European Commission initiatives on e- and mhealth

Similar documents
Response of the German Medical Association

Draft Code of Conduct on privacy for mobile health applications

ehealth, mhealth and Big Data

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

Article 29 Working Party Issues Opinion on Cloud Computing

1. Understanding Big Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES

COMMISSION REGULATION (EU) No /.. of XXX

Guidelines on Data Protection. Draft. Version 3.1. Published by

Big Data for Mutuals. Marc Dautlich 25 November 2013

BCS, The Chartered Institute for IT Consultation Response to:

Written Contribution of the National Association of Statutory Health Insurance Funds of

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

The RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media

Council Policy. Records & Information Management

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Daltrak Building Services Pty Ltd ABN: Privacy Policy Manual

Data protection compliance checklist

DATA PROTECTION AND DATA STORAGE POLICY

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014

How To Write A Report On A Recipe Card

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Software within the medical device regulatory framework in the EU

Regulatory Policy. Unsolicited Electronic Communications

INFORMATION GOVERNANCE POLICY

Best Practices at Research Level

Widespread Deployment of Telemedicine Services in Europe

Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

technical factsheet 176

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

The potential legal consequences of a personal data breach

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Overview. Data protection in a swirl of change Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Privacy fact sheet 17

4. Which sector do you belong to? Please check one box.

Privacy and Data Protection Impact Assessment Framework for RFID Applications. 12 January 2011

Online Ads: A new challenge for privacy? Jörg Polakiewicz*

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Estate Planning and Patients' Rights in Cross-Border Healthcare

Data Sharing Protocol

Information Sharing Policy

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Proposal of regulation Com /4 Directive 95/46/EC Conclusion

Principles and Guidelines on Confidentiality Aspects of Data Integration Undertaken for Statistical or Related Research Purposes

Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

Application of Data Protection Concepts to Cloud Computing

EU Policy on RFID & Privacy

Under European law teleradiology is both a health service and an information society service.

An Overview of ISO/IEC family of Information Security Management System Standards

COUNCIL OF THE EUROPEAN UNION. Brussels, 4 May /12 Interinstitutional File: 2008/0090 (COD) LIMITE INF 75 API 56 JUR 253 CODEC 1153

ARRIS WHOLE HOME SOLUTION PRIVACY POLICY AND CALIFORNIA PRIVACY RIGHTS STATEMENT

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM

COCIR contribution to the public consultation on Personal Data Protection in the EU 1

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper

Data Protection Policy

The Future Use of Electronic Health Records for reshaped health statistics: opportunities and challenges in the Australian context

RECOMMENDATIONS COMMISSION

The eighth data protection principle and international data transfers

DATA PROTECTION ACT 1998 COUNCIL POLICY

Formal response to the Consultation Paper: Monitoring and Regulation of Migration

Abstract. Introduction

Regulatory Considerations for Medical Device Software. Medical Device Software

PUBLIC HEALTH WALES NHS TRUST CHIEF EXECUTIVE JOB DESCRIPTION

Planning & Building Standards. Draft Customer Engagement Strategy August 2015

National Integrated Services Framework The Foundation for Future e-health Connectivity. Peter Connolly HSE May 2013

Recommendations for companies planning to use Cloud computing services

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union

ehealth in support of safety, quality and continuity of care within and across borders

Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003

Transcription:

European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being, DG CONNECT

ehealth Action Plan 2012 2020 Operational objectives: Achieve wider interoperability of ehealth services ; Support research, development and innovation; Ensure wider deployment & facilitate uptake; Promote international cooperation.

mhealth The ehealth Action Plan 2012-2020 recognised the potential benefits and challenges related to mhealth apps Green Paper on mhealth and public consultation (2014) asking stakeholders for their inputs on how to overcome the main challenges to mhealth deployment, e.g.: data protection the legal framework patient safety mhealth s role in healthcare systems international cooperation and web entrepreneurs' market access Staff Working Document on the existing EU legal framework applicable to lifestyle and wellbeing apps

Code of Conduct on mhealth apps

Context and scope Green Paper consultation identified importance of strong privacy and security tools to increase trust in mhealth apps; Agreement to work on a Code of Conduct on mhealth apps at stakeholder meeting in March 2015 Legal basis in Article 27 of the Data Protection Directive (Article 40 of the GDPR); Code of Conduct as a voluntary instrument; Scope: covering data protection principles to be followed in the development of mhealth apps (apps processing health data);

Objectives and process Objectives: Raising awareness and facilitating compliance with data protection rules at EU level; Increased trust by citizens; Competitive advantage. Parties involved: drafting team made up of industry members; the EC facilitating and coordinating the process; external editor to assist the drafting; Current state of play: Draft Code is finalised and was submitted to the Article 29 Working Party for their review on 7 June 2016 http://bit.ly/1y66sdp

Content of the Code of Conduct About the Code of Conduct: Introduction Objective Scope: mobile apps which process personal data, including health data Governance Practical Guidelines for app developers Annex I Data Protection Impact Assessment (template) Annex II Privacy notice (sample)

Practical Guidelines I User's consent: free, specific and informed (explicit consent for health data); Main principles: Purpose limitation, data minimisation, Privacy by design and Privacy by default; Information requirements: name and contact of the developer, purpose of processing, categories of data; Retention of the data: not longer than necessary; Security measures: technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, access etc.;

Practical Guidelines II Use of advertisement in apps: context-related ads Opt-out, personalised ads Opt-in; Secondary use of the data: compatible with the original purpose, otherwise new consent needed; Disclosure to third parties for processing operations: information of the user, binding legal agreement; Transfer to third countries: based on legal guarantees (such as adequacy decisions, European Commission Model Contracts); Personal data breaches: checklist, notification duty;

Guidelines on the assessment of data validity and reliability of mhealth apps

Guidelines on validity and reliability of mhealth apps Green Paper consultation identified the need for certification schemes to assess mhealth apps; A broad scope of health and wellness apps, excluding apps that are qualified as medical devices; Voluntary guidelines that could be used by public authorities, health care providers, professional and patients associations and others; For the purpose of linking apps to electronic health records;

Guidelines development process Core drafting team - a working group of 30 members representing civil society, academia, industry, public authorities (set up in February 2016) Open consultations and dedicated meetings with any interested stakeholders Second draft open for comments until end of August: surveymonkey.co.uk/r/tyrsx2k

Transparent Assessment criteria A total of nine criteria have been identified based on the analysis of existing assessment frameworks that are relevant for the assessment of mhealth apps. Quality

Legal framework

Legal framework Unclear application of EU rules on medical devices Revision of manual on borderline and classification and MEDDEV guidance (finalization after Medical Device Regulations adoption) Lack of protection in case of unsafe or defective digital products (e.g. lifestyle and wellbeing apps) Public consultation on the safety of apps and other non-embedded software (next slide)

Public consultation on apps - I Purpose: to gather input from stakeholders on their experience related to the safety of apps and other non-embedded software; to obtain a better understanding of the risks and problems that non-embedded software pose and how these problems are dealt with; the views gathered will help to define potential next steps and future policies at the EU level.

Public consultation on apps - II Scope: software and apps which are neither embedded, nor contained in a tangible medium at the time of their availability to consumers (non-embedded software); Examples: health and well-being apps, digital models for 3D printing or apps controlling electronic appliances; Timeline: open for public consultation until 15 September http://bit.ly/1u3teme

Thank you! claudia.prettner@ec.europa.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information