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) 'innovation activities’ means the processes and actions taken to generate new or improve products, services, methods, practices and models expected, among others, to improve health outcomes, cost efficiency, quality, and reliability;

Amendment 600 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

Amendment 601 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) “real-world data” means routinely collected data relating to patient health status or the delivery of health care from a variety of sources other than traditional clinical trials.

Amendment 602 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) ‘ real world evidence’ (RWE) means data that are collected outside the constraints of conventional randomised clinical trials.

Amendment 603 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point ae a (new)

(ae a) "notified body’ means a conformity assessment body notified in accordance with Article 27f of this Regulation;

Amendment 604 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)

(ae b) ‘innovation activities’ means actions taken to create new products or services, or improve existing products, services, methods and models to expand health results and quality, based on good practices and lessons learned;

Amendment 605 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)

Amendment 606 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)

(ae b) ‘real-world data’ (RWD) means routinely collected data relating to patient health status or the delivery of healthcare from a variety of sources other than traditional clinical trials.

Amendment 607 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

(ae b) ‘conformity assessment’ means the process demonstrating whether the essential requirements of this Regulation relating to EHR systems have been fulfilled;

Amendment 608 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae b (new)

(ae b) 'real-world evidence' means information derived from analysis of real- world data.

Amendment 609 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 2 – paragraph 2 – point ae c (new)

(ae c) ‘online pharmacy’ means a pharmacy legally established as such in a Member State for which a pharmacist within the meaning of Directive 2005/36/EC is responsible, which, by means of information society services directed to the public dispenses prescriptions, offers medicinal products for sale or provides other pharmaceutical services.

Amendment 610 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae c (new)

(ae c) ‘languages’ in this Regulation means the use of all the languages of the Union, notwithstanding their official status in the Union, which are official in a Member State, in regional entities of the Member State, especially in those regions with legislative and health executive competences.

Amendment 611 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point ae c (new)

Amendment 612 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae c (new)

(ae c) ‘conformity assessment body’ means a body that performs conformity assessment activities, including testing, certification and inspection;

Amendment 613 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae d (new)

(ae d) ‘Derived data’ means the improved, corrected, or enriched dataset provided to the data holder in accordance with Article 37(1)(p) of this Regulation, as well as any new or different form of the original electronic health data created by the data user(s), including any alternative or different representation or abstraction of the original data or any new form which would enable the original data to be identified or reverse engineered.

Amendment 614 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 2 – paragraph 2 – point ae d (new)

Amendment 615 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae d (new)

(ae d) ‘data sharing’ means the provision defined in Article 2 (10) of the Regulation (EU) 2022/868;

Amendment 616 #

Proposal for a regulation
Article 2 – paragraph 2 – point ae e (new)

(aee) ‘bodies involved in accessing health data’ means bodies within the meaning of points (ag), (ah) and (ai) in so far as, in a specific case, they are involved in enabling secondary use.

Amendment 617 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 2 – paragraph 2 a (new)

2 a. “Legitimate legal representative of the patient” means a natural person of the patient’s choice, such as to their relatives or other close natural persons, legitimately authorised under the national rules of the Member State to access or control access to their personal electronic health data or to use digital health services on their behalf. Under no circumstances will the legitimate legal representative be a legal entity, without prejudice to the protection that may be provided by the judicial authorities. Such authorisations may also be useful for convenience reasons in other situations. Proxy services should be established by Member States to implement these authorisations, and they should be linked to personal health data access services, such as patient portals on patient-facing mobile applications.

Amendment 618 #

Proposal for a regulation
Article -3 (new)

Article -3 Scope For the purpose of this Chapter, health data holder shall be understood only as data holder from health sector providing healthcare.

Amendment 619 #

Proposal for a regulation
Article 3 – paragraph 1

1. Natural persons shall have the right to access their personal electronic health data processed in the context of primary use of electronic health data, and any available information as to their origin, immediately, free of charge and in an easily readable, consolidated and accessible form, in accordance with Article 14 of Regulation (EU) 2016/679.

Amendment 620 #

Proposal for a regulation
Article 3 – paragraph 1

1. Natural persons shall have the right to access their personal electronic health data processed in the context of primary use of electronic health data, ~~immediat~~without undue delay, free of charge and in an easily readable, consolidated and accessible form.

Amendment 621 #

Proposal for a regulation
Article 3 – paragraph 1

1. Natural persons shall have the right to access their personal electronic health data processed in the context of primary use of electronic health data, ~~immediat~~without delay, free of charge and in an easily readable, consolidated and accessible form.

Amendment 622 #

Proposal for a regulation
Article 3 – paragraph 2

2. Natural persons shall have the right to receive an electronic copy or a hard copy of their electronic health data upon request to a health professional, in the European electronic health record exchange format referred to in Article 6, of at least their electronic health data in the priority categories referred to in Article 5.;

Amendment 623 #

Proposal for a regulation
Article 3 – paragraph 2

2. Natural persons shall have the right to receive an electronic copy, in the European electronic health record exchange format referred to in Article 6, of at least their electronic health data in the priority categories referred to in Article 5. Member States shall provide manufacturers with uniform templates to ensure conformity with the referred Articles.

Amendment 624 #

Proposal for a regulation
Article 3 – paragraph 2

2. Natural persons shall have the right to receive an electronic copy, in the European electronic health record exchange format referred to in Article 6, of ~~at least~~ their electronic health data ~~in the priority categories referred to in Article 5~~, or a printed copy thereof, in accordance with paragraph 3 of Article 15 of Regulation (EU) 2016/679.

Amendment 625 #

Proposal for a regulation
Article 3 – paragraph 2

2. Natural persons shall have the right to receive an electronic or paper copy, in the European electronic health record exchange format referred to in Article 6, of at least their electronic health data in the priority categories referred to in Article 5.

Amendment 626 #

Proposal for a regulation
Article 3 – paragraph 2 a (new)

2 a. Paragraphs 1 and 2 shall be without prejudice to Article 15 of Regulation (EU) 2016/679 and Article 17 of Regulation (EU) 2018/1725.

Amendment 627 #

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of this right whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.deleted

Amendment 628 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 3

Amendment 629 #

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of th~~is right~~e rights referred to in paragraphs 1 and 2 whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.

Amendment 630 #

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with paragraph 1, point (i) of Article 23 of Regulation (EU) 2016/679, Member States may by law restrict the scope of this right whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on this ~~or her health~~person.

Amendment 631 #

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of th~~is right~~e rights under paragraphs 1 and 2 whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.

Amendment 632 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of th~~is right~~e right provided for in paragraph 1 whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.

Amendment 633 #

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of thisese rights whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.

Amendment 634 #

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of this right whenever necessary for the protection of the natural person based on patient safety and ethics by ~~delay~~imposing their access to their personal electronic health data ~~for a limited period of time until~~be made only through a health professional ~~can~~who will properly communicate and explain to the natural person information that can have a significant impact on his or her health.

Amendment 635 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 4

4. Where the personal health data have not been registered electronically prior to the application of this Regulation, Member States may require that such data is made available in electronic format pursuant to this Article. This shall not affect the obligation to make personal electronic health data registered after the application of this Regulation available in electronic format pursuant to this Article.deleted

Amendment 636 #

Proposal for a regulation
Article 3 – paragraph 4

Amendment 637 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 4

4. Where the personal health data have not been registered electronically ~~prior to the application of this Regulation~~, Member States may require that such data is made available in electronic format pursuant to this Article~~. This shall not affect the obligation to make personal electronic health data registered after the application of this Regulation available in electronic format pursuant to this Article~~, where the data subject consents to such electronic processing.

Amendment 638 #

Proposal for a regulation
Article 3 – paragraph 4

4. Where the personal health data have not been registered electronically prior to the application of this Regulation, Member States ~~may~~shall require that such data is made available in electronic format ~~pursuant to this Article~~. This shall not affect the obligation to make personal electronic health data registered after the application of this Regulation available in electronic format pursuant to this Article.

Amendment 639 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a

(a) establish one or more electronic health data access services at national, regional or local level enabling the exercise of rights referred to in paragraphs 1 and 2;, incorporating health professionals’ experience and knowledge within the framework of the exercise of the rights set out in paragraph 7.

Amendment 640 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a

(a) establish one or more public electronic health data access services at national, regional or local level enabling the exercise of rights referred to in paragraphs 1 and 2;

Amendment 641 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a

(a) establish one or more public electronic health data access services at national, regional or local level enabling the exercise of rights referred to in paragraphs 1 and 2;

Amendment 642 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point a

(a) establish one or more electronic health data access services at national, or regional ~~or local~~ level enabling the exercise of rights referred to in ~~paragraphs 1 and 2~~this Article;

Amendment 643 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling: (i) a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf, following the applicable provisions of the relevant Member State, for a specified period of time and if needed, for a specific purpose only; (ii) a legal guardian of a natural person to access their electronic health data on their behalf, following the applicable provisions of the relevant Member State.

Amendment 644 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf or to enable legal guardians to act on behalf of their dependents in accordance with the national law of the Member State.

Amendment 645 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf or to enable legal guardians as recognized by national law to act on behalf of their dependent children.

Amendment 646 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf in accordance with the provisions of Member States' legislation.

Amendment 647 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling a natural person to legitimately authorise, under other nat~~ural persons of their choice~~ional rules of the Member State, a legitimate legal representative of the patient to access their electronic health data on their behalf.

Amendment 648 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf and on their request.

Amendment 649 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 1 – point b

(b) establish one or more public proxy services enabling a natural person to authorise other natural persons of their choice to access their electronic health data on their behalf.

Amendment 650 #

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 2

The proxy services shall provide authorisations ~~free of charge, electronically or on paper. They shall enable~~in a transparent and easily understandable way, free of charge, electronically or on paper. Authorised natural persons and those acting on their behalf shall be informed about what authorisation rights they have, how to exercise them, and what they can expect from the authorisation process. The electronic health data access services as well as the proxy services shall be easily accessible for persons with disabilities in accordance with Directive (EU) 2019/882. The proxy services shall enable legal guardians or other representatives to be authorised, either automatically or upon request, to access electronic health data of the natural persons whose affairs they administer either for a specific purpose and time period or without limitation to administer their affairs. Member States may provide that authorisations do not apply whenever necessary for reasons related to the protection of the natural person, and in particular based on patient safety and ethics. The proxy services shall be interoperable among Member States. The proxy services shall provide an easy complaint mechanism with a contact point designated to inform individuals of a way to seek redress or remedy if they believe that their authorisation rights have been violated.

Amendment 651 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 5 – subparagraph 2

The proxy services shall provide authorisations free of charge, electronically or on paper. They shall enable legal guardians ~~or other representatives~~as recognised by national law to be authorised, either automatically or upon request, to access electronic health data of the natural persons whose affairs they administer. Member States may provide that authorisations do not apply whenever necessary for reasons related to the protection of the natural person, and in particular based on patient safety and ethics. The proxy services shall be interoperable among Member States.

Amendment 652 #

Proposal for a regulation
Article 3 – paragraph 5 a (new)

5 a. In addition to the electronic services referred to in paragraph 5 point (a), Member States shall also establish easily accessible support services for natural persons with adequately trained staff dedicated to assist them with exercising their rights referred to in this Article.

Amendment 653 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 6

6. Natural persons may, in accordance with the rules of the respective healthcare provider, insert their electronic health data in their own EHR or in that of natural persons whose health information they can access because they are proxies pursuant to paragraph 5, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative, shall not be available for secondary use, and shall only be considered as a clinical fact and made available for secondary use if validated by a registered healthcare professional of relevant specialisation responsible for the natural person’s treatment.

Amendment 654 #

Proposal for a regulation
Article 3 – paragraph 6

6. Natural persons may insert, access and export their electronic health data in and from their own EHR or in that of natural persons whose health information they can access, through electronic health data access services orand applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative as non-validated, and information shall only be considered as a clinical fact if validated by an identified, registered health professional with the relevant competence. Natural persons shall not have the possibility to directly change data inserted by healthcare professionals. The process must be secure.

Amendment 655 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 6

6. Natural persons may insert their electronic health data in their own EHR or in that of natural persons whose health information they can access, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative. These data are not the responsibility of healthcare providers who therefore do not have to ensure that they correspond to the requirements of the Regulation.

Amendment 656 #

Proposal for a regulation
Article 3 – paragraph 6

6. Natural persons may insert their electronic health data in their own EHR or in that of natural persons whose health information they can access, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative until a relevant health professional validates the information, which would then be marked as confirmed by a healthcare professional.

Amendment 657 #

Proposal for a regulation
Article 3 – paragraph 6

6. Natural persons may insert, access and download their electronic health data in and from their own EHR or in that of natural persons whose health information they can access, through electronic health data access services orand applications linked to these services. That information shall be marked as inserted, accessed or downloaded by the natural person or by ~~his or her representative~~the legitimate legal representative of the patient.

Amendment 658 #

Proposal for a regulation
Article 3 – paragraph 6

Amendment 659 #

Proposal for a regulation
Article 3 – paragraph 6

6. Natural persons may insert, access and export their electronic health data in their own EHR or in that of natural persons whose health information they can access, through electronic health data access services or applications linked to these services. That information shall be marked as inserted by the natural person or by his or her representative.

Amendment 660 #

Proposal for a regulation
Article 3 – paragraph 7

7. Member States shall ensure that, when exercising the right to rectification under Article 16 of Regulation (EU) 2016/679, natural persons can easily request rectification online through the electronic health data access services referred to in paragraph 5, point (a), of this Article. In accordance with Article 16 of Regulation (EU) 2016/679, natural persons shall not have the possibility to directly change data inserted by healthcare professionals. Such rectifications of clinical facts shall be validated by a registered healthcare professional of relevant specialisation responsible for the natural person’s treatment. The original data holder shall be responsible for the rectification.

Amendment 661 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 7

7. Member States shall ensure that, when exercising the right to rectification under Article 16 of Regulation (EU) 2016/679, natural persons can easily request rectification online through the electronic health data access services referred to in paragraph 5, point (a), of this Article, unless the proposed rectification concerns a data record made by a health service provider, in which case the provider in question will have to approve the rectification or lodge its opposition before the health data processing service.

Amendment 662 #

Proposal for a regulation
Article 3 – paragraph 7

Amendment 663 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 7

Amendment 664 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

Natural persons shall have the right to give access to or request a ~~data holder~~controller or a data holder, including from the health or social security sector, to transmit all or part of their electronic health data to a data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder. Where requested by the data subject, the controller, data holders, data recipients and their processors shall comply with the request and shall transmit the data in the format provided for in Article 5.

Amendment 665 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

NIn accordance with paragraph 2 of Article 20 of Regulation (EU) 2016/679, natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit all of or part of their electronic health data to a data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder. That data recipient shall be properly identified, including demonstrating that it belongs to the health or social security sectors.

Amendment 666 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

Natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit their electronic health data to a data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder. The data recipients shall be easily identifiable to the natural persons transmitting their electronic health data and demonstrate their affiliation to the health or social security sector.

Amendment 667 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

Natural persons shall have the right to give access to or request a data holder from the health ~~or social security sector~~sector and providing healthcare to transmit their electronic health data ~~to a~~or only specific part of health data identified by the requesting natural persons or necessary for the purpose at stake to a health data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.

Amendment 668 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

Natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit partially or totally, their electronic health data to a data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.

Amendment 669 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

Natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit all or some of their electronic health data to a data recipient of their choice from the health or social security sector, immediately, free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.

Amendment 670 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1

Natural persons shall have the right to give access to or request a data holder from the health or social security sector to transmit their electronic health data to a data recipient of their choice from the health or social security sector, ~~immediately,~~as soon as possible free of charge and without hindrance from the data holder or from the manufacturers of the systems used by that holder.

Amendment 671 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 1 a (new)

When a natural person makes the request for transmission, the health data holder shall have the obligation to comply with it, in accordance with Articles 6(1) and 9(2) point (a) of the Regulation (EU) 2016/679.

Amendment 672 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 3

~~By way of derogation from Article 9 of Regulation […] [Data Act COM/2022/68 final], the data recipient shall not be required to compensate the data holder for making electronic heath data available~~The data recipient shall compensate the data holder for the reasonable and non- discriminatory costs of making electronic health data available. A data holder, a data recipient or a third party shall not directly or indirectly charge data subjects a fee, compensation or costs for sharing data or accessing it.

Amendment 673 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 3

By way of derogation from Article 9 of Regulation […] [Data Act COM/2022/68 final], the data recipient shall not be required to compensate the data holder for making electronic health data available.

Amendment 674 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 4

Natural persons shall have the right that, where priority categories of personal electronic health data referred to in Article 5 are transmitted or made available by the natural person according to the European electronic health record exchange format referred to in Article 6, such data shall be read and ~~accepte~~recognised as valid by other healthcare providers.

Amendment 675 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 4

Natural persons shall have the right that, where priority categories of personal electronic health data referred to in Article 5 are transmitted or made available by the natural person according to the European electronic health record exchange format referred to in Article 6, ~~such data~~other healthcare providers shall be able to read and accept~~ed by other healthcare providers~~ such data.

Amendment 676 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 4 a (new)

The Commission shall, by means of implementing acts, determine the requirements for the interoperable, cross- border mechanism for identifying data recipients and authenticating the receiving entity’s belonging to the health or social security sector.

Amendment 677 #

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 4 a (new)

Amendment 678 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 8 – subparagraph 4 a (new)

This paragraph is without prejudice to limitations for the processing of personal health or genetic data under Member State law, pursuant to paragraph 4 of Article 9 of Regulation (EU) 2016/679.

Amendment 679 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of selected health professionals to all or a specific part of their electronic health data. ~~Member States shall establish the rules and specific safeguards regarding such restriction mechanisms.~~ Such restriction shall be easily identifiable in the EHR. When restricting the information, natural persons shall be made aware that restricting access may impact the provision of healthcare provied to them. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, including the conditions of medical liability, respecting the rules provided for by Article 18 (2) and (3) of the Regulation (EU) 2016/679 concerning the right to restriction of data processing. The Commission shall establish guidelines regarding medical liability when diagnosing and treating patients based on incomplete information.

Amendment 680 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health professionals to all or part of their electronic health data. ~~Member States~~For judicial reasons strictly related to medical liability of health professionals, the date and time of omitted information must be recorded and only visible to the health data access bodies under these circumstances. The European Commission shall establish the rules and specific safeguards regarding such restriction mechanisms through a delegated act.

Amendment 681 #

Proposal for a regulation
Article 3 – paragraph 9

9. ~~Notwithstanding~~Without prejudice to Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of certain health professionals to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, which may also include the possibility of restrictions related to a specific category of health professionals. Natural persons shall be informed of the patient safety risks associated with limiting access to health data.

Amendment 682 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to confidentially restrict access of health professionals to all or part of their electronic health data, and the fact that such data has been restricted. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, which shall also include the possibility to exercise geographical and temporal restrictions and restrictions related to a specific category of health professionals.

Amendment 683 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, Member States may grant natural persons ~~shall have~~ the right to restrict access of health professionals to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, including the conditions of medical liability and whether such restrictions apply to health data for research or quality development purposes. The restricted information must be easily identified in the EHR.

Amendment 684 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health professionals to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, including the terms of medical liability. It shall be clearly indicated in the EHR when access to information has been restricted by a natural person or by his or her representative.

Amendment 685 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health professionals to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms, which may also include the possibility to exercise geographical and temporal restrictions and restrictions related to a specific category of health professionals.

Amendment 686 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health ~~professional~~care providers, health professionals, data holders and data users to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms.

Amendment 687 #

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health professionals to all or part of their electronic health data. ~~Member States~~The European Commission shall establish the rules and specific safeguards regarding such restriction mechanisms. through a delegated act

Amendment 688 #

Proposal for a regulation
Article 3 – paragraph 9 a (new)

9 a. Member States may require the explicit consent of natural persons, or provide for the possibility for natural persons to refuse, the access to their personal electronic health data registered in an EHR system by electronic health data access services referred to in paragraph 5(a) of this Article and by health professional access services referred to in Article 4(3).

Amendment 689 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare, including access to restricted data pursuant to paragraph 9. The information shall be provided immediately and free of charge through electronic health data access services, whenever such access has taken place. For this purpose, providers of electronic health records shall keep a record of who has accessed which data in the previous 24 months. Member States may provide for restrictions to this right in exceptional circumstances, where there are factual indications that disclosure would endanger the vital interests or rights of the health professional.

