29 Amendments of Traian BĂSESCU related to 2022/0140(COD)
Amendment 189 #
Proposal for a regulation
Recital 4 a (new)
Recital 4 a (new)
(4a) Personal health data is to be processed in a lawful, fair and transparent manner in respect of the data subject and in a manner that ensures proper security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Amendment 215 #
Proposal for a regulation
Recital 9
Recital 9
(9) At the same time, it should be considered that immediate access to certain types of personal electronic health data may be harmful for the safety of natural persons, unethical or inappropriate. For example, it could be unethical to inform a patient through an electronic channel about a diagnosis with an incurable disease that is likely to lead to their swift passing instead of providing this information in a consultation with the patient first. Therefore, a possibility for limited exceptions in the implementation of this right should be ensured. Such an exception may be imposed by the Member States where this exception constitutes a necessary and proportionate measure in a democratic society, in line with the requirements of Article 23 of Regulation (EU) 2016/679. Such restrictions should be implemented by delaying the display of the concerned personal electronic health data to the natural person for a limited period. Where health data is only available on paper, if the effort to make data available electronically is disproportionate, there should be no obligation that such health data is converted into electronic format by Member States. Any digital transformation in the healthcare sector shouldmust aim to be inclusive and benefit also natural persons with limited ability to access and use digital services. Natural persons shouldmust be able to provide an authorisation to the natural persons of their choice, such as to their relatives or other close natural persons, enabling them to access or control access to their personal electronic health data or to use digital health services on their behalf. Such authorisations may also be useful for convenience reasons in other situations. Proxy services should be established by Member States to implement these authorisations, and they should be linked to personal health data access services, such as patient portals on patient-facing mobile applications. The proxy services should also enable guardians to act on behalf of their dependent children; in such situations, authorisations could be automatic. In order to take into account cases in which the display of some personal electronic health data of minors to their guardians could be contrary to the interests or will of the minor, Member States should be able to provide for such limitations and safeguards in national law, as well as the necessary technical implementation. Personal health data access services, such as patient portals or mobile applications, should make use of such authorisations and thus enable authorised natural persons to access personal electronic health data falling within the remit of the authorisation, in order for them to produce the desired effect.
Amendment 226 #
Proposal for a regulation
Recital 12
Recital 12
(12) Natural persons shouldmust be able to exercise control over the transmission of personal electronic health data to other healthcare providers. Healthcare providers and other organisations providing EHRs should facilitate the exercise of this right. Stakeholders such as healthcare providers, digital health service providers, manufacturers of EHR systems or medical devices should not limit or block the exercise of the right of portability because of the use of proprietary standards or other measures taken to limit the portability. For these reasons, the framework laid down by this Regulation builds on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their electronic health data, including inferred data, irrespective of the legal basis for processing the electronic health data. This right should apply to electronic health data processed by public or private controllers, irrespective of the legal basis for processing the data under in accordance with the Regulation (EU) 2016/679. This right should apply to all electronic health data.
Amendment 334 #
Proposal for a regulation
Recital 38 a (new)
Recital 38 a (new)
(38a) The collection and processing of electronic health data for secondary use will only be done with the consent of the patient or their representative. Similarly, under this Regulation, patients will have the possibility to alter or restrict access to all or to parts of their personal data for all or certain types of secondary uses.
Amendment 399 #
Proposal for a regulation
Recital 49
Recital 49
(49) Given the sensitivity of electronic health data, it is necessary to reduce risks on the privacy of natural persons by applying the data minimisation principle as set out in Article 5 (1), point (c) of Regulation (EU) 2016/679. Therefore, the use of anonymised electronic health data which is devoid of any personal data should be made available when possible and if the data user asks it. If the data user needs to use personal electronic health data, it shouldmust clearly indicate in its request the justification for the use of this type of data for the planned data processing activity. The personal electronic health data shouldmust only be made available in pseudonymised format and the encryption key can only be held by the health data access body. Data users shouldmust not attempt to re-identify natural persons from the dataset provided under this Regulation, subject to administrative or possible criminal penalties, where the national laws foresee this. However, this should not prevent, in cases where the results of a project carried out based on a data permit has a health benefit or impact to a concerned natural person (for instance, discovering treatments or risk factors to develop a certain disease), the data users would inform the health data access body, which in turn would inform the concerned natural person(s). Moreover, the applicant can request the health data access bodies to provide the answer to a data request, including in statistical form. In this case, the data users would not process health data and the health data access body would remain sole controller for the data necessary to provide the answer to the data request.
