BETA

8 Amendments of Henna VIRKKUNEN related to 2022/0140(COD)

Amendment 90 #
Proposal for a regulation
Recital 54
(54) Given the sensitivity of electronic health data, data users should not have an unrestricted access to such data. All secondary use access to the requested electronic health data should be done through a secure processing environment. In order to ensure strong technical and security safeguards for the electronic health data, the health data access body or, where relevant, single data holder should provide access to such data in a secure processing environment, complying with the high technical and security standards set out pursuant to this Regulation. The requirements for secure processing environments and their development should strike an appropriate balance between security and functionality, taking into account technical feasibility and building on existing best practices. Some Member States took measures to locate such secure environments in Europe. The processing of personal data in such a secure environment should comply with Regulation (EU) 2016/679, including, where the secure environment is managed by a third party, the requirements of Article 28 and, where applicable, Chapter V. Such secure processing environment should reduce the privacy risks related to such processing activities and prevent the electronic health data from being transmitted directly to the data users. The health data access body or the data holder providing this service should remain at all time in control of the access to the electronic health data with access granted to the data users determined by the conditions of the issued data permit. Only non-personal electronic health data which do not contain any electronic health data should be extracted by the data users from such secure processing environment. Thus, it is an essential safeguard to preserve the rights and freedoms of natural persons in relation to the processing of their electronic health data for secondary use. The Commission should assist the Member State in developing common security standards in order to promote the security and interoperability of the various secure environments.
2023/03/10
Committee: ITRE
Amendment 92 #
Proposal for a regulation
Recital 55
(55) For the processing of electronic health data in the scope of a granted permit, the health data access bodies and the data users should be joint controllers in the sense of Article 26 of Regulation (EU) 2016/679, meaning that the obligations of joint controllers under that Regulation will apply. To support health data access bodies and data users, the Commission should, by means of an implementing act, provide a template for the joint controller arrangements health data access bodies and data users will have to enter into. In order to achieve an inclusive and sustainable framework for multi-country secondary use of electronic health data, a cross-border infrastructure should be established. HealthData@EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Due to the sensitivity of health data, principles such as “privacy by design” and “bring questions to data instead of moving data” should be respected whenever possible, bearing in mind technical feasibility and existing best practices. Authorised participants in HealthData@EU could be health data access bodies, research infrastructures established as an European Research Infrastructure Consortium (‘ERIC’) under Council Regulation (EC) No 723/200950or similar structures established under another Union legislation, as well as other types of entities, including infrastructures under the European Strategy Forum on Research Infrastructures (ESFRI), infrastructures federated under the European Open Science Cloud (EOSC). Other authorised participants should obtain the approval of the joint controllership group for joining HealthData@EU. On the other hand, HealthData@EU should enable the secondary use of different categories of electronic health data, including linking of the health data with data from other data spaces such as environment, agriculture, social etc. The Commission could provide a number of services within HealthData@EU, including supporting the exchange of information amongst health data access bodies and authorised participants for the handling of cross- border access requests, maintaining catalogues of electronic health data available through the infrastructure, network discoverability and metadata queries, connectivity and compliance services. The Commission may also set up a secure environment, allowing data from different national infrastructures to be transmitted and analysed, at the request of the controllers. The Commission digital strategy promote the linking of the various common European data spaces. For the health sector, interoperability with the sectors such as the environmental, social, agricultural sectors may be relevant for additional insights on health determinants. For the sake of IT efficiency, rationalisation and interoperability of data exchanges, existing systems for data sharing should be reused as much as possible, like those being built for the exchange of evidences under the once only technical system of Regulation (EU) 2018/1724 of the European Parliament and of the Council51. _________________ 50 Council Regulation (EC) No 723/2009 of 25 June 2009 on the Community legal framework for a European Research Infrastructure Consortium (ERIC) (OJ L 206, 8.8.2009, p. 1). 51 Regulation (EU) 2018/1724 of the European Parliament and of the Council of 2 October 2018 establishing a single digital gateway to provide access to information, to procedures and to assistance and problem-solving services and amending Regulation (EU) No 1024/2012 (OJ L 295, 21.11.2018, p. 1).
2023/03/10
Committee: ITRE
Amendment 96 #
Proposal for a regulation
Recital 61 a (new)
(61a) In order to alleviate reported difficulties associated with the implementation of Regulation (EU) 2016/679, potential outcomes of the secondary use of health data, and its impact upon research, the Commission should conduct a study to examine the impact of Regulation (EU) 2016/679 and Regulation on EHDS on research. The study should be completed and published by not later than one year after the adoption of this Regulation. The study should examine divergence of implementation approaches and the impacts upon different areas of research. The study should include remedial recommendations.
2023/03/10
Committee: ITRE
Amendment 99 #
Proposal for a regulation
Recital 64 a (new)
(64a) An obligation to store electronic health data in the Union does not preclude transfers of those data to third countries or international organisations. Indeed, it is possible to reconcile a general requirement to store personal data in the Union with specific transfers being allowed in compliance with Union law on personal data protection, for instance in the context of scientific research, disbursement of care or international cooperation. Remote access relying on state-of-the-art technologies should be the prioritised form of cross- border data exchanges with third countries and international organisations, in accordance with the “bring questions to data instead of moving data” principle. In particular, when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, the level of protection of natural persons ensured in the Union by Regulation (EU) 2016/679 should not be undermined, including in cases of onward transfers of personal data from the third country or international organisation to controllers, processors in the same or another third country or international organisation. Transfers of personal health data to third countries and international organisations may only be carried out in full compliance with Chapter V of Regulation (EU) 2016/679. Hence, controllers and processors processing personal electronic health data remain subject to Article 48 of that Regulation on transfers or disclosures not authorised by Union law and should comply with this provision in case of an access request stemming from a third country. In accordance with and under the conditions of Article 9(4) of Regulation (EU) 2016/679, Member States can maintain or introduce further conditions, including limitations, to transfers of personal health data to third countries or international organisations.
2023/03/10
Committee: ITRE
Amendment 100 #
Proposal for a regulation
Recital 65
(65) In order to promote the consistent application of this Regulation, a European Health Data Space Board (EHDS Board) should be set up. The Board should consists of representatives from digital health authorities, European Data Protection Board, European Data Protection Supervisor, European Medicines Agency, European Centre for Disease Prevention and Control, healthcare professionals, patient organizations, research community and health industry. All Board members have the same rights and responsibilities. Furthermore, experts of the European Parliament should be invited to attend the meetings of the EHDS Board. The EHDS Board may also invite experts and observers to attend its meetings, and may cooperate with other external experts as appropriate. The EHDS Board should operate transparently with open publication of meeting dates and minutes of the discussion as well as an annual report. The Commission should participate in its activities and chair it. It should contribute to the consistent application of this Regulation throughout the Union, including by helping Member State to coordinate the use of electronic health data for healthcare, certification, but also concerning the secondary use of electronic health data. Given that, at national level, digital health authorities dealing with the primary use of electronic health data may be different to the health data access bodies dealing with the secondary use of electronic health data, the functions are different and there is a need for distinct cooperation in each of these areas, the EHDS Board should be able to set up subgroups dealing with these two functions, as well as other subgroups, as needed. For an efficient working method, the digital health authorities and health data access bodies should create networks and links at national level with different other bodies and authorities, but also at Union level. Such bodies could comprise data protection authorities, cybersecurity, eID and standardisation bodies, as well as bodies and expert groups under Regulations […], […], […] and […] [Data Governance Act, Data Act, AI Act and Cybersecurity Act].
2023/03/10
Committee: ITRE
Amendment 169 #
Proposal for a regulation
Article 33 – paragraph 1 – point o a (new)
(oa) Death registries, death certificates
2023/03/10
Committee: ITRE
Amendment 212 #
Proposal for a regulation
Article 35 – paragraph 1 – point e a (new)
(ea) re-engineering medical devices or AI algorithms.
2023/03/10
Committee: ITRE
Amendment 222 #
Proposal for a regulation
Article 36 – paragraph 3
3. Member States shall ensure that essential health stakeholders’ representatives, including patient organisations, healthcare professionals and research community shall be present in the governance and decision-making structures of the health data access bodies. In the performance of their tasks, health data access bodies shall actively cooperate with stakeholders’ representatives, especially with representatives of patients, data holders and data users. Staff of health data access bodies shall avoid any conflicts of interest. Health data access bodies shall not be bound by any instructions, when making their decisions.
2023/03/10
Committee: ITRE