1 / 17

Efpia EHR task force Mats Sundgren & Petra Wilson

Toward integration of clinical care & clinical research for better health & high quality healthcare Legal recommendations. Efpia EHR task force Mats Sundgren & Petra Wilson. Scope. Investigate current EU legal framework relevant to EHR

aziza
Download Presentation

Efpia EHR task force Mats Sundgren & Petra Wilson

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward integration of clinical care & clinical research for better health & high quality healthcareLegal recommendations Efpia EHR task force Mats Sundgren & Petra Wilson EHR stakeholder workshop – 10-11th March 2008

  2. Scope • Investigate current EU legal framework relevant to EHR • Identify the practical problems & barriers from varying legal interpretations of re-use of EHRs for research purposes • Provide recommendations for leverage of EHR integration EHR stakeholder workshop – 10-11th March 2008 2

  3. EU legal background • Directive 95/46/EC • Sets the foundations of confidentiality as fundamental principles applicable to all forms of electronic communications • Article 29 Data Protection Working Party papers • WP131: Recommends specific legislation in member states to regulate other purposes of EHR in member states, and • WP136: definition of ‘Personal Data’ • Both documents are “working papers” which means revision and are seen as guidelines for EU member states in developing specific legal responses to the use of EHRs EHR stakeholder workshop – 10-11th March 2008 3

  4. Legal issues for utilisation of EHR • The Directive 95/46, in particular in the healthcare domain is variable, • and in some cases takes a very restrictive interpretation of individuals right to the protection of personal data in such a way that it might limit excessively the operations of organisations in the health care sector EHR stakeholder workshop – 10-11th March 2008 4

  5. Legal issues for utilisation of EHR • The key issue within Article 29 working group is that ‘EHR’ is now being considered as a ‘technology’ problem • rather than a social issue about the provision of effective healthcare in the modern era • WP 131 seems to treat EHRs, as well-defined concepts brought on by new technology, which may be safely used if the current data protections applied to paper records are duly adapted EHR stakeholder workshop – 10-11th March 2008 5

  6. Conclusion • Conclusion after reviewing the current EU legal framework, demonstrates that there are no legal barriers that in principle prohibit the utilisation of EHRs for other medical purposes, including research • This conclusion is also also supported in the outcome from the Eurorec EHR Stakeholder workshop in October 2007, and in the NHS Report of secondary uses of patient Information in UK, 2007 • However, current legal framework within EU needs clarification and further guidance on implementation EHR stakeholder workshop – 10-11th March 2008 6

  7. Recommendations 1. Developing a transparent and consistent definition of the EHR and examples of specified medical research purposes that benefit from requiring EHR data 2. Nurturing transparency & cooperation across EU Member States to