clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

Similar documents
Ministry of Justice: Call for Evidence on EU Data Protection Proposals

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Preparing for the new Regulations for healthcare providers

European Charter for Access to Research Infrastructures - DRAFT

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

EN Official Journal of the European Union L 117/176 REGULATION (EU) 2017/746 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Convergence and Differentiation within the Framework of European Scientific and Technical Cooperation on HTA

Interaction btw. the GDPR and Clinical Trials Regulation

POSITION PAPER. GREEN PAPER From Challenges to Opportunities: Towards a Common Strategic Framework for EU Research and Innovation funding

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT. pursuant to Article 294(6) of the Treaty on the Functioning of the European Union

Open Science for the 21 st century. A declaration of ALL European Academies

15890/14 MVG/cb 1 DG G 3 C

Recast de la législation européenne et impact sur l organisation hospitalière

Official Journal of the European Union L 117. Legislation. Legislative acts. Volume May English edition. Contents REGULATIONS

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

EN Official Journal of the European Union L 117/1 REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

ICC POSITION ON LEGITIMATE INTERESTS

Legal Aspects of Identity Management and Trust Services

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

BBMRI-ERIC WEBINAR SERIES #2

Position Paper on Horizon ESFRI Biological and Medical Research Infrastructures

Council of the European Union Brussels, 8 March 2017 (OR. en)

DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION

Global Alliance for Genomics & Health Data Sharing Lexicon

TOOL #21. RESEARCH & INNOVATION

EU Research Integrity Initiative

A New Platform for escience and data research into the European Ecosystem.

A Research and Innovation Agenda for a global Europe: Priorities and Opportunities for the 9 th Framework Programme

The New Legislative Framework Revision of the NAWI-D and the MI-D

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

(Non-legislative acts) DECISIONS

demonstrator approach real market conditions would be useful to provide a unified partner search instrument for the CIP programme

25 July 2017 Without prejudice [PROVISIONS IN RELATION TO TRADE IN GOODS ALREADY INCLUDED IN THE EU TEXT PROPOSAL FOR THE TRADE IN GOODS CHAPTER]

Ethical issues raised by big data and real world evidence projects. Dr Andrew Turner

Chapter 11 Cooperation, Promotion and Enhancement of Trade Relations

Questions and answers on the revised directive on restrictions of certain dangerous substances in electrical and electronic equipment (RoHS)

This document is a preview generated by EVS

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

How to survive the MDR

Big data: a complex and evolving regulatory framework

COST FP9 Position Paper

Data Protection Regulation: Keeping Health Research Alive in the EU. A Roundtable Event Hosted by Nessa Childers MEP. European Parliament, Brussels

Position Paper.

APEC Internet and Digital Economy Roadmap

IMHA Research. In short it is addressing two questions:

Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070

Position Paper of Iberian Universities Design of FP9

Conclusions on the future of information and communication technologies research, innovation and infrastructures

SMA Europe Code of Practice on Relationships with the Pharmaceutical Industry

Committee on the Internal Market and Consumer Protection

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

Pan-Canadian Trust Framework Overview

Health Innovations in Horizon 2020: the framework programme for research and innovation ( )

Draft executive summaries to target groups on industrial energy efficiency and material substitution in carbonintensive

European Nuclear Education Network Association

Medical Technology Association of NZ. Proposed European Union/New Zealand Free Trade Agreement. Submission to Ministry of Foreign Affairs & Trade

Section 1: Internet Governance Principles

Vision. The Hague Declaration on Knowledge Discovery in the Digital Age

10246/10 EV/ek 1 DG C II

EUROPEAN COMMISSION. Dynamic spectrum & Mobile Multimedia Services. EU policy dimension. Philippe J. Lefebvre

HL7 Standards and Components to Support Implementation of the European General Data Protection Regulation (GDPR)

Guidance on the anonymisation of clinical reports for the purpose of publication

IMI2 Intellectual Property rules in light of Call 10 topics. Magali Poinot, IMI Legal Manager IMI Stakeholder Forum 28 September 2016

COUNCIL OF THE EUROPEAN UNION. Brussels, 19 May 2014 (OR. en) 9879/14 Interinstitutional File: 2013/0165 (COD) ENT 123 MI 428 CODEC 1299

2

The 26 th APEC Economic Leaders Meeting

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

IN VITRO DIAGNOSTICS: CAPITA EXOTICA

mathematics and technology, including through such methods as distance

THE DIGITAL TRANSFORMATION MUST SUPPORT SOLIDARITY-BASED HEALTH SYSTEMS AIM S POSITION PAPER ON DIGITAL HEALTHCARE

COMMISSION OF THE EUROPEAN COMMUNITIES

Enabling ICT for. development

Andalusian Agency for Health Technology Assessment (AETSA)

ECC Strategic Plan. ECC Strategic Plan for the period

Operational Objectives Outcomes Indicators

Details of the Proposal

Privacy Policy SOP-031

ARTICLE 29 Data Protection Working Party

Universities and Sustainable Development Towards the Global Goals

PRIVACY ANALYTICS WHITE PAPER

8365/18 CF/nj 1 DG G 3 C

B) Issues to be Prioritised within the Proposed Global Strategy and Plan of Action:

THE BLUEMED INITIATIVE AND ITS STRATEGIC RESEARCH AGENDA

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

(Non-legislative acts) REGULATIONS

VPH-FET. VPH Institute. To: Dr. Peteris Zilgavis Head, ICT for Health Unit

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Mirja Liikkanen. Statistics Finland

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

1 What is Standardization? 2 What is a standard? 3 The Spanish Association for Standardization, UNE

28 March Report of the Working Group on Pharmaceuticals and Public Health of the High Level Committee on Health.

Mul6lingual Linked Data Technologies for the Single Digital Market

ANEC-ICT-2014-G-020final April 2014

Transcription:

ESR Statement on the European Commission s proposal for a Regulation on the protection of individuals with regard to the processing of personal data on the free movement of such data (General Data Protection Regulation) The European Society of Radiology (ESR) is an apolitical, non-profit organisation, dedicated to promoting and coordinating the scientific, philanthropic, intellectual and professional activities of Radiology in all European countries. The Society's mission at all times is to serve the health care needs of the general public through the support of science, teaching and research and the quality of service in the field of radiology. The ESR is the European body representing the radiology profession with close to 54,000 individual members and acts as the umbrella organisation of all national radiological societies in Europe as well as Europe s subspecialty organisations in the field of radiology. The ESR welcomes the European Commission s proposal for a new data protection Regulation, which aims at updating the existing framework (Directive 95/45/EC) dating from 1995 to address the fragmentation of national legislation, legal uncertainty regarding a number of issues as well as in order to strengthen the individual rights and to tackle the challenges of globalisation and new technologies. As a scientific and professional society, the ESR would like to draw particular attention to the specificities of data protection in the healthcare setting and related research, as particularly in view of the European Union s ehealth vision including cross-border services the sharing and collecting of health data has a profound impact on how medicine is practiced today. It is considered particularly important that updated European legislation in this field reflects the best practices of EU Member States identifying drawbacks in countries with lower and countries with higher levels of data protection in place at national level. The ESR understands that a number of scientific societies and stakeholders in academia have carefully analysed the proposed Regulation with a view to its potential impact on health research, clinical trials and patient registries and that a number of concerns and requests for November 2012 1

clarification to bring legal certainty to these issues have been voiced in various position papers and statements. The ESR fully endorses the Statement by the Federation of European Academies of Medicine (FEAM) dated June 2012 1, outlining the importance of patient data to health research and emphasising the importance to achieve an appropriate balance between facilitating the safe and secure use of patient data for health research and the rights and interests of individuals. Building upon the Statement by FEAM, the ESR would like to outline a few additional comments, explanations and requests for clarification regarding the implication of the proposed Regulation on the field of medical imaging in order to ensure that the proposed legislation does not restrict the development of medical imaging and related research in Europe, in particular in view of the increasing importance of international research empowerment. Medical Imaging is crucial not only as a final tool to improve diagnosis but also as an intermediate, as it can provide a large set of information essential for developing early prediction, personalised medicine, quantitative biomarkers and cellular-molecular imaging. Most recent initiatives in medical imaging research share an open data policy, as the European Commission has shown a strong will towards encouraging the sharing of data and has subscribed to the principle of open access to research results in order to boost Europe's innovation capacity. The availability of open, high-quality and large scale imaging biobanks and processing facilities in terms of data, services and resources will radically simplify access to knowledge, improve interoperability and standardisation and will even help consolidate the medical imaging research community and foster multi-disciplinary collaboration at European level. It is essential to strike a balance between ensuring unimpeded medical and scientific network collaboration while maintaining a high level of information security in order to ensure scientific advances and competitiveness in the research arena in Europe. In the future, biomedical imaging will become one of the major data producers, and people working in this area will have to face the burden of data management and analysis within shared imaging biobanks. A specific focus should be put on data exchangeability and interoperability between different EU countries. ICT issues in regard to medical imaging are high up on ESR s agenda, including a vision to develop harmonised software throughout Europe to send and exchange imaging data and related information to facilitate research and synergies. The ESR would like to call upon the European institutions to support such an initiative in order to ensure the traceability, security 1 http://www.feam-site.eu/cms/docs/publications/feamdataprotectionstatementjune2012.pdf November 2012 2

and integrity of the data throughout the process. An example of a project dealing with interinstitutional exchange of radiological information within the ehealth European Interoperability Framework can be found at http://ec.europa.eu/isa/actions/documents/isa_2.12_ehealth1_workprogramme.pdf Below you will find a list of specific comments regarding the field of medical imaging the ESR would like to make in regard to the proposed Regulation in the interest of Europe s patient and benefit of individuals: General remarks 1 Healthcare providers should keep their medical records safe but open to their professionals. Processing of identifiable personal data does not apply to standard healthcare medical records. 2 Article 7 (4) "Consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller" poses a risk for the relationship of patients and physicians, and also for research - it could imply that a consent of patients would not be valid and, in parallel, could affect the relationship of employees and employers in healthcare. 3 Article 17 (right to be forgotten and erasure) is supported by the ESR as data subjects should have the right to not allow their imaging data to be used for the interest of the public health interest. Explicit consent should be given in this situation. 4 Article 25 regulates the representation of controllers not established in the EU and relevant exemptions. These exemptions could interfere with healthcare, if providers from outside Europe are enterprises with lower than 250 persons and become active in the EU. 5 There is a need to regulate third parties access to patient data, such as technical works on medical equipment or databases (remote maintenance). Regulation for service providers in healthcare (e.g. remote service for medical equipment and IT systems) is needed. Remote service of medical equipment and ITsystems is mandatory to guarantee highest levels of medical quality and system availability (e.g. 24/7). Therefore service personnel may get in contact with protected health information (e.g. database maintenance or reconstruction of data at imaging modalities). Therefore service personnel should fall under the same regulation and liabilities as healthcare personnel itself. Service companies should be responsible to November 2012 3

comply with these obligations, as healthcare providers would not be able to verify compliance for every service technician. There is a need to regulate third parties access to patient data, such as technical works within medical equipment or databases (remote maintenance). Implications on Research 6 Article 5(b) shall not limit data handling in research according to Art. 83. Article 5 principles relating to data processing with paragraph (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes needs to be clarified in particularly with regard to Article 83[MP1]. In research activities it is mandatory to evaluate data in different ways, it would thus not be possible to specify all processing in advance, due to the fact that e.g. new tools for image processing will be developed and should be evaluated with former processing tools in imaging databanks. 7 The development of platforms for long-term storage (Article 5) and image organisation should be registered in order to allow sharing best practice and image data between researchers from all over Europe. 8 The explicit consent, as mentioned in Article 7 should not apply for the use of anonymised and key-coded image data for historical, statistical, educational and scientific research purposes. There is a disproportionate effort to impose the obligation to the subject of giving their consent for the adequate use of their anonymised imaging data. Also in retrospective studies the explicit consent will be impossible to obtain. Transparency information for data subjects should be simple and low-constraint. Organisational policies may allow anonymised data to be used for these purposes and clearly communicate this policy to the patient. 9 Article 7(1) "the controller shall bear the burden of proof for the data subject s consent" in relation to Article 83 jeopardises health research. In registers for data-mining for example it is often quite difficult to define in advance the exactly specified purposes and additional findings. 10 Article 6(2) enables data processing for scientific research ( processing of data for historical, statistical or scientific research shall be lawful subject to the conditions referred to in Article 83 [MP1]), but this may be in contradiction to Articles 5 and 7 because of the request for specified, explicit and legitimate purposes (Article 5) and subject s consent (Article 7), which may not be requested especially retrospectively for new research procedures. November 2012 4

