COCIR contribution to the public consultation on Personal Data Protection in the EU 1

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "COCIR contribution to the public consultation on Personal Data Protection in the EU 1"

Transcription

1 COCIR contribution to the public consultation on Personal Data Protection in the EU 1 European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry Bd. A. Reyers 80, 1030 Brussels, Belgium Register ID number: COCIR represents the European Medical Diagnostic and Imaging, Electromedical and Healthcare IT Industry. Our industry offers healthcare IT solutions that support the safe, fast and seamless transfer of medical data to support quality healthcare for the benefit of patients and medical professionals. In this respect COCIR welcomes the initiative to review the personal data protection legal framework in the EU and sees it as an opportunity for improving the consistent enforcement of patients rights to privacy while ensuring the free flow of information and availability of medical data to ensure patients safety. This paper responds to the proposals of the Communication that relate to healthcare IT in the detailed briefing that follows. We would also like to attract the Commission s attention on four major matters when strengthening data protection: 1. Ensuring availability of data and patient safety: Timely and optimal healthcare depends on the availability of reliable, comprehensive health data. Availability of medical data is crucial for delivering emergency care, telehealth services, remote maintenance of IT systems, clinical research and public health research. COCIR therefore calls on the Commission to propose legislation that strengthens data protection without creating barriers for the free movement and processing of medical data that would inevitably hamper patient safety. See example 1 and 2 in annex for more detail. 2. Citizens rights to decide how their data is handled: Medical data is sensitive data. It should not be accessible to those that do not have authorization, but it should be available to enable healthcare delivery. Therefore COCIR suggests that the forthcoming EU legislation clarifies citizens consent and right to decide how their medical data is handled. 3. Need for better harmonisation of data protection rules across the EU: COCIR calls on the Commission to reduce administrative barriers on global entities attempting to comply with several country specific data protection laws when delivering health services or providing maintenance to IT systems with critical health data. This would allow for an efficient system where data flow is secure, and would raise citizen s confidence in the data protection framework and eliminate the current barriers to trade in the internal market. See example 3 in annex. 4. Healthcare organizations should have controls in place to ensure the adequate and safe use of healthcare information technology (HIT): Any technical solution can be compromised if users ignore or circumvent the policy or procedures that apply to it. To avoid this, all organisations utilising health information technology must have policies and procedures in place that provide actions to the different functions that make up a workflow and provide instructions on what controls must be turned on in the HIT system. COCIR recommends that the forthcoming legislation encourages the establishment of efficient security controls in healthcare settings and tackles the misuse of IT tools by users of 5 13 January 2011

2 DETAILED BRIEFING Hereafter are the responses to the various proposals of the Communication, which are relevant to medical diagnostic and imaging, electromedical and healthcare IT industry sector. Section Increasing transparency for data subjects Introducing a general principle of transparent processing of personal data in the legal framework COCIR agrees with the principle of transparent processing but notes that the implementation of the principle can be difficult to fulfill. During a patient visit, the healthcare professional can inform the patient on why their information is being collected, but it becomes difficult and technical to explain how the data will be processed, who will have access to it, which servers it will go through, or where the data will be archived and for how long. COCIR would recommend a simple and low-constraint approach on this matter, such as developing a notice that informs patients about the life-cycle of their data (who, when, where, how, and why). Such notice could be developed and delivered by healthcare providers. Introducing a general personal data breach notification in the legal framework COCIR welcomes the proposal to introduce a mandatory personal data breach notification. Current technology developed by our industry allows for the detection of breaches and to notify them to relevant authorities. On this matter COCIR notes that organizing data breach notification at national level could lead to different types of data breach definitions and types of notifications, which would be costly and burdensome. COCIR thus calls for harmonisation and recommends: A common data breach definition at EU level A common procedure for breach notification across the EU Clear guidelines explaining when to notify, how to notify and to whom. In case of personal data breaches occurring in more than one Member States, COCIR recommends that breaches be reported to a single data protection authority (instead of reporting to the DPA of various countries) such as the article 29 working party. Section Enhancing control over one s own data Introducing the principle of data minimisation in the legal framework COCIR calls for caution on the principle of data minimisation and attracts the Commission s attention on three separate scenarios: Scenario 1: Use of data for the treatment of a patient In the case of a referred patient, some data (such as symptoms, or medication history) may seem unrelated and can thus be removed from or blocked - according to the principle of data minimization- in the dataset accessible by a medical professional. However in medicine, all findings and symptoms can be related to each other and with the consent of the patient - all historic health data should be available to healthcare professionals. Stricter access and storage rules (due to data minimisation) would limit the available data leading to possible wrong diagnosis / treatment. COCIR thus recommends that all existing data should be available for the treatment of a patient. See example 1 in annex. 2 of 5 13 January 2011

3 Scenario 2: Use of data for secondary purposes with patient consent Medical data or portions of it collected during the treatment of a patient could be used if anonymised and with the patient consent for various secondary purposes (e.g. university education, clinical decision support, public health research, etc.) In this scenario, COCIR recommends that only the data for which the patient has given his consent should be used. See example 2 in annex. Scenario 3: Use of data for secondary purposes as a policy without patient consent Medical data and portions of it collected during the treatment of a patient can be used for secondary purposes (e.g. university education, clinical decision support, public health research, etc.) if the hospital/healthcare provider decides as an organizational policy that anonymised data can be used for secondary purposes and communicates this clearly to the patient. COCIR thus recommends a certain level of flexibility on the principle of data minimisation, to be able to adapt to the various situations and needs of healthcare, public health research and health education. Section Ensuring informed and free consent Ensuring free and informed consent COCIR warmly welcomes the proposal to clarify and strengthen the rule on data subjects consent and information. Please see our position on patients informed consent in points and Section Protecting sensitive data Clarifying and harmonising the conditions allowing for the processing of sensitive data COCIR welcomes the initiative to re-assess existing conditions and safeguards for the processing of sensitive data to ensure they are in line with citizens rights to privacy (article 8.3 of Directive 95/46/EC) and to harmonise these conditions within the EU. In this process COCIR invites the Commission to take stock of modern and effective data protection techniques such as for instance- modern encryption of data. With such technologies in place, data processing does not constitute a privacy risk to sensitive data, and should therefore allow for the processing of data through appropriate service providers (e.g. processing and storing medical data through third-party servers). Please see example 3 in annex. Section 2.2 Internal market dimension Harmonisation of data protection rules across the EU COCIR welcomes the Commission s actions towards aligning the framework for national data protection legislation which currently is quite fragmented at the member state level. The Single Market would benefit significantly from a uniform and aligned national data protection implementation in the EU member states. Please see example 3 in annex. At this time, experts in other regions of the world similarly discuss data protection matters which may result in global data protection standards, e.g. to be published under the lead of IEC with potential contributions from ISO (e.g. the ISO 2700x-family) as well as fora/consortia. In that 3 of 5 13 January 2011

4 respect a new approach method would help clarifying the appropriate implementation measures, help reducing barriers to trade and strengthen citizens confidence. COCIR members are willing to support this approach by contributing to international standards for harmonization and through modern ICT solutions. COCIR recommends the adoption of global standards in the forthcoming legislation and the establishment of an implementation mechanism with clear guidelines to ensure a consistent enforcement of the forthcoming legislation in all EU Member States. COCIR also calls on the Commission to liaise with other international bodies developing guidance on data protection, such as the OECD. Section Enhancing data controllers responsibility Promoting the use of privacy enhancing technologies (PETs) and privacy by design principle COCIR welcomes the proposal to promote the use of PETs and privacy by design principle, and notes that these technologies are already largely used and implemented. In the field of healthcare however, we are concerned that too much security might impede the free flow of data, and strongly recommend that strengthening security rules and processes should not impede the availability of medical data, which is important for patient safety. Possible creation of an EU certification schemes for privacy-compliant processes/technologies/products/services COCIR welcomes the creation of an EU-certification scheme in the security field as a step towards more and better security. COCIR encourages the certification of security procedures, based on industry best practices (e.g. ISO27001) and recommends using public/private certification auditors for these certification activities. 4 of 5 13 January 2011

5 Annex: examples of situations in Germany where current data protection rules have proved burdensome Example 1: Flow of information between hospital and ambulatory settings In Germany there is a strict division between the hospital sector and the ambulatory sector. Data protection officers do not allow the flow of patient data in cross-sectoral care processes. This is only allowed provided there is an integrated care contract between the hospital and the general practitioner. Such contracts cover only about 1% of the population. Wherever such agreements are not in place (99% of the population) German physicians cannot have access to patient information gathered elsewhere -for instance at the hospital - even if the patient has given his/her consent. Example 2: Sharing patient medical history between practitioners Some drugs can be dangerous or even fatal in combined with other drugs. For instance the combination of different cholesterol-lowering drugs can lead to renal failure and sometimes death. The combination of Viagra with lowering blood pressure drugs can lead to renal failure and heart attack. Such combinations have led to hundreds of casualties in Germany because doctors prescribing those drugs did not know that their patient was taking other medication prescribed by another doctor. The Lipobay scandal (cholesterol-lowering drug) triggered the German national ehealth Card program in 2003 and the adoption of a law in 2006, because the government thought it would be of great value to have anonymised medication data available to recognize patterns, detect problems early, size the problem, predict problems or educate/support physicians at the point of care. However implementation is lagging behind because data protection authorities want to allow the patient to hide some information included in the card. This would annihilate the purpose of the ehealth card, with doctors having access to only limited information on the medication history of the patient. In this example, patients, doctors, health authorities and the pharmacy industry were victims of the situation: patients suffered adverse health effects, health authorities did not react timely as the link between the different drugs was made with a delay, doctors prescribed drugs that they should not have prescribed had they had complete information on their patient, and the pharmacy industry had to pay important fines (Bayer alone had to pay indemnities of 125m$ by 2003 and stock price went down significantly) which could have been avoided. Example 3: Higher cost for storing data in a German Lander Data protection authorities in Schleswig-Holstein (SH) in Germany prohibit several ITimplementations supporting healthcare, even if these applications are approved, sold and operated in other Landers with no security breaches reported until now. The SH data protection authorities consider that servers hosting data as "external third-party are not allowed to receive, store or process medical data, even if the server infrastructure is operated under tight contractual security and auditing obligations (as in the other Landers) and even if the patients gave their consent to this type of application. As a result, the healthcare providers in SH face higher IT cost, not only for buying storage for each place but also for the operating cost of high-available, high-performance, highly-protected data storage centers. 5 of 5 13 January 2011

Response of the German Medical Association

Response of the German Medical Association Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful

More information

Healthcare Coalition on Data Protection

Healthcare Coalition on Data Protection Healthcare Coalition on Data Protection Recommendations and joint statement supporting citizens interests in the benefits of data driven healthcare in a secure environment Representing leading actors in

More information

Under European law teleradiology is both a health service and an information society service.

Under European law teleradiology is both a health service and an information society service. ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

Giuseppe Busia Segretario generale Garante per la protezione dei dati personali

Giuseppe Busia Segretario generale Garante per la protezione dei dati personali mhealth enablers panel The Health & Wellness @ Mobile World Congress 2015 Giuseppe Busia Segretario generale Garante per la protezione dei dati personali 1 mhealth main concern Mobile Health (mhealth)

More information

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities

More information

Health Data Governance: Privacy, Monitoring and Research - Policy Brief

Health Data Governance: Privacy, Monitoring and Research - Policy Brief Health Data Governance: Privacy, Monitoring and Research - Policy Brief October 2015 www.oecd.org/health Highlights All countries can improve their health information systems and make better use of data

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Message from Dr York Y N CHOW, GBS, JP Secretary for Food and Health

Message from Dr York Y N CHOW, GBS, JP Secretary for Food and Health Message from Dr York Y N CHOW, GBS, JP Secretary for Food and Health Dear Citizens, In 2008, the Government embarked on a reform of our healthcare system to ensure its sustainable development and respond

More information

The new EU Clinical Trials Regulation How NHS research and patients will benefit

The new EU Clinical Trials Regulation How NHS research and patients will benefit the voice of the NHS in Europe Briefing September 2014 Issue 19 The new EU Clinical Trials Regulation How NHS research and patients will benefit Who should read this briefing? This briefing will be of

More information

Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision

Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision September 2014 1 The General Pharmaceutical Council is the regulator for pharmacists, pharmacy

More information

Draft Code of Conduct on privacy for mobile health applications

Draft Code of Conduct on privacy for mobile health applications Draft Code of Conduct on privacy for mobile health applications I. About this Code 1) Introduction To be drafted as a last step, when the rest of the Code is more or less stable Ed. 2) Purpose The purpose

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

COCIR Contribution to the General Data Protection Regulation 1 and European Parliament LIBE report 2

COCIR Contribution to the General Data Protection Regulation 1 and European Parliament LIBE report 2 COCIR Contribution to the General Data Protection Regulation 1 and European Parliament LIBE report 2 COCIR calls for a single, clear and workable data protection framework that protects privacy and encourages

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

JOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES

JOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES JOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Jennings

More information

Overview of the national laws on electronic health records in the EU Member States National Report for Lithuania

Overview of the national laws on electronic health records in the EU Member States National Report for Lithuania Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Contract 2013 63 02 Overview of the national

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

E-PRIVACY DIRECTIVE: Personal Data Breach Notification

E-PRIVACY DIRECTIVE: Personal Data Breach Notification E-PRIVACY DIRECTIVE: Personal Data Breach Notification PUBLIC CONSULTATION BEUC Response Contact: Kostas Rossoglou digital@beuc.eu Ref.: X/2011/092-13/09/11 EC register for interest representatives: identification

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014

Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014 Green Paper on mhealth apps Input from the European Chronic Disease Alliance (ECDA) 2 July 2014 About ECDA The European Chronic Disease Alliance (ECDA) is a Brussels-based alliance of 11 European health

More information

INTERNATIONAL PHARMACEUTICAL PRIVACY CONSORTIUM COMMENTS IN RESPONSE TO THE CALL FOR EVIDENCE ON EU DATA PROTECTION PROPOSALS

INTERNATIONAL PHARMACEUTICAL PRIVACY CONSORTIUM COMMENTS IN RESPONSE TO THE CALL FOR EVIDENCE ON EU DATA PROTECTION PROPOSALS INTERNATIONAL PHARMACEUTICAL PRIVACY CONSORTIUM COMMENTS IN RESPONSE TO THE CALL FOR EVIDENCE ON EU DATA PROTECTION PROPOSALS I. INTRODUCTION The International Pharmaceutical Privacy Consortium (IPPC)

More information

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465

More information

Council of the European Union Brussels, 5 March 2015 (OR. en)

Council of the European Union Brussels, 5 March 2015 (OR. en) Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

COCIR* position on the certification of Healthcare IT product interoperability

COCIR* position on the certification of Healthcare IT product interoperability EUROPEAN COORDINATION COMMITTEE OF THE RADIOLOGICAL, ELECTROMEDICAL AND HEALTHCARE IT INDUSTRY COCIR Position Paper COCIR* position on the certification of Healthcare IT product interoperability The objective

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

ISO 27001 COMPLIANCE WITH OBSERVEIT

ISO 27001 COMPLIANCE WITH OBSERVEIT ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk

More information

An introduction to the regulation of apps and wearables as medical devices

An introduction to the regulation of apps and wearables as medical devices An introduction to the regulation of apps and wearables as medical devices Introduction Phones are increasingly equipped with a range of devices capable of being used as sensors, including gyroscopes,

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the

More information

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)

More information

Concerning: Norwegian Nurses Organisation s input to the Green Paper on Modernising the Professional Qualifications Directive

Concerning: Norwegian Nurses Organisation s input to the Green Paper on Modernising the Professional Qualifications Directive European Commission Directorate General Internal Market and Services Oslo, August 26th 2011 Concerning: Norwegian Nurses Organisation s input to the Green Paper on Modernising the Professional Qualifications

More information

Save time, save money, save lives

Save time, save money, save lives Save time, save money, save lives BETTER DOCUMENT AND DATA MANAGEMENT FOR THE NHS At a time when funds are scarce, investment in new and improved data management systems can actually create significant

More information

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )

More information

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164]

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164] GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164] OCR HIPAA Privacy The following overview provides answers to

More information

THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY

THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY EXECUTIVE SUMMARY Email is a critical business communications tool for organizations of all sizes. In fact, a May 2009 Osterman Research survey

More information

To the extent the federal government determines that it will directly operate prescription

To the extent the federal government determines that it will directly operate prescription Prescription Drug Abuse and Diversion: The Role of Prescription Drug Monitoring Programs Bill Number: Hearing Date: September 23, 2004, 2:00 pm Location: SD-430 Witness: Joy L. Pritts, J.D. Health Policy

More information

Data protection at the cost of economic growth?

Data protection at the cost of economic growth? Data protection at the cost of economic growth? Elina Pyykkö* ECRI Commentary No. 11/November 2012 The Data Protection Regulation proposed by the European Commission contains important elements to facilitate

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Building Trust and Confidence in Healthcare Information. How TrustNet Helps Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)

More information

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses DR. KIBBE S RESPONSES What is health information exchange? How can health information exchange help my practice? Can I comply

More information

Information Governance and Management Standards for the Health Identifiers Operator in Ireland

Information Governance and Management Standards for the Health Identifiers Operator in Ireland Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high

More information

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

By Emily Hay and Jan Dhont, Data Privacy Department, Lorenz Brussels.

By Emily Hay and Jan Dhont, Data Privacy Department, Lorenz Brussels. Getting a Clean Bill of Health for Privacy in Your Mobile App By Emily Hay and Jan Dhont, Data Privacy Department, Lorenz Brussels. I. Introduction to the legal regime and risks As the marketplace floods

More information

Community Pharmacy Roadmap Program Development Template

Community Pharmacy Roadmap Program Development Template Community Pharmacy Roadmap Program Development Template Program/Service: Quadrant: Pharmacist Only Medicine Notifiable (POMN) B- Pharmacy medicines and health products services and programs 1. Program/Service

More information

1 Data Protection Principles

1 Data Protection Principles Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection

More information

European Commission initiatives on e- and mhealth

European Commission initiatives on e- and mhealth European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,

More information

Telehealth and the Law: An Update from Both Sides of the Atlantic

Telehealth and the Law: An Update from Both Sides of the Atlantic Telehealth and the Law: An Update from Both Sides of the Atlantic John Williams, MD Associate Medical Director, University of Pittsburgh Medical Center International and Commercial Services Division (Moderator)

More information

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN

More information

EUCERD RECOMMENDATIONS QUALITY CRITERIA FOR CENTRES OF EXPERTISE FOR RARE DISEASES IN MEMBER STATES

EUCERD RECOMMENDATIONS QUALITY CRITERIA FOR CENTRES OF EXPERTISE FOR RARE DISEASES IN MEMBER STATES EUCERD RECOMMENDATIONS QUALITY CRITERIA FOR CENTRES OF EXPERTISE FOR RARE DISEASES IN MEMBER STATES 24 OCTOBER 2011 INTRODUCTION 1. THE EUROPEAN CONTEXT Centres of expertise (CE) and European Reference

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES http://www.lawcouncil.asn.au The Privacy Commissioner has welcomed the Law Council s initiative in producing this overview.

More information

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State

More information

12 January 2011. Register of Interest Representatives Identification number in the register: 52646912360-95

12 January 2011. Register of Interest Representatives Identification number in the register: 52646912360-95 Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

Comments of the EDPS in response to the public consultation on

Comments of the EDPS in response to the public consultation on Comments of the EDPS in response to the public consultation on the planned guidelines on recommended standard licences, datasets and charging for the reuse of public sector information initiated by the

More information

ehealth EHR Viewer & Integration Joint Service/Access Policy Executive Summary for Authorized Provider Organizations ("APOs")

ehealth EHR Viewer & Integration Joint Service/Access Policy Executive Summary for Authorized Provider Organizations (APOs) ehealth EHR Viewer & Integration Joint Service/Access Policy July 31, 2013 Version 1.0 1. BACKGROUND: Executive Summary for Authorized Provider Organizations ("APOs") ehealth Saskatchewan ("ehealth") is

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that Medical Defence Union response to consultation on European Commission s proposals for Directive on the application of patients rights in cross-border healthcare Introduction 1. The Medical Defence Union

More information

HIPAA Privacy Overview

HIPAA Privacy Overview HIPAA Privacy Overview General HIPAA stands for a federal law called the Health Insurance Portability and Accountability Act. This law, among other purposes, was created to protect the privacy and security

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Table of Contents. Acknowledgement

Table of Contents. Acknowledgement OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...

More information

RESPONSE TO EUROPEAN COMMISSION CONSULTATION ON CROSS BORDER CARE

RESPONSE TO EUROPEAN COMMISSION CONSULTATION ON CROSS BORDER CARE RESPONSE TO EUROPEAN COMMISSION CONSULTATION ON CROSS BORDER CARE JANUARY 2007 RESPONSE TO EUROPEAN COMMISSION CONSULTATION ON CROSS BORDER CARE: Consultation regarding Community action on health services

More information

EU Regulation on in-vitro Diagnostic Medical Devices call for urgent action.

EU Regulation on in-vitro Diagnostic Medical Devices call for urgent action. EU Regulation on in-vitro Diagnostic Medical Devices call for urgent action. The European Commission issued a proposal for a new Regulation on in vitro diagnostic devices in September 2012. At the committee

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

Safeguarding public health The Regulation of Software as a Medical Device

Safeguarding public health The Regulation of Software as a Medical Device Safeguarding public health The Regulation of Software as a Medical Device Dr Head of New and Emerging Technologies Medicines and Healthcare Products Regulatory Agency (MHRA) Crown Copyright 2013 About

More information

The Electoral Commission s response to the Northern Ireland Office consultation paper Improving Electoral Registration Procedures in Northern Ireland

The Electoral Commission s response to the Northern Ireland Office consultation paper Improving Electoral Registration Procedures in Northern Ireland The Electoral Commission s response to the Northern Ireland Office consultation paper Improving Electoral Registration Procedures in Northern Ireland 1 Introduction 1.1 The Electoral Commission welcomes

More information

View the Replay on YouTube. The ICO s take on Information Sharing in the NHS. FairWarning Ready Executive Webinar Series 27 June 2013

View the Replay on YouTube. The ICO s take on Information Sharing in the NHS. FairWarning Ready Executive Webinar Series 27 June 2013 View the Replay on YouTube The ICO s take on Information Sharing in the NHS FairWarning Ready Executive Webinar Series 27 June 2013 Today s Panel Dawn Monaghan Group Manager Strategic Liaison ICO UK Dawn.Monaghan@ico.org.uk

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Design of Database Security Policy In Enterprise Systems

Design of Database Security Policy In Enterprise Systems Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of

More information

Understanding EHRs: Common Features and Strategic Approaches for Medicaid/SCHIP

Understanding EHRs: Common Features and Strategic Approaches for Medicaid/SCHIP Understanding EHRs: Common Features and Strategic Approaches for Medicaid/SCHIP Presented by: Karen M. Bell MD, MMS, Director, HIT Adoption W. David Patterson PhD, Deputy Chief, Health and Demographics

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

RULES OF THE ALABAMA BOARD OF MEDICAL EXAMINERS CHAPTER 540-X-15 TELEHEALTH. Table of Contents

RULES OF THE ALABAMA BOARD OF MEDICAL EXAMINERS CHAPTER 540-X-15 TELEHEALTH. Table of Contents RULES OF THE ALABAMA BOARD OF MEDICAL EXAMINERS CHAPTER 540-X-15 TELEHEALTH Table of Contents 540-X-15-.01 Purpose 540-X-15-.02 Telehealth Medical Services by Physicians According to Licensure Status 540-X-15-.03

More information

Supplementary Policy on Data Breach Notification Legislation

Supplementary Policy on Data Breach Notification Legislation http://www.privacy.org.au Secretary@privacy.org.au http://www.privacy.org.au/about/contacts.html 4 May 2013 Supplementary Policy on Data Breach Notification Legislation Introduction It has been reported

More information

Overview of the national laws on electronic health records in the EU Member States National Report for Ireland

Overview of the national laws on electronic health records in the EU Member States National Report for Ireland Overview of the national laws on electronic health records in the EU Member States and their interaction with the provision of cross-border ehealth services Contract 2013 63 02 Overview of the national

More information

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5 Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

20. Exercise: CERT participation in incident handling related to Article 4 obligations

20. Exercise: CERT participation in incident handling related to Article 4 obligations CERT Exercises Handbook 241 241 20. Exercise: CERT participation in incident handling related to Article 4 obligations Main Objective Targeted Audience Total Duration This exercise provides students with

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid. Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment

More information

EUROPEAN UNION OF GENERAL PRACTITIONERS/FAMILY PHYSICIANS UNION EUROPEENNE DES MEDECINS OMNIPRATICIENS/MEDECINS DE FAMILLE

EUROPEAN UNION OF GENERAL PRACTITIONERS/FAMILY PHYSICIANS UNION EUROPEENNE DES MEDECINS OMNIPRATICIENS/MEDECINS DE FAMILLE EUROPEAN UNION OF GENERAL PRACTITIONERS/FAMILY PHYSICIANS UNION EUROPEENNE DES MEDECINS OMNIPRATICIENS/MEDECINS DE FAMILLE PRESIDENT: Dr. Ferenc Hajnal (Hungary) Dr. Eirik Bø Larsen (Norway) Dr. Francisco

More information

Key Points. Ref.:EBF_007865E. Brussels, 09 May 2014

Key Points. Ref.:EBF_007865E. Brussels, 09 May 2014 Ref.:EBF_007865E Brussels, 09 May 2014 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

TOTAL WOMEN S HEALTHCARE Robert L. Levy, M.D.

TOTAL WOMEN S HEALTHCARE Robert L. Levy, M.D. TOTAL WOMEN S HEALTHCARE Robert L. Levy, M.D. PATIENT NAME: DOB: FINANCIAL and other OFFICE POLICIES Please be assured that everyone in this practice is dedicated to providing the highest quality medical

More information

Post-authorisation safety studies

Post-authorisation safety studies Post-authorisation safety studies 7th SME Workshop "Focus on Pharmacovigilance" 19 April 2012 Presented by: Xavier Kurz An agency of the European Union Directive 2010/84/EU Article 21a added ( ) a marketing

More information

QUALITY SYSTEM REQUIREMENTS FOR PHARMACEUTICAL INSPECTORATES

QUALITY SYSTEM REQUIREMENTS FOR PHARMACEUTICAL INSPECTORATES PHARMACEUTICAL INSPECTION CONVENTION PHARMACEUTICAL INSPECTION CO-OPERATION SCHEME PI 002-3 25 September 2007 RECOMMENDATION ON QUALITY SYSTEM REQUIREMENTS FOR PHARMACEUTICAL INSPECTORATES PIC/S September

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information