Amendment 690 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall ~~have the right to obtain inform~~receive an automatic notification on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. ~~The information shall be provided immediately and free of charge through electronic health data access service~~In order to demonstrate compliance with this provision, all relevant entities shall also maintain a record of those healthcare providers and health professionals who had access to data. The information shall be provided immediately and free of charge through electronic health data access services in a commonly accepted, interoperable, and machine-readable format. The information shall at least include the names of the health care providers controlling the data processing, the health data that was accessed, and the time of access.

Amendment 691 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. In order to demonstrate compliance with this right, all relevant entities shall maintain a system of automated recording showing unequivocally who, when and where had access to data, accessible to the patient. The information shall be provided immediately and free of charge through electronic health data access services in a commonly accepted, interoperable format.

Amendment 692 #

Proposal for a regulation
Article 3 – paragraph 10

Amendment 693 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to ~~obtain information on the~~know if healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. The information shall be provided ~~immediately and~~ free of charge through electronic health data access services. Member States may provide that the right to obtain information does not apply whenever necessary for reasons related to the protection and safety of healthcare providers and health professionals.

Amendment 694 #

Proposal for a regulation
Article 3 – paragraph 10

Amendment 695 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to ~~obtain~~receive automatically information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. All relevant entities shall maintain a record of those who have had access to data. The information shall be provided immediately and free of charge through electronic health data access services.

Amendment 696 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to ~~obtain~~receive an automatic notification with information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare, and on the substance of the accessed data. The information shall be provided immediately and free of charge through electronic health data access services.

Amendment 697 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain information on ~~the healthcare providers and heal~~any access to their electronic health data, including information about the identity of the p~~rofessionals that have~~erson who accessed their electronic health data ~~in the context of healthcare~~, which health data was accessed and the time of access. The information shall be provided immediately and free of charge through electronic health data access services.

Amendment 698 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. The information shall be provided immediately and free of charge in a readable, consolidated and accessible format through electronic health data access services.

Amendment 699 #

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain ~~information~~automatic notifications via email to be informed on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare. The information shall be provided immediately and free of charge through electronic health data access services.

Amendment 700 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 10 a (new)

10 a. Natural persons shall have the possibility to choose whether to receive notifications about which health professional and when have accessed their personal electronic health data, as well as the periodicity of such notifications. There should be an automatic notification for situations when a health professional accesses the personal electronic health data of a natural person for the first time.

Amendment 701 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 11

11. The supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Article, in accordance with the relevant provisions in Chapters VI, VII and VIII of Regulation (EU) 2016/679. They shall be competent to impose administrative fines up to the amount referred to in Article 83(5) of that Regulation. Those supervisory authorities and the digital health authorities referred to in Article 10 of this Regulation shall, where relevant, cooperate in the enforcement of this Regulation, within the remit of their respective competences.deleted

Amendment 702 #

Proposal for a regulation
Article 3 – paragraph 11

Amendment 703 #

Proposal for a regulation
Article 3 – paragraph 11

Amendment 704 #

Proposal for a regulation
Article 3 – paragraph 11

Amendment 705 #

Proposal for a regulation
Article 3 – paragraph 11

11. The supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of this Article, in accordance with the relevant provisions ~~in Chapters VI, VII and VIII~~ of Regulation (EU) 2016/679. They shall be competent to impose administrative fines ~~up to the amount referred to in~~in accordance with Article 83~~(5)~~ of that Regulation. Those supervisory authorities and the digital health authorities referred to in Article 10 of this Regulation shall, where relevant, cooperate in the enforcement of this Regulation, within the remit of their respective competences.

Amendment 706 #

Proposal for a regulation
Article 3 – paragraph 12

12. The Commission shall, by means of implementing acts, determine the requirements concerning the technical implementation of the rights set out in this Article, including technical and organisational measures to ensure the process of authentication of the authorised person referred to in point (b) of paragraph 5. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 707 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 3 – paragraph 12

12. The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements concerning the technical implementation of the rights set out in this Article~~. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2)~~, including technical and organisational measures to ensure the process of authentication of the authorised person referred to in point (b) of paragraph 5.

Amendment 708 #

Proposal for a regulation
Article 3 – paragraph 12

12. The Commission shall, by means of implementing acts, determine the requirements concerning the technical implementation of the rights set out in this Article. Those implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure referred to in Article 68(2a).

Amendment 709 #

Proposal for a regulation
Article 3 – paragraph 12 a (new)

12 a. Member States, including regional and local authorities, shall provide guidance to natural persons in relation to the use of the electronic health records and primary use of their personal electronic health data laid down in this Article. Such guidance shall take into account digital health literacy of vulnerable groups, including migrants, the elderly and persons with disabilities.

Amendment 710 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 4 – paragraph 1 – introductory part

1. Where they process data in an electronic format, health professionals shall, upon explicit consent from the natural persons under their treatment:

Amendment 711 #

Proposal for a regulation
Article 4 – paragraph 1 – introductory part

1. Where they process data in an electronic format, health professionals, including care management teams, shall:

Amendment 712 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) have access to the electronic health data of natural persons ~~under their treatment~~, where, and to the extent that, this is necessary for the purposes spelled out in point (h) of paragraph 2 of Article 9 of Regulation (EU) 2016/679, irrespective of the Member State of affiliation and the Member State of treatment, with the exceptions provided for in paragraphs 9 and 9a of Article 3;

Amendment 713 #

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) have access to the electronic health data of natural persons under their treatment and for its sole purpose, including relevant administration, irrespective of the Member State of affiliation and the Member State of treatment; , in accordance with Article 9(2) point (h) of Regulation 2016/679;

Amendment 714 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) have access to the electronic health data of natural persons under their ~~treatment~~care and restrict to their functions of action, irrespective of the Member State of affiliation and the Member State of treatment;

Amendment 715 #

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) have access to the electronic health data of natural persons under their treatment, on a need-to-know basis, irrespective of the Member State of affiliation and the Member State of treatment;

Amendment 716 #

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) have access on a need-to-know basis to the electronic health data of natural persons under their treatment, irrespective of the Member State of affiliation and the Member State of treatment;

Amendment 717 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 4 – paragraph 1 – point a

(a) have access on a need-to-know basis to the electronic health data of natural persons under their treatment, irrespective of the Member State of affiliation and the Member State of treatment;

Amendment 718 #

Proposal for a regulation
Article 4 – paragraph 1 – point b

(b) ensure that the personal electronic health data of the natural persons they ~~treat~~care are updated with information related to the health services provided and, if not, update data concerning the health services provided by them.

Amendment 719 #

Proposal for a regulation
Article 4 – paragraph 1 – point b

(b) ensure that the personal electronic health data of the natural persons they treat and the data connected with the health services offered to them are updated with information related to the health services provided.

Amendment 720 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States ~~may~~shall establish rules providing for the categories of personal electronic health data required by different health professions in accordance with the principles of purpose limitation and data minimisation. Such rules shall not be based on the source of electronic health data.

Amendment 721 #

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States may establish rules providing for the categories of personal electronic health data required by different health professions, based on their qualification and area of expertise. Such rules shall not be based on the geographical source of electronic health data.

Amendment 722 #

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States ~~may~~shall establish rules providing for the categories of personal electronic health data required by different health professions or different healthcare tasks. Such rules shall not be based on the source of electronic health data.

Amendment 723 #

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States ~~may~~shall establish rules providing for the categories of personal electronic health data required by different categories of health professions. Such rules shall not be based on the source of electronic health data.

Amendment 724 #

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States ~~may~~shall establish rules providing for the categories of personal electronic health data required by different health professions. Such rules shall not be based on the source of electronic health data.

Amendment 725 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States ~~may~~shall establish rules providing for the categories of personal electronic health data required by different health professions. Such rules shall not be based on the source of electronic health data.

Amendment 726 #

Proposal for a regulation
Article 4 – paragraph 2 a (new)

2 a. Notwithstanding the national rules established pursuant to paragraph 2, natural persons shall be able to easily give acces to their electronic health data to a selected health professional through the health data access services, if they wish so.

Amendment 727 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 2 a (new)

2a. With a view to meeting the obligations established in paragraph 1 of this article, Member States may provide health professionals with support to ensure that they have the requisite digital skills, infrastructure and tools.

Amendment 728 #

Proposal for a regulation
Article 4 – paragraph 2 b (new)

2 b. In the case of treatment in a Member State other than the Member State of affiliation, the rules referred to in paragraph 2, if established, of the Member States of treatment apply.

Amendment 729 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 3

3. Member States and, where appropriate, local or regional authorities shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services, where, and to the extent to, this is necessary for the purposes spelled out in point (h) of paragraph 2 of Regulation (EU) 2016/679, and with the exceptions provided for in paragraphs 9 and 9a of Article 3. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services regarding the electronic health data of natural persons under their treatment, irrespective of the Member State of affiliation and treatment, free of charge.

Amendment 730 #

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services. Health professionals ~~who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge~~shall have access to electronic health data through health professional access services for the sole purpose of providing healthcare treatment, including relevant administration, and only through recognised electronic identification and authentication means, free of charge. The electronic health data in the electronic health records shall be structured in a user-friendly manner to allow for an easy use by health professionals.

Amendment 731 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals lawfully exercising their activities through health professional access services and that health professionals can easily select specific relevant information in the EHR. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. To this end, they may cooperate, where appropriate, with professional associations under the terms provided for by national rules.

Amendment 732 #

Proposal for a regulation
Article 4 – paragraph 3

Amendment 733 #

Proposal for a regulation
Article 4 – paragraph 3

Amendment 734 #

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to ~~at least~~ the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services, where the processing of health data is necessary. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge, where the processing of health data is necessary.

Amendment 735 #

Proposal for a regulation
Article 4 – paragraph 3

3. Member States and, where appropriate, local or regional authorities shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals, including for cross- border care, through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge.

Amendment 736 #

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made only available for the purpose of the healthcare treatment, to health professionals through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. .

Amendment 737 #

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made available to health professionals through health professional access services, where the processing of health data is necessary. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge.

Amendment 738 #

Proposal for a regulation
Article 4 – paragraph 3 a (new)

3 a. Member States shall establish policies aimed at providing health professionals with the digital skills, competences, infrastructures and tools required to fulfill the obligations set out in paragraph 1 of this Article.

Amendment 739 #

Proposal for a regulation
Article 4 – paragraph 3 a (new)

Amendment 740 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 741 #

Proposal for a regulation
Article 4 – paragraph 4

4. 4) Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person~~, including where the provider or professional is informed of the existence and nature of the restricted electronic health data~~. The existence of a restriction must be clearly indicated in the EHR. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 742 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person according to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. However, health professionals should always be able to distinguish between the case where there is no data, and where there is data but access is restricted. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 743 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, pursuant to Article 3(9), the healthcare provider or health professionals shall not be informed of the content of the restricted electronic health data without prior ~~authorisation~~explicit consent as defined in Article 9(2)(a) of Regulation (EU) 2016/679 by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data, in line with Article 6(1)(d) of of Regulation (EU) 2016/679. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 744 #

Patrick BREYER

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the existence, the nature and the content of the electronic health data without prior ~~authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data~~explicit consent by the natural person. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 745 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person~~, including where the provider or professional is informed of the existence and nature of t~~. It shall be clearly indicated in the EHR when access to information has been restricted by a natural person or by his or her re~~stricted electronic health data~~presentative. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 746 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, in~~cluding wher~~ which case the provider or professional iswill be informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 747 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior ~~authorisation~~explicit consent by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 748 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior ~~authorisation~~explicit consent by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 749 #

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to ~~electronic~~ health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of th~~e electronic~~ose health data without prior authorisation by the natural person~~, including where t~~. The provider or professional ~~is informed of the existence and nature of the restricted electronic health data~~shall however be able to see that there is health data to which access has been restricted. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, or an obvious public interest, the healthcare provider or health professional may ~~get~~obtain access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

Amendment 750 #

Proposal for a regulation
Article 4 a (new)

Article 4 a Reform of the European Health Insurance Card 1. Member States shall impose a reform of the European Health Insurance Card so that it can be utilized in accessing citizens' digital health data. 2. It should be ensured that the European Health Insurance Card has a chip or an equivalent access tool to access citizens' health data when they seek healthcare in different Member State than in their own. The system needs to be interoperable in all Member States.

Amendment 751 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – introductory part

Where data is processed in electronic format, Member States shall implement access to and exchange of personal electronic health data for primary use fully or partially falling under the following categories: (a) patient summaries including medication treatment information at hospital and ambulatory/day hospitals. (b) electronic prescriptions across the continuum of care, including hospital and ambulatory/day hospitals. (c) electronic dispensations across the continuum of care, including hospital and ambulatory/day care hospital (d) medical images and image reports; (e) laboratory results; (f) discharge reports.

Amendment 752 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – introductory part

Where data is ~~process~~registered in electronic format, Member States shall implement access to and exchange of personal electronic health data for primary use fully or partially falling under the following categories:

Amendment 753 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – introductory part

Amendment 754 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – introductory part

Amendment 755 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point a a (new)

(a a) information about consent for SoHO and organ donations as well as respective donation history;

Amendment 756 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point b

(b) electronic prescriptions in any language of the Union;

Amendment 757 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point b

(b) electronic prescriptions and medication plans;

Amendment 758 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point d

(d) medical images and image reports and medical test results;

Amendment 759 #

(d) medical images ~~and~~, image reports, audio and video;

Amendment 760 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point d

(d) medical images ~~and~~, image reports, audio and video;

Amendment 761 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f

(f) hospital discharge reports.

Amendment 762 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f

(f) patient discharge reports.

Amendment 763 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f

(f) discharge reports.;

Amendment 764 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f a (new)

(f a) International Classification of Diseases (ICD) codes

Amendment 765 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 – point f a (new)

(f a) medical directives.

Amendment 766 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 3

~~Access to and exchange of electronic health data for primary use may be enabled for other categories of personal electronic health data available in the EHR of natural persons.~~deleted

Amendment 767 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 3

~~Access to and exchange of electronic health data for primary use may be enabled for other categories of personal electronic health data available in the EHR of natural persons.~~deleted

Amendment 768 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 3

AMember States may by law enable access to and exchange of electronic health data for primary use ~~may be enabled~~ for other categories of personal electronic health data available in the EHR of natural persons.

Amendment 769 #

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 3

AMember States may enable access to and exchange of electronic health data for primary use ~~may be enabled~~ for other categories of personal electronic health data available in the EHR of natural persons.,

Amendment 770 #

Proposal for a regulation
Article 5 – paragraph 2

~~2. The Commission is empowered to adopt~~ delegated acts in accordance with Article 67 to amend the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend Annex I by adding, modifying or removing the main characteristics of the priority categories of electronic health data and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria: (a) the category is relevant for health services provided to natural persons; (b) according to the most recent information, the category is used in a significant number of EHR systems used in Member States; (c) international standards exist for the category that have been examined for the possibility of their application in the Union.

Amendment 771 #

Proposal for a regulation
Article 5 – paragraph 2

Amendment 772 #

Proposal for a regulation
Article 5 – paragraph 2

Amendment 773 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Amendment 774 #

Proposal for a regulation
Article 5 – paragraph 2 – introductory part

2. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend ~~the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend~~ Annex I by adding, modifying or removing the main characteristics of the priority categories of electronic health data ~~and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria:~~.

Amendment 775 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 5 – paragraph 2 – introductory part

2. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of priority categories of electronic health data in paragraph 1. Such delegated acts may also amend Annex I by adding, modifying or removing the mainimum characteristics of the priority categories of electronic health data and indicating, where relevant, deferred application date. The categories of electronic health data added through such delegated acts shall satisfy the following criteria:

Amendment 776 #

Proposal for a regulation
Article 5 – paragraph 2 – point a

~~(a) the category is relevant for health services provided to natural persons;~~deleted

Amendment 777 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 5 – paragraph 2 – point b

~~(b) according to the most recent information, the category is used in a significant number of EHR systems used in Member States;~~deleted

Amendment 778 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 5 – paragraph 2 – point c

~~(c) international standards exist for the category that have been examined for the possibility of their application in the Union.~~deleted

Amendment 779 #

Proposal for a regulation
Article 5 – paragraph 2 – subparagraph 1 (new)

The list of priority electronic health data categories set out in Annex I must not withdraw or change data useful for health professionals' work.

Amendment 780 #

Proposal for a regulation
Article 5 – paragraph 2 a (new)

2 a. The Commission shall, by means of implementing acts, lay down rules determining which health information domains and interoperability specifications, including standards, and profiles for representing and exchanging health data shall be included in the European electronic health record exchange format.

Amendment 781 #

Proposal for a regulation
Article 6 – paragraph 1 – introductory part

1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format. The exchange format must be chosen in accordance with the feasibility of technical and organisational measures pursuant to Article 32 of Regulation (EU) 2016/679. The format shall include the following elements:

Amendment 782 #

Proposal for a regulation
Article 6 – paragraph 1 – introductory part

1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format. The exchange format must be chosen in accordance with the feasibility of technical and organisational measures pursuant to Article 32 of Regulation (EU) 2016/679. The format shall include the following elements:

Amendment 783 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 6 – paragraph 1 – introductory part

Amendment 784 #

Proposal for a regulation
Article 6 – paragraph 1 – introductory part

1. The Commission shall, by means of implementing acts, lay down the technical specifications for the priority categories of personal electronic health data referred to in Article 5, setting out the European electronic health record exchange format, ensuring consistency with the technical specifications prevailing in the Member States. The format shall include the following elements:

Amendment 785 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 6 – paragraph 1 – point a

(a) harmonised datasets containing electronic health data and defining structures, such minimum as data fields and data groups for the content representation of clinical content and other parts of the electronic health data, that can be enlarged to include disease-specific data;

Amendment 786 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 6 – paragraph 1 – point a

(a) harmonised datasets containing electronic health data and defining structures, such as minimum data fields and data groups for the content representation of clinical content and other parts of the electronic health data, that can be enlarged to include disease-specific data;

Amendment 787 #

Proposal for a regulation
Article 6 – paragraph 1 – point a

(a) harmonised datasets containing electronic health data and defining structures, such as minimum data fields and data groups for the content representation of clinical content and other parts of the electronic health data that may be enlarged to include disease specific data;

Amendment 788 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 6 – paragraph 1 a (new)

1 a. The Commisssion shall ensure that those implementing acts contain the latest versions of healthcare coding systems and nomenclatures and that they are updated regularly in order to keep up with the revisions of the healthcare coding systems and nomenclatures.

Amendment 789 #

Proposal for a regulation
Article 6 – paragraph 2 a (new)

2 a. For the purpose of paragraph 1, the Commission shall consult and cooperate with relevant stakeholders, including patients’ representatives, healthcare providers, health professionals, industry associations, national competence centres, as well as other Union and national authorities with competence in relevant areas, to encourage and contribute to the elaboration and adoption of a European electronic health record exchange format.

Amendment 790 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 6 – paragraph 3

3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are issued in the format referred to in paragraph 1 and such data shall be read and ~~accepted by the~~recognised as valid by the data recipient including measures aimed at ensuring priority categories of personal electronic health data are~~cipient~~ translated as necessary for the provision of healthcare to the language of the patient or the healthcare professional.

Amendment 791 #

Proposal for a regulation
Article 6 – paragraph 3

3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are issued in the format referred to in paragraph 1 and such data shall be read and accepted by the data recipient. Likewise, access to personal health data in the language of the patient or the health professional shall be assured to the extent necessary to provide those health services effectively.

Amendment 792 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 6 – paragraph 3

3. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are processed in electronic format across the continuum of care and are issued in the format referred to in paragraph 1 and such data shall be read and accepted by the data recipient.

Amendment 793 #

Proposal for a regulation
Article 6 – paragraph 3 a (new)

3 a. Member States shall ensure that the priority categories of personal electronic health data referred to in Article 5 are available in the language of the patient and the treating health professional.

Amendment 794 #

Proposal for a regulation
Article 6 – paragraph 3 a (new)

3 a. When drafting the implementing acts, the Commission shall take all proper measures to ensure compatibility with existing data formats in Member States.

Amendment 795 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 7 – paragraph 1

1. Member States shall ensure that, where data is processed in electronic format, health professionals systematically register the relevant health data falling under at least the priority categories referred to in Article 5 concerning the health services provided by them to natural persons, in the electronic format in an EHR system, and shall be responsible for ensuring their confidentiality.