11 Article 83 (1) b: Personal data may be processed for historical, statistical or scientific research purpose only if data enabling the attribution of information to an identified or identifiable data subject is kept separately from the other information as long as these purposes can be fulfilled in this manner. Any processing of personal data, such as image archiving and treating, should fall under the scope of this regulation with standardised rules for image data storage and pseudonymisation or anonymisation. The data related to the individual subject (the one that could allow patient identification) should be eliminated but kept traceable in the databases (key-coded). Stringent measures should ensure that subjects are not identified. Personal information in these databases should be minimum and shall not allow the identification of the subject (non-traceable). Anonymised imaging data should be adequate for image evaluation, analysis and assessment. The information needed to reverse the pseudonymisation process shall be stored and guarded, so that, given the event that more information is needed about the patient under study, it will be possible to retrieve this information. However, this information should not be traceable on the internet. 12 In the field of medical imaging, anonymity can take different forms, from the alteration of the existing text information in DICOM (Digital Imaging and Communications in Medicine) headers up to image-level deformation of parts that can identify the patient (especially in neuroimaging biometric data). Only the data related to the anonymised imaging part must be available for historical, statistical, educational and scientific research purposes. 13 Art 83 (2) publication of personal data under certain conditions should be in accordance with good clinical and scientific practice. 14 The ESR endorses FEAM s concerns regarding Art 83 (3) Commission shall be empowered to adopt delegated acts as it implies the possibility for further specifications without any restrictions. Clarification is needed that this Article is not in contradiction with Art 290 TFEU (also point 3.4.10 of this proposal). 15 No barriers to people donating data for biomedical research should be created. 16 The regulation should allow a better use of health data to approach large-scale system based initiatives. Re-use of existing data shall be possible to tackle new issues, as it will allow to save time, resources and money. 17 Open and controlled access of image data to the concerned scientific community and training of research infrastructure users should not be prevented by the proposed Regulation. November 2012 5

18 Cloud-based services will be applied to compose and aggregate medical information from several sources and with different nature. As an example, biomarker information could be included in the healthcare medical records from a patient and accessible through mobile devices. 19 Quality control and quality assurance practices should be implemented within registries. All the imaging databases and biobanks should be under the responsibility and liability of the controllers. Personal data should not be processed for other purposes by third parties (in accordance to Article 13). 20 Transfer of image-related information to third countries outside the EU should have the same level of protection as within the EU (in accordance to Chapter V). 21 All possible resources should be available for scientists to help tackle a wide range of illnesses that cause disability and premature death. The open access has to follow registration and traceability. Data mining on the information from DICOM standard format and image processing techniques should be allowed. Implications on Teleradiology 22 In teleradiology and cross-border imaging flows, patients must give informed consent (Article 7) when the clinical details and images are electronically transferred from one EU country to another. Doctors undertaking cross-border telemedicine and teleradiology should have the equivalent regulatory requirement to those of the country where the patient accesses healthcare. Implications on Clinical Trials 23 Clinical trials and their related databases with participation of several European and non- European countries should maintain pseudonymisation or anonymisation and traceability. For further information or questions, please contact the ESR Department of EU and Public Affairs at eu-affairs@myesr.org. November 2012 6

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback