Collecting and Handling Health Data in a GDPR World

Similar documents
OUR GROUP GDPR INFORMATION SECURITY FRAMEWORK

Governance. Defend. Prevent. Respond OUR GROUP GDPR INFORMATION SECURITY FRAMEWORK FOREWORD

Medical Research Law & Policy Report

Power of Member Awareness & Involvement Case Study Patient Voice in Sweden

The Impact of GDPR on Clinical Trials

Consultation Strategy. Impact Assessment on an initiative to limit industrial trans fats intakes in the EU

FORUM FOR AEROSPACE NDT BOARDS

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

OHSAS 18001:2007 OCCUPATIONAL HEALTH & SAFETY MANAGEMENT SYSTEM WHITE PAPER Lakshy Management Consultant Pvt Ltd aiming excellence

BMA response to the European Commission Green Paper on the European Workforce for Health

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING DOCUMENT. Accompanying document to the

WORLD MEDICAL ASSOCIATION DECLARATION OF HELSINKI. Ethical Principles for Biomedical Research Involving Human Beings

WHO Framework Convention on Tobacco Control

Brussels, 20 December 2011 (Case ) 1. Proceedings

UALITY SYSTEMS STANDARDS

Response to: Concept paper of 9 February 2011 submitted for public consultation by the European Commission on the

European map of investments in innovative digital solutions for AHA Early results

COMPETENT AUTHORITY (UK) MEDICAL DEVICES DIRECTIVES GUIDANCE NOTES FOR MANUFACTURERS OF DENTAL APPLIANCES

European standard setting via CEN TC 437

Introduction to HACCP for the Agri Feed/ Food Supply chain

Comments on Consultative Report Governance arrangements for critical OTC derivatives data elements (other than UTI and UPI)

PUBLIC CONSULTATION DOCUMENT

Ref: E 007. PGEU Response. Consultation on measures for improving the recognition of medical prescriptions issued in another Member State

Welcome to presentation By Sanjay Punjabi Lead Auditor for ISO 9001, ISO 14001, OHSAS & BS 7799

Self-regulatory proposal from the european alcoholic beverages sectors on the provision of nutrition information and ingredients listing

EUROPEAN COMMISSION. Modus Operandi for the management of new food safety incidents with a potential for extension involving a chemical substance

ISO Status, Changes and Expectations FOR SUCCESSFUL BUSINESS MANAGEMENT SYSTEMS

Supporting patient groups: a pharmaceutical company perspective Susanna Leto di Priolo Novartis Oncology Region Europe

n version of 22 may 2017 Implementing ISO and transition from OHSAS 18001

THE POWER OF NUTRITION. Safeguarding Policy. June 18 1

PROVIDER CONTRACT ISSUES

An overview of the model ordinance. Mina Kashiwabara WHO Centre for Health Development (WHO Kobe Centre)

Background EVM. FAO/WHO technical workshop on nutrient risk assessment, Geneva, May 2005, published 2006.

1. These regulations have been adopted in recognition of the following fundamental sporting imperatives:

EHR Developer Code of Conduct Frequently Asked Questions

EPF s response to the European Commission s public consultation on the "Summary of Clinical Trial Results for Laypersons"

The Voice of Patients on Data Protection

Regulatory framework

C 178/2 Official Journal of the European Union

NEWCASTLE CLINICAL TRIALS UNIT STANDARD OPERATING PROCEDURES

NATIONAL INSTITUTE FOR CLINICAL EXCELLENCE SCOPE

Consultation on Carers Legislation

Alcohol and Substance Policy

Global Integrated Care, Diabetes Cardio-Vascular, Sanofi

2008 Public Status Report on the Implementation of the European Risk Management Strategy. Executive Summary

The SPARED CRN meeting

Multi-sectoral aspects of pandemic preparedness and response

HC4 Obtain images of the retina

Other EU Activities Contributing to Harmonization of Labeling

FDA issues long-awaited final guidance on when a device modification requires a new 510(k)

Tobacco Free Ireland Action Plan

(Text with EEA relevance) Having regard to the opinion of the European Economic and Social Committee ( 1 ),

COUNCIL OF THE EUROPEAN UNION. Brussels, 7 September 2009 (OR. en) 11261/09 Interinstitutional File: 2008/0002 (COD) DENLEG 51 CODEC 893

COMMISSION DELEGATED REGULATION (EU).../... of XXX

Presentation to Parliamentary Portfolio Committee on Health

Memorandum of Understanding on the working relations between the European Commission and the European Stability Mechanism

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

POSSIBLE REVISION OF THE TOBACCO PRODUCTS DIRECTIVE 2001/37/EC PUBLIC CONSULTATION DOCUMENT

Explanatory Memorandum to the Food Labelling (Declaration of Allergens) (Wales) Regulations 2008

The SPS and TBT Agreements and International Standards (Agenda Item 5): Implication of SPS Agreement and relation to Codex standard

BoR (15) 200. BEREC Report on the outcome of the public consultation on the draft report on equivalent access and choice for disabled end-users

Business Impact Analysis

WORLDWIDE FLIGHT SERVICES PRIVACY SHIELD POLICY

ENVIRONMENTAL, HEALTH AND SAFETY LEGISLATION IN EUROPE

The Value of Walgreens

DRAFT FOR PUBLIC COMMENT Guidance Note for ESS9 Financial Intermediaries

Mr José Manuel Barroso President of the European Commission Rue de la Loi 200 B-1049 Brussels. Courtesy translation

RFQ:-HPCSA 03/2017 REQUEST FOR QUOTATION FOR OCCUPATIONAL HEALTH SERVICE ON BEHALF OF THE HEALTH PROFESSIONS COUNCIL OF SOUTH AFRICA

A European Quality Assurance Scheme for Breast Cancer Services - updates Joint Research Centre

BACKGROUND + GENERAL COMMENTS

The Global Network Aiming to deliver safe quality care in relation to tobacco for every service user, every time and everywhere

HRS Group UK Drug and Alcohol Policy

(Legislative acts) REGULATIONS

Guidelines for implementation of Article 14

SMOKING, HEALTH AND SOCIAL CARE (SCOTLAND) ACT Implications for Voluntary Sector Social Care Service Providers

I N T E R N A T I O N A L H O C K E Y F E D E R A T I O N

Medical Devices. UKRAINE Magisters

The Danish Medicines Agency s availability strategy

IMPORTANT DISCLAIMER. Note

Lao People s Democratic Republic

Transforming health through IT

Committed to Environment, Health, & Safety

Healthy Workplaces Campaign DANGEROUS SUBSTANCES

SOLUTION MATCH Ospedale Pediatrico Bambin Gesù is looking for a remote monitoring and symptom reporting solution to detect problems with shunts in

COMMISSION OF THE EUROPEAN COMMUNITIES

19 th World Conference on Non-Destructive Testing Manfred JOHANNES 1. 1 More info about this article:

SCOTIABANK ANTI-MONEY LAUNDERING (AML) / ANTI-TERRORIST FINANCING (ATF) QUESTIONNAIRE

AQ Group UN Global Compact Communication on Progress AQ Group AB

EFSA s Catalogue of support initiatives during the life-cycle of applications for regulated products. European Food Safety Authority (EFSA)

Towards tailored and targeted asthma self-management using mobile technologies

Trust Policy. Control of Smoking Policy (Patients and Visitors)

THE HYGIENE PACKAGE A NEW APPROACH TO FOOD SAFETY

REPORT FROM THE COMMISSION. Annual Report ( )

Crisis, Risk and Security.

LEAF Marque Assurance Programme

We get your personal data from the following sources (examples detailed below are not exhaustive):

Proposed EU physical agents directives on noise and vibration

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

IMPROVING YOUR HEALTH AND SAFETY PERFORMANCE METRICS WITH OHSAS 18001

Transcription:

Collecting and Handling Health Data in a GDPR World Alexander Whalen, Senior Policy Manager, DIGITALEUROPE @DIGITALEUROPE

WHO IS Represents the digital technology sector in Europe A wide range of Multinational Companies (60) and National Trade Associations (37) Represents more than 27,000 businesses and 2 million employees HIMSS Europe GmbH 2

WHERE ARE WE TODAY? Sensitive personal data includes data concerning health Directive 95/46/EC Afforded higher standard of protection General prohibition of processing without explicit consent Some level of fragmentation across EU with sub-categories HIMSS Europe GmbH 3

WHERE WILL WE BE IN MAY 2018? Regulation vs. Directive General Data Protection Regulation ( GDPR ) More organisations caught by scope New safeguards requirement Increased transparency Higher fines HIMSS Europe GmbH 4

TRANSPARENCY AS A CORE FOCUS Certain information needed to explain use of personal data GDPR requires more info: Will data be transferred? How long will it be kept? Is profiling being used? HIMSS Europe GmbH 5

EXPANSION OF SENSITIVE PERSONAL DATA GDPR continues to include health data GDPR includes genetic and biometric data GDPR permits Member States to introduce further conditions HIMSS Europe GmbH 6

MORE ORGANISATIONS CAUGHT Processors are subject to direct legal obligations Organisations not established in the EU require compliance HIMSS Europe GmbH 7

PROCESSING HEALTH DATA Lawful processing reflects Directive Explicit consent is not the only option Lawful processing also for public interest, preventative or occupational medicine, medical diagnosis, provision of health or social care or treatment, etc. Questions remain on scientific research HIMSS Europe GmbH 8

HOW TO OBTAIN CONSENT? Freely given, specific, informed and unambiguous indication of individual's wishes GDPR places burden on controller to demonstrate consent Must be obtained in a manner distinguishable from other matters, in an easily accessible form and using clear and plain language HIMSS Europe GmbH 9

IMPORTANCE OF SCIENTIFIC RESEARCH Qualified compliance framework if safeguards in place No clear definition on scientific research What about health research, driven primarily for commercial gain? HIMSS Europe GmbH 10

SCIENTIFIC RESEARCH VS. RIGHTS OF INDIVIDUALS GDPR strengthens individuals rights Introduction of new rights like data portability Scientific research tempers effects of some rights (e.g. right to erasure & right to object) Member State derogations exist HIMSS Europe GmbH 11

DATA BREACH NOTIFICATION Not industry specific Triggered if breach likely to result in high risk to individuals Nature of health data likely to result in high risk to individuals if breached Conditions on breach HIMSS Europe GmbH 12

DOCUMENTATION & MORE DOCUMENTATION Controllers & processors now have documentation obligations Record of processing activities must be kept Nature of health data likely to result in high risk to individuals if breached Conditions on breach HIMSS Europe GmbH 13

APPOINTING DATA PROTECTION OFFICER Obligation to appoint DPO when core activities consist of the processing of sensitive data on a large scale This will catch large amount of: Healthcare providers; Insurance Pharma Biotech Digital tech HIMSS Europe GmbH 14

WHAT S LEFT TO BE DONE? Article 29 Working Party guidance documents Aim is to give clarity to controllers and processors Published in draft form for stakeholder input Data Protection Impact Assessments next HIMSS Europe GmbH 15

ANYTHING ELSE? Codes of conduct & certification Adherence to either to be used as sign of compliance Health industry can explore developing a code tailored for their specific requirements Certified controllers or processors also option HIMSS Europe GmbH 16

IS THAT REALLY ALL? Ensure harmonised implementation across Member States Minimise (or maximise) Member State opening clauses Ensure clarity in unclear areas HIMSS Europe GmbH 17

Thank you! Alexander Whalen, Senior Policy Manager, DIGITALEUROPE Alexander.Whalen@digitaleurope.org @DIGITALEUROPE

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback