Support USers To Access INformation and Services (Grant Agreement No )

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Support USers To Access INformation and Services (Grant Agreement No 297206)"

Transcription

1 Support USers To Access INformation and Services (Grant Agreement No ) Deliverable D5.4 Recommendations on security and privacy issues version 3 Version 1.0 Work Package: WP5 Version & Date: v1.0 / 20 th January 2015 Deliverable type: Distribution Status: Author: Reviewed by: Approved by: Filename: Abstract Report Public Lorraine Acheson, Damian O Connor John Oates Marco d Angelantonio D5.4 v1.0 SUSTAINS Recommendations on security and privacy version 3 This report provides a set of recommendations pertaining to security and privacy issues in relation to providing citizens with access to their Electronic Health Records. Key Word List Security, privacy, Electronic Health Records, data protection, recommendations The information in this document is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.

2 Executive Summary At a national and regional level, Member States have their own legislation and practice regarding data protection, privacy and security. Patient consent, patients access to data and their (in)ability to modify health records are all areas of importance when considering increasing patient engagement with their Electronic Healthcare Record (EHR). This report develops a set of recommendations for regions implementing SUSTAINS type services, based on the review of literature and partner survey included in previous iterations of this report, and a supplementary review of literature included in this report. Four areas of recommendation are put forward: Informed consent. Access to data. Data accuracy. Harmonisation of legislation. These are underpinned by the principles of giving consideration to both ethical and usability issues when implementing SUSTAINS type services. Public Page 2 of 16 v1.0 / 20th January 2015

3 Change History Version History th December th January th January 2015 Version Changes 0.1 Initial draft 0.2 Updates following internal review 1.0 Version for issue Outstanding Issues None Public Page 3 of 16 v1.0 / 20th January 2015

4 Table of Contents EXECUTIVE SUMMARY 2 CHANGE HISTORY 3 TABLE OF CONTENTS 4 1. INTRODUCTION Purpose of this document Structure of the document Glossary 5 2. METHODOLOGY Overview 6 3. SUPPLEMENTARY LITERATURE REVIEW Background Findings of relevance to SUSTAINS Recommendations of relevance to SUSTAINS 9 4. KEY CONSIDERATIONS FOR RECOMMENDATIONS Informed consent Access to data Data accuracy Harmonisation of legislation Consideration of ethical issues Security RECOMMENDATIONS Principles Recommendations 15 Public Page 4 of 16 v1.0 / 20th January 2015

5 1. Introduction 1.1 Purpose of this document This report is the final output from Work Package 5 (WP5) security, privacy and ethical issues. The objective of WP5 is to analyse the regulations, laws and practices with regards to the security, privacy and ethical issues relating to access by patients to their Electronic Health Record (EHR), and the other SUSTAINS services. This report provides the final iteration of a set of recommendations on security, privacy and ethical issues in relation to SUSTAINS and the implementation of the EHR. The recommendations aim to offer guidance to other regions seeking to implement SUSTAINS type services. 1.2 Structure of the document Chapter 2 sets out the methodology adopted. Chapter 3 includes a supplementary review of literature. Chapter 4 discusses the key considerations for the development of a set of recommendations. Chapter 5 sets out the final set of recommendations. 1.3 Glossary EC EHR EU HCP European Commission Electronic Healthcare Record European Union Healthcare Professional Public Page 5 of 16 v1.0 / 20th January 2015

6 2. Methodology 2.1 Overview The methodology adopted for developing the recommendations included in the report is set out in detail in D5.2 Recommendations on Security and Privacy. At a high level this involved a two pronged approach: A review of the literature including: - European legislation relating to safety and privacy of electronic healthcare records. - Ethical issues concerned with patients accessing their own electronic healthcare records. A survey of regulation and practice relating to safety and privacy of electronic healthcare records in partner regions. Findings from both the literature review and the survey were presented in D5.2. Two additional considerations have been taken into account for the final iteration of this report: Consideration of findings from a recently published EC commission study on national health laws on electronic health records. Findings from the SUSTAINS patient empowerment study. Public Page 6 of 16 v1.0 / 20th January 2015

7 3. Supplementary literature review Since the completion of the last report, the EC has published a commissioned study by Milieu Ltd 1, which provides an overview of the current national laws on electronic health records (EHRs) in the EU Member States and their interaction with the provision of cross-border ehealth services mentioned in Directive 2011/24/EU on patients' rights in cross-border healthcare. A number of findings from this study are pertinent to SUSTAINS, and have been drawn out below for consideration in relation to the SUSTAINS recommendations. 3.1 Background The study examined the national laws of the 28 Member States and Norway and identified legal barriers for cross-border transfer of data from electronic health records and for the provision of cross-border ehealth services. It then made a set of recommendations to the ehealth Network on how the national laws and the European framework must evolve to support cross-border ehealth services. 3.2 Findings of relevance to SUSTAINS The findings that are of relevance to SUSTAINS cover four areas: Different approaches to EHRs systems and laws. Security aspects of EHRs. Patient consent. Access. Different approaches to EHRs systems and laws Disparities between countries in their approaches to regulate EHRs were recognised by the study. Specifically, it was identified that some countries have set explicit rules for EHRs, including SUSTAINS partner countries Estonia, Finland, Spain and Sweden, whilst others rely on general health records and data protection legislation 2. This finding was also echoed in the survey of SUSTAINS partner regions. Security aspects of EHRs Despite the sensitive nature of health data and the vulnerability of electronically available data, the study found that half of the countries covered did not have a set specific rules for institutions hosting and managing EHRs, including SUSTAINS partner countries Denmark, Italy and Slovenia. Instead, general rules setting security requirements for all types of data controllers were used. In addition, the study highlighted that almost all the countries covered have not gone beyond Directive 95/46/EC on Data Protection with regards to authorisation requirements. 1 Milieu Ltd time.lex Brussels Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services, July Ibid, p22. Public Page 7 of 16 v1.0 / 20th January 2015

8 The study found that authorisation procedures to host and process EHRs are, in the vast majority of countries, the same as to host and process other data 3. Patient consent The study identified that in relation to patient consent for the creation and/or sharing of EHRs, most of the countries reviewed could be divided into three groups: 1. Some countries require explicit consent for the creation of an EHR; this consent is for both data to be included in an EHR sharing system and for access to the data in the EHR by healthcare professionals other than the one who collected the data. 2. Some countries do not require explicit consent for the creation of an EHR, but do require explicit consent for the inclusion of (data extracted from) this EHR into an EHR sharing system. 3. Finally, a number of countries do not require explicit consent neither for the creation of an EHR nor for the inclusion of (data extracted from) this EHR into a sharing system; but patient consent is needed for access to the data in the EHR by healthcare professionals other than the one who collected the data. In each of these cases, the form of the explicit consent varies considerably. The study identifies that in the third group of countries for example, the patient consent needed for access to the data in the EHR by healthcare professionals other than the one who collected the data is deduced from the fact that the patient visits the professional to receive healthcare, and hands over, for example, his/her health insurance card so that the EHR system of the professional reads data from this card 4. Access to EHR The study highlights that Article 6(1)(c) of Directive 95/46/EC requires that the data processed must be adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed, which suggests that access should be role-based and limited to persons needing access. Nevertheless, the study found that in a small number of countries, the same access rights are granted to all health professionals, e.g. in Estonia, despite the fact that this would not appear to be in line with the Directive. Half of the countries, however, do provide different categories of access to EHRs for different health professionals, including SUSTAINS partner countries Spain, Finland, Italy, Sweden and the UK; this approach was found to be undertaken in a variety of ways 5. Patients rights over the data Directive 95/46/EC grants data subjects a series of rights over their data. These include the right to access data, the right to erase and correct data, and the right to know who has accessed their data. The studies identified that these are, however, not absolute rights. There are a series of exemptions listed under Article 13 of Directive 95/46/EC which, if applied by Member States, reduce the scope of the various patients rights. In addition, the right to erase and correct data relates only to data the processing of which does not comply with the provisions of the Directive, in Ibid, p8 Ibid p8/9 Ibid p38 Public Page 8 of 16 v1.0 / 20th January 2015

9 particular because of the incomplete or inaccurate nature of the data. It is, in any case, for the Member States to define what specific measures must be put in place. The study found that patients are entitled to all of these rights in all countries covered, but that only in some countries does the national legislation go beyond the minimum requirements of Directive 95/46/EC. In all countries covered, patients are entitled to access their EHRs, and in half of them this right covers all data contained in EHRs. Another right directly connected with the right to access is the right to download data; although only one third of the countries covered by the study allow the patient to download all or at least some of his/her EHR, in the other countries the patient is entitled to other similar rights 6. With regards to the right to erase and correct data, the study shows that in most countries patients do not have the right to directly erase or modify their data, and that no country allows patients to directly modify data that has not been input by the patient. Erasure of data not input by the patients is only allowed by two countries, including SUSTAINS partner country Italy, although two others allow patients to hide some data. The study highlighted that stakeholders from these countries have expressed their concern in this respect, indicating their distrust of a system which does not guarantee completeness of information. The study also revealed that in the countries which have set specific provisions on the right to know who accessed EHRs, patients usually have access to this information directly online. This is also the case in some countries which do not have specific rules in this respect. The study highlights that patients right to know who accessed their EHRs is in principle guaranteed by the general rules of data protection law transposing Article 12(a) of Directive 95/46/EC. It found that about one third of countries have enacted specific provisions granting such a right in relation to EHRs, and where this is the case this is usually available online Recommendations of relevance to SUSTAINS The study identifies the following recommendations 8 which are of relevance to SUSTAINS: at national and EU levels, Security aspects of EHRs Recommendation at national level: It should be left to the Member States themselves to choose the security measures which are most appropriate in the context of their specific situation, possibilities and context. Regarding the use of cloud services for hosting EHRs, Member States should refrain from introducing particular legal rules or even guidelines, codes of conduct or model service level agreements (SLAs) without taking into account the European perspective. Unilateral initiatives in this field are moreover not in line with Directive 98/48/EC on the provision of information in the field of technical standards. Recommendation at the EU level: A binding European legal framework on basic user and access management that should also include operational rules on other security aspects such as end-to-end encryption (currently not possible because of the lack of a common encryption standard) and audit trails (who will be in charge of Ibid p10 Ibid 43 Ibid p.7-10 Public Page 9 of 16 v1.0 / 20th January 2015

10 recovering data events in case of an incident) should be adopted. Agreement is also recommended on a model service level agreement for cloud services with regard to EHRs. The ehealth Network should closely follow up the progress made in this context and stimulate the development of European model provisions for cloud SLAs dedicated for ehealth services and EHRs in particular. Patient consent Recommendation at national level: A three stage approach is recommended: When a patient visits a healthcare professional in order to receive care, this professional has the duty to keep a record of at least a minimum set of data related to the identity of this patient and to the care provided; no additional implicit or explicit consent of the patient or even an opt-out possibility is thus needed at this stage. When, on the basis of national or regional law, public authorities decide to make available EHRs for exchange among healthcare professionals (e.g. in order to avoid unnecessary public healthcare costs), such EHR sharing systems can be established and include available individual EHRs without additional explicit consent of the patients. Member States are however free to introduce opt-out possibilities for this stage. This viewpoint corresponds to the one expressed by the Working Party in its opinion of When a patient visits a healthcare professional who wishes to receive or access health data collected from this patient by other healthcare providers (by means of the EHR sharing system), such access will require prior explicit consent of the patient concerned. This consent constitutes, at the same time, proof that this patient has engaged into a therapeutic relationship with the healthcare professional. Recommendation at the EU level: An agreement should be reached by the ehealth Network on the three-stage model described in the previous recommendation, promoting this model as a European guideline for all Member States. Recommendation at the EU level: An agreement on a list of the categories of healthcare professionals having access to patient summaries (and subsequently for the other priority use cases mentioned before) or a common definition of healthcare professional will most probably not be possible in a short term. An alternative could therefore be to leave it to each Member State to decide who should be considered as a health professional in the context of intra-european EHR exchange. Patients rights over the data Recommendation at national level: Member States should set specific rules allowing the data from EHRs, to which the patient already has access, to be downloaded, as well as providing for the availability online of the information about who has accessed EHRs. Where countries wish to grant patients the right to erase or hide data that has not been input by them, health professionals are at least notified that some data is missing, allowing them to try to convince the patients to disclose such data. It is also recommended that Member States take the necessary measures to implement any guidelines on access to EHRs that may be adopted at EU level. Public Page 10 of 16 v1.0 / 20th January 2015

11 Recommendation at the EU level: Agreement is recommended on a set of guidelines, e.g. on the possibility for patients to add, modify or erase data from EHRs. Information harmful to the patient should not be directly available to him/her, allowing health professionals to decide to hide certain EHR information from the patient for up to six months so that they can personally communicate delicate diagnoses to the patient. The possibility for patients to modify data from EHRs that that has not been input by them should be expressly prohibited so as to allow health professionals from other countries to rely on the information available. Different categories of access to EHRs Recommendation at national level: Member States should, despite the significant financial cost involved, establish certainty on the categories of healthcare professionals who can have access to patient summaries, and trustworthy official registers of these categories of professionals which can be used for authentication purposes, and that need to be accessible on-line. Recommendation at the EU level: An agreement on a list of the categories of healthcare professionals having access to patient summaries (and subsequently for the other priority use cases mentioned before) or on a common definition of healthcare professional will most probably not be possible in a short term. An alternative could therefore be to leave it to each Member State to decide who should be considered as a healthcare professional in the context of intra-european EHR exchange. Public Page 11 of 16 v1.0 / 20th January 2015

12 4. Key considerations for recommendations The draft set of recommendations developed in D5.2 were based on five key areas that were identified from the review of literature and the partner survey. In addition, pertinent recommendations from Renewing Health 9 were also considered. The five areas are: Informed consent. Access to data. Data accuracy. Harmonisation. Consideration of ethical issues. Considerations relating to each of these areas are discussed below and include findings from the supplementary literature review. 4.1 Informed consent The Data Protection Directive includes that explicit written consent is required to share citizen s data. The survey results highlight that this is not always the practice across partner countries and regions; this finding is also highlighted in the study by Milieu Ltd. Discussion amongst the SUSTAINS partners highlighted that to expect regions to gain explicit written consent from patients would be challenging practically, and was not generally built in to EHRs at development stage. The study by Milieu Ltd makes recommendations on explicit informed consent according to the context, using a tiered three stage approach, making the need for explicit consent more practical. This recommendation is endorsed. Firstly, the study recommends that when a patient visits a healthcare professional in order to receive care, this professional has a duty to keep a record of at least a minimum set of data related to the identity of this patient and to the care provided; thus no additional implicit or explicit consent of the patient, or even an opt-out possibility, is needed at this stage. Secondly, when EHRs are made available for exchange among healthcare professionals, these can include available individual EHRs without additional explicit consent of the patients. However, it recommends that Member States are free to introduce opt-out possibilities for this stage. Thirdly, when a patient visits a healthcare professional who wishes to receive or access health data collected from this patient by other healthcare providers (by means of the EHR sharing system), such access will require prior explicit consent of the patient concerned. This consent constitutes, at the same time, proof that this patient has engaged into a therapeutic relationship with the healthcare professional. 9 Region of Europe working together for Health Deliverable 7.2 Security and Privacy Recommendations Public Page 12 of 16 v1.0 / 20th January 2015

13 4.2 Access to data SUSTAINS provides citizens with electronic access to their healthcare records. There is variation in the level of access to these records across the partner countries and regions. Legislation allows citizens full access to their own information based on freedom of information, but this access can be paper based. The study by Milieu Ltd recommends that Member States set specific rules allowing the data from EHRs, to which the patient already has access electronically, to be downloaded, as well as providing for the availability online of the information about who has accessed EHRs. The study further recommends that agreement should be reached on a set of guidelines, e.g. on the possibility for patients to add, modify or erase data from EHRs. These recommendations are supported. In addition, the study recommends that information harmful to the patient should not be directly available to him/her, allowing health professionals to decide to hide certain EHR information from the patient for up to six months so that they can personally communicate delicate diagnoses to the patient. This part of the recommendation is not supported by our report. Patients ability to access information about their diagnoses, including difficult news, brings with it ethical issues, not least of which is the question of whether a citizen s right to access information about him/herself outweighs the right of a healthcare professionals to withhold or delay access to this information for fear of causing harm? Interestingly, the DOME Project 10 (Deployment of OnlineMedical records and E-health services), funded by VINNOVA, the Swedish Governmental Agency for Innovation Systems, found that cancer patients who accessed sensitive diagnostic results online prior to communication with an HCP, reported that they felt better prepared to ask questions when attending the follow up appointment, rather than being shocked after hearing sensitive news in an appointment and being unable to think or ask questions. The term Harmful in itself is very subjective, and is not supported in this report as a basis for a recommendation. In practice, of course, those patients who only want to hear information from their HCP will probably not access their EHR anyway. Masking data The SUSTAINS basket of services provides citizens with the ability to mask certain data if they wish. The principle underpinning data masking that is supported by SUSTAINS is that the action of masking should itself be masked, i.e. HCPs should not know that specific information has been hidden. For masking to work effectively, it must not be traceable. Conversely the study by Milieu Ltd recommends that where countries wish to grant patients the right to erase or hide data that has not been input by them, health professionals are at least notified that some data is missing, allowing them to try to convince the patients to disclose such data. The recommendation to notify HCPs where data has been masked is not supported, as it is undermines the principle of masking. The necessity to notify HCPs of potential masking should be considered against the reality that in practice data masking has taken place throughout history without HCPs knowledge, when a patient withholds information when visiting another HCP Public Page 13 of 16 v1.0 / 20th January 2015

14 4.3 Data accuracy The Data Protection Directive includes the right for citizens to rectify or erase data, in particular incomplete or inaccurate data. For citizens to be able to correct information held within their record, they have to have access to all of the information held about them. The study by Milieu Ltd recommends that agreement is required on a set of guidelines, e.g. on the possibility for patients to add, modify or erase data from EHRs. Whilst the need to develop guidelines regarding modification would be supported, the possibility of erasing patient data entirely from the EHR brings with it concerns regarding the subsequent impact if clinical decisions are taken on the basis of information that is subsequently erased. A distinction between masking and erasing is therefore recommended. 4.4 Harmonisation of legislation The survey results provided by SUSTAINS partners highlight variations in legislation and practice across the regions / countries. Similarly, the Renewing Health report highlighted inconsistencies in the application of the European Directive on Data Protection, recommending harmonisation of policies and approaches to security and privacy across member states. The study by Milieu Ltd recommends a number of areas where agreement should be reached at an EU level, and promotion of these as European guidelines for all Member States. 4.5 Consideration of ethical issues While on face value the successful implementation of an EHR and the provision of SUSTAINS type services relies primarily on technical and practical considerations, in practice equal consideration needs to be given to the ethical issues. Fulfilment of citizens rights to privacy and adherence to legislation can be done more effectively when ethical and technological issues are addressed in tandem. 4.6 Security Findings from the patient empowerment study within SUSTAINS identified that patients believed that EHR services have been found to have an adequate level of security. However, while the sensitivity of the data available on-line was recognised, feedback from the study found that too high security might ultimately discourage citizens / patients from actually using the SUSTAINS services and/or hinder the uptake of the services. This issue was particularly highlighted during the discussions about involving and encouraging elderly people to use the services. A need to strike a balance between security and usability and accessibility was, therefore, noted. Public Page 14 of 16 v1.0 / 20th January 2015

15 5. Recommendations The chapter puts forward a final set of recommendations in relation to security and privacy issues, based on the above discussion. The recommendations aim to offer guidance to other regions seeking to implement SUSTAINS type services. 5.1 Principles The recommendations are underpinned by the following two principles: Fulfilment of citizens rights to privacy, and adherence to legislation can be done more effectively when ethical and technological issues are addressed in tandem. Security processes must keep sight the need for services to be accessible and usable by citizens. 5.2 Recommendations Informed Consent In line with the recommendation on patient consent from the study by Milieu Ltd, a three stage approach is recommended: a. When a patient visits a healthcare professional in order to receive care, this professional has the duty to keep a record of at least a minimum set of data related to the identity of this patient and related to the care provided; no additional implicit or explicit consent of the patient, or even an opt-out possibility, is thus needed at this stage. b. When, on the basis of national or regional law, public authorities decide to make available EHRs for exchange among healthcare professionals (e.g. in order to avoid unnecessary public healthcare costs), such EHR sharing systems can be established and include available individual EHRs without additional explicit consent of the patients. Member States are however free to introduce opt-out possibilities for this stage. This viewpoint corresponds to the one expressed by the Working Party in its opinion of c. When a patient visits a healthcare professional who wishes to receive or access health data collected from this patient by other healthcare providers (by means of the EHR sharing system), such access will require prior explicit consent of the patient concerned. This consent constitutes, at the same time, proof that this patient has engaged into a therapeutic relationship with the healthcare professional. An agreement should be reached by the ehealth Network on the three-stage model described in the previous recommendation, promoting this model as a European guideline for all Member States. Access to data Where data has been masked based on a citizen s wishes, the action of masking must not be traceable. Public Page 15 of 16 v1.0 / 20th January 2015

16 Citizens should have full access to information held about them within their EHR. - Optionally, citizens could choose for access to be withheld for (say) 14 days. Member States should set specific rules allowing the data from EHRs, to which the patient already has access, to be downloaded, as well as providing for the availability online of the information about who accessed EHRs. Data accuracy Agreement is required on a set of guidelines, e.g. on the possibility for patients to add or modify data in EHRs. Data should not be totally erased, even if incorrect, as HCPs may have used it to make clinical decisions. The distinction between data masking and erasure should be made within the guidelines. Harmonisation of legislation Harmonisation of legislation should be facilitated by Member States through adoption of guidelines regarding the EHR that may be adopted at an EU level. Public Page 16 of 16 v1.0 / 20th January 2015

Final report and recommendations Type. Contract 2013 63 02

Final report and recommendations Type. Contract 2013 63 02 Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Final report and recommendations Type Contract

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

The coordination of healthcare in Europe

The coordination of healthcare in Europe The coordination of healthcare in Europe Rights of insured persons and their family members under Regulations (EC) No 883/2004 and (EC) No 987/2009 Social Europe European Commission The coordination of

More information

Overview of the national laws on electronic health records in the EU Member States National Report for Lithuania

Overview of the national laws on electronic health records in the EU Member States National Report for Lithuania Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Contract 2013 63 02 Overview of the national

More information

Under European law teleradiology is both a health service and an information society service.

Under European law teleradiology is both a health service and an information society service. ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)

More information

Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014

Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014 Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014 About ECDA The European Chronic Disease Alliance (ECDA) is a Brussels-based alliance of 11 European health

More information

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person. PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically

More information

Response to the European Commission s consultation on the legal framework for the fundamental right to protection of personal data

Response to the European Commission s consultation on the legal framework for the fundamental right to protection of personal data Stockholm: Göteborg: Malmö: 105 24 Stockholm Box 57 Box 4221 Fax 08 640 94 02 401 20 Göteborg 203 13 Malmö Plusgiro: 12 41-9 Org. Nr: 556134-1248 www.intrum.se Bankgiro: 730-4124 info@se.intrum.com Response

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Code of Practice on Electronic Invoicing in Europe

Code of Practice on Electronic Invoicing in Europe Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended

More information

Code of Practice on Electronic Invoicing in Europe

Code of Practice on Electronic Invoicing in Europe Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended

More information

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine International Privacy and Data Security Requirements Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine Aims of this Presentation. To provide a brief overview of

More information

Data Management Plan ehcobutler Project

Data Management Plan ehcobutler Project ehcobutler Project Version: 1.08 April 30 th 2015 This Project has received funding from the European Union s Horizon 2020 research DOCUMENT CONTROL Title: Data Management Plan Date: April30 th 2015 Author:

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

Overview of the national laws on electronic health records in the EU Member States National Report for Ireland

Overview of the national laws on electronic health records in the EU Member States National Report for Ireland Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Contract 2013 63 02 Overview of the national

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

Medical research and data sharing how open can we be? Dr Renate Gertz AHRC Centre School of Law University of Edinburgh Scotland

Medical research and data sharing how open can we be? Dr Renate Gertz AHRC Centre School of Law University of Edinburgh Scotland Medical research and data sharing how open can we be? Dr Renate Gertz AHRC Centre School of Law University of Edinburgh Scotland Introduction The uses of health data Primary uses: For clinical care (relatively

More information

Response of the German Medical Association

Response of the German Medical Association Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

Brussels, 20 July 2010 (Case 2009-0215) 1. Proceedings

Brussels, 20 July 2010 (Case 2009-0215) 1. Proceedings Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Investment Bank (EIB) concerning procedures related to "360 Leadership feedback report" Brussels,

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 Copyright ESOMAR 2012 TABLE OF CONTENTS 2 Objectives 2 Introduction 3 Definitions 4 SECTION 1: APPLICABLE LAW 4 SECTION 2: WHAT YOU NEED TO KNOW SOME FAQs 5

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Explanatory notes VAT invoicing rules

Explanatory notes VAT invoicing rules Explanatory notes VAT invoicing rules (Council Directive 2010/45/EU) Why explanatory notes? Explanatory notes aim at providing a better understanding of legislation adopted at EU level and in this case

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

The EFPIA Disclosure Code: Your Questions Answered

The EFPIA Disclosure Code: Your Questions Answered The EFPIA Disclosure Code: Your Questions Answered Working together: why do the pharmaceutical industry and healthcare professionals work together? 1 Why does industry pay health professionals to provide

More information

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

The EBF would like to take the opportunity to note few general remarks on key issues as follows: Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

Comments and proposals on the Chapter II of the General Data Protection Regulation

Comments and proposals on the Chapter II of the General Data Protection Regulation Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

INERTIA ETHICS MANUAL

INERTIA ETHICS MANUAL SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription

Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription Deliverable: Work Package Document WP3.7 D.3.7.2. FINAL

More information

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 About Healthcare Identifiers QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 Q1. What is the Healthcare Identifiers Service? The Healthcare Identifiers (HI) Service will implement and maintain a

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Information Governance and Management Standards for the Health Identifiers Operator in Ireland

Information Governance and Management Standards for the Health Identifiers Operator in Ireland Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high

More information

COMMISSION REGULATION (EU) No /.. of XXX

COMMISSION REGULATION (EU) No /.. of XXX EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

Data Protection Standard

Data Protection Standard Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2

More information

Quality in and Equality of Access to Healthcare Services

Quality in and Equality of Access to Healthcare Services Quality in and Equality of Access to Healthcare Services Executive Summary European Commission Directorate-General for Employment, Social Affairs and Equal Opportunities Manuscript completed in March 2008

More information

The new EU Clinical Trials Regulation How NHS research and patients will benefit

The new EU Clinical Trials Regulation How NHS research and patients will benefit the voice of the NHS in Europe Briefing September 2014 Issue 19 The new EU Clinical Trials Regulation How NHS research and patients will benefit Who should read this briefing? This briefing will be of

More information

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that Medical Defence Union response to consultation on European Commission s proposals for Directive on the application of patients rights in cross-border healthcare Introduction 1. The Medical Defence Union

More information

European Commission consultation on contract rules for online purchases of digital content and tangible goods.

European Commission consultation on contract rules for online purchases of digital content and tangible goods. 03 September 2015 Position Paper European Commission consultation on contract rules for online purchases of digital content and tangible goods. Executive Summary EUROCHAMBRES believes that the initiative

More information

THE TRANSFER OF PERSONAL DATA ABROAD

THE TRANSFER OF PERSONAL DATA ABROAD THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE

More information

UNCITRAL legislative standards on electronic communications and electronic signatures: an introduction

UNCITRAL legislative standards on electronic communications and electronic signatures: an introduction legislative standards on electronic communications and electronic signatures: an introduction Luca Castellani Legal Officer secretariat International harmonization of e-commerce law Model Law on Electronic

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, 9.12.2015 COM(2015) 627 final 2015/0284 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ensuring the cross-border portability of online content

More information

Health Care Consent Act

Health Care Consent Act Briefing Note 2005, 2007 College of Physiotherapists of Ontario 2009 Contents Overview...3 Putting the in Context...3 The HCCA in Brief...4 Key Principles Governing Consent to Treatment...4 Key Aspects

More information

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE)

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE) EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL Regulatory Policy Standardisation Brussels, 9 th November 2005 Doc.: 34/2005 Rev. 1 EN COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34

More information

PNAE Paediatric Nursing Associations of Europe

PNAE Paediatric Nursing Associations of Europe PNAE Paediatric Nursing Associations of Europe Paediatric Nurse Education in Europe A Position Statement by the Paediatric Nursing Associations of Europe (PNAE) Introduction The PNAE network carried out

More information

REFORM OF STATUTORY AUDIT

REFORM OF STATUTORY AUDIT EU BRIEFING 14 MARCH 2012 REFORM OF STATUTORY AUDIT Assessing the legislative proposals This briefing sets out our initial assessment of the legislative proposals to reform statutory audit published by

More information

MEDICAL INNOVATION BILL

MEDICAL INNOVATION BILL MEDICAL INNOVATION BILL 1. Introduction The Academy of Medical Royal Colleges (the Academy) speaks on standards of care and medical education across the UK. By bringing together the expertise of all the

More information

Privileged user management

Privileged user management Privileged user management vv It s time to take control Bob Tarzey, Analyst and Director, Quocirca Ltd Introduction The data presented is based on 270 telephone interviews with organisations across Europe

More information

HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia

HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia PRESENTATION OF THE DRAFT DATA PROTECTION POLICY FOR NAMIBIA Pria Chetty, ITU International Legal

More information

COCIR Contribution to the General Data Protection Regulation 1 and European Parliament LIBE report 2

COCIR Contribution to the General Data Protection Regulation 1 and European Parliament LIBE report 2 COCIR Contribution to the General Data Protection Regulation 1 and European Parliament LIBE report 2 COCIR calls for a single, clear and workable data protection framework that protects privacy and encourages

More information

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of. Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

EHR Contributor Agreement

EHR Contributor Agreement This EHR Contributor Agreement (this Agreement ) is made effective (the Effective Date ) and sets out certain terms and conditions that apply to the sharing of Personal

More information

Pacific Smiles Group Privacy Policy

Pacific Smiles Group Privacy Policy Pacific Smiles Group Privacy Policy Pacific Smiles Group Limited and its related bodies corporate (PSG, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in

More information

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Standard Terms of Engagement. and. Terms of Business

Standard Terms of Engagement. and. Terms of Business Standard Terms of Engagement and Terms of Business Contents 1. Standard Terms of Engagement of Keirs Carr... 4 1.1 Accounting Services... 4 Accounting Services... 4 Compilation of Financial Statements...

More information

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE EN EN EN EUROPEAN COMMISSION Brussels, COM(2010) COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE Removing cross-border tax obstacles

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 4 May 2012. 9441/12 Interinstitutional File: 2008/0090 (COD) LIMITE INF 75 API 56 JUR 253 CODEC 1153

COUNCIL OF THE EUROPEAN UNION. Brussels, 4 May 2012. 9441/12 Interinstitutional File: 2008/0090 (COD) LIMITE INF 75 API 56 JUR 253 CODEC 1153 COUNCIL OF THE EUROPEAN UNION Brussels, 4 May 2012 9441/12 Interinstitutional File: 2008/0090 (COD) LIMITE INF 75 API 56 JUR 253 CODEC 1153 NOTE from: Presidency to Permanent Representatives Committee

More information

Disability Action Plan

Disability Action Plan Disability Action Plan The LIV Disability Action Plan aims to: provide equal opportunity for people with disabilities to participate in and contribute to the full range of activities of the LIV; promote

More information

European Commission initiatives on e- and mhealth

European Commission initiatives on e- and mhealth European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,

More information

erview of the national laws on electronic health records in the EU Member States National Report for ROMANIA

erview of the national laws on electronic health records in the EU Member States National Report for ROMANIA Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Contract 2013 63 02 Overview of the national

More information

ZIMPERIUM, INC. END USER LICENSE TERMS

ZIMPERIUM, INC. END USER LICENSE TERMS ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side

More information

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? 10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction

More information

Planned Healthcare in Europe for Lothian residents

Planned Healthcare in Europe for Lothian residents Planned Healthcare in Europe for Lothian residents Introduction This leaflet explains what funding you may be entitled to if you normally live in Lothian (Edinburgh, West Lothian, Midlothian and East Lothian

More information

Backgrounder Heart Index

Backgrounder Heart Index Backgrounder Heart Index Introduction: In response to a need for information on specific diseases areas, the Health Consumer Powerhouse (HCP) has developed the Euro Consumer Heart Index (Heart Index).

More information

Consultation Paper. ESMA Guidelines on Alternative Performance Measures. 13 February 2014 ESMA/2014/175

Consultation Paper. ESMA Guidelines on Alternative Performance Measures. 13 February 2014 ESMA/2014/175 Consultation Paper ESMA Guidelines on Alternative Performance Measures 13 February 2014 ESMA/2014/175 Date: 13 February 2014 ESMA/2014/175 Responding to this paper The European Securities and Markets Authority

More information

FBF position paper on the European Commission's proposal for a Directive on bank accounts ****

FBF position paper on the European Commission's proposal for a Directive on bank accounts **** Paris, June 2013 FBF position paper on the European Commission's proposal for a Directive on bank accounts The French Banking Federation (FBF) is the professional body that represents all banks operating

More information

This is consistent with our guidance in Good medical practice, which says:

This is consistent with our guidance in Good medical practice, which says: 26 August 2014 Bill Rogers Competition and Markets Authority Dear Bill Rogers, Draft Order Thank you for meeting my colleague Catherine Thomas to discuss your Order. This letter is our formal response.

More information

- Assessment of the application by Member States of European Union VAT provisions with particular relevance to the Mini One Stop Shop (MOSS) -

- Assessment of the application by Member States of European Union VAT provisions with particular relevance to the Mini One Stop Shop (MOSS) - - Assessment of the application by Member States of European Union VAT provisions with particular relevance to the Mini One Stop Shop (MOSS) - BACKGROUND The information available on this website relates

More information

Health Care Provider Guide

Health Care Provider Guide Health Care Provider Guide Diagnostic Imaging Common Service Project, Release 1 Version: 1.4 Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document may be reproduced

More information

Information Sharing Agreements for Disclosure of EHR Data within Canada

Information Sharing Agreements for Disclosure of EHR Data within Canada Information Sharing Agreements for Disclosure of EHR Data within Canada Prepared for the Pan Canadian Health Information Privacy (HIP) Group Authored by: Elaine Sawatsky, January 2010 Table of Contents

More information

Summary of facts on the legal guaranty of conformity and commercial warranties

Summary of facts on the legal guaranty of conformity and commercial warranties Summary of facts on the legal guaranty of conformity and commercial warranties Main legal sources: Directive 1999/44/EC on sale of consumer goods and associated guarantees and Directive 2011/83/EU on consumer

More information

Basic banking services

Basic banking services Presentation to the European Parliament by London Economics 25 January 2012 1 Presentation outline Basic facts and benefits 2 and benefits Background Access to basic banking is essential in modern society,

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

MIS Privacy Statement. Our Privacy Commitments

MIS Privacy Statement. Our Privacy Commitments MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed

More information

FINLAND ON A ROAD TOWARDS A MODERN LEGAL BIOBANKING INFRASTRUCTURE

FINLAND ON A ROAD TOWARDS A MODERN LEGAL BIOBANKING INFRASTRUCTURE Postrefereed, preprint version of the text published at European Journal of Health Law 2013(3)28994. Link to the publisher s website: http://www.brill.com/europeanjournalhealthlaw Sirpa Soini FINLAND ON

More information

Electronic Health Record Privacy Policies

Electronic Health Record Privacy Policies Electronic Health Record Privacy Policies Table of Contents 1. Access and Correction Policy v1.1 2. Assurance Policy v1.1 3. Consent Management Policy v1.2 4. Inquiries and Complaints Policy v1.1 5. Logging

More information

PRIVACY ASPECTS IN HEALTHCARE

PRIVACY ASPECTS IN HEALTHCARE PRIVACY ASPECTS IN HEALTHCARE Rose-Mharie Åhlfleldt, University of Skövde and Karlstad University Bild 1 OUTLINE Good quality of care Patient safety and patient privacy Current state of research SUSTAINS

More information

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT November 2003 Laid before the Scottish Parliament on 10th November 2003 pursuant to section 61(6) of the Freedom of Information

More information

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION

More information

Do you have a private life at your workplace?

Do you have a private life at your workplace? Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli In the course of his supervisory activities, the EDPS has published positions on

More information

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in

More information

REPORT ON. CONFIDENTIALITY AND DATA PROTECTION IN THE ACTIVITY OF FIUs 1. (Good practices)

REPORT ON. CONFIDENTIALITY AND DATA PROTECTION IN THE ACTIVITY OF FIUs 1. (Good practices) EN EN EN Brussels, 28 April 2008 EU FINANCIAL INTELLIGENCE UNITS' PLATFORM REPORT ON CONFIDENTIALITY AND DATA PROTECTION IN THE ACTIVITY OF FIUs 1 (Good practices) The EU Financial Intelligence Units'

More information

Privacy Policy. Federal Insurance Company, Singapore Branch Singapore Personal Data Protection Privacy Policy. 1. Introduction

Privacy Policy. Federal Insurance Company, Singapore Branch Singapore Personal Data Protection Privacy Policy. 1. Introduction Privacy Policy 1. Introduction Federal Insurance Company, Singapore Branch ( we, our or us ) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal

More information

Table of Contents. Preface... 1. 1 CPSA Position... 2. 1.1 How EMRs and Alberta Netcare are Changing Practice... 2. 2 Evolving Standards of Care...

Table of Contents. Preface... 1. 1 CPSA Position... 2. 1.1 How EMRs and Alberta Netcare are Changing Practice... 2. 2 Evolving Standards of Care... March 2015 Table of Contents Preface... 1 1 CPSA Position... 2 1.1 How EMRs and Alberta Netcare are Changing Practice... 2 2 Evolving Standards of Care... 4 2.1 The Medical Record... 4 2.2 Shared Medical

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

BIO-PARTNERING EUROPE EVENT SPEECH PAOLA TESTORI COGGI DIRECTOR GENERAL FOR HEALTH AND CONSUMERS EUROPEAN COMMISSION

BIO-PARTNERING EUROPE EVENT SPEECH PAOLA TESTORI COGGI DIRECTOR GENERAL FOR HEALTH AND CONSUMERS EUROPEAN COMMISSION EUROPABIO BIO-PARTNERING EUROPE EVENT TUESDAY 9 OCTOBER 2012 9.10 9.20 HRS SPEECH BY PAOLA TESTORI COGGI DIRECTOR GENERAL FOR HEALTH AND CONSUMERS EUROPEAN COMMISSION I am pleased to have the opportunity

More information