Amendment 796 #

Proposal for a regulation
Article 7 – paragraph 1

1. ~~Member States shall ensure that, w~~Where data is processed in electronic format, Member States shall facilitate health professionals to systematically register the relevant health data falling under at least the priority categories referred to in Article 5 concerning the health services provided by them to natural persons, in the electronic format in an EHR system.

Amendment 797 #

Birgit SIPPEL

Proposal for a regulation
Article 7 – paragraph 1

1. Member States shall ensure that, where data is processed in electronic format, health professionals ~~systematically~~ register the relevant health data falling under ~~at least~~ the priority categories referred to in Article 5 concerning the health services provided by them to natural persons, in the electronic format in an EHR system.

Amendment 798 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 7 – paragraph 1

Amendment 799 #

Proposal for a regulation
Article 7 – paragraph 1 a (new)

1 a. Where the personal health data have not been registered electronically prior to the application of this Regulation, Member States may require that such data is made available in electronic format pursuant to this Article. This shall not affect the obligation to make personal electronic health data, registered after the application of this Regulation, available in electronic format, pursuant to this Article.

Amendment 800 #

Proposal for a regulation
Article 7 – paragraph 1 a (new)

1 a. Member States may require the explicit consent of natural persons for, or provide for the possibility for natural persons to refuse, the registration of their health data by all or selected healthcare professionals in an EHR system.

Amendment 801 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 7 – paragraph 2

2. Where electronic health data of a natural person is registered in a Member State that is not the Member State of affiliation of that person, the Member State of treatment shall ensure that the registration is performed under the person identification data of the natural person in the Member State of affiliation, and shall be responsible for ensuring they remain confidential.

Amendment 802 #

Proposal for a regulation
Article 7 – paragraph 2 a (new)

2a. Member States shall ensure that the processing of personal electronic health data is located within the European Economic Area. When personal health data are accessed remotely, for example in case of use of hosting managed services, from a territory located outside of the European Economic Area which does not ensure an adequate level of data protection within the meaning of Article 45 of the GDPR, Member States ensure that measures are implemented to secure that this transfer is compliant with the GDPR and are made public by the data controller.

Amendment 803 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – introductory part

The Commission shall, by means of implementing acts, determine ~~the requirements for the registration of electronic health data by healthcare providers and natural persons, as relevant. Those implementing acts shall establish the following~~:

Amendment 804 #

The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements for the registration of electronic health data by healthcare pro~~vider~~fessionals and natural persons, as relevant. Those ~~implementing~~delegated acts shall establish the following:

Amendment 805 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – introductory part

The Commission shall, by means of implementing acts, determine the requirements for the quality of data for the registration of electronic health data by healthcare providers and natural persons, as relevant. ~~Those implementing acts shall establish the following:~~

Amendment 806 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – introductory part

The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements for the registration of electronic health data by healthcare providers and natural persons, as relevant. Those ~~implementing~~delegated acts shall establish the following:

Amendment 807 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point a

~~(a) categories of healthcare providers that are to register health data electronically;~~deleted

Amendment 808 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point a

~~(a) categories of healthcare providers that are to register health data electronically;~~deleted

Amendment 809 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point a

(a) categories of healthcare pro~~viders~~ fessionals that are to register health data electronically;

Amendment 810 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point b

~~(b) categories of health data that are to be registered systematically in electronic format by healthcare providers referred to in point (a);~~deleted

Amendment 811 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point b

~~(b) categories of health data that are to be registered systematically in electronic format by healthcare providers referred to in point (a);~~deleted

Amendment 812 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point b

(b) categories of health data that are to be registered systematically in electronic format by healthcare pro~~vider~~fessionals referred to in point (a);

Amendment 813 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 1 – point c

~~(c) data quality requirements pertaining to the electronic registration of health data.~~deleted

Amendment 814 #

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2

Those implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure referred to in Article 68(2).

Amendment 815 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 7 – paragraph 3 – subparagraph 2

Those ~~implementing~~delegated acts shall be adopted in accordance with the advisory procedure referred to in Article 6~~8(2)~~7.

Amendment 816 #

Proposal for a regulation
Article 7 – paragraph 3 a (new)

3 a. For the purpose of transparency and accountability, natural persons or their legal representatives must be able to see which healthcare professional accessed their electronic health record separately in each specific category and when.

Amendment 817 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 7 – paragraph 3 b (new)

3 b. When health data is registered or updated, electronic health records must identify the time, person and location of the registry.

Amendment 818 #

Proposal for a regulation
Article 8

8 Where a Member State accepts the provision of telemedicine services, it shall, under the same conditions, accept the provision of the services of the same type by healthcare providers located in other Where a Member State accepts the provision of telemedicine services, it shall, under the same conditions, accept the provision of the services of the same type by healthcare providers located in otherArticle 8 deleted Member States.

Amendment 819 #

Proposal for a regulation
Article 8

Telemedicine in the context of cross- Where a Member State accepts the provision of telemedicine services, it shall, under the same conditions, accept the provision of the services of the same type by healthcare providers located in other Member States.Article 8 deleted border healthcare

Amendment 820 #

Proposal for a regulation
Article 8

Where a Member State accepts the provision of telemedicine services, it shall, under the same conditions, accept the provision of the services of the same type by healthcare providers located in other Member States.Article 8 deleted Telemedicine in the context of cross- border healthcare

Amendment 821 #

Proposal for a regulation
Article 8

Amendment 822 #

Proposal for a regulation
Article 8

Amendment 823 #

Proposal for a regulation
Article 8 – paragraph 1

Amendment 824 #

Proposal for a regulation
Article 8 – paragraph 1

Amendment 825 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 8 – paragraph 1

Amendment 826 #

Proposal for a regulation
Article 8 – paragraph 1

Where a Member State accepts the provision of telemedicine services, it shall, under the same conditions, accept the provision of the services of the same type by healthcare providers located in other Member States with the same rights and obligations to access and register electronic health data. Telemedicine services shall respect the national law of the Member State in which is being provided.

Amendment 827 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 8 – paragraph 1

Where a Member State ~~accept~~enables the provision of telemedicine services, it shall, under the same conditions and in a non- discriminatory manner, accept the provision of the services of the same type by healthcare providers located in other Member States.

Amendment 828 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 9 – paragraph 1

1. Where a natural person uses telemedicine services or, that natural person shall have the right to identify electronically using any electronic identification means which is recognised pursuant to Article 6 of Regulation (EU) No 910/2014. Where a natural person uses personal health data access services referred to in Article 3(5), point (a), that natural person shall ~~have the right to~~ identify electronically using any electronic identification means which is recognised pursuant to Article 6 of Regulation (EU) No 910/2014.

Amendment 829 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 9 – paragraph 1

1. Where a natural person uses ~~telemedicine services or~~ personal health data access services referred to in Article 3(5), point (a), that natural person shall have the right to identify electronically using any electronic identification means which is recognised pursuant to Article 6 of Regulation (EU) No 910/2014.

Amendment 830 #

Proposal for a regulation
Article 9 – paragraph 1 a (new)

1 a. Where a health professional provides telemedicine services or uses health professional access services referred to in Article 4(3), that health professional shall identify electronically using any electronic identification means which is recognised pursuant to Article 6 of Regulation (EU) No 910/2014.

Amendment 831 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of implementing acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final] with provisions for transition periods. The mechanism shall facilitate the transferability of electronic health data in a cross-border context. The Commission shall ensure that state-of-art technology is in place to meet the requirements. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 832 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of implementing acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the transferability of electronic health data in a cross-border context and allow natural persons to easily access their electronic health record by identification and authentication under the new eID system. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 833 #

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the secure transferability of electronic health data in a cross-border context. Those ~~implementing~~delegated acts shall be adopted in accordance with ~~the advisory procedure referred to in~~ Article 6~~8(2)~~7.

Amendment 834 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of implementing acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 ~~as amended by [COM(2021) 281 final]~~. The mechanism shall facilitate the transferability of electronic health data in a cross-border context. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 835 #

Proposal for a regulation
Article 9 – paragraph 2

2. The Commission shall, by means of ~~implementing~~delegated acts, determine the requirements for the interoperable, cross- border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final]. The mechanism shall facilitate the transferability of electronic health data in a cross-border context. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 836 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 9 – paragraph 3

Amendment 837 #

Proposal for a regulation
Article 9 – paragraph 3

3. The Commission and Member States shall implement services required by the interoperable, cross-border identification and authentication mechanism referred to in paragraph 2 of this Article at Union level, as part of the cross-border digital health infrastructure referred to in Article 12(3).

Amendment 838 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 9 – paragraph 4

4. The ~~digital health authoriti~~Member States and the Commission shall implement the cross- border identification and authentication mechanism at Union and Member States’ level, respectively, in accordance with Regulation (EU) No 910/2014 as amended by [COM(2021) 281 final].

Amendment 839 #

Proposal for a regulation
Article 10 – paragraph 1

1. Each Member State shall designate a digital health authority responsible for the implementation and enforcement of this Chapter at national level. Implementation shall be harmonised at national level and across Member States with the EHDS Board conducting an oversight and leadership role in achieving this. The Member State shall communicate the identity of the digital health authority to the Commission by the date of application of this Regulation. Where a designated digital health authority is an entity consisting of multiple organisations, the Member State shall communicate to the Commission a description of the separation of tasks between the organisations. The Commission shall make this information publicly available.

Amendment 840 #

Proposal for a regulation
Article 10 – paragraph 2 – introductory part

2. Each digital health authority shall be entrusted with the following tasks and powers:

Amendment 841 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 10 – paragraph 2 – point a

(a) ensure the implementation of the rights and obligations provided for in Chapters II and III by adopting necessary national, regional or local technical solutions and by establishing relevant rules and mechanisms, that is using solutions whose owners, whether public or private, and the infrastructure on which they rely are located in the European Union, so that EU law alone shall govern in the context of the EHDS;

Amendment 842 #

Proposal for a regulation
Article 10 – paragraph 2 – point a

(a) ensure the implementation of the rights and obligations provided for in Chapters II and III by adopting necessary national, or regional ~~or local~~ technical solutions and by establishing relevant rules and mechanisms;

Amendment 843 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 10 – paragraph 2 – point b

(b) ensure that complete and up to date information about the implementation of rights and obligations provided for in in Chapters II and III is made readily available to natural persons, health professionals and healthcare providers and that appropriate training initiatives are undertaken at the local level;

Amendment 844 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 10 – paragraph 2 – point f

(f) supervise the ~~national~~ contact points for digital health and cooperate with other digital health authorities and the Commission on further development of MyHealth@EU;

Amendment 845 #

Proposal for a regulation
Article 10 – paragraph 2 – point g

(g) ensure the implementation, at national level, of the European electronic health record exchange format, in cooperation with national authorities and stakeholders, including representatives of patients, consumers and healthcare professionals;

Amendment 846 #

Proposal for a regulation
Article 10 – paragraph 2 – point g

(g) ensure the implementation, at national level, of the European electronic health record exchange format, in cooperation with national authorities and stakeholders, in particular healthcare professionals;

Amendment 847 #

Proposal for a regulation
Article 10 – paragraph 2 – point h

(h) contribute, at Union level, and in cooperation with the local and regional level within the Member States, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing interoperability, security, safety or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems and wellness applications referred to in Article 32;

Amendment 848 #

Proposal for a regulation
Article 10 – paragraph 2 – point h

(h) contribute, at Union level, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing interoperability, the access period and the access process per se, and security, safety or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems and wellness applications referred to in Article 32;

Amendment 849 #

Proposal for a regulation
Article 10 – paragraph 2 – point h

(h) contribute, at Union level, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing quality, interoperability, security, safety, ease of use, accessibility, non-discrimination or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems ~~and wellness applications referred to in Article 32~~;

Amendment 850 #

Proposal for a regulation
Article 10 – paragraph 2 – point h

(h) contribute, at Union level, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing interoperability, security, safety or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems ~~and wellness applications~~ referred to in Article 32;

Amendment 851 #

Proposal for a regulation
Article 10 – paragraph 2 – point h a (new)

(h a) support digital health literacy and promote awareness and understanding about the benefits, risks, rules and rights in relation to the use of EHR systems;

Amendment 852 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 10 – paragraph 2 – point k

(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible to different groups of natural persons and health professionals, including natural persons with disabilities, do not discriminate and offer the possibility of choosing between in person and digital services;deleted

Amendment 853 #

Proposal for a regulation
Article 10 – paragraph 2 – point k

(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible and equitable to different groups of natural persons and health professionals, including natural persons with disabilities, do not discriminate and offer the possibility of choosing between in person and digital services;

Amendment 854 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 10 – paragraph 2 – point k

(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible to ~~different groups of~~ natural persons and health professionals, including natural persons with disabilities, dounder the same notn- discriminateory conditions and offer the possibility of choosing between in person and digital services;

Amendment 855 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 10 – paragraph 2 – point k a (new)

(k a) ensure a communication plan to the natural person, health professional and stakeholders to inform the rights and obligations of which element of the EHDS and inform the natural person the advantages and potential gains to science and society of the primary and secondary use of electronic health data;

Amendment 856 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 10 – paragraph 2 – point k b (new)

(k b) offer, free of charge, accessible online training, to natural persons and health professionals on how to use electronic health data access service and health professional access service, respectively;

Amendment 857 #

Proposal for a regulation
Article 10 – paragraph 2 – point m

(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ representatives, healthcare providers, health professionals, including professional associations representing them, social security institutions, industry associations;

Amendment 858 #

Proposal for a regulation
Article 10 – paragraph 2 – point m

(m) cooperate with other relevant entities and bodies at local, regional, national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ and consumers’ representatives, healthcare providers, health professionals, industry associations;

Amendment 859 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 10 – paragraph 2 – point m

Amendment 860 #

Proposal for a regulation
Article 10 – paragraph 2 – point m

(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives through relevant associations, including ~~patients’~~ representatives of patients, healthcare providers, health professionals, industry ~~associations~~;

Amendment 861 #

Proposal for a regulation
Article 10 – paragraph 2 – point m

(m) cooperate with other relevant entities and bodies at local, regional, national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ representatives, healthcare providers, health professionals, industry associations;

Amendment 862 #

Proposal for a regulation
Article 10 – paragraph 2 – point n

(n) cooperate in the enforcement of this Regulation, within the remit of their respective competences, with supervisory authorities in accordance with Regulation (EU) 910/2014, Regulation (EU) 2016/679 and Directive (EU) 2016/1148 of the European Parliament and of the Council56with other relevant authorities, including those competent for cybersecurity, electronic identification, the European Artificial Intelligence Board, the Medical Device Coordination Group, the European Data Innovation Board and the competent authorities under Regulation […] [Data Act COM/2022/68 final]; _________________ 56 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

Amendment 863 #

Proposal for a regulation
Article 10 – paragraph 2 – point n a (new)

(n a) promote public awareness and understanding of the benefits, risks, rules, safeguards and rights in relation to the EHDS system.

Amendment 864 #

Proposal for a regulation
Article 10 – paragraph 2 – point o – introductory part

(o) draw up, in collaboration where relevant with market surveillance authorities, an annual activity report, which shall contain a comprehensive overview of its activities. The report shall be transmitted to the Commission and shall be published. The annual activity report shall follow a structure that is agreed at Union level within EHDS Board, to support benchmarking pursuant to Article 59. The report shall contain at least information concerning:

Amendment 865 #

Proposal for a regulation
Article 10 – paragraph 2 – point o – point vi a (new)

(vi a) amount of persons who have restricted or refused access to their data pursuant to paragraphs 9 and 9a of Article 3, and information about the scope of such restrictions by type of health professional or health data;

Amendment 866 #

Proposal for a regulation
Article 10 – paragraph 2 – point o – point vii

(vii) number of certified EHR systems ~~and labelled wellness applications~~ enrolled in the EU database;

Amendment 867 #

Sophia IN 'T VELD, Emma WIESNER, Abir AL-SAHLANI, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 10 – paragraph 2 – point o a (new)

(o a) enforce the compliance with this Regulation, including by: (i) conducting on-site and remote inspections, including unannounced ones; (ii) issuing of administrative fines; (iii) imposing on providers of EHRs or on other healthcare providers and professionals and other data holders and data users a ban on certain activities that are in violation of this Regulation.

Amendment 868 #

(o a) promote public awareness and understanding of the benefits, risks, rules, safeguards and rights in relation to the EHDS system;

Amendment 869 #

Proposal for a regulation
Article 10 – paragraph 2 – point o a (new)

(o a) promote public awareness and understanding of the benefits, risks, rules, safeguards and rights in relation to the EHDS system.

Amendment 870 #

Proposal for a regulation
Article 10 – paragraph 2 – point o a (new)

(o a) promote public awareness and understanding of the benefits, risks, rules, safeguards and rights in relation to the EHDS system.

Amendment 871 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 10 – paragraph 2 – point o b (new)

(o b) promote public awareness and understanding of the benefits, risks, rules, safeguards and rights in relation to the EHDS system.

Amendment 872 #

Proposal for a regulation
Article 10 – paragraph 2 a (new)

2 a. The supervisory authority or authorities responsible for monitoring the application of Regulation (EU) 2016/679 shall also be responsible for monitoring the application of Article 3, in accordance with the relevant provisions in Chapters VI, VII and VIII of Regulation (EU) 2016/679. They shall be competent to impose administrative fines up to the amount referred to in Article 83(5) of that Regulation. Those supervisory authorities and the digital health authorities referred to in Article 10 of this Regulation shall, where relevant, consult and cooperate in the enforcement of this Regulation, within the remit of their respective competences.

Amendment 873 #

Proposal for a regulation
Article 10 – paragraph 2 a (new)

2 a. Digital health authorities shall consult relevant data protection authorities on matters of particular importance for the protection of individuals’ rights and freedoms with regard to the processing of personal data.

Amendment 874 #

Proposal for a regulation
Article 10 – paragraph 2 a (new)

2 a. Digital health authorities shall assist relevant data protection authorities so as to ensure the protection of individuals’ rights and freedoms with regard to the processing of personal data.

Amendment 875 #

Proposal for a regulation
Article 10 – paragraph 3

~~3. The Commission is empowered to adopt~~ delegated acts in accordance with Article 67 to supplement this Regulation by entrusting the digital health authorities with additional tasks necessary to carry out the missions conferred on them by this Regulation and to modify the content of the annual report.

Amendment 876 #

Proposal for a regulation
Article 10 – paragraph 3

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to supplement this Regulation by entrusting the digital health authorities with additional tasks necessary to carry out the missions conferred on them by this Regulation ~~and to modify the content of the annual report~~.

Amendment 877 #

Proposal for a regulation
Article 10 – paragraph 3

Amendment 878 #

Proposal for a regulation
Article 10 – paragraph 3

Amendment 879 #

Proposal for a regulation
Article 10 – paragraph 4

4. Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers. Digital health authorities and their members and staff shall have the qualifications, experience and skills required to carry out their duties and exercise their powers.

Amendment 880 #

Proposal for a regulation
Article 10 – paragraph 4

4. Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers. Each Member State shall by law provide for the details of the enforcement powers pursuant to point (p) of paragraph 2. (Linked to point (p) of paragraph 2)

Amendment 881 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 10 – paragraph 5

5. Essential health stakeholders’ representatives, including patient organisations, shall be present in the governance and decision-making structures of the digital health authority. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest. The Commission shall be empowered to adopt delegated acts setting out what is likely to constitute a conflict of interests together with the procedure to be followed in such cases.

Amendment 882 #

Proposal for a regulation
Article 10 – paragraph 5

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ and healthcare professionals’ representatives. Members of the digital health authority shall avoid any conflicts of interest. The Commission shall be empowered to adopt delegated acts setting out what is likely to constitute a conflict of interest together with the procedure to be followed in such cases.

Amendment 883 #

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients, consumers and healthcare professionals’ representatives. Members of the digital health authority shall hav~~oid any conflicts~~e no direct or indirect economic, financial or personal interest that might be considered prejudicial to their independence and, in particular, that they are not in a situation that may, directly ofr in~~teres~~directly, affect the impartiality of their professional conduct.

Amendment 884 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 10 – paragraph 5

5. Essential health stakeholders representatives on national level, including patient organisations, social security institutions and healthcare professionals, shall be present in the governance and decision-making structures of the digital health authority. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest.

Amendment 885 #

Proposal for a regulation
Article 10 – paragraph 5

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest. Essential health stakeholders’ representatives on national level, including patient organisations, healthcare professionals and industry associations shall be present in the governance and decision-making structures of the digital health authority.

Amendment 886 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 10 – paragraph 5

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including ~~patients’ representatives~~health professionals, patients and consummers' representatives. The stakeholders' representatives shall take part in the governance and decision-making structures of the digital health authority. Members of the digital health authority shall avoid any conflicts of interest.

Amendment 887 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 10 – paragraph 5

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including ~~patients’~~ representatives of patients, the industrial sector, SMEs, medical institutions, civil society, the university sector and research bodies. Members of the digital health authority shall avoid any conflicts of interest.

Amendment 888 #

Proposal for a regulation
Article 10 – paragraph 5

5. In the performance of its tasks, the digital health authority shall actively cooperate wiand consult with essential health stakeholders’ representatives, including patients’ representatives, health professionals and healthcare providers. Members of the digital health authority shall avoid any conflicts of interest.

Amendment 889 #

Proposal for a regulation
Article 10 – paragraph 5

Amendment 890 #

Proposal for a regulation
Article 10 – paragraph 5

Amendment 891 #

Proposal for a regulation
Article 10 – paragraph 5

Amendment 892 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 10 – paragraph 5 a (new)

5 a. Each Member State shall establish a complaint and redress mechanism to address conflicts of interests, negligence, or any other wrongdoing by the digital health authority.

Amendment 893 #

Proposal for a regulation
Article 10 – paragraph 5 a (new)

5 a. The Member States shall determine the selection procedure for health stakeholders referred to in paragraph 5 through an open, transparent and inclusive process.

Amendment 894 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 10 – paragraph 5 a (new)

5a. Member States shall decide upon a selection procedure to ensure that the stakeholders referred to in paragraph 5 of this Article are representative.

Amendment 895 #

Proposal for a regulation
Article 11 – paragraph 1

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the digital health authority. Where the complaint concerns the rights of natural persons pursuant to Article 3 of this Regulation, or any data protection aspects, the digital health authority shall inform the supervisory authorities under Regulation (EU) 2016/679 and send them a copy of the complaint in order to facilitate their assessment and investigation. Where a complaint concerning rights of natural persons pursuant to Article 3 is made solely to the supervisory authorities, they shall inform the digital health authorities and send them a copy.

Amendment 896 #

Proposal for a regulation
Article 11 – paragraph 1

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the digital health authority, where their rights laid down in this Regulation are affected. Where the complaint concerns the rights of natural persons pursuant to Article 3 of this Regulation, the digital health authority shall ~~inform~~send a copy of the complaint to the supervisory authorities under Regulation (EU) 2016/679. The decision of the digital health authority shall not prejudice any measures taken by the data protection authorities within their competences under Regulation (EU) 2016/679.

Amendment 897 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 11 – paragraph 1

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or~~, where relevant,~~ collectively, with the digital health authority. Where the complaint concerns the rights of natural persons pursuant to Article 3 of this Regulation, the digital health authority shall ~~inform~~send a copy of the complaint to and consult with the supervisory authorities under Regulation (EU) 2016/679. Those supervisory authorities shall be competent to treat the complaint in a separate proceeding, pursuant to their tasks and powers under that Regulation.

Amendment 898 #

Proposal for a regulation
Article 11 – paragraph 1

1. Without prejudice to any other administrative or judicial remedy, natural and legal persons shall have the right to lodge a complaint, individually or, where relevant, collectively, with the digital health authority. Where the complaint concerns the rights of natural persons pursuant to Article 3 of this Regulation, the digital health authority shall ~~inform~~send a copy of the complaint to the supervisory authorities under Regulation (EU) 2016/679 and shall consult and cooperate with them in the handling of such complaints.

Amendment 899 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 11 – paragraph 1

Amendment 900 #

Proposal for a regulation
Article 11 – paragraph 2

2. The digital health authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken. Where the complaint concerns data protection aspects, the digital health authority shall inform the complainant that the complaint was referred to the relevant supervisory authority under Regulation (EU) 2016/679, and that the supervisory authority will, from that time on, be the sole point of contact for the complainant in that matter.

Amendment 901 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 11 – paragraph 2

2. The digital health authority with which the complaint has been lodged ~~shall inform~~provides the complainant ~~of the progress of the proceedings and of the decision taken~~with information on the status of the complaint proceedings and of the decision taken to ensure full transparency of the process.

Amendment 902 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 11 – paragraph 2

2. The digital health authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken. The digital health authority shall send a copy of the complaint to the relevant data protection supervisory authority.

Amendment 903 #

Proposal for a regulation
Article 11 – paragraph 2

2. The digital health authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken and inform the legal authorities if applicable.

Amendment 904 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 11 – paragraph 3

3. Digital health authorities shall cooperate to handle and resolve complaints, including by exchanging all relevant information by electronic means, without undue delay and communicate on processing time and complaint resolution time.

Amendment 905 #

Proposal for a regulation
Article 11 a (new)

Article 11 a Right to an effective remedy against a digital health authority 1. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a digital health authority concerning them. 2. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy where the digital health authority which is competent pursuant to Article 10 does not handle a complaint or does not inform the natural or legal person within three months on the progress or outcome of the complaint lodged pursuant to Article 11. 3. Proceedings against a digital health authority shall be brought before the courts of the Member States where the digital health authority is established.

Amendment 906 #

Proposal for a regulation
Article 11 a (new)

Amendment 907 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Commission shall establish a central platform for digital health to provide services to support and facilitate the exchange of electronic health data between national contact points for digital health of the Member States. All infrastructure for this solution shall be located in the European Union and all actors involved shall be governed solely by EU law.

Amendment 908 #

Proposal for a regulation
Article 12 – paragraph 1

Amendment 909 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 12 – paragraph 1

1. The Commission shall establish a central platform ~~for digital health to provide services~~ to support and facilitate the exchange of electronic health data between national contact points for digital health of the Member States.

Amendment 910 #

Proposal for a regulation
Article 12 – paragraph 1

1. The Commission shall establish a central platform for digital health to provide services to support and facilitate the exchange of electronic health data between ~~national~~ contact points for digital health of the Member States.

Amendment 911 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 12 – paragraph 2

2. Each Member State shall designate one national contact point for digital health to ensure the connection to all other national or, where applicable, regional contact points for digital health and to the central platform for digital health. Where a designated national contact point is an entity consisting of multiple organisations responsible for implementing different services, the Member State shall communicate to the Commission a description of the separation of tasks between the organisations. The national contact point for digital health shall be considered an authorised participant in the infrastructure. Each Member State shall communicate the identity of its national contact point to the Commission by [the date of application of this Regulation]. Such contact point may be established within the digital health authority established by Article 10 of this Regulation. Member States shall communicate to the Commission any subsequent modification of the identity of those contact points. The Commission and the Member States shall make this information publicly available.

Amendment 912 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 12 – paragraph 3

3. Each national contact point for digital health shall enable the exchange of the personal electronic health data referred to in Article 5 with all other national contact points. The exchange shall be based on the European electronic health record exchange format in accordance with Directive 2011/24/EU.

Amendment 913 #

Proposal for a regulation
Article 12 – paragraph 3

3. Each ~~national~~ contact point for digital health shall enable the exchange of the personal electronic health data referred to in Article 5 with all other ~~national~~ contact points. The exchange shall be based on the European electronic health record exchange format.

Amendment 914 #

Proposal for a regulation
Article 12 – paragraph 4

4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The implementing act shall include the target implementation dates, including for improved cross border health data interoperability, in consultation with the EHDS board. The European Union Agency for Cyber Security shall be consulted and closely involved in all steps of the procedure. Any measures adopted shall meet the highest technical standards in terms of security, confidentiality and protection of electronic health data.

Amendment 915 #

Proposal for a regulation
Article 12 – paragraph 4

4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The European Union Agency for Cyber Security shall be consulted and closely involved in all steps of the procedure. Any measures adopted shall meet the highest technical standards in terms of security, confidentiality and protection of electronic health data.

Amendment 916 #

Proposal for a regulation
Article 12 – paragraph 4

4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The European Union Agency for Cyber Security shall be consulted and closely involved in all steps of the procedure. Any measures adopted shall meet the highest technical standards in terms of security, confidentiality and protection of electronic health data.

Amendment 917 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ

Proposal for a regulation
Article 12 – paragraph 4

4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The European Union Agency for Cyber Security shall be consulted and closely involved in all steps of the procedure. Any measures adopted shall meet the highest technical standards in terms of security, confidentiality and protection of electronic health data.

Amendment 918 #

Proposal for a regulation
Article 12 – paragraph 4

4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The implementing act shall include the agreement of target implementation dates, including for improved cross-border health data interoperability, in consultation with the EHDS board.

Amendment 919 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 12 – paragraph 4

4. The Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of electronic health data and the conditions and compliance checks necessary to join and remain connected to MyHealth@EU and conditions for temporary or definitive exclusion from MyHealth@EU. Those implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure referred to in Article 68(2a). The implementing act shall include target implementation dates, including for cross- border health data interoperability, in consultation with the EHDS Board.

Amendment 920 #

Proposal for a regulation
Article 12 – paragraph 4 a (new)

4 a. The Commission shall in the development of technical implementing measures related to the security, confidentiality and data protection aspects of MyHealth@EU consult the European Union Agency for Cyber Security.

Amendment 921 #

Proposal for a regulation
Article 12 – paragraph 5

5. Member States shall support and ensure connection of all regional and local healthcare providers to their national contact points for digital health and shall ensure that those connected are enabled to perform two-way exchange of electronic health data with the national contact point for digital health.

Amendment 922 #

Proposal for a regulation
Article 12 – paragraph 6

6. Member States shall ensure that pharmacies across the continuum of care operating on their territories, including online, hospital and ambulatory/day hospital pharmacies, are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, all pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU.

Amendment 923 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 12 – paragraph 6

6. Member States shall ensure that pharmacies operating on their territories~~, including online pharmacies,~~ are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU, granted that the requirements in Article 11 of Directive 2011/24/EU are fulfilled. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU.

Amendment 924 #

Proposal for a regulation
Article 12 – paragraph 6

6. Member States shall ensure that pharmacies operating on their territories, including online pharmacies, are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU, without prejudice to Article 11 of Directive 2011/24. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU.

Amendment 925 #

Proposal for a regulation
Article 12 – paragraph 6

6. Member States shall ensure that pharmacies operating on their territories~~, including online pharmacies,~~ are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU in accordance with national provisions on the matter.

Amendment 926 #

Proposal for a regulation
Article 12 – paragraph 6

6. Member States shall ensure that pharmacies operating on their territories~~, including online pharmacies,~~ are enabled to dispense electronic prescriptions issued by other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. The pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU. Following dispensation of medicinal products based on an electronic prescription from another Member State, pharmacies shall report the dispensation to the Member State that issued the prescription, through MyHealth@EU.

Amendment 927 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 12 – paragraph 7

7. The national contact points for digital health shall act as joint controllers of the electronic health data communicated through ‘MyHealth@EU’ for the processing operations in which they are involved. The Commission shall act as processor, with the limitation to the central platform MyHealth@EU to provide services supporting and facilitating the electronic exchange of health data between national digital health contact points.

Amendment 928 #

Proposal for a regulation
Article 12 – paragraph 7

7. The national or, where applicable, regional contact points for digital health shall act as joint controllers of the electronic health data communicated through ‘MyHealth@EU’ for the processing operations in which they are involved. The Commission shall act as processor.

Amendment 929 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 12 – paragraph 7 a (new)

7 a. In order to guarantee the linguistic rights of natural persons to access and make use of their personal electronic health data, MyHealth@EU shall be accessible in the language of preference of the natural person, including all officially recognised lenguages in Member States.

Amendment 930 #

Proposal for a regulation
Article 12 – paragraph 8

8. The Commission shall, by means of implementing acts, allocate responsibilities among controllers and as regards the processor referred to in paragraph 7 of this Article, in accordance with Chapter IV of Regulation (EU) 2016/679. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).deleted

Amendment 931 #

Proposal for a regulation
Article 12 – paragraph 9

9. The approval for individual authorised participants to join MyHealth@EU for different services, or to disconnect a participant, shall be issued by the ~~Joint Controllership group~~EHDS Board, based on the results of the c~~ompliance checks~~apacity checks carried out by the Commission.

Amendment 932 #

Proposal for a regulation
Article 12 – paragraph 9

9. The approval for individual authorised participants to join MyHealth@EU for different services, or to disconnect a participant shall be issued by the ~~Joint Controllership group~~EHDS board, based on the results of the compliance checks performed by the Commission .

Amendment 933 #

Proposal for a regulation
Article 12 – paragraph 9

Amendment 934 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 13 – paragraph 1

1. Member States may provide through MyHealth@EU supplementary services that facilitate telemedicine, mobile health, and access by natural persons to their translated health data, exchange or verification of health-related certificates, including vaccination card services supporting public health and public health monitoring or digital health systems, services and interoperable applications, with a view to achieving a high level of trust and security, enhancing continuity of care and ensuring access to safe and high-quality healthcare. The Commission shall, by means of implementing acts, set out the technical aspects of such provision. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 935 #

Proposal for a regulation
Article 13 – paragraph 1

1. Member States may provide through MyHealth@EU supplementary services that facilitate telemedicine, mobile health, access by natural persons to their translated health data and use of their language of preference, including all officially recognised languages in Member States, exchange or verification of health-related certificates, including vaccination card services supporting public health and public health monitoring or digital health systems, services and interoperable applications, with a view to achieving a high level of trust and security, enhancing continuity of care and ensuring access to safe and high- quality healthcare. The Commission shall, by means of implementing acts, set out the technical aspects of such provision. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 936 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 13 – paragraph 2

2. The Commission and Member States may facilitate the exchange of electronic health data with other infrastructures, such as the Clinical Patient Management System or other services or infrastructures in the health, care or social security fields which may become authorised participants to MyHealth@EU. The Commission shall, by means of implementing acts, set out the technical aspects of such exchanges, with a focus on the mode and period of access, in compliance with patient data security measures. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The connection of another infrastructure to the central platform for digital health shall be subject to a decision of the joint controllership group for MyHealth@EU referred to in Article 66.

Amendment 937 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1

Member States and the Commission shall seek to ensure interoperability of MyHealth@EU with technological systems established at international level for the exchange of electronic health data. The Commission may adopt an implementing act establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of MyHealth@EU for the purposes of the electronic health data exchange. Before adopting such an implementing act, a compliance check of the national contact point of the third country or of the system established at an international level shall be performed under the control of the Commission.deleted

Amendment 938 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1

Amendment 939 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1

Amendment 940 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1

Member States and the Commission shall seek to ensure interoperability of MyHealth@EU with technological systems established at international level for the exchange of electronic health data. The Commission may adopt a~~n implementing~~ delegated act establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of MyHealth@EU for the purposes of the electronic health data exchange. Before adopting such a~~n implementing~~ delegated act, a compliance check of the national contact point of the third country or of the system established at an international level shall be performed under the control of the Commission, including on whether the health data transfer stemming from such exchange complies with the rules in Chapter V of Regulation (EU) 2016/679.

Amendment 941 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1

Member States and the Commission shall seek to ensure interoperability of MyHealth@EU with technological systems established at international level for the exchange of electronic health data. The Commission may adopt an implementing act establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of MyHealth@EU for the purposes of the electronic health data exchange. Before adopting such an implementing act, a compliance check of the national contact point of the third country or of the system established at an international level, as well as a compliance check with the requirements of Chapter V of Regulation (EU) 2016/679, shall be performed under the control of the Commission.

Amendment 942 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1 a (new)

In addition to the compliance check, the national security interests of the Member States shall be also taken into account before adopting the implementing act.

Amendment 943 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 2

The implementing acts referred to in the first subparagraph of this paragraph shall be adopted in accordance with the procedure referred to in Article 68. The connection of the national contact point of the third country or of the system established at an international level to the central platform for digital health, as well as the decision to be disconnected shall be subject to a decision of the joint controllership group for MyHealth@EU referred to in Article 66.deleted

Amendment 944 #

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 2

Amendment 945 #

Proposal for a regulation
Chapter III – title

III EHR systems ~~and wellness applications~~

Amendment 946 #

Proposal for a regulation
Chapter III – title

III EHR systems ~~and wellness applications~~

Amendment 947 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Chapter III – title

III EHR systems ~~and wellness applications~~

Amendment 948 #

Proposal for a regulation
Article 14 – paragraph 2

2. This Chapter shall not apply to general software used in a healthcare environment. Manufacturers of EHR systems that also qualify as medical devices as defined under Article 2(1) of Regulation (EU) 2017/745 and claim interoperability of those medical devices with EHR systems under this Regulation shall prove compliance with the essential requirements for interoperability laid down in Section 2 of Annex II to this Regulation. Article 23 of this Regulation shall be applicable to those medical devices.

Amendment 949 #

Proposal for a regulation
Article 14 – paragraph 3

3. Manufacturers of medical devices as defined in Article 2(1) of Regulation (EU) 2017/745 that claim interoperability of those medical devices with EHR systems shall prove compliance with the essential requirements on quality and interoperability laid down in Section 2 of Annex II of this Regulation. Article 23 of this Chapter shall be applicable to those medical devices.

Amendment 950 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

4. PNotwithstanding the obligations laid down in Regulation [AI act COM/2021/206 final], providers of high- risk AI systems as defined in Article 6 of Regulation […] [AI act COM/2021/206 final], which does not fall within the scope of Regulation (EU) 2017/745, that claim interoperability of those AI systems with EHR systems will need to prove compliance with the essential requirements on quality and interoperability laid down in Section 2 of Annex II of this Regulation. Article 23 of this Chapter shall be applicable to those high-risk AI systems. .

Amendment 951 #

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only if they comply with the provisions laid down in this Chapter. That compliance shall be accredited through an EHR conformity assessment procedure performed by notified bodies for EHR systems and products claiming interoperability, including technical solutions on interoperability and security.

Amendment 952 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only if they comply with the provisions laid down in this Chapter and following the transitional periods laid down in Article 72.

Amendment 953 #

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only ~~if they~~after a notified body has assessed and verified that the EHR system complyies with the provisions laid down in this Chapter.

Amendment 954 #

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only ~~if they~~after a Notified Body confirms that the EHR system complyies with the provisions laid down in this Chapter.

Amendment 955 #

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only ifafter a notified body has confirmed that they comply with the provisions laid down in this Chapter.

Amendment 956 #

Proposal for a regulation
Article 15 – paragraph 1

1. EHR systems may be placed on the market or put into service only if they comply with the provisions laid down in this Chapter and in Annex II of this Regulation.

Amendment 957 #

Proposal for a regulation
Article 16 – paragraph 1 a (new)

If any economic operator, other than the manufacturer, makes modifications to the EHR system while deploying or using it, which lead to changes in the intended purpose and deployments recommendations for the EHR system as declared by the manufacturer, the economic operator shall assume the responsibilities of a manufacturer under this Regulation for the EHR system’s compliance with this Regulation. In case of any malfunctioning or deterioration in performance quality due to the changes made by the economic operator during deployment or use of the EHR system contrary to the manufacturer's recommendations for technical deployment of the system or purpose of its use, full responsibility for those modifications lays with the economic operator.

Amendment 958 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR

Proposal for a regulation
Article 17 – paragraph 1 – introductory part

1. Manufacturers of EHR systems shall be located in the European Union and provide services whose use shall be governed solely by EU law, meaning that the infrastructure on which they rely shall be located in the European Union, and:

Amendment 959 #

Proposal for a regulation
Article 17 – paragraph 1 – point a

(a) ensure that their EHR systems are in conformity with the essential requirements laid down in Annex II and with the common specifications in accordance with Article 23; and that they follow the principles of data minimisation and data protection by design; for the latter, the manufacturers shall be encouraged to consult relevant supervisory authorities under Regulation (EU) 2016/679.

Amendment 960 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 17 – paragraph 1 – point a

(a) ~~ensure that~~obtain for their EHR systems a~~re in~~ certificate of compliance from an independent third-party body to attest their conformity with the essential requirements laid down in Annex II and with the common specifications in accordance with Article 23;

Amendment 961 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point a

(a) ensure that their EHR systems are in conformity with the essential requirements laid down in Annex II and with the common specifications in accordance with Article 23 and interoperable between Member States;

Amendment 962 #

Proposal for a regulation
Article 17 – paragraph 1 – point b

(b) draw up the technical documentation of their EHR systems in accordance with Article 24 before placing their system on the market;

Amendment 963 #

Proposal for a regulation
Article 17 – paragraph 1 – point b

(b) draw up and keep up to date the technical documentation of their EHR systems in accordance with Article 24;

Amendment 964 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point c

(c) ensure that their EHR systems are accompanied, free of charge for the user, by the information sheet provided for in Article 25 and by clear and complete instructions for use, including in accessible formats for vulnerable populations, including migrants, the elderly and persons with disabilities;

Amendment 965 #

Proposal for a regulation
Article 17 – paragraph 1 – point d

(d) ~~draw up an EU declaration of conformity~~carry out the relevant conformity assessment procedures as referred to in Article 267a;

Amendment 966 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point d a (new)

(d a) draw up the EU declaration of conformity in accordance with Article 26 and affix the CE marking in accordance with Article 27 where compliance of the EHR system requirements laid down in Annex II has been demonstrated by that conformity assessment procedure;

Amendment 967 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point e

~~(e) affix the CE marking in accordance with Article 27;~~deleted

Amendment 968 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point g

Amendment 969 #

Proposal for a regulation
Article 17 – paragraph 1 – point g

(g) take without undue delay any necessary corrective action in respect of their EHR systems which are not or are no longer in conformity with the essential requirements laid down in Annex II, or recall or withdraw such systems;

Amendment 970 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point h

(h) immediately inform the distributors of their EHR systems and, where applicable, the authorised representative and importers of any corrective action, recall or withdrawal;

Amendment 971 #

Proposal for a regulation
Article 17 – paragraph 1 – point i

(i) inform the market surveillance authorities and notified bodies of the Member States in which they made their EHR systems available or put them into service of the non- conformity and of any corrective action taken;

Amendment 972 #

Proposal for a regulation
Article 17 – paragraph 1 – point i

Amendment 973 #

Proposal for a regulation
Article 17 – paragraph 1 – point i a (new)

Amendment 974 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point j

(j) ~~upon request of a market surveillance authority, provide it~~at least 6 months before placing on the market or putting into service their EHR systems, provide market surveillance authorities in the Member States concerned with all the information and documentation necessary to demonstrate the conformity of their EHR system with the essential requirements laid down in Annex II.

Amendment 975 #

Proposal for a regulation
Article 17 – paragraph 1 – point j

(j) upon request of a market surveillance authority or a notified body, provide it with all the information and documentation necessary to demonstrate the conformity of their EHR system with the essential requirements laid down in Annex II.

Amendment 976 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 – point k

(k) cooperate with market surveillance authorities and notified bodies, at their request, on any action taken to bring their EHR systems in conformity with the essential requirements laid down in Annex II.

Amendment 977 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 17 – paragraph 1 – point k – point i (new)

i) The Commission shall ensure the availability of independant certification third-party bodies in sufficient number to allow the certification of the EHR systems deployed by the Member States.

Amendment 978 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 1 a (new)

Amendment 979 #

Proposal for a regulation
Article 17 – paragraph 2

2. Manufacturers ~~of EHR systems~~ shall ensure that procedures are in place to ensure that the design, development and deployment of an EHR system continues to comply with the essential requirements laid down in Annex II and the common specifications referred to in Article 23. Changes in EHR system design or characteristics shall be adequately taken into account and reflected in the technical documentationfor EHR systems to remain in conformity with this Regulation. Changes in EHR system design or characteristics and changes in the harmonised standards or the technical specifications referred to in Annex II and III by reference to which the conformity of the EHR system is declared or by application of which its conformity is verified shall be adequately taken into account and reflected in the technical documentation. When deemed appropriate with regard to the risks presented by EHR systems, manufacturers shall, to protect the rights of natural persons, carry out sample testing or put into service, investigate, and, if necessary, keep a register of complaints, of non-conforming EHR systems and EHR systems recalls, and shall keep distributors informed of any such monitoring.

Amendment 980 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 3

3. Manufacturers of EHR systems shall keep the technical documentation and the EU declaration of conformity ~~for 10 years after the last EHR system covered by the EU declaration of conformity has been placed on the market~~, where relevant, at the disposal of the market surveillance authorities for 10 years after the last EHR system conformity assessment. Where relevant, the source code or programmed logic included in the technical documentation shall be made available upon a reasoned request from the competent national authorities provided that it is necessary in order for those authorities to be able to check compliance with the essential requirements set out in Annex II.

Amendment 981 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 3

3. Manufacturers of EHR systems shall keep the technical documentation and the EU declaration of conformity for at least 10 years after the last EHR system covered by the EU declaration of conformity has been placed on the market.

Amendment 982 #

3 a. Manufacturers who consider or have reason to believe that an EHR system, which they have placed on the market or put into service is not in conformity with the essential requirements set out in Annex II shall immediately take the corrective measures necessary to bring that EHR system into conformity, to withdraw it or to recall it, as appropriate. Furthermore, where the EHR system presents a risk, manufacturers shall immediately inform the competent national authorities of the Member States in which they made the EHR system available on the market to that effect, giving details, in particular, of the non-conformity and of any corrective measures taken.

Amendment 983 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 17 – paragraph 3 a (new)

Amendment 984 #

Proposal for a regulation
Article 17 – paragraph 3 b (new)

3 b. Manufacturers shall, further to a reasoned request from a competent national authority, provide it with all the information and documentation, in paper or electronic form, necessary to demonstrate the conformity of the EHR system with the essential requirements set out in Annex II, in a language which can be easily understood by that authority. They shall cooperate with that authority, at its request, on any measures taken to eliminate the risks posed by the EHR system, which they have placed on the market or put into service.

Amendment 985 #

Proposal for a regulation
Article 17 – paragraph 3 b (new)

Amendment 986 #

Proposal for a regulation
Article 17 – paragraph 3 c (new)

3 c. Manufacturers shall make publicly available communication channels such as a telephone number, electronic address or dedicated section of their website, taking into account accessibility needs for vulnerable populations, including migrants, the elderly and persons with disabilities, allowing consumers and professional users to file complaints and to inform them of risks related to their health and safety or to other aspects of public interest protection and of any serious incident involving an EHR system;

Amendment 987 #

Proposal for a regulation
Article 17 – paragraph 3 d (new)

Amendment 988 #

Proposal for a regulation
Article 17 – paragraph 3 e (new)

Amendment 989 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Article 18 – paragraph 2 – introductory part

Amendment 990 #

Proposal for a regulation
Article 18 – paragraph 2 – point a

(a) keep the EU declaration of conformity and the technical documentation at the disposal of the national market surveillance authorities for the period referred to in Article 17(3);

Amendment 991 #

Proposal for a regulation
Article 18 – paragraph 2 – point b

(b) ~~further to a reasoned request from a market surveillance authority, provide that authority~~at least 6 months before an EHR system is placed on the market or putting into service provide market surveillance authorities of the Member States concerned a copy of the mandate with all the information and documentation necessary to demonstrate the conformity of an EHR system with the essential requirements laid down in Annex II in an official language of the authority;

Amendment 992 #

Proposal for a regulation
Article 18 – paragraph 2 – point b a (new)

Amendment 993 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 18 – paragraph 2 – point b b (new)

(b b) immediately inform the manufacturer about complaints received by consumers and professional users;

Amendment 994 #

Proposal for a regulation
Article 18 – paragraph 2 – point c

(c) cooperate with the ~~market surveillance~~competent national authorities, at their request, on any corrective action taken in relation to the EHR systems covered by their mandate.

Amendment 995 #

Proposal for a regulation
Article 18 – paragraph 2 – point c a (new)

Amendment 996 #

Proposal for a regulation
Article 18 – paragraph 2 a (new)

Amendment 997 #

Proposal for a regulation
Article 18 – paragraph 2 c (new)

2 c. In case of change of the authorised representative, the detailed arrangements for the change shall be clearly defined in an agreement between the manufacturer, or where practicable the outgoing authorised representative, and the incoming authorised representative.That agreement shall address at least the following aspects: (a) the date of termination of the mandate of the outgoing authorised representative and date of beginning of the mandate of the incoming authorised representative; (b) the transfer of documents, including confidentiality aspects and property rights.

Amendment 998 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 19 – paragraph 2 – point a

Amendment 999 #

Proposal for a regulation
Article 19 – paragraph 2 – point a

(a) the manufacturer has drawn up the technical documentation ~~and the EU declaration of conformity;~~

source: 745.527

2023/04/05 ENVI, LIBE 277 amendments...

Amendment 1862 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 47 – paragraph 1

1. Any natural or legal person may submit a data request for the purposes referred to in Article 34. A health data access body shall only provide an answer to a data request in an anonymised statistical format and the data user shall have no access to the electronic health data used to provide this answer.deleted

Amendment 1863 #

Proposal for a regulation
Article 47 – paragraph 1

1. Any natural or legal person may submit a data request for the purposes referred to in Article 34 with the aim of obtaining an answer only in anonymised statistical format. A health data access body shall ~~only~~not provide an answer to a data request in an ~~anonymised statistical~~y other format and the data user shall have no access to the electronic health data used to provide this answer.

Amendment 1864 #

Proposal for a regulation
Article 47 – paragraph 1

1. Any ~~natural or legal person~~entity active in the area of health care, public health, or scientific or medical research may submit a data request for the purposes referred to in Article 34. A health data access body shall only provide an answer to a data request in an anonymised statistical format and the data user shall have no access to the electronic health data used to provide this answer.

Amendment 1865 #

Proposal for a regulation
Article 47 – paragraph 1

(1) Any natural or legal person may submit a data request for the purposes referred to in Article 34. A health data access body shall only provide an answer to a data request which is transmitted to it by the application processing body in an anonymised statistical format and the data user shall have no access to the electronic health data used to provide this answer.

Amendment 1866 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 47 – paragraph 2

2. A data request shall include the elements mentioned in paragraphs 2 (a) and (b) of Article 45 and if needed may also include: (a) a description of the result expected from the health data access body; (b) a description of the statistic’s content.deleted

Amendment 1867 #

Proposal for a regulation
Article 47 – paragraph 2 – introductory part

2. A data request shall include the elements mentioned in paragraphs 2 (-a), (a) and (b) of Article 45 and if needed may also include:

Amendment 1868 #

Proposal for a regulation
Article 47 – paragraph 2 – point a

~~(a) a description of the result expected from the health data access body;~~deleted

Amendment 1869 #

Proposal for a regulation
Article 47 – paragraph 2 – point b

~~(b) a description of the statistic’s content.~~deleted

Amendment 1870 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 47 – paragraph 3

3. Where an applicant has requested a result in an anonymised form, including statistical format, based on a data request, the health data access body shall assess, within 2 months and, where possible, provide the result to the data user within 2 months.deleted

Amendment 1871 #

Proposal for a regulation
Article 47 – paragraph 3

3. WThe~~re an applicant has requested a result in an anonymised form, including statistical format, based on a data request, the health data access body shall assess,~~ health data access body shall assess the health data request within 2 months and, where possible, provide the result to the data user within 2 months.

Amendment 1872 #

Proposal for a regulation
Article 47 – paragraph 3

3. Where an applicant has requested a result in an anonymised form, including statistical format, based on a data request, the health data access body shall assess, within 23 months and, where possible, provide the result to the health data user within 23 months.

Amendment 1873 #

Proposal for a regulation
Article 47 – paragraph 3

3. Where an applicant has requested a result in an anonymised form, including statistical format, based on a data request, the health data access body shall assess, within 2 months and~~, where possible,~~ provide the result to the data user within 2 months.

Amendment 1874 #

Proposal for a regulation
Article 48

Amendment 1875 #

Proposal for a regulation
Article 48

Amendment 1876 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 48 – title

Making data available for ~~public sector bodies and Union institutions, bodies, offices and~~Union agencies without a data permit

Amendment 1877 #

Proposal for a regulation
Article 48 – title

Making data available for ~~public sector bodies and Union institutions, bodies, offices and~~national public health authorities and European Union public health agencies without a data permit

Amendment 1878 #

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.deleted

Amendment 1879 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 48 – paragraph 1

The requirement for a data permit shall be without prejudice to the right to access the electronic health data of public sector bodies and Union institutions, bodies, offices and agencies that carry out relevant activities within their mandate pursuant to Union or Member State law, where this mandate provides for such data access under this Regulation. By derogation from Article 46 of this Regulation, athe data permit ~~shall not be required to access the electronic health data under this Article~~for public authorities may allow for data access for unlimited periods and for the possibility for periodic updates of data under a single data access application. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe. that shall not be longer than 2 additional months. Accelerated timelines shall be established in exceptional circumstances, including public health emergencies.

Amendment 1880 #

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. Where electronic health data involving protected intellectual property and trade secrets are made available, it shall be ensured that all necessary measures are taken to protect the confidentiality of intellectual property rights and trade secrets. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […...] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […...] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.

Amendment 1881 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, ~~a data permit shall not be required to access the electronic health data~~Member States may allow national and European public institutions, agencies bodies and offices, under specific conditions, to access data without requiring a data permit under this Aarticle. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.

Amendment 1882 #

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article for any of the purposes under Article 34(1), points (a) or (b). When carrying out those tasks under Article 37 (1), points (b) and (c), ~~the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data~~and upon request from the Union agencies, in duly justified cases the health data access body shall make the electronic health data available within 21 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from . However, data shall be shared as soon as it is available in the context of a Public Health Emergency of International Concern (PHEIC) or when a public health emergency has been declared at Union level. By derogation from Article 42 of this Regulation, no fees shall be payable by ECDC and EMA to the healthe data ~~holders, unless it specifies that it will provide the data within a longer specified timefram~~access body to access the data under this Article.

Amendment 1883 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

~~By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article.~~ When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.

Amendment 1884 #

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required ~~to access the electronic health data under this Article. When carrying out those tasks under Article 37 (1), points (b) and (c), t~~by the European Medicines Agency (EMA), European Centre for Disease Prevention and Control (ECDC) and Health Emergency Preparedness and Response Authority (HERA) to access the electronic health data under this Chapter. The health data access body shall inform public sector bodies and the Union institutions, offices, agencies and bodies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]EMA, ECDC, or HERA about the availability of data within 2 months of the data access application. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.

Amendment 1885 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 48 – paragraph 1

By derogation from Article 46 of this Regulation, a data permit shall not be required to access the electronic health data under this Article. When carrying out those tasks under Article 37 (1), points (b) and (c), the health data access body shall inform ~~public sector bodies and the Union institutions, offices, agencies and bod~~national public health authorities and the European Union health agencies, about the availability of data within 2 months of the data access application, in accordance with Article 9 of Regulation […] [Data Governance Act COM/2020/767 final]. By way of derogation from that Regulation […] [Data Governance Act COM/2020/767 final ], the health data access body may extend the period by 2 additional months where necessary, taking into account the complexity of the request. The health data access body shall make available the electronic health data to the data user within 2 months after receiving them from the data holders, unless it specifies that it will provide the data within a longer specified timeframe.

Amendment 1886 #

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1887 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 49

Access to electronic health data from a (1) access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from severalrticle 49 deleted single data holder Where an applicant requests In such case, the data holders shall be addressed to health data access bodies. (2) issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. (3) 51, the single data provider and the data user shall be deemed joint controllers. (4) shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39. may By way of derogation from Article Within 3 months the data holder

Amendment 1888 #

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1889 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, István UJHELYI, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1890 #

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1891 #

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1892 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1893 #

Proposal for a regulation
Article 49

Access to electronic health data from a 1. access to electronic health data only from a single data holder in a single Member State, by way of derogation from Article 45(1), that applicant may file a data access application or a data request directly to the data holder. The data access application shall comply with the requirements set out in Article 45 and the data request shall comply with requirements in Article 47. Multi-country requests and requests requiring a combination of datasets from several data holders shall be addressed to health data access bodies. 2. issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42. 3. 51, the single data provider and the data user shall be deemed joint controllers. 4. shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.rticle 49 deleted single data holder Where an applicant requests In such case, the data holder may By way of derogation from Article Within 3 months the data holder

Amendment 1894 #

Proposal for a regulation
Article 49 – paragraph 1

Amendment 1895 #

Proposal for a regulation
Article 49 – paragraph 2

2. In such case, the data holder may issue a data permit in accordance with Article 46 or provide an answer to a data request in accordance with Article 47. The data holder shall then provide access to the electronic health data in a secure processing environment in compliance with Article 50 and may charge fees in accordance with Article 42.deleted

Amendment 1896 #

Proposal for a regulation
Article 49 – paragraph 3

~~3. By way of derogation from Article 51, the single data provider and the data user shall be deemed joint controllers.~~deleted

Amendment 1897 #

Proposal for a regulation
Article 49 – paragraph 4

4. Within 3 months the data holder shall inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.deleted

Amendment 1898 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 49 – paragraph 4

4. ~~Within 3 months the data holder shall~~The single data holder, referred to in paragraph 1, shall in due time inform the relevant health data access body by electronic means of all data access applications filed and all the data permits issued and the data requests fulfilled under this Article in order to enable the health data access body to fulfil its obligations under Article 37(1) and Article 39.

Amendment 1899 #

Proposal for a regulation
Article 50 – paragraph 1 – introductory part

1. The health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organisational measures and security and interoperability requirements and protection of intellectual property and trade secrets. In particular, they shall take the following security measures:

Amendment 1900 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 50 – paragraph 1 – introductory part

1. TSubject to the issuance of a data permit, the health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organisational measures and security and interoperability requirements. In particular, they shall take the following security measures:

Amendment 1901 #

(b) minimise the risk of the unauthorised reading, copying, modification or removal of electronic health data hosted in the secure processing environment through state-of-the-art technological and organisational means;

Amendment 1902 #

Proposal for a regulation
Article 50 – paragraph 1 – point b

Amendment 1903 #

Proposal for a regulation
Article 50 – paragraph 1 – point e

(e) keep identifiable logs of access that include data access holders to the secure processing environment for the period of time necessary to verify and audit all processing operations in that environment;

Amendment 1904 #

Proposal for a regulation
Article 50 – paragraph 1 – point e

(e) keep identifiable logs of access to the secure processing environment for the period of time necessary to verify and audit all processing operations in that environment and not shorter than one year;

Amendment 1905 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 50 – paragraph 1 – point f

(f) ensure compliance and monitor the security measures referred to in this Article to mi~~tigat~~nimise potential security threats.

Amendment 1906 #

Proposal for a regulation
Article 50 – paragraph 1 – point f a (new)

(fa) ensure that the secure processing environment is located within the European Economic Area. Where personal health data are accessed remotely, including where hosting managed services are used, from a territory located outside of the European Economic Area that does not ensure an adequate level of data protection within the meaning of Article 45 of Regulation (EU) 2016/679, the health data access body shall ensure that this transfer is compliant with that Regulation.

Amendment 1907 #

Proposal for a regulation
Article 50 – paragraph 2

Amendment 1908 #

2. The health data access bodies shall ensure that electronic health data from data holders in the format determined by the data permit can be uploaded by data holders and can be accessed by the data user in a secure processing environment. The data users shall only be able to download non- personal electronic health data from the secure processing environment.

Amendment 1909 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 50 – paragraph 2

2. The health data access bodies shall ensure that electronic health data can be uploaded by data holders and can be accessed by the data user in a secure processing environment. The data users shall only be able to download or copy non- personal electronic health data from the secure processing environment.

Amendment 1910 #

Proposal for a regulation
Article 50 – paragraph 3

3. The health data access bodies shall ensure regular audits of the secure processing environments. and take immediate corrective action of any shortcomings, risks or vulnerabilities identified in the secure processing environments

Amendment 1911 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 50 – paragraph 3

3. The health data access bodies shall ensure regular third party audits of the secure processing environments.

Amendment 1912 #

Proposal for a regulation
Article 50 – paragraph 3 a (new)

3a. The tools and computing resources provided in the secure processing environment shall be based on free and open-source software.

Amendment 1913 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 50 – paragraph 4

4. The Commission shall, by means of implementing acts, provide for the technical, information security and interoperability requirements for the secure processing environments. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The EHDS Board shall ensure consistent provision of the secure processing environment compliant with the technical information security and interoperability requirements and enforce compliance across the Member States.

Amendment 1914 #

Proposal for a regulation
Article 50 – paragraph 4

4. The Commission shall, by means of implementing acts, provide for the technical, information security, confidentiality, data protection and interoperability requirements for the secure processing environments, in consultation with ENISA. Those implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure referred to in Article 68(2a).

Amendment 1915 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 50 – paragraph 4

4. The Commission shall, by means of implementing acts, provide for the technical, organisational, information security and interoperability requirements for the secure processing environments. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

Amendment 1916 #

Proposal for a regulation
Article 51 – title

~~Joint c~~Controllership

Amendment 1917 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 51 – title

~~Joint c~~Controllership

Amendment 1918 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 51 – paragraph 1

1. ~~The health data access bodies and the d~~Data users, including Union institutions, bodies, offices and agencies, shall be deemed ~~joint controllers of electronic health data processed in accordance with data permit~~controller for the processing of personal of electronic health data in the secure processing environment pursuant to a data permit. In this case, the health data access body shall be deemed a processor. The health data access body shall be considered a controller for the processing of personal electronic health data while carrying out its task referred to in Article 37(1), point (d). The health data holder shall be considered a controller for the processing of personal electronic health data while carrying out its obligation under Article 41(1) and (1a).

Amendment 1919 #

Proposal for a regulation
Article 51 – paragraph 1

1. The ~~health data access bodies and the data users, including Union institutions, bodies, offices and agencies,~~data holder shall be deemed controller for the disclosure of the requested personal electronic health data to the health data access body pursuant to Article 33(1). The health data access body shall be deemed controller for the processing of the personal electronic health data when fulfilling its tasks pursuant to Article 37(1), point (d). The data user shall be deemed ~~joint~~ controller~~s of electronic health data processed in accordance with data permi~~ for the processing of personal electronic health data in pseudonymised form in the secure processing environment pursuant to the data permit. The health data access body shall act as a processor for the health data user's processing pursuant to a data permit in the secure processing environment.

Amendment 1920 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 51 – paragraph 1

Amendment 1921 #

Proposal for a regulation
Article 51 – paragraph 1

1. ~~The health data access bodies and the data users, including Union institutions, bodies, offices and agencies,~~In addition to data holders, the health data access bodies shall be deemed a controller for the processing of personal electronic health data in accordance with Article 37(1)(d). The data users shall be deemed ~~joint~~ controller~~s of electronic health data processed in accordance with data permi~~ for the processing of personal electronic health data in pseudonymised form in the secure processing environment pursuant to the data permit. The health data access body shall act as a processor for the health data user´s processing pursuant to a data permit in the secure processing environment.

Amendment 1922 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 51 – paragraph 2

2. The Commission shall, by means of implementing acts, establish a template for the joint controllers’ arrangement that meets the requirements laid down in Article 28(3) of Regulation (EU) 2016/679. Those implementing acts shall be adopted in accordance with the advisory procedure set out in Article 68(2). The use of that template shall not relieve the health data access bodies or the data users from any of their duties and responsibilities.

Amendment 1923 #

Proposal for a regulation
Article 51 – paragraph 2

2. The Commission shall, by means of implementing acts, establish a template for ~~the joint controllers’ arrangement~~a contract or other legal act for the purpose of paragraph 1 in line with Article 28(3) of Regulation (EU) 2016/679. Those implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure set out in Article 68(2a).

Amendment 1924 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 51 – paragraph 2

Amendment 1925 #

Proposal for a regulation
Article 51 – paragraph 2

2. The Commission shall, by means of implementing acts, establish a template for the ~~joint~~ controllers’ arrangement. Those implementing acts shall be adopted in accordance with the advisory procedure set out in Article 68(2).

Amendment 1926 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 52 – paragraph 1

1. Each Member State shall designate a national contact point for secondary use of electronic health data~~, responsible for making electronic health data available for secondary use in a cross-border context and shall communicate their~~. The national contact point shall work as an organisational and technical gateway, enabling and being responsible for making electronic health data available for secondary use in a cross-border context. When constructing a national contact point, it shall be in close consultation with the holders and users of data for the specific Member State. Every Member State shall inform the Commission of the names and contact details ~~to the Commiss~~of their respective national contact point by the date of application of this Regulation. The national contact point may be the coordinator health data access body pursuant to Article 36. The Commission and the Member States shall make this information publicly available.

Amendment 1927 #

Proposal for a regulation
Article 52 – paragraph 2

2. The ~~national~~ contact points referred to in paragraph 1 shall be authorised participants in the cross-border infrastructure for secondary use of electronic health data (HealthData@EU). The ~~national~~ contact points shall facilitate the cross-border access to electronic health data for secondary use for different authorised participants in the infrastructure and shall cooperate closely with each other and with the Commission.

Amendment 1928 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

(3) Union institutions, bodies, offices and agencies in the health sector involved in research, health policy or analysis, shall be authorised participants of HealthData@EU.

Amendment 1929 #

Proposal for a regulation
Article 52 – paragraph 3

3. Union institutions, bodies, offices and agencies involved in health research, health policy or analysis, shall be authorised participants of HealthData@EU.

Amendment 1930 #

Proposal for a regulation
Article 52 – paragraph 4

Amendment 1931 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 52 – paragraph 5

5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.deleted

Amendment 1932 #

Proposal for a regulation
Article 52 – paragraph 5

5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation, where they have set up a body equivalent to the health data access bodies as referred to in Article 36 and where they ensure that Chapter V of Regulation (EU) 2016/679 will be complied with after the connection to the HealthData@EU and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation as well as with Chapter V of Regulation (EU) 2016/679 and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.

Amendment 1933 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 52 – paragraph 5

5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available. In addition to the compliance check, the national security interests of the Member States shall also be taken into account before adopting the implementing acts.

Amendment 1934 #

Proposal for a regulation
Article 52 – paragraph 5

5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation and whereby the transfer of electronic health data is compliant with the provisions laid down in Chapter V of Regulation (EU) 2016/679 and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and Chapter V of Regulation 2016/679 and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.

Amendment 1935 #

Proposal for a regulation
Article 52 – paragraph 5

Amendment 1936 #

Proposal for a regulation
Article 52 – paragraph 5

5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation, the transfer stemming from such connection complies with the rules in Chapter V of Regulation (EU) 2016/679 and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and Chapter V of Regulation (EU) 2016/679 and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.

Amendment 1937 #

Proposal for a regulation
Article 52 – paragraph 7

Amendment 1938 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 52 – paragraph 8

8. The Member States and the Commission shall set up HealthData@EU to support and facilitate the cross-border access to electronic health data for secondary use, connecting the national contact points for secondary use of electronic health data of all Member States and authorised participants in that infrastructure. HealthData@EU shall be a non-proprietary software product developed in an open and transparent process.

Amendment 1939 #

Proposal for a regulation
Article 52 – paragraph 8

8. The Member States and the Commission shall set up HealthData@EU to support and facilitate the cross-border access to electronic health data for secondary use, connecting the national or, where applicable, regional contact points for secondary use of electronic health data of all Member States and authorised participants in that infrastructure.

Amendment 1940 #

Proposal for a regulation
Article 52 – paragraph 8

Amendment 1941 #

Proposal for a regulation
Article 52 – paragraph 9

9. The Commission shall develop, deploy and operate a core platform for HealthData@EU by providing information technology services needed to facilitate the connection between health data access bodies as part of the cross-border infrastructure for the secondary use of electronic health data. ~~The Commission shall only process electronic health data on behalf of the joint controllers as a processor.~~

Amendment 1942 #

Proposal for a regulation
Article 52 – paragraph 10

10. Where requested by two or more health data access bodies, the Commission may provide a secure processing environment for data from more than one Member State compliant with the requirements of Article 50. Where two or more health data access bodies put electronic health data in the secure processing environment managed by the Commission, they shall be joint controllers and the Commission shall be processor.deleted

Amendment 1943 #

Proposal for a regulation
Article 52 – paragraph 11

~~11. The authorised participants shall act as joint controllers of the processing operations in which they are involved carried out in HealthData@EU and the Commission shall act as a processor.~~deleted

Amendment 1944 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 52 – paragraph 12

12. Member States and the Commission shall seek to ensure interoperability of HealthData@EU with other relevant common European data spaces as referred to in Regulations […] [Data Governance Act COM/2020/767 final] and […] [Data Act COM/2022/68 final].deleted

Amendment 1945 #

The Commission ~~may~~shall, by means of implementing acts, set out:

Amendment 1946 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – introductory part

The Commission may, by means of ~~implementing~~delegated acts, set out:

Amendment 1947 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point a

(a) requirements, technical specifications, the IT architecture of HealthData@EU, conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU which shall ensure state- of-the-art data security, confidentiality, and protection of electronic health data in the cross border infrastructure;

Amendment 1948 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point a

(a) requirements, technical specifications, the IT architecture of HealthData@EU, conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU, with stricter criteria and an accelerated procedure for third countries and international organisations;

Amendment 1949 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point a

(a) requirements, technical specifications, the IT architecture of HealthData@EU, ~~conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU~~which shall guarantee a high level of data security, confidentiality and protection of electronic data;

Amendment 1950 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point a

Amendment 1951 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point a a (new)

(aa) conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU;

Amendment 1952 #

(aa) conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU;

Amendment 1953 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point b

~~(b) the minimum criteria that need to be met by the authorised participants in the infrastructure;~~deleted

Amendment 1954 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point c

~~(c) the responsibilities of the joint controllers and processor(s) participating in the cross-border infrastructures;~~deleted

Amendment 1955 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point c

~~(c) the responsibilities of the joint controllers and processor(s) participating in the cross-border infrastructures;~~deleted

Amendment 1956 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point d

~~(d) the responsibilities of the joint controllers and processor(s) for the secure environment managed by the Commission;~~deleted

Amendment 1957 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point d

~~(d) the responsibilities of the joint controllers and processor(s) for the secure environment managed by the Commission;~~deleted

Amendment 1958 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point e

~~(e) common specifications for the interoperability and architecture concerning HealthData@EU with other common European data spaces.~~deleted

Amendment 1959 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 – point e a (new)

(ea) conditions and compliance checks for authorised participants to join and remain connected to HealthData@EU and conditions for temporary or definitive exclusion from HealthData@EU;

Amendment 1960 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 1 a (new)

In case of a serious misconduct or repeated violations of the applicable rules by a third country or an international organisation, the Commission shall immediately act upon and take appropriate sanctions, including deciding on the definitive exclusion from healthData@EU.

Amendment 1961 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 2

Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The Commission shall consult with and involve the European Union Agency for Cyber Security (ENISA) in the aforementioned process.

Amendment 1962 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 2

Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). The European Union Agency for Cyber Security (ENISA) shall be consulted and closely involved in the process.

Amendment 1963 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 2

Those implementing acts shall be adopted in accordance with the ~~advisory~~examination procedure referred to in Article 68(2).

Amendment 1964 #

Proposal for a regulation
Article 52 – paragraph 13 – subparagraph 2

Those ~~implementing~~delegated acts shall be adopted in accordance with the ~~advisory~~ procedure referred to in Article 6~~8(2)~~7.

Amendment 1965 #

Proposal for a regulation
Article 52 – paragraph 14

14. ~~The approval for individual authorised participant to join HealthData@EU or~~Subject to a positive outcome of this compliance check, the Commission shall, by means of implementing acts, take decisions to ~~dis~~connect ~~a participant from the infrastructure shall be issued by the Joint Controllership group, based on the results of the compliance checks~~individual authorised participants to join the respective infrastructure or to disconnect them. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 68.

Amendment 1966 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

Proposal for a regulation
Article 52 – paragraph 14

14. The approval for individual authorised participants to join MyHealth~~Data@EU~~@EU for different services, or to disconnect a participant ~~from the infrastructure shall be issued by the Joint Controllership group~~shall be issued by the EHDS board, based on the results of the compliance checks performed by the Commission.

Amendment 1967 #

Proposal for a regulation
Article 53 – title

Access to cross-border ~~sources of electronic health data~~registries and databases for secondary use

Amendment 1968 #

Proposal for a regulation
Article 53 – paragraph 1

Amendment 1969 #

Proposal for a regulation
Article 53 – paragraph 2

Amendment 1970 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 53 – paragraph 3

3. The Commission may, by means of ~~implementing~~delegated acts, adopt the necessary rules for facilitating the handling of data access applications for HealthData@EU, including a common application form, a common data permit template, standard forms for common electronic health data access contractual arrangements, and common procedures for handling cross- border requests, pursuant to Articles 45, 46, 47 and 48. Those ~~implementing~~delegated acts shall be adopted in accordance with the ~~advisory~~ procedure referred to in Article 6~~8(2)~~7.

Amendment 1971 #

Proposal for a regulation
Article 54 – title

54 MCross-border access and mutual recognition of data permits

Amendment 1972 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 54 – paragraph 1

1. When handling an access application for cross-border access to electronic health data for secondary use, health data access bodies and relevant authorised participants shall remain responsible for taking decisions to grant or refuse access to electronic health data within their remit in accordance with the requirements for access laid down in this Chapter. After a decision is made regarding the granting or refusal of the health data permit, the health data access body shall inform the other health data bodies concerned by the same application about the decision. These decisions may be taken into consideration by the other health data access bodies when deciding on the granting or refusal of the data permit.

Amendment 1973 #

Proposal for a regulation
Article 54 – paragraph 1

Amendment 1974 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 54 – paragraph 2

(2) A data permit issued by one ~~concerned health data ac~~application processing body may benefit from mutual recognition by the other concerned ~~health data ac~~application processing bodies.

Amendment 1975 #

Proposal for a regulation
Article 54 – paragraph 2

2. AThe same data permit issued by one concerned health data access body ~~may~~shall benefit from mutual recognition by the other concerned health data access bodies.

Amendment 1976 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 54 – paragraph 2

2. AThe same data permit issued by one concerned health data access body ~~may~~shall benefit from mutual recognition by the other concerned health data access bodies.

Amendment 1977 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 55 – title

Dataset description and dataset catalogue

Amendment 1978 #

Proposal for a regulation
Article 55 – paragraph 1

Amendment 1979 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 55 – paragraph 2

2. The Commission shall, by means of ~~implementing~~delegated acts, set out the minimum information elements data holders are to provide for datasets and their characteristics. Those ~~implementing~~delegated acts shall be adopted in accordance with the ~~advisory~~ procedure referred to in Article 6~~8(2)~~7.

Amendment 1980 #

Proposal for a regulation
Article 56 – paragraph 1

1. Datasets made available through health data access bodies may have a Union data quality and utility label provided by the ~~data holder~~health data access bodies.

Amendment 1981 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 57 – paragraph 1

1. The Commission shall establish an EU Datasets Catalogue connecting the national catalogues of datasets established by the health data access bodies and other authorised participants in HealthData@EU. taking into consideration the health interoperability resources already developed across the Union.

Amendment 1982 #

Proposal for a regulation
Article 59 – paragraph 1

The Commission shall support sharing of best practices and expertise, aimed to build the capacity of Member States to strengthen digital health systems for primary and secondary use of electronic health data. To support capacity building and to guarantee the correct implementation of the European Health Data Space system, the Commission shall draw up benchmarking guidelines for the primary and secondary use of electronic health data. The Commission shall include in the guidelines how Member States can access EU funds in the context of the EHDS.

Amendment 1983 #

Proposal for a regulation
Article 59 – paragraph 1

The Commission shall support sharing of best practices and expertise, aimed to build the capacity of Member States to strengthen digital health systems for primary and secondary use of electronic health data. To support capacity building, the Commission shall draw up benchmarking guidelines for the primary and secondary use of electronic health data. Additionally, with reference to Article 33(1), point (i), guidance shall be made available to support compliance, particularly for non-profit organisations, researchers and medical societies, who act as data holders in relation to registries.

Amendment 1984 #

Proposal for a regulation
Article 59 – paragraph 1

Amendment 1985 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 59 – paragraph 1

The Commission shall support sharing of best practices and expertise, aimed to build the capacity of Member States to strengthen digital health literacy and systems for primary and secondary use of electronic health data. To support capacity building, the Commission shall draw up benchmarking guidelines for the primary and secondary use of electronic health data.

Amendment 1986 #

Proposal for a regulation
Article 59 a (new)

Article 59 a Digital health literacy and digital health access 1. In order to ensure successful implementation of the EHDS, Member States shall put in place educational programmes aimed at increasing digital health literacy and relevant competences and skills. Those programmes shall be tailored to the needs of specific groups, including patients and health professionals, and shall be developed and reviewed, and where necessary updated, on a regular basis in consultation and cooperation with relevant experts and stakeholders. 2. Member States shall measure, on a regular basis, the digital health literacy of health professionals, patients as well as persons in general. 3. Member States shall organise awareness-raising campaigns to ensure that all specific groups are informed about the importance of digital health literacy as well as educational programmes available to them pursuant to paragraph 1. 4. Member States as well as the Commission shall take all the necessary measures to ensure that natural persons, and specifically patients and health professionals, are informed about the EHDS, its primary and secondary components, functionalities and conditions as well as their rights within EHDS. 5. Member States shall ensure that all natural persons have access to the infrastructure necessary for the effective management of their electronic health data, both within primary and secondary use.

Amendment 1987 #

Proposal for a regulation
Article 60 – paragraph 2 a (new)

2a. Public procurers, national, regional and local competent authorities, including digital health authorities and health data access bodies, and the Commission shall require, as a condition to procure or fund services provided by controllers and processors established in the Union processing personal electronic health data, that such controllers and processors: (a) will store this data in the Union, in accordance with Article 60a of this Chapter, and (b) have duly demonstrated that they are not subject to third country legislation conflicting with Union data protection rules.

Amendment 1988 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 60 – paragraph 2 a (new)

2a. Public procurers, national competent authorities, including digital health authorities and health data access bodies, and the Commission shall require, as a condition to procure or fund services provided by controllers and processors established in the Union processing personal electronic health data, that such controllers and processors: (a) will store this data in the Union, in accordance with Article 60a of this Chapter, and (b) have duly demonstrated that they are not subject to third country legislation conflicting with Union data protection rules.

Amendment 1989 #

Proposal for a regulation
Article 60 – paragraph 2 a (new)

2a. Two additional requirements shall be established and required as a condition for the procurement or funding of services for processing personal electronic health data: (a) storing of personal electronic health data in the Union, in line with Article 60a of this Regulation; and (b) duly demonstrating that applicants are not subject to third country legislation conflicting with EU data protection rules.

Amendment 1990 #

Proposal for a regulation
Article 60 a (new)

Article 60a Storage of electronic health data For the purposes of primary and secondary use of electronic health data, Member States shall ensure that the storage, processing and analysis of electronic health data shall be carried out exclusively within a secure location or locations within the territory of the Union, without prejudice to the possibility to transfer personal electronic health data in compliance with Chapter V of Regulation (EU) 2016/679.

Amendment 1991 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 60 a (new)

Amendment 1992 #

Proposal for a regulation
Article 60 a (new)

Article 60a Electronic health data storage in the Union 1. The personal electronic health data within the scope of this Regulation shall be stored only within the territory of the Union. 2. Paragraph 1 is without prejudice to the possibility of transfers of personal electronic health data in line with Chapter V of the Regulation (EU) 2016/674 or in line with Articles 61 and 62 of this Regulation.

Amendment 1993 #

Proposal for a regulation
Article 61 – title

Third country transfer of anon~~-personal electronic~~ymous data

Amendment 1994 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 ~~[(a), (e), (f), (i), (j), (k), (m)]~~ shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 1995 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 ~~[(a), (e), (f), (i), (j), (k), (m)]~~ shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 1996 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 ~~[(a), (e), (f), (i), (j), (k), (m)]~~ shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 1997 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 ~~[(a), (e), (f), (i), (j), (k), (m)]~~ shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 1998 #

Christian DOLESCHAL

Proposal for a regulation
Article 61 – paragraph 1

Amendment 1999 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification ~~through means going beyond those likely reasonably to be used~~, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 2000 #

Proposal for a regulation
Article 61 – paragraph 1

1. Non-personal electronic data made available by health data access bodies, that are based on a natural person’s electronic data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification ~~through means going beyond those likely reasonably to be used~~, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 2001 #

Proposal for a regulation
Article 61 – paragraph 1

(1) ~~Non-personal~~Anonymous electronic data made available by health data access bodies, that are based on a natural person’s electronic health data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.

Amendment 2002 #

Proposal for a regulation
Article 61 – paragraph 2

2. The protective measures for the categories of data mentioned in paragraph 1 shall ~~depend on the nature of the data and anonymization techniques and shall~~ be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 2003 #

Proposal for a regulation
Article 61 – paragraph 2

Amendment 2004 #

Proposal for a regulation
Article 61 – paragraph 2

Amendment 2005 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 61 – paragraph 2

2. ~~The~~Additional protective measures for the categories of data mentioned in paragraph ~~1 shall depend on the nature of the data and anonymization techniques and~~ shall be detailed in the Delegated Act under the empowerment set out in Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final].

Amendment 2006 #

Proposal for a regulation
Article 61 – paragraph 2

Amendment 2007 #

Proposal for a regulation
Article 61 – paragraph 2 a (new)

2a. Where a health data access body has reason to believe that the transfer or access to non-personal data may lead to the risk of re-identification of non- personal or anonymised data, the health data access body shall request the relevant bodies or authorities competent pursuant to applicable data protection legislation for authorisation before transferring or giving access to data.

Amendment 2008 #

Proposal for a regulation
Article 61 – paragraph 2 a (new)

2a. Where a health data access body has reason to believe that the transfer or access to non-personal data may lead to a risk of re-identification of non-personal or anonymised data, the health data access body shall request the relevant bodies or authorities competent pursuant to applicable data protection legislation for authorisation before transferring or giving access to data.

Amendment 2009 #

Proposal for a regulation
Article 62 – title

International access and transfer of anon~~- personal~~ymous electronic health data

Amendment 2010 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

Proposal for a regulation
Article 62 – paragraph 1

(1) The digital health authorities, health data access bodies, the authorised participants in the cross-border infrastructures provided for in Articles 12 and 52 and data users shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to anon~~-personal~~ymous electronic health data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3 of this Article.

Amendment 2011 #

2. Any judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a digital health authority, health data access body or data users to transfer or give access to non-personal electronic health data within the scope of this Regulation held in the Union ~~shall~~may only be recognised or enforceable in any manner ~~only~~ if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.

Amendment 2012 #

Proposal for a regulation
Article 62 – paragraph 2

(2) Any judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a digital health authority, health data access body or data users to transfer or give access to anon~~-personal~~ymous electronic health data within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.

Amendment 2013 #

Proposal for a regulation
Article 62 – paragraph 3 – introductory part

(3) In the absence of an international agreement as referred to in paragraph 2 of this Article, where a digital health authority, a health data access body, data users is the addressee of a decision or judgment of a third-country court or tribunal or a decision of a third-country administrative authority to transfer or give access to anon~~-personal~~ymous data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only where:

Amendment 2014 #

Luisa REGIMENTI, Massimiliano SALINI, Aldo PATRICIELLO, Fulvio MARTUSCIELLO

Proposal for a regulation
Article 62 – paragraph 5

Amendment 2015 #

Proposal for a regulation
Article 63 – paragraph 1

Amendment 2016 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 63 – paragraph 1

Controllers and processors located in the EU who process personal electronic health data within the scope of this Regulation shall process that data within the territory of the EU. In the context of international access and transfer of personal electronic health data, Member States may maintain or introduce further conditions, including limitations, in accordance with and under the conditions of article 9(4) of the Regulation (EU) 2016/679.

Amendment 2017 #

Proposal for a regulation
Article 63 – paragraph 1

~~In the context of international access and transfer of personal electronic health data, Member States may maintain or introduce fur~~Persons responsible and processors located in the EU who process personal electronic health data in the scope of this Regulation shall store the respective data within the territory of the EU. In ther con~~ditions, including limitations, in accordance with and under the conditions of article 9(4)~~text of international access and transfer of personal electronic health data, shall be granted in accordance with Chapter V of the Regulation (EU) 2016/679.

Amendment 2018 #

Proposal for a regulation
Article 63 – paragraph 1

In ~~the context of in~~ternational access and transfer of personal electronic health data, shall be granted in accordance with Chapter V of Regulation (EU) 2016/679. Member States may maintain or introduce further conditions, including limitations, in accordance with and under the conditions of article 9(4) of the Regulation (EU) 2016/679.

Amendment 2019 #

Proposal for a regulation
Article 63 – paragraph 1 – subparagraph 1 (new)

Where a controller that processes personal data in accordance with this Regulation and uses a processor for the purposes referred to in Article 28(3) of Regulation (EU) 2016/679, no transfer of personal data by the processor to a third country shall take place.

Amendment 2020 #

Proposal for a regulation
Article 63 – paragraph 1 a (new)

Access to electronic health data for entities from third countries, for secondary use purposes, shall be possible only if the third country where an entity is established, allows access to health data of its residents for entities from the Union.

Amendment 2021 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Andreas GLÜCK, Michal ŠIMEČKA

1. A European Health Data Space Board (EHDS Board) is hereby established to facilitate cooperation and the exchange of information among Member States. The EHDS Board shall be composed of th: (a) one high level representatives of digital health authorities and health data access bodies of all the Member States. Other national authorities, including market surveillance authorities referred to in Article 28, European Data Protection Board and European Data Protection Supervisor may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observers toone high level representative of health data access bodies appointed by each Member State; (b) one representative of the European Data Protection Board (EDPB) and one representative of the European Data Protection Supervisor (EDPS); (c) one representative of the European Medicines Agency (EMA); (d) one representative of the European Centre for Disease Prevention and Control (ECDC); (e) one member and one alternate member appointed by the Commission, on the basis of a public call for expressions of interest, atfte~~nd its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodi~~r consulting the European Parliament, in order to represent healthcare professionals; (f) one member and one alternate member appointed by the Commission, on the basis of a public call for expressions of interest, ~~offices and agencies, research infrastructures and other similar structures shall have an observer role.~~ after consulting the European Parliament, in order to represent patient organisations; (g) one member and one alternate member appointed by the Commission, on the basis of a public call for expressions of interest, after consulting the European Parliament, in order to represent the health industry;

Amendment 2022 #

Proposal for a regulation
Article 64 – paragraph 1

1. A European Health Data Space Board (EHDS Board) is hereby established ~~to facilitate cooperation and the exchange of information among Member States~~. The EHDS Board shall be composed of th: (a) one high level representatives of digital health authorities ~~and~~of all the Member States; and (b) one high level representative of health data access bodies of all the Member States. OtWhere a Member State has designated several health data access bodies, the coordinating health data access body shall be part of the EHDS Board; and (c) EDPB and EDPS. The EHDS Board shall be aided by an advisory forum as referred to in Article 65a. EMA, ECDC, ENISA shall be invited by the Board to join the meeting where the issues discussed are of relevance to their respective mandates or tasks. Other national authorities, including market surveillance authorities referred to in Article 28, ~~European Data Protection Board and European Data Protection Supervisor~~ may be invited to the meetings, where the issues discussed are of relevance for them. The Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. Other Union institutions, bodies, offices and agencies, research infrastructures and other similar structures shall have an observer role.

Amendment 2023 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2024 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2025 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2026 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2027 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2028 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2029 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2030 #

Proposal for a regulation
Article 64 – paragraph 1

Amendment 2031 #

Proposal for a regulation
Article 64 – paragraph 1 a (new)

1a. Permanent and alternate members of the EHDS Board shall act independently, in the public interest and free from any external influence. EHDS Board permanent and alternate members shall have no direct or indirect economic, financial or personal interest that might be considered prejudicial to their independence and, in particular, that they are not in a situation that may, directly or indirectly, affect the impartiality of their professional conduct. Permanent and alternate members of the EHDS Board shall make an annual declaration of their interests, which shall be available on the Commission’s web-portal.

Amendment 2032 #

Proposal for a regulation
Article 64 – paragraph 3

3. The composition, organisation, functioning and cooperation of the sub- groups shall be set out in the rules of procedure put forward by the Commission. The Commission shall make publicly available the membership and observers of the EHDS Board and its outputs, including rules of procedure, guidance, minutes, and meeting agendas.

Amendment 2033 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, María Soraya RODRÍGUEZ RAMOS, Andreas GLÜCK, Michal ŠIMEČKA

Proposal for a regulation
Article 64 – paragraph 3

3. The composition, organisation, functioning and cooperation of the sub- groups shall be set out in the rules of procedure put forward by the Commission to high-level representatives of the digital health authorities and organisations responsible for health data access in all Member States.

Amendment 2034 #

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including patients’ representatives, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.deleted

Amendment 2035 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including patients’, consumers’ and healthcare professionals’ representatives, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity. All invited stakeholders shall provide a declaration of all direct and indirect economic, financial or personal interests ahead of the meeting to the EHDS Board.

Amendment 2036 #

Proposal for a regulation
Article 64 – paragraph 4

4. ~~Stakeholders and relevant third partie~~Relevant stakeholders, including patients’ ' and healthcare pr~~esentatives~~ofessional's organisations and academia, shall be invited to attend meetings of the EHDS Board and to participate in its work, depending on the topics discussed and their degree of sensitivity.

Amendment 2037 #

Véronique TRILLET-LENOIR, Fabienne KELLER, Max ORVILLE, Frédérique RIES

Proposal for a regulation
Article 64 – paragraph 4

4. Stakeholders and relevant third parties, including ~~patients’~~health professionals, patients and consumers' representatives, shall ~~be invited to~~ attend meetings of the EHDS Board and to participate in its work~~, depending on the topics discussed and their degree of sensitivity~~.

Amendment 2038 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ

Proposal for a regulation
Article 64 – paragraph 4

4. SHealth stakeholders ~~and relevant third parties~~, including patients’ representatives, ~~shall be invited to~~and relevant third parties, shall attend meetings of the EHDS Board and to participate in its work~~, depending on the topics discussed and their degree of sensitivity~~.

Amendment 2039 #

Proposal for a regulation
Article 64 – paragraph 5

Amendment 2040 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 64 – paragraph 5 a (new)

5a. The EHDS Board, in conjunction with the European Commission, shall publish an annual report covering the implementation status of the European Health Data Space and other relevant points of development, including with respect to cross-border health data interoperability, and implementation challenges.

Amendment 2041 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 64 – paragraph 6

~~6. The Commission shall chair the meetings of the EHDS Board.~~deleted

Amendment 2042 #

Proposal for a regulation
Article 64 – paragraph 6

6. ~~The Commission~~A representative of the Commission and a representative of the European Parliament shall co-chair the meetings of the EHDS Board.

Amendment 2043 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Sophia IN 'T VELD, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 64 – paragraph 7 a (new)

7a. The EHDS Board shall operate in a transparent manner with open publication of meeting dates and minutes of the discussions and produce and annual report on its activities.

Amendment 2044 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 64 a (new)

Article 64a Advisory forum 1. An advisory forum shall be established by the EHDS Board to advise it in the fulfilment of its tasks by providing stakeholder input in matters pertaining to this Regulation. 2. EMA, ECDC, JRC shall be permanent members of the advisory forum. 3. The advisory forum shall be composed of representatives of patients, health professionals, industry, scientific researchers and academia. The advisory forum shall have a balanced composition and represent the views of different relevant stakeholders. The composition of the advisory forum shall be balanced between commercial and non-commercial interests and, within the commercial interests, it shall be balanced between large companies, SMEs and start-ups. Focus on primary and secondary use of electronic health data shall also be balanced. 4. Members of the advisory forum shall be appointed by the Commission following a public call for interest and a transparent selection procedure, in consultation with the European Parliament. 5. The term of office of the members of the advisory forum shall be two years and it shall not be renewable more than twice consecutively. 6. The advisory forum may establish standing or temporary subgroups as appropriate for the purpose of examining specific questions related to the objectives of this Regulation. 7. The advisory forum shall draw up its rules of procedure and elect two co- Chairs from among its members, one of them being from its permanent members. Their term of office shall be two years, renewable once. 8. The advisory forum shall hold regular meetings. The advisory forum can invite relevant experts and other relevant stakeholders to its meetings. The Chair of the EHDS Board may attend, ex officio, the meetings of the advisory forum. 9. In fulfilling its role as set out in paragraph 1, the advisory forum may prepare opinions, recommendations or written contributions. 10. The advisory forum shall prepare an annual report of its activities. That report shall be made publicly available.

Amendment 2045 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 65 – paragraph 1 – point -a (new)

(-a) to exercise oversight over the implementation and proper enforcement of Chapter II, without prejudice to the competences of EDPB where personal electronic health data are concerned;

Amendment 2046 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 65 – paragraph 1 – point a

(a) to assist Member States and, where appropriate, regions in coordinating practices of digital health authorities;

Amendment 2047 #

Proposal for a regulation
Article 65 – paragraph 1 – point b – introductory part

(b) to issue written contributions and to exchange best practices on matters related to the coordination of the implementation at Member State level of this Regulation and of the delegated and implementing acts adopted pursuant to it, taking into account the regional and local level, in particular as regards:

Amendment 2048 #

Proposal for a regulation
Article 65 – paragraph 1 – point b – point iii

(iii) other aspects of the primary use of electronic health data, with the exception of aspects concerning the protection of natural persons when processing their personal data.

Amendment 2049 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 65 – paragraph 1 – point b – point iii

(iii) other aspects of the primary use of electronic health data, with the exception of all matters related to personal data protection.

Amendment 2050 #

Proposal for a regulation
Article 65 – paragraph 1 – point b a (new)

(ba) All aspects under point (b) related to data protection rights and issues shall be left to the EDPB in order to ensure consistent application of the existing data protection framework.

Amendment 2051 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 65 – paragraph 1 – point d

(d) to share information between members of the EHDS Board concerning risks posed by EHR systems and serious incidents as well as how they were handled. The EDPB shall be responsible for identifying all possible data protection risks posed by EHR systems and provide guidance for their handling;

Amendment 2052 #

Proposal for a regulation
Article 65 – paragraph 1 – point d

(d) to share information concerning risks posed by EHR systems and serious incidents as well as their handling, without prejudice to the obligation to inform competent supervisory authorities pursuant to Regulation (EU) 2016/679;

Amendment 2053 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 65 – paragraph 1 – point e

(e) to facilitate the exchange of views on the primary use of electronic health data with the relevant stakeholders, including representatives of patients, consumers, health professionals, ~~researchers,~~ regulators and policy makers in the health sector.

Amendment 2054 #

Proposal for a regulation
Article 65 – paragraph 2 – point -a (new)

(-a) to exercise oversight over the implementation and proper enforcement of Chapter IV, without prejudice to the competences of EDPB where personal electronic health data are concerned;

Amendment 2055 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 65 – paragraph 2 – point a

(a) to assist Member States and, where appropriate, regions in coordinating practices of health data access bodies in the implementation of provisions set out in Chapters IV, to ensure a consistent application of this Regulation;

Amendment 2056 #

Proposal for a regulation
Article 65 – paragraph 2 – point b – point iii

Amendment 2057 #

Proposal for a regulation
Article 65 – paragraph 2 – point b – point v

(v) the establishment, calculation and application of penalties;

Amendment 2058 #

Proposal for a regulation
Article 65 – paragraph 2 – point b – point v

(v) the establishment ~~and application~~ of penalties;

Amendment 2059 #

Proposal for a regulation
Article 65 – paragraph 2 – point b – point vi

(vi) other aspects of the secondary use of electronic health data, with the exception of aspects concerning the protection of natural persons when processing their personal data.

Amendment 2060 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 65 – paragraph 2 – point b – point vi

(vi) other aspects of the secondary use of electronic health data, with the exception of all matters related to personal data protection.

Amendment 2061 #

Proposal for a regulation
Article 65 – paragraph 2 – point b a (new)

(ba) All aspects under point (b) related to data protection rights and issues shall be left to the EDPB in order to ensure consistent application of the existing data protection framework.

Amendment 2062 #

Proposal for a regulation
Article 65 – paragraph 2 – point c

(c) to facilitate cooperation and exchange of best practices between health data access bodies through capacity- building, establishing the structure for annual activity reporting, peer-review of annual activity reports and exchange of information pursuant to the obligations laid down in Article 37(1), point (q);

Amendment 2063 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 65 – paragraph 2 – point c a (new)

(ca) to provide expertise for amending the list of minimum categories of electronic data for secondary use in accordance with Article 33(7);

Amendment 2064 #

Proposal for a regulation
Article 65 – paragraph 2 – point d

(d) to share information between members of the EHDS Board concerning risks and data protection incidents related to secondary use of electronic health data, as well as how they were handled. The EDPB shall be responsible for identifying all possible data protection risks and provide guidance for their handling;

Amendment 2065 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 65 – paragraph 2 – point d a (new)

(da) Propose updates of the concepts of personal health data, non-personal health data and anonymisation techniques in line with Regulation (EU) 2016/679 and the existing recommendations at EU and international level;

Amendment 2066 #

Proposal for a regulation
Article 65 – paragraph 2 – point f

(f) to facilitate the exchange of views on the secondary use of electronic health data with the relevant stakeholders, including representatives of patients, health professionals, researchers, regulators and policy makers in the health sector to support the design of aligned implementation strategies, guidance and standards and to assess the needs for further improvement.

Amendment 2067 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 65 – paragraph 2 – point f

Amendment 2068 #

Proposal for a regulation
Article 65 – paragraph 2 – point f a (new)

(fa) to publish an annual report to include the implementation status of the European Health Data Space and other relevant points of development, including the respect to the opt-out mechanism, cross-border health data interoperability, implementation challenges, guidance and recommendations to digital health authorities, and its conclusions on the implementation and enforcement of this Regulation.

Amendment 2069 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 65 – paragraph 2 – point f a (new)

(fa) to elaborate and monitor the implementation of a common code of ethical conduct for the secondary uses of personal health data.

Amendment 2070 #

Proposal for a regulation
Article 66 – paragraph 1

1. The Commission shall establish two groups dealing with joint controllership for the cross-border infrastructures provided for in Articles 12 and 52. The groups shall be composed of the representatives of the ~~national~~ contact points and other authorised participants in those infrastructures.

Amendment 2071 #

Proposal for a regulation
Article 66 – paragraph 3

3. Stakeholders and relevant third parties, including patients’ ~~representative~~, consumers’ and healthcare professionals’ representatives and data protection experts, may be invited to attend meetings of the groups and to participate in their work.

Amendment 2072 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 66 – paragraph 3

3. Stakeholders and relevant third parties, including patients’ and healthcare professionals’ representatives, may be invited to attend meetings of the groups and to participate in their work.

Amendment 2073 #

Proposal for a regulation
Article 66 – paragraph 6 a (new)

6a. The groups shall consult relevant experts when carrying out their tasks as well as on technical implementing measures related to cybersecurity, confidentiality and data protection, especially ENISA and EDPB and EDPS.

Amendment 2074 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 67 – paragraph 2

2. The power to adopt delegated acts referred to in Articles ~~5(2), 10(3), 25(3), 32(4), 33(7), 37~~7(3), 9(2), 25(3), 26(4a) 32(4), 39(3), 41(7), 42(6) 45(7), 46(8), 52(7), 52(13), 53(3), 55(2), 56(4) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Regulation.

Amendment 2075 #

Proposal for a regulation
Article 67 – paragraph 2

2. The power to adopt delegated acts referred to in Articles 5(2), 10(3), 25(3), 32(4), ~~33(7),~~ 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Regulation.

Amendment 2076 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 67 – paragraph 2

2. The power to adopt delegated acts referred to in Articles 5(2), 107(3), 25(3), 32(4), ~~33(7),~~ 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) shall be conferred on the Commission for an indeterminate period of time from the date of entry into force of this Regulation.

Amendment 2077 #

Proposal for a regulation
Article 67 – paragraph 2

Amendment 2078 #

Proposal for a regulation
Article 67 – paragraph 3

3. The power to adopt delegated acts referred to in Articles ~~5(2), 10(3~~7(3), 9(2), 25(3), 326(4a), 3~~3(7), 37~~2(4), 39(3), 41(7), 42(6), 45(7), 46(8), 52(7), 52(13), 53(3), 55(2), 56(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

Amendment 2079 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 67 – paragraph 3

3. The power to adopt delegated acts referred to in Articles 5(2), 10(3), 25(3), 32(4), ~~33(7),~~ 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

Amendment 2080 #

Proposal for a regulation
Article 67 – paragraph 3

Amendment 2081 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ

Proposal for a regulation
Article 67 – paragraph 3

3. The power to adopt delegated acts referred to in Articles 5(2), 107(3), 25(3), 32(4), ~~33(7),~~ 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

Amendment 2082 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 67 – paragraph 4

4. Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Inter-institutional Agreement of 13 April 2016 on Better Law-Making. In accordance with Article 42 of Regulation (EU) 2018/1725, the Commission shall consult the European Data Protection Board and European Data Protection Supervisor where the delegated acts concern data protection.

Amendment 2083 #

Proposal for a regulation
Article 67 – paragraph 4

Amendment 2084 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 67 – paragraph 6

6. A delegated act adopted pursuant to Articles ~~5(2), 10(3~~7(3), 9(2), 25(3), 326(4a), 3~~3(7), 37~~2(4), 39(3), 41(7), 42(6), 45(7), 46(8), 52(7), 52(13), 53(3), 55(2), 56(4) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of 3 months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by 3 months at the initiative of the European Parliament or of the Council.

Amendment 2085 #

Proposal for a regulation
Article 67 – paragraph 6

6. A delegated act adopted pursuant to Articles 5(2), 10(3), 25(3), 32(4), ~~33(7),~~ 37(4), 39(3), 41(7), 45(7), 46(8), 52(7), 56(4) shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of 3 months of notification of that act to the European Parliament and to the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by 3 months at the initiative of the European Parliament or of the Council.

Amendment 2086 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 68 – paragraph 2 a (new)

2a. In accordance with the Inter- Institutional Agreement of 13 April 2016 on Better Law-Making, the Commission shall make use of expert groups, consult targeted stakeholders and carry out public consultations to gather broader expertise in the early preparation of draft implementing acts.

Amendment 2087 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 68 – paragraph 2 a (new)

2a. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Amendment 2088 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 69 – paragraph 1

1. Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties shall be effective, proportionate and dissuasive. Specific attention shall be given to penalties for serious breaches of this Regulation, as referred to in Article 41a(3) and Article 44(3). Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them. 2. Penalties referred to in paragraph 1 shall be without prejudice to the penalties established pursuant to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. 3. The Commission shall provide Member States with guidelines and recommendations on the types and levels of penalties in order to prevent forum shopping and ensure fair enforcement, especially in cross-border cases. 4. Member States are encouraged to consider criminalising re-identification of anonymised data.

Amendment 2089 #

Proposal for a regulation
Article 69 – paragraph 1

Member States shall lay down the rules on penalties applicable to infringements of this Regulation, for all public and private stakeholders, in particular for the non- respect of data access and usage provisions with intent or by negligence, and shall take all measures necessary to ensure that they are properly and effectively implemented. The penalties shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them. Penalties shall cover infringements not addressed by Regulation (EU) 2017/745, Regulation (EU) 2017/746, Regulation (EU) No 536/2014 and Regulation (EU) 2016/679.

Amendment 2090 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 69 – paragraph 1

Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties shall be effective, proportionate and dissuasive. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them. Penalties shall cover infringements not addressed by Regulation (EU) 2017/745, Regulation (EU) 2017/746, Regulation (EU) No 536/2014 and Regulation (EU) 2016/679 and shall depend on the circumstances of each individual case. When deciding whether to impose a penalty and deciding on the amount of the penalty in each individual case, due regard shall be given to the criteria stated in Article 83(2) of Regulation (EU) 2016/679, where applicable.

Amendment 2091 #

Proposal for a regulation
Article 69 – paragraph 1

Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties shall be effective, proportionate ~~and~~, dissuasive and encouraging corrective action to the infringements. Member States shall notify the Commission of those rules and measures by date of application of this Regulation and shall notify the Commission without delay of any subsequent amendment affecting them.

Amendment 2092 #

Proposal for a regulation
Article 69 – paragraph 1 a (new)

Amendment 2093 #

Proposal for a regulation
Article 69 – paragraph 1 b (new)

The non-compliance of an entity with any requirements or obligations under this Regulation, including the supply of incorrect, incomplete or misleading information to national competent authorities, shall be subject to penalties of up to 20 million EUR or, or in the case of an undertaking, up to 10% of its total worldwide annual turnover for the preceding financial year, whichever is higher. In case the non-compliance is still going on, the health data access body shall have the power to fine the entity with fines for each day of delay, which shall be transparent and proportionate. The amount of the fines shall be established by the health data access body pursuant to paragraph 1a.

Amendment 2094 #

Proposal for a regulation
Article 69 a (new)

Article 69a Right to an effective judicial remedy against a controller or processor In accordance with Article 79 of Regulation (EU) 2016/679, without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a digital health authority pursuant to Article 11 or with a health data access body pursuant to Article 38a, each natural person shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with the Regulation.

Amendment 2095 #

Proposal for a regulation
Article 69 a (new)

Article 69a Right to compensation Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation, in accordance to national and Union law, from the data holder, data user, data recipient, health professional, healthcare provider, EHR system manufacturer, EHR system importer, EHR system distributor, EHR system authorised representative or Health Data Access Body responsible for the infringement.

Amendment 2096 #

Proposal for a regulation
Article 69 a (new)

Amendment 2097 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 69 b (new)

Article 69b Right to receive compensation Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation, in accordance with national and Union law.

Amendment 2098 #

Proposal for a regulation
Article 70 – paragraph 1

1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, including the need to extend interoperability possibilities between EHR systems and electronic health data access services other than those established by the Member States, the possibility to expand the access to MyHealth@EU infrastructure to third countries and international organisations, the implementation and use by natural persons of the opt-out mechanism in secondary use as referred to in Article - 33a, the use and implementation of the right referred to in Article 3(9), the implementation of Articles 33 and 34 as well as the application of fees as referred to in Article 42, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. ~~The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.~~

Amendment 2099 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 70 – paragraph 1

1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III and IV, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self- certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies, as well as the need to designate a public testing facility of a Member State as a Union testing facility, pursuant to Article 21 of Regulation (EU) 2019/1020. The evaluation shall also assess the added value, associated risks and feasibility of adding wellness applications and other digital health applications in the scope of primary and secondary use of the EHDS.

Amendment 2100 #

Proposal for a regulation
Article 70 – paragraph 1

1. After 53 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation ~~especially with regards to Chapter III~~, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. ~~The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.~~

Amendment 2101 #

Antoni COMÍN I OLIVERES, Carles PUIGDEMONT I CASAMAJÓ

Proposal for a regulation
Article 70 – paragraph 1

1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapters III and IV, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. ~~The evaluation shall include an assessment of the self-certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.~~

Amendment 2102 #

Proposal for a regulation
Article 70 – paragraph 1

1. After 5 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapters III and IV, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self- certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies. It shall also include an evaluation of the opt-out mechanism laid down in Article 33(5) and recommendations on how to strengthen it.

Amendment 2103 #

Proposal for a regulation
Article 70 – paragraph 1

1. ANo later than after 52 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of this Regulation especially with regards to Chapter III, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment. The evaluation shall include an assessment of the self- certification of EHR systems and reflect on the need to introduce a conformity assessment procedure performed by notified bodies.

Amendment 2104 #

Proposal for a regulation
Article 70 – paragraph 1

Amendment 2105 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, Ondřej KNOTEK, Ondřej KOVAŘÍK, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Article 70 – paragraph 1 a (new)

1a. After two years from the entry into force of this Regulation, the Commission shall carry out an evaluation on the Union funding attributed to the setting up and working of the EHDS, notably as to the ability of Union bodies to carry out their tasks under this Regulation and of Member States to apply the Regulation in a uniform and coherent manner. The Commission shall submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by legislative proposals. Stakeholders shall be consulted in the preparation of the evaluation report.

Amendment 2106 #

Proposal for a regulation
Article 70 – paragraph 1 a (new)

1a. After 2 years from the entry into force of this Regulation, the Commission shall carry out a targeted evaluation of the Union funding made available for the setting up of the European Health Data Space as well as an evaluation of funding allocated to this end by Member States, and where appropriate, consider further measures in this regard.

Amendment 2107 #

Proposal for a regulation
Article 70 – paragraph 2

2. ANo later than after 75 years from the entry into force of this Regulation, the Commission shall carry out an overall evaluation of this Regulation, and submit a report on its main findings to the European Parliament and to the Council, the European Economic and Social Committee and the Committee of the Regions, accompanied, where appropriate, by a proposal for its amendment.

Amendment 2108 #

Proposal for a regulation
Article 70 a (new)

Article 70a Amendments to Directive 2020/1828/EC In the Annex of Directive (EU) 2020/1828, the following point is added: (XX) Regulation (EU) XXX of the European Parliament and of the Council on the European Health Data Space.

Amendment 2109 #

Proposal for a regulation
Article 71 a (new)

Article 71a Amendments to Directive (EU) 2020/1828 In the Annex of Directive (EU) 2020/1828, the following point is added: (XX) Regulation (EU) XXX of the European Parliament and of the Council on the European Health Data Space.

Amendment 2110 #

Proposal for a regulation
Article 71 a (new)

Article 71a Amendment to Directive (EU) 2020/1828 In the Annex of Directive (EU) 2020/1828, the following point is added:“(XX) Regulation (EU) XXX of the European Parliament and of the Council on the European Health Data Space”

Amendment 2111 #

Proposal for a regulation
Article 72 – paragraph 2

It shall apply from 124 months after its entry into force.

Amendment 2112 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, María Soraya RODRÍGUEZ RAMOS, Michal ŠIMEČKA

Proposal for a regulation
Article 72 – paragraph 2

It shall apply from 124 months after its entry into force.

Amendment 2113 #

Proposal for a regulation
Article 72 – paragraph 2

It shall apply from 124 months after its entry into force.

Amendment 2114 #

Proposal for a regulation
Article 72 – paragraph 2

It shall apply from 124 months after its entry into force.

Amendment 2115 #

Proposal for a regulation
Article 72 – paragraph 3 – point a

(a) from 1two years after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (a), (b) and (c), and to EHR systems intended by the manufacturer to process such categories of data.;

Amendment 2116 #

Proposal for a regulation
Article 72 – paragraph 3 – point a

(a) from 13 years after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (a), (b) and (c), and to EHR systems intended by the manufacturer to process such categories of data.;

Amendment 2117 #

Proposal for a regulation
Article 72 – paragraph 3 – point b

(b) from 3four years after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (d), (e) and (f), and to EHR systems intended by the manufacturer to process such categories of data;

Amendment 2118 #

Proposal for a regulation
Article 72 – paragraph 3 – point b

(b) from 35 years after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (d), (e) and (f), and to EHR systems intended by the manufacturer to process such categories of data;

Amendment 2119 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 72 – paragraph 3 – point b

Amendment 2120 #

Proposal for a regulation
Article 72 – paragraph 3 – point b

(b) from 32 years after date of entry into application to categories of personal electronic health data referred to in Article 5(1), points (d), (e) and (f), and to EHR systems intended by the manufacturer to process such categories of data;

Amendment 2121 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Article 72 – paragraph 3 – point b

Amendment 2122 #

Proposal for a regulation
Article 72 – paragraph 4

Chapter III shall apply to EHR systems put into service in the Union pursuant to Article 15(2) from 32 years after date of entry into application.

Amendment 2123 #

Proposal for a regulation
Article 72 – paragraph 4

Chapter III shall apply to EHR systems put into service in the Union pursuant to Article 15(2) from 35 years after date of entry into application.

Amendment 2124 #

Proposal for a regulation
Article 72 – paragraph 4 a (new)

Chapter IV shall apply 4 years after the date of entry into force of this Regulation.

Amendment 2125 #

Proposal for a regulation
Article 72 – paragraph 5 a (new)

Chapter IV shall apply 2 years after the entry into force of the implementing acts referred to in Article 50(4), with the following derogations: (a) for data categories referred to in points ….of Article 33, Chapter IV shall apply 4 years after the entry into force of the implementing acts referred to in Article 50(4); (b) for data categories referred to in points …. of Article 33, Chapter IV shall apply 6 years after the entry into force of the implementing acts referred to in Article 50(4).

Amendment 2126 #

Proposal for a regulation
Annex I – subheading 1

Main characteristics of electronic health data categories Electronic health data that includes important clinical facts related to an identified person and that is essential for the provision of safe and efficient healthcare to that person. The following information is part of a patient summary: 1. Personal details 2. Contact information 3. Allergies 4. Medical alerts 5.Vaccination/prophylaxis information, possibly in the form of a vaccination card 6. Current, resolved, closed or inactive problems 7. Medical devices and implants 8. Medical Procedures 9. Functional status 10. Current and relevant past medicines 11. Social history observations related to health on which the healthcare provider/ health professional bases their care or which are useful for the continuity of care or the management of the patient by another healthcare professional 12. Pregnancy history 13. Observation results pertaining to the health condition on which the /healthcare provider/ health professional bases his care or which are useful for the continuity of care or the management of the patient by another healthcare professional. 14. Plan of care 15. Information on a rare disease such as details about the impact or characteristics of the disease

Amendment 2127 #

Proposal for a regulation
Annex II – point 2 – point 2.3

Amendment 2128 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Annex II – point 2 – point 2.4

Amendment 2129 #

Proposal for a regulation
Annex II – point 2 – point 2.5

2.5. An EHR system shall not include features that prohibit, restrict or place undue burden on authorised exporting of personal electronic health data for the reasons of replacing the EHR system by another product. Authorised exporting of personal electronic health data shall be free of charge, without undue delay, or in in any event within one month from the request and in a structured, commonly used and machine-readable format, in line with the interoperability and security requirements to be developed according to Articles 23 and 50.

Amendment 2130 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Annex II – point 2 – point 2.5 a (new)

2.5a. An EHR system shall be developed in interoperable format that enables data portability.

Amendment 2131 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Nicolás GONZÁLEZ CASARES, Heléne FRITZON

Proposal for a regulation
Annex II – point 3 – point 3.1

3.1. An EHR system shall be designed and developed in such a way that it ensures highly safe and secure processing of electronic health data, and that it prevents unauthorised access to such data.

Amendment 2132 #

Lucia ĎURIŠ NICHOLSONOVÁ, Susana SOLÍS PÉREZ, Véronique TRILLET-LENOIR, María Soraya RODRÍGUEZ RAMOS, Frédérique RIES, Michal ŠIMEČKA

Proposal for a regulation
Annex II – point 3 – point 3.8

3.8. An EHR system designed for the storage of electronic health data shall support different retention periods and access rights that take into account the origins and categories of electronic health data as well as the specific purposes of data processing.

Amendment 2133 #

Sara CERDAS, Monika BEŇOVÁ, Tudor CIUHODARU, Romana JERKOVIĆ, Heléne FRITZON

Proposal for a regulation
Annex IV a (new)

ANNEX IVa 1. EU type-examination is the part of a conformity assessment procedure in which a notified body examines the technical design of an EHR system and verifies and attests that the technical design of the EHR system meets the applicable requirements of this Regulation. 2. EU type-examination shall be carried out by assessment of the adequacy of the technical design of the EHR system through examination of the technical documentation, plus examination of a specimen of the EHR system that is representative of the production envisaged (production type). 3. Application for EU type- examination The manufacturer shall lodge an application for EU type-examination with a single notified body of his or her choice. The application shall include: (a) the name and address of the manufacturer and, if the application is lodged by an authorised representative, the name and address of that authorised representative; (b) a written declaration that the same application has not been lodged with any other notified body; (c) the technical documentation described in Annex III; (d) the specimen(s) of the EHR system representative of the production envisaged. The notified body may request further specimens if needed for carrying out the test programme. 4. EU type-examination The notified body shall: (a) examine the technical documentation to assess the adequacy of the technical design of the EHR system; (b) verify that the EHR system has been manufactured in conformity with the technical documentation, and identify the elements that have been designed in accordance with the applicable provisions of the relevant harmonised standards or technical specifications adopted by the Commission; (c) carry out appropriate examinations and tests, or have them carried out, to check whether, where the manufacturer has chosen to apply the solutions in the relevant harmonised standards, those have been applied correctly; (e) carry out appropriate examinations and tests, or have them carried out, to check whether, where the solutions in the relevant harmonised standards or technical specifications adopted by the Commission, the solutions adopted by the manufacturer, including those in other technical specifications applied, meet the corresponding essential requirements and have been applied correctly. 5. Evaluation report The notified body shall draw up an evaluation report that records the activities undertaken in accordance with point 4 and their outcomes. Without prejudice to its obligations vis-à-vis the notifying authorities, as mentioned in Article 27, point (j), the notified body shall release the content of that report, in full or in part, only with the agreement of the manufacturer. 6. EU type-examination certificate 6.1. Where the type meets the applicable essential requirements, the notified body shall issue an EU type- examination certificate to the manufacturer. The period of validity of a newly issued certificate and, where appropriate, of a renewed certificate shall not exceed five years. 6.2. The EU type-examination certificate shall contain at least the following information: (a) the name and identification number of the notified body; (b) the name and address of the manufacturer and, if the application is lodged by an authorised representative, the name and address of that authorised representative; (c) an identification of the EHR system covered by the certificate (type number); (d) a statement that the EHR system complies with the applicable essential requirements; (e) where harmonised standards or technical specifications adopted by the Commission have been fully or partially applied, the references of those standards or parts thereof; (f) where other technical specifications have been applied, the references of those technical specifications; (g) where applicable, the performance level(s) or protection class of the machinery product; (h) the date of issue, the date of expiry and, where appropriate, the date(s) of renewal; (i) any conditions attached to the issuing of the certificate. 6.3. Where the type does not satisfy the applicable essential requirements, the notified body shall refuse to issue an EU type-examination certificate and shall inform the applicant accordingly, giving detailed reasons for its refusal. 7. Review of the EU type- examination certificate 7.1. The notified body shall keep itself apprised of any changes in the generally acknowledged state of the art, which indicate that the approved type may no longer comply with the applicable essential requirements, and shall determine whether such changes require further investigation. If so, the notified body shall inform the manufacturer accordingly. 7.2. The manufacturer shall inform the notified body that holds the technical documentation relating to the EU type- examination certificate of all modifications to the approved type and of all modifications to the technical documentation that may affect the conformity of the EHR system with the applicable essential health and safety requirements or the conditions for validity of that certificate. Such modifications shall require additional approval in the form of an addition to the original EU type-examination certificate. 7.3. The manufacturer shall ensure that the EHR system continues to fulfil the applicable essential requirements in light of the state of the art. 7.4. The manufacturer shall ask the notified body to review the EU type- examination certificate either: (a) in the case of a modification to the approved type referred to in point 7.2; (b) in the case of a change in the state of the art referred to in point 7.3; (c) at the latest, before the date of expiry of the certificate. In order to allow the notified body to fulfil its tasks, the manufacturer shall submit his or her application at the earliest 12 months and at the latest 6 months prior to the expiry date of the EU type-examination certificate. 7.5. The notified body shall examine the EHR system type and, where necessary in the light of the changes made, carry out the relevant tests to ensure that the approved type continues to fulfil the applicable essential requirements. If the notified body is satisfied that the approved type continues to fulfil the applicable essential requirements, it shall renew the EU type- examination certificate. The notified body shall ensure that the review procedure is finalised before the expiry date of the EU type-examination certificate. 7.6. Where the conditions referred to in points (a) and (b) of point 7.4 are not met, a simplified review procedure shall apply. The manufacturer shall supply the notified body with the following: (a) His or her name and address and data identifying the EU type-examination certificate concerned; (b) confirmation that there has been no modification to the approved type as referred to in point 7.2, nor to the relevant harmonised standards or technical specifications adopted by the Commission or other technical specifications applied; (c) confirmation that there has been no change in the state of the art as referred to in point 7.3; 7.7. If, following the review, the notified body concludes that the EU type- examination certificate is no longer valid, the body shall withdraw it and the manufacturer shall cease the placing on the market of the EHR system concerned. 8. Each notified body shall inform its notifying authority concerning the EU type-examination certificates and/or any additions thereto which it has issued or withdrawn, and shall, periodically or upon request, make available to its notifying authority the list of such certificates and/or any additions thereto refused, suspended or otherwise restricted. Each notified body shall inform the other notified bodies concerning the EU type-examination certificates and/or any additions thereto, which it has refused, withdrawn, suspended or otherwise restricted, and, upon request, concerning the EU type-examination certificates and/or additions thereto which it has issued. The Commission, the Member States and the other notified bodies may, on request, obtain a copy of the EU type-examination certificates and/or additions thereto. On request, the Commission and the Member States may obtain a copy of the technical documentation and the results of the examinations carried out by the notified body. The notified body shall keep a copy of the EU type-examination certificate, its annexes and additions, as well as the technical file including the documentation submitted by the manufacturer, for a period of five years after the expiry of the validity of that certificate. 9. The manufacturer shall keep a copy of the EU type-examination certificate together with the technical documentation at the disposal of the national authorities, for 10 years after the EHR system has been placed on the market. 10. The manufacturer's authorised representative may lodge the application referred to in point 3 and fulfil the obligations set out in points 7.2, 7.4 and 9, provided that they are specified in the mandate.

Amendment 2134 #