Amendment 440 #
Proposal for a regulation
Recital 63
Recital 63
(63) The use of funds should also contribute to attaining the objectives of the EHDS. Public procurers, national competent authorities in the Member States, including digital health authorities and health data access bodies, as well as the Commission should make references to applicable technical specifications, standards and profiles on interoperability, security and data quality, as well as other requirements developed under this Regulation when defining the conditions for public procurement, calls for proposals and allocation of Union funds, including structural and cohesion funds. The Union funds should be distributed among Member States on the basis of the levels of digitalisation of their health systems and the financial effort they have to make to implement the provisions of this Regulation.
Amendment 520 #
Proposal for a regulation
Article 2 – paragraph 2 – point c a (new)
Article 2 – paragraph 2 – point c a (new)
(ca) ‘anonymous electronic health data’ means health-related electronic data which do not refer to an identified or identifiable natural person or personal data processed in such a way that the data subject is not, or is no longer, identifiable;
Amendment 521 #
Proposal for a regulation
Article 2 – paragraph 2 – point c b (new)
Article 2 – paragraph 2 – point c b (new)
Amendment 522 #
Proposal for a regulation
Article 2 – paragraph 2 – point c c (new)
Article 2 – paragraph 2 – point c c (new)
(cc) 'genetic data' means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
Amendment 527 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
Article 2 – paragraph 2 – point e
(e) ‘secondary use of electronic health data’ means the processing of electronic health data for purposes set out in Chapter IV of this Regulation. The data used may include personal electronic health data initially collected in the context of primary use, but also electronic health data collected for the purpose of the secondary use;
Amendment 533 #
Proposal for a regulation
Article 2 – paragraph 2 – point e a (new)
Article 2 – paragraph 2 – point e a (new)
(ea) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Amendment 586 #
Proposal for a regulation
Article 2 – paragraph 2 – point z
Article 2 – paragraph 2 – point z
(z) ‘health data user’ means a natural or legal person who has lawful access to personal or non-personal electronic health data for secondary use;
Amendment 625 #
Proposal for a regulation
Article 3 – paragraph 2
Article 3 – paragraph 2
2. Natural persons shall have the right to receive an electronic or paper copy, in the European electronic health record exchange format referred to in Article 6, of at least their electronic health data in the priority categories referred to in Article 5.
Amendment 1088 #
Proposal for a regulation
Article 29 – paragraph 4 – subparagraph 2
Article 29 – paragraph 4 – subparagraph 2
Such notification shall be made, without prejudice to incident notification requirements under Directive (EU) 2016/1148, immediately after the manufacturer has established a causal link between the EHR system and the serious incident or the reasonable likelihood of such a link, and, in any event, not later than 157 days after the manufacturer becomes aware of the serious incident involving the EHR system.
Amendment 1136 #
Proposal for a regulation
Article 33 – paragraph 1 – introductory part
Article 33 – paragraph 1 – introductory part
1. Data holdThis Chapters shall makeapply to the following categories of electronic data available for secondary use, in accordance with the provisions of this Chapter:
Amendment 1140 #
Proposal for a regulation
Article 33 – paragraph 1 – point a
Article 33 – paragraph 1 – point a
(a) electronic health data from EHRs;
Amendment 1148 #
Proposal for a regulation
Article 33 – paragraph 1 – point b
Article 33 – paragraph 1 – point b
(b) data on factors impacting on health, including social, environmental behavioural determinants of health;
Amendment 1195 #
Proposal for a regulation
Article 33 – paragraph 1 – point l
Article 33 – paragraph 1 – point l
(l) data from research cohorts, questionnaires and surveys related to health;
Amendment 1261 #
Proposal for a regulation
Article 33 – paragraph 5
Article 33 – paragraph 5
5. Where tThe consent of the natural person is required by national law, health data access bodies shall rely on the obligations laid down in this Chapter to provide access to electronic health data. s or their representatives must be sought for the processing of all or part of the electronic health data for secondary use. They shall also have the right to refuse, or alter their decision on, the processing of health data for secondary use, without this in any way affecting the quality of the healthcare received.
Amendment 1394 #
Proposal for a regulation
Article 35 – paragraph 1 – point e
Article 35 – paragraph 1 – point e
(e) developing products or services that may harm individuals and societies at large, including, but not limited to illicit drugs, alcoholic beverages, or tobacco products, or goods or services which are designed or modified in such a way that they contravene public order or morality.
Amendment 1567 #
Proposal for a regulation
Article 38 – paragraph 3
Article 38 – paragraph 3
3. Where a health data access body is informed by a data user of a finding that may impact on the health of a natural person, the health data access body mayshall inform the natural person and his or her treating health professional about that finding. , if that person has given their prior consent for this, along with his or her treating health professional, that this finding exists, and shall give that natural person the opportunity to authorise or prohibit the exchange of information on that finding and on future findings.
Amendment 1905 #
Proposal for a regulation
Article 50 – paragraph 1 – point f
Article 50 – paragraph 1 – point f
(f) ensure compliance and monitor the security measures referred to in this Article to mitigatnimise potential security threats.
Amendment 1984 #
Proposal for a regulation
Article 59 – paragraph 1
Article 59 – paragraph 1
The Commission shall support sharing of best practices and expertise, aimed to build the capacity of Member States to strengthen digital health systems for primary and secondary use of electronic health data. To support capacity building, the Commission shall, in close cooperation with the Member States, draw up benchmarking guidelines for the primary and secondary use of electronic health data.
Amendment 1993 #
Proposal for a regulation
Article 61 – title
Article 61 – title
Third country transfer of anon-personal electronicymous data
Amendment 2001 #
Proposal for a regulation
Article 61 – paragraph 1
Article 61 – paragraph 1
(1) Non-personalAnonymous electronic data made available by health data access bodies, that are based on a natural person’s electronic health data falling within one of the categories of Article 33 [(a), (e), (f), (i), (j), (k), (m)] shall be deemed highly sensitive within the meaning of Article 5(13) of Regulation […] [Data Governance Act COM/2020/767 final], provided that their transfer to third countries presents a risk of re-identification through means going beyond those likely reasonably to be used, in view of the limited number of natural persons involved in that data, the fact that they are geographically scattered or the technological developments expected in the near future.
Amendment 2009 #
Proposal for a regulation
Article 62 – title
Article 62 – title
International access and transfer of anon- personalymous electronic health data
Amendment 2010 #
Proposal for a regulation
Article 62 – paragraph 1
Article 62 – paragraph 1
(1) The digital health authorities, health data access bodies, the authorised participants in the cross-border infrastructures provided for in Articles 12 and 52 and data users shall take all reasonable technical, legal and organisational measures, including contractual arrangements, in order to prevent international transfer or governmental access to anon-personalymous electronic health data held in the Union where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, without prejudice to paragraph 2 or 3 of this Article.
Amendment 2012 #
Proposal for a regulation
Article 62 – paragraph 2
Article 62 – paragraph 2
(2) Any judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring a digital health authority, health data access body or data users to transfer or give access to anon-personalymous electronic health data within the scope of this Regulation held in the Union shall be recognised or enforceable in any manner only if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or any such agreement between the requesting third country and a Member State.
Amendment 2013 #
Proposal for a regulation
Article 62 – paragraph 3 – introductory part
Article 62 – paragraph 3 – introductory part
(3) In the absence of an international agreement as referred to in paragraph 2 of this Article, where a digital health authority, a health data access body, data users is the addressee of a decision or judgment of a third-country court or tribunal or a decision of a third-country administrative authority to transfer or give access to anon-personalymous data within the scope of this Regulation held in the Union and compliance with such a decision would risk putting the addressee in conflict with Union law or with the national law of the relevant Member State, transfer to or access to such data by that third-country authority shall take place only where: