COCIR contribution to the public consultation on Personal Data Protection in the EU 1

Transcription

1 COCIR contribution to the public consultation on Personal Data Protection in the EU 1 European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry Bd. A. Reyers 80, 1030 Brussels, Belgium Register ID number: COCIR represents the European Medical Diagnostic and Imaging, Electromedical and Healthcare IT Industry. Our industry offers healthcare IT solutions that support the safe, fast and seamless transfer of medical data to support quality healthcare for the benefit of patients and medical professionals. In this respect COCIR welcomes the initiative to review the personal data protection legal framework in the EU and sees it as an opportunity for improving the consistent enforcement of patients rights to privacy while ensuring the free flow of information and availability of medical data to ensure patients safety. This paper responds to the proposals of the Communication that relate to healthcare IT in the detailed briefing that follows. We would also like to attract the Commission s attention on four major matters when strengthening data protection: 1. Ensuring availability of data and patient safety: Timely and optimal healthcare depends on the availability of reliable, comprehensive health data. Availability of medical data is crucial for delivering emergency care, telehealth services, remote maintenance of IT systems, clinical research and public health research. COCIR therefore calls on the Commission to propose legislation that strengthens data protection without creating barriers for the free movement and processing of medical data that would inevitably hamper patient safety. See example 1 and 2 in annex for more detail. 2. Citizens rights to decide how their data is handled: Medical data is sensitive data. It should not be accessible to those that do not have authorization, but it should be available to enable healthcare delivery. Therefore COCIR suggests that the forthcoming EU legislation clarifies citizens consent and right to decide how their medical data is handled. 3. Need for better harmonisation of data protection rules across the EU: COCIR calls on the Commission to reduce administrative barriers on global entities attempting to comply with several country specific data protection laws when delivering health services or providing maintenance to IT systems with critical health data. This would allow for an efficient system where data flow is secure, and would raise citizen s confidence in the data protection framework and eliminate the current barriers to trade in the internal market. See example 3 in annex. 4. Healthcare organizations should have controls in place to ensure the adequate and safe use of healthcare information technology (HIT): Any technical solution can be compromised if users ignore or circumvent the policy or procedures that apply to it. To avoid this, all organisations utilising health information technology must have policies and procedures in place that provide actions to the different functions that make up a workflow and provide instructions on what controls must be turned on in the HIT system. COCIR recommends that the forthcoming legislation encourages the establishment of efficient security controls in healthcare settings and tackles the misuse of IT tools by users of 5 13 January 2011

2 DETAILED BRIEFING Hereafter are the responses to the various proposals of the Communication, which are relevant to medical diagnostic and imaging, electromedical and healthcare IT industry sector. Section Increasing transparency for data subjects Introducing a general principle of transparent processing of personal data in the legal framework COCIR agrees with the principle of transparent processing but notes that the implementation of the principle can be difficult to fulfill. During a patient visit, the healthcare professional can inform the patient on why their information is being collected, but it becomes difficult and technical to explain how the data will be processed, who will have access to it, which servers it will go through, or where the data will be archived and for how long. COCIR would recommend a simple and low-constraint approach on this matter, such as developing a notice that informs patients about the life-cycle of their data (who, when, where, how, and why). Such notice could be developed and delivered by healthcare providers. Introducing a general personal data breach notification in the legal framework COCIR welcomes the proposal to introduce a mandatory personal data breach notification. Current technology developed by our industry allows for the detection of breaches and to notify them to relevant authorities. On this matter COCIR notes that organizing data breach notification at national level could lead to different types of data breach definitions and types of notifications, which would be costly and burdensome. COCIR thus calls for harmonisation and recommends: A common data breach definition at EU level A common procedure for breach notification across the EU Clear guidelines explaining when to notify, how to notify and to whom. In case of personal data breaches occurring in more than one Member States, COCIR recommends that breaches be reported to a single data protection authority (instead of reporting to the DPA of various countries) such as the article 29 working party. Section Enhancing control over one s own data Introducing the principle of data minimisation in the legal framework COCIR calls for caution on the principle of data minimisation and attracts the Commission s attention on three separate scenarios: Scenario 1: Use of data for the treatment of a patient In the case of a referred patient, some data (such as symptoms, or medication history) may seem unrelated and can thus be removed from or blocked - according to the principle of data minimization- in the dataset accessible by a medical professional. However in medicine, all findings and symptoms can be related to each other and with the consent of the patient - all historic health data should be available to healthcare professionals. Stricter access and storage rules (due to data minimisation) would limit the available data leading to possible wrong diagnosis / treatment. COCIR thus recommends that all existing data should be available for the treatment of a patient. See example 1 in annex. 2 of 5 13 January 2011

3 Scenario 2: Use of data for secondary purposes with patient consent Medical data or portions of it collected during the treatment of a patient could be used if anonymised and with the patient consent for various secondary purposes (e.g. university education, clinical decision support, public health research, etc.) In this scenario, COCIR recommends that only the data for which the patient has given his consent should be used. See example 2 in annex. Scenario 3: Use of data for secondary purposes as a policy without patient consent Medical data and portions of it collected during the treatment of a patient can be used for secondary purposes (e.g. university education, clinical decision support, public health research, etc.) if the hospital/healthcare provider decides as an organizational policy that anonymised data can be used for secondary purposes and communicates this clearly to the patient. COCIR thus recommends a certain level of flexibility on the principle of data minimisation, to be able to adapt to the various situations and needs of healthcare, public health research and health education. Section Ensuring informed and free consent Ensuring free and informed consent COCIR warmly welcomes the proposal to clarify and strengthen the rule on data subjects consent and information. Please see our position on patients informed consent in points and Section Protecting sensitive data Clarifying and harmonising the conditions allowing for the processing of sensitive data COCIR welcomes the initiative to re-assess existing conditions and safeguards for the processing of sensitive data to ensure they are in line with citizens rights to privacy (article 8.3 of Directive 95/46/EC) and to harmonise these conditions within the EU. In this process COCIR invites the Commission to take stock of modern and effective data protection techniques such as for instance- modern encryption of data. With such technologies in place, data processing does not constitute a privacy risk to sensitive data, and should therefore allow for the processing of data through appropriate service providers (e.g. processing and storing medical data through third-party servers). Please see example 3 in annex. Section 2.2 Internal market dimension Harmonisation of data protection rules across the EU COCIR welcomes the Commission s actions towards aligning the framework for national data protection legislation which currently is quite fragmented at the member state level. The Single Market would benefit significantly from a uniform and aligned national data protection implementation in the EU member states. Please see example 3 in annex. At this time, experts in other regions of the world similarly discuss data protection matters which may result in global data protection standards, e.g. to be published under the lead of IEC with potential contributions from ISO (e.g. the ISO 2700x-family) as well as fora/consortia. In that 3 of 5 13 January 2011

4 respect a new approach method would help clarifying the appropriate implementation measures, help reducing barriers to trade and strengthen citizens confidence. COCIR members are willing to support this approach by contributing to international standards for harmonization and through modern ICT solutions. COCIR recommends the adoption of global standards in the forthcoming legislation and the establishment of an implementation mechanism with clear guidelines to ensure a consistent enforcement of the forthcoming legislation in all EU Member States. COCIR also calls on the Commission to liaise with other international bodies developing guidance on data protection, such as the OECD. Section Enhancing data controllers responsibility Promoting the use of privacy enhancing technologies (PETs) and privacy by design principle COCIR welcomes the proposal to promote the use of PETs and privacy by design principle, and notes that these technologies are already largely used and implemented. In the field of healthcare however, we are concerned that too much security might impede the free flow of data, and strongly recommend that strengthening security rules and processes should not impede the availability of medical data, which is important for patient safety. Possible creation of an EU certification schemes for privacy-compliant processes/technologies/products/services COCIR welcomes the creation of an EU-certification scheme in the security field as a step towards more and better security. COCIR encourages the certification of security procedures, based on industry best practices (e.g. ISO27001) and recommends using public/private certification auditors for these certification activities. 4 of 5 13 January 2011

5 Annex: examples of situations in Germany where current data protection rules have proved burdensome Example 1: Flow of information between hospital and ambulatory settings In Germany there is a strict division between the hospital sector and the ambulatory sector. Data protection officers do not allow the flow of patient data in cross-sectoral care processes. This is only allowed provided there is an integrated care contract between the hospital and the general practitioner. Such contracts cover only about 1% of the population. Wherever such agreements are not in place (99% of the population) German physicians cannot have access to patient information gathered elsewhere -for instance at the hospital - even if the patient has given his/her consent. Example 2: Sharing patient medical history between practitioners Some drugs can be dangerous or even fatal in combined with other drugs. For instance the combination of different cholesterol-lowering drugs can lead to renal failure and sometimes death. The combination of Viagra with lowering blood pressure drugs can lead to renal failure and heart attack. Such combinations have led to hundreds of casualties in Germany because doctors prescribing those drugs did not know that their patient was taking other medication prescribed by another doctor. The Lipobay scandal (cholesterol-lowering drug) triggered the German national ehealth Card program in 2003 and the adoption of a law in 2006, because the government thought it would be of great value to have anonymised medication data available to recognize patterns, detect problems early, size the problem, predict problems or educate/support physicians at the point of care. However implementation is lagging behind because data protection authorities want to allow the patient to hide some information included in the card. This would annihilate the purpose of the ehealth card, with doctors having access to only limited information on the medication history of the patient. In this example, patients, doctors, health authorities and the pharmacy industry were victims of the situation: patients suffered adverse health effects, health authorities did not react timely as the link between the different drugs was made with a delay, doctors prescribed drugs that they should not have prescribed had they had complete information on their patient, and the pharmacy industry had to pay important fines (Bayer alone had to pay indemnities of 125m$ by 2003 and stock price went down significantly) which could have been avoided. Example 3: Higher cost for storing data in a German Lander Data protection authorities in Schleswig-Holstein (SH) in Germany prohibit several ITimplementations supporting healthcare, even if these applications are approved, sold and operated in other Landers with no security breaches reported until now. The SH data protection authorities consider that servers hosting data as "external third-party are not allowed to receive, store or process medical data, even if the server infrastructure is operated under tight contractual security and auditing obligations (as in the other Landers) and even if the patients gave their consent to this type of application. As a result, the healthcare providers in SH face higher IT cost, not only for buying storage for each place but also for the operating cost of high-available, high-performance, highly-protected data storage centers. 5 of 5 13 January 2011