BETA

Activities of Rob ROOKEN related to 2022/0140(COD)

Plenary speeches (1)

2023/12/12
Dossiers: 2022/0140(COD)

Amendments (46)

Proposal for a regulation
Recital 5

(5) More and more Europeans cross national borders to work, study, visit relatives or to travel. To facilitate the exchange of health data, and in line with the need for empowering citizens, they should be able to access their health data in an electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, ~~such as behaviour, environmental, physical influences, medical care, social or educational factors~~medical care. Electronic health data also includes data that has been initially collected for research, statistics~~, policy making~~ or regulatory purposes and may be made available according to the rules in Chapter IV. The electronic health data concern all categories of those data, irrespective to the fact that such data is provided by the data subject or other natural or legal persons, such as health professionals, or is processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automatic means.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 7

(7) In health systems, personal electronic health data is usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies, immunisations, as well as radiology images and laboratory results, spread between different entities from the health system (general practitioners, hospitals, pharmacies, care services). In order to enable that electronic health data to be accessed, shared and changed by the natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. Alternatively, some Member States support public and private healthcare providers to set up personal health data spaces to enable interoperability between different healthcare providers. Several Member States have also supported or provided health data access services for patients and health professionals (for instance through patients or health professional portals). They have also taken measures to ensure that EHR systems ~~or wellness applications~~ are able to transmit electronic health data with the central EHR system (some Member States do this by ensuring, for instance, a system of certification). However, not all Member States have put in place such systems, and the Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal health data across the Union and avoid negative consequences for patients when receiving healthcare in cross-border context, Union action is needed in order to ensure individuals have improved acess to their own personal electronic health data and are empowered to share it.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 9

~~[...]~~deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 23

(23) Digital health authorities should have sufficient technical skills, possibly bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take necessary measures to ensuring rights of natural persons by setting up national, regional, and local technical solutions such as national EHR, patient portals, data intermediation systems. When doing so, they should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurements and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. To carry out their tasks, the digital health authorities should cooperate at national and Union level with other entities, including with ~~insurance bodies,~~ healthcare providers, manufacturers of EHR systems ~~and wellness applications~~, as well as stakeholders from health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity ~~or e-ID~~ authorities.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 26

(26) In addition to services in MyHealth@EU for the exchange of personal electronic health data based on the European electronic health record exchange format, other services or supplementary infrastructures may be needed for example in cases of public health emergencies or where the architecture of MyHealth@EU is not suitable for the implementation of some use cases. Examples of such use cases include support for vaccination card functionalities, including the exchange of information on vaccination plans, or verification of vaccination certificates or other health-related certificates. This would be also important for introducing additional functionality for handling public health crises, such as support for contact tracing for the purposes of containing infectious diseases. Connection of national contact points for digital health of third countries or interoperability with digital systems established at international level should be subject to a check ensuring the compliance of the national contact point with the technical specifications, data protection rules and other requirements of MyHealth@EU. A decision to connect a national contact point of a third country should be taken by data controllers in the joint controllership group for MyHealth@EU.deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 35

(35) Users of wellness applications, such as mobile applications, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions, in cases where data produced by wellness applications is useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should be informed about the compliance of such applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A voluntary labelling scheme should therefore be established as an appropriate mechanism for enabling the transparency for the users of wellness applications regarding compliance with the requirements, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. The Commission may set out in implementing acts the details regarding the format and content of such label.deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 36

(36) The distribution of information on certified EHR systems ~~and labelled wellness applications~~ is necessary to enable procurers and users of such products to find interoperable solutions for their specific needs. A database of interoperable EHR systems ~~and wellness applications~~, which are not falling within the scope of Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final] should therefore be established at Union level, similar to the European database on medical devices (Eudamed) established by Regulation (EU) 2017/745. The objectives of the EU database of interoperable EHR systems ~~and wellness applications~~ should be to enhance overall transparency, to avoid multiple reporting requirements and to streamline and facilitate the flow of information. For medical devices and AI systems, the registration should be maintained under the existing databases established respectively under Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final], but the compliance with interoperability requirements should be indicated when claimed by manufacturers, to provide information to procurers.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Recital 39

(39) The categories of electronic health data that can be processed for secondary use should be broad and flexible enough to accommodate the evolving needs of data users, while remaining limited to data related to health or known to influence health. It can also include relevant data from the health system (electronic health records, claims data, disease registries, genomic data etc.), as well as data with an impact on health (~~for example~~ consumption of different substances, ~~homelessness, health insurance, minimum income, professional status, behaviour,~~ including environmental factors (for example, pollution, radiation, use of certain chemical substances). They can also include person-generated data, such as data from medical devices~~, wellness applications or other wearables and digital health applications~~. The data user who benefits from access to datasets provided under this Regulation could enrich the data with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of data in the dataset. To support the improvement of the original database and further use of the enriched dataset, the dataset with such improvements and a description of the changes should be made available free of charge to the original data holder. The data holder should make available the new dataset, unless it provides a justified notification against it to the health data access body, for instance in cases of low quality of the enrichment. Secondary use of non-personal electronic data should also be ensured. In particular, pathogen genomic data hold significant value for human health, as proven during the COVID-19 pandemic. Timely access to and sharing of such data has proven to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics effort will be achieved when public health and research processes share datasets and work mutually to inform and improve each other.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 1 – paragraph 2 – point a

(a) strengthens the rights of natural persons in relation to the availability and control of their electronic health data, both in the primary as in the secondary use thereof;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 1 – paragraph 3 – point a

(a) manufacturers and suppliers of EHR systems ~~and wellness applications~~ placed on the market and put into service in the Union and the users of such products;

2023/03/30
Committee: ENVI LIBE

~~(c) controllers and processors established in a third country that has been connected to or are interoperable with MyHealth@EU, pursuant to Article 12(5);~~deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 2 – paragraph 2 – point h

(h) ‘registration of electronic health data’ means the recording of health data in an electronic format, through manual entry of data, through the collection of data by a device, or through the conversion of non- electronic health data into an electronic format, to be processed in an EHR system ~~or a wellness application~~;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 2 – paragraph 2 – point o

(o) ‘wellness application’ means any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life-styles;deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 3 – paragraph 3

3. In accordance with Article 23 of Regulation (EU) 2016/679, Member States may restrict the scope of this right whenever necessary for the protection of the natural person based on patient safety and ethics by delaying their access to their personal electronic health data for a limited period of time until a health professional can properly communicate and explain to the natural person information that can have a significant impact on his or her health.deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 3 – paragraph 9

9. Notwithstanding Article 6(1), point (d), of Regulation (EU) 2016/679, natural persons shall have the right to restrict access of health ~~professional~~care providers, health professionals, data holders and data users to all or part of their electronic health data. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 3 – paragraph 10

10. Natural persons shall have the right to obtain information on the healthcare providers and health professionals that have accessed their electronic health data in the context of healthcare by means of an automatic notification procedure. The information shall be provided immediately and free of charge through electronic health data access services. The information shall include the names of the health care providers controlling the data processing, the health data that was accessed, and the time of access.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 4 – paragraph 2

2. In line with the data minimisation principle provided for in Regulation (EU) 2016/679, Member States ~~may~~shall establish rules providing for the categories of personal electronic health data required by different health professions. Such rules shall not be based on the source of electronic health data.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 4 – paragraph 3

3. Member States shall ensure that access to at least the priority categories of electronic health data referred to in Article 5 is made only available for the purpose of the healthcare treatment, to health professionals through health professional access services. Health professionals who are in possession of recognised electronic identification means shall have the right to use those health professional access services, free of charge. .

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 4 – paragraph 4

4. Where access to electronic health data has been restricted by the natural person, the healthcare provider or health professionals shall not be informed of the content of the electronic health data without prior authorisation by the natural person, including where the provider or professional is informed of the existence and nature of the restricted electronic health data. In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, the healthcare provider or health professional may get access to the restricted electronic health data. Following such access, the healthcare provider or health professional shall inform the data holder and the natural person concerned or his/her guardians that access to electronic health data had been granted. Member States’ law may add additional safeguards.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 10 – paragraph 2 – point h

(h) contribute, at Union level, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing interoperability, security, safety or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems ~~and wellness applications~~ referred to in Article 32;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 10 – paragraph 2 – point o – point vii

(vii) number of certified EHR systems ~~and labelled wellness applications~~ enrolled in the EU database;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 11 – paragraph 2

2. The digital health authority with which the complaint has been lodged shall inform the complainant of the progress of the proceedings and of the decision taken. The digital health authority shall send a copy of the complaint to the relevant data protection supervisory authority.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 13 – paragraph 1

1. Member States may provide through MyHealth@EU supplementary services that facilitate telemedicine, mobile health, and access by natural persons to their translated health data, exchange or verification of health-related certificates, including vaccination card services supporting public health and public health monitoring or digital health systems, services and interoperable applications, with a view to achieving a high level of trust and security, enhancing continuity of care and ensuring access to safe and high-quality healthcare. The Commission shall, by means of implementing acts, set out the technical aspects of such provision. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2).

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 1

Member States and the Commission shall seek to ensure interoperability of MyHealth@EU with technological systems established at international level for the exchange of electronic health data. The Commission may adopt an implementing act establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of MyHealth@EU for the purposes of the electronic health data exchange. Before adopting such an implementing act, a compliance check of the national contact point of the third country or of the system established at an international level shall be performed under the control of the Commission.deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 13 – paragraph 3 – subparagraph 2

The implementing acts referred to in the first subparagraph of this paragraph shall be adopted in accordance with the procedure referred to in Article 68. The connection of the national contact point of the third country or of the system established at an international level to the central platform for digital health, as well as the decision to be disconnected shall be subject to a decision of the joint controllership group for MyHealth@EU referred to in Article 66.deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Chapter III – title

III EHR systems ~~and wellness applications~~

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 25 – paragraph 3

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to supplement this Regulation by allowing manufacturers to enter the information referred to in paragraph 2 into the EU database of EHR systems ~~and wellness applications~~ referred to in Article 32, as an alternative to supplying the information sheet referred to in paragraph 1 with the EHR system.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 31

Voluntary labelling of wellness 1. Where a manufacturer of a wellness application claims interoperability with an EHR system and therefore compliance with the essential requirements laid down in Annex II and common specifications in Article 23, such wellness application may be accompanied by a label, clearly indicating its compliance with those requirements. The label shall be issued by the manufacturer of the wellness application. 2. The label shall indicate the following information: (a) categories of electronic health data for which compliance with essential requirements laid down in Annex II has been confirmed; (b) reference to common specifications to demonstrate compliance; (c) validity period of the label. 3. The Commission may, by means of implementing acts, determine the format and content of the label. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68(2). 4. The label shall be drawn-up in one or more official languages of the Union or languages determined by the Member State(s) in which the in which the wellness application is placed on the market. 5. The validity of the label shall not exceed 5 years. 6. If the wellness application is embedded in a device, the accompanying label shall be placed on the device. 2D barcodes may also be used to display the label. 7. The market surveillance authorities shall check the compliance of wellness applications with the essential requirements laid down in Annex II. 8. Each supplier of a wellness application, for which a label has been issued, shall ensure that the wellness application that is placed on the market or put into service is accompanied with the label for each individual unit, free of charge. 9. Each distributor of a wellness application for which a label has been issued shall make the label available to customers at the point of sale in electronic form or, upon request, in physical form. 10. The requirements of this Article shall not apply to wellness applications which are high-risk AI systems as defined under Regulation […] [AI Act COM/2021/206 final].Article 31 deleted applications

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 32 – title

Registration of EHR systems ~~and wellness applications~~

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 32 – paragraph 1

1. The Commission shall establish and maintain a publicly available database with information on EHR systems for which an EU declaration of conformity has been issued pursuant to Article 26 ~~and wellness applications for which a label has been issued pursuant to Article 31.~~;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 32 – paragraph 2

2. Before placing on the market or putting into service an EHR system referred to in Article 14 ~~or a wellness application referred to in Article 31~~, the manufacturer of such EHR system ~~or wellness application~~ or, where applicable, its authorised representative shall register the required data into the EU database referred to in paragraph 1.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 32 – paragraph 4

4. The Commission is empowered to adopt delegated acts in accordance with Article 67 to determine the list of required data to be registered by the manufacturers of EHR systems ~~and wellness applications~~ pursuant to paragraph 2.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 33 – paragraph 1 – point a

(a) electronic health data from EHRs ;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 33 – paragraph 1 – point b

~~(b) data impacting on health, including social, environmental behavioural determinants of health;~~deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 33 – paragraph 1 – point d

(d) ~~health-related~~ administrative data~~, including claims and reimbursement data~~ underlying the provision of health care services;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 33 – paragraph 1 – point e

~~(e) human genetic, genomic and proteomic data;~~deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 33 – paragraph 1 – point f

(f) person generated electronic health data, including medical devices~~, wellness applications or other digital health applications~~;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 33 – paragraph 1 – point n

~~(n) electronic data related to insurance status, professional status, education, lifestyle, wellness and behaviour data relevant to health;~~deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 34 – paragraph 1 – point f

(f) development and innovation activities for products or services contributing to public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, AI systems and digital health applications, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;deleted

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 34 – paragraph 1 – point g

(g) training, testing and evaluating of algorithms, including in medical devices, and AI systems ~~and digital health applications~~, contributing to the public health or social security, or ensuring high levels of quality and safety of health care, of medicinal products or of medical devices;

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 38 – paragraph 2

2. Health data access bodies shall ~~not~~ be obliged to provide the specific information under Article 14 of Regulation (EU) 2016/679 to each natural person concerning the use of their data for projects subject to a data permit and shall provide general public information on all the data permits issued pursuant to Article 46.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 41 – paragraph 1

1. Where a data holder is obliged to make electronic health data available under Article 33 or under other Union law or national legislation implementing Union law, it shall cooperate in compliance with the requirements set out in Article 32 of Regulation (EU) 2016/679, and in good faith with the health data access bodies, where relevant.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 44 – paragraph 3

3. Where the purpose of the data user’s processing cannot be achieved with anonymised data, taking into account the information provided by the data user, the health data access bodies shall provide access to electronic health data in pseudonymised format. The information necessary to reverse the pseudonymisation shall be available only to the health data access body. Data users shall not re- identify the electronic health data provided to them in pseudonymised format. The data user’s failure to respect the health data access body’s measures ensuring pseudonymisation shall be subject to appropriate penalties.deleted

2023/03/30
Committee: ENVI LIBE

1. Health data access bodies shall assess if the application fulfils one of the purposes listed in Article 34(1) of this Regulation, if the requested data is necessary for the purpose listed in the application and if the requirements in this Chapter are fulfilled by the applicant, and if individuals have the option to opt-out with respect to the secondary use of their personal health data. If that is the case, the health data access body shall issue a data permit.

2023/03/30
Committee: ENVI LIBE

Proposal for a regulation
Article 52 – paragraph 5

5. Third countries or international organisations may become authorised participants where they comply with the rules of Chapter IV of this Regulation and provide access to data users located in the Union, on equivalent terms and conditions, to the electronic health data available to their health data access bodies. The Commission may adopt implementing acts establishing that a national contact point of a third country or a system established at an international level is compliant with requirements of HealthData@EU for the purposes of secondary use of health data, is compliant with the Chapter IV of this Regulation and provides access to data users located in the Union to the electronic health data it has access to on equivalent terms and conditions. The compliance with these legal, organisational, technical and security requirements, including with the standards for secure processing environments pursuant to Article 50 shall be checked under the control of the Commission. These implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 68 (2). The Commission shall make the list of implementing acts adopted pursuant to this paragraph publicly available.deleted

2023/04/05
Committee: ENVI LIBE