DG Health and Food Safety Assessment of the EU Member States’ rules on health data in the light of GDPR Specific Contract No SC 2019 70 02 in the context of the Single Framework Contract Chafea/2018/Health/03 Health and Food Safety Further information on the Health and Food Safety Directorate-General is available on the internet at: http://ec.europa.eu/dgs/health_food-safety/index_en.htm The European Commission is not liable for any consequence stemming from the reuse of this publication. Luxembourg: Publications Office of the European Union, 2021 © European Union, 2021 Reuse is authorised provided the source is acknowledged. The reuse policy of European Commission documents is regulated by Decision 2011/833/EU (OJ L 330, 14.12.2011, p. 39). PDF ISBN 978-92-9478-785-9 doi:10.2818/546193 EB-01-21-045-EN-N EUROPEAN COMMISSION Assessment of the EU Member States’ rules on health data in the light of GDPR Specific Contract No SC 2019 70 02 in the context of the Single Framework Contract Chafea/2018/Health/03 Written by Johan Hansen1, Petra Wilson2, Eline Verhoeven1, Madelon Kroneman1, Mary Kirwan3, Robert Verheij1,4, Evert-Ben van Veen5 (on behalf of the EUHealthSupport consortium) 1 Nivel, Netherlands institute for health services research, 2 Health Connect Partners, 3 Royal College of Surgeons in Ireland, 4 Tilburg University, 5 MLC Foundation Contributors: Peter Achterberg, Jeroen Kusters, Laura Schackmann (main report), Isabelle Andoulsi, Petronille Bogaert, Herman van Oyen, Melissa Van Bossuyt, Beert Vanden Eynde, Marie- Eve Lerat (BE), Martin Mirchev (BG), Radek Halouzka (CZ), Mette Hartlev, Klaus Hoeyer (DK), Fruzsina Molnár-Gábor (DE), Priit Koovit (EE), Olga Tzortzatou, Spyridoula Spatha (EL), Pilar Nicolás, Iñigo de Miguel Beriain, Enrique Bernal Delgado, Ramón Launa (ES), Gauthier Chassang, Emmanuelle Rial-Sebagg (FR), Damir Ivanković, Ivana Pinter (HR), Luca Marelli, Edoardo Priori (IT), George Samoutis, Neophytos Stylianou (CY), Santa Slokenberga, Agnese Gusarova (LV), Laura Miščikienė, Lukas Galkus (LT), László Bencze (HU), Philip Mifsud, Philip Formosa (MT), Dorota Krekora (PL), Alexander Degelsegger- Márquez, Anna Gruböck, Claudia Habl, Kathrin Trunner (AT), Cátia Sousa Pinto, Joana Luís and Diogo Martins (PT), Daniel-Mihail Sandru (RO), Metka Zaletel, Tit Albreht (SI), Peter Kováč (SK), Jarkko Reittu (FI), Lotta Wendel (SE), Edward Dove (UK) 3 Consumers, Health, Agriculture and Food Executive Agency Third EU Health Programme 2021 EN EUROPEAN COMMISSION This report was produced in the framework of the EU Health Programme 2014- 2020 under a service contract with the Consumers, Health, Agriculture and Food Executive Agency (Chafea), acting under a mandate from the European Commission. The information and views set out in this report are those of the author(s) and do not necessarily reflect the official opinion of Chafea or of the Commission. Neither Chafea nor the Commission guarantee the accuracy of the data included in this report. Neither Chafea, the Commission, nor any person acting on their behalf may be held responsible for the use which may be made of the information contained therein. Les informations et points de vue exposés dans le présent rapport n’engagent que leur(s) auteur(s) et ne sauraient pas être assimilés à une position officielle de la Chafea/Commission. Chafea / la Commission ne garantissent pas l'exactitude des données figurant dans le présent rapport. Ni Chafea, ni la Commission, ni aucune personne agissant en leur nom n'est responsable de l’usage qui pourrait être fait des informations contenues dans le présent texte. EUROPEAN COMMISSION Consumers, Health, Agriculture and Food Executive Agency Unit: Health Unit Contact: Marilena Di Stasi E-mail: [email protected] European Commission B-1049 Brussels 4 Consumers, Health, Agriculture and Food Executive Agency Third EU Health Programme 2021 EN Assessment of the EU Member States’ rules on health data in the light of GDPR CONTENT EXECUTIVE SUMMARY ..................................................................................... 9 1. INTRODUCTION ..................................................................................... 11 1.1. Data for sustainable health care ...................................................... 11 1.2. Context ........................................................................................ 12 1.3. Scope of the study ......................................................................... 13 1.3.1. GDPR as starting point ........................................................ 13 1.3.2. Types of health data use ..................................................... 14 1.3.3. Legal aspects of different types of data ................................. 15 1.3.4. Reading guidance ............................................................... 16 2. METHODOLOGY ..................................................................................... 17 2.1. Introduction .................................................................................. 17 2.2. Literature review ........................................................................... 17 2.3. Mapping and legal analysis at national level ....................................... 17 2.4. In-depth case studies of governance models ..................................... 18 2.5. Workshops ................................................................................... 19 2.6. Stakeholder survey ........................................................................ 20 2.6.1. Types of stakeholders approached ........................................ 21 2.7. Guidance on how to read and interpret this report .............................. 22 3. LEGAL FRAMEWORK FOR PATIENT CARE ................................................... 23 3.1. Introduction .................................................................................. 23 3.1.2 The legal base for data processing for Function 1 ....................... 24 3.1.3 Choosing legal bases ............................................................. 26 3.2. Legal bases used to legitimate processing of health data for Function 1 - care provision ............................................................................. 27 3.2.1. Health data processing by the data controller who is intending to provide care .................................................................. 28 3.2.2. Sharing health data for the purposes of providing care to the data subject ...................................................................... 30 3.3. Data processing in the context of the use of digital health solutions ...... 34 3.4. Practical and organisational aspects of data use for care provision ........ 37 3.5. Interoperability, security and data quality in the context of care provision ...................................................................................... 38 3.6. Concluding remarks ....................................................................... 40 4. FRAMEWORK FOR SECONDARY USE OF HEALTH DATA FOR PUBLIC HEALTH PURPOSES ............................................................................................ 42 4.1. Introduction .................................................................................. 42 4.2. Management of the health care system ............................................ 42 4.2.1. Health data sharing with public bodies .................................. 44 4.2.2. Health data sharing with insurers ......................................... 45 4.3. Market approval of medicines and devices ......................................... 46 4.4. Pharmacovigilance and medical device safety monitoring .................... 48 4.5. Public health threats ...................................................................... 50 4.6. Disease registries .......................................................................... 52 4.7. Stakeholder views concerning processing of health data for public health purposes ............................................................................ 53 2021 EN Assessment of the EU Member States’ rules on health data in the light of GDPR 4.8. Concluding remarks ....................................................................... 55 5. SECONDARY USE OF HEALTH DATA FOR SCIENTIFIC OR HISTORICAL RESEARCH ............................................................................................ 57 5.1. Introduction: defining function 3 and the legal basis for secondary use of health data for scientific research ................................................. 57 5.1.1. Legal basis for processing -function 3- research ...................... 57 5.1.2. Lawful bases and safeguards ............................................... 58 5.2. Survey findings: legal bases used to legitimate processing of health data for Function 3 - Research ......................................................... 59 5.2.1. Introduction to findings ....................................................... 59 5.2.2. Findings - sectoral legislation or authoritative guidance further specifying the application of article 9(2)(j) in the context of health research .................................................................. 60 5.2.3. Findings - specific legislation and legal bases used for research by third-party researchers in public and non-public organisations ..................................................................... 69 5.2.4. Specific legislation and legal bases used for research on genetic data .........................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages262 Page
-
File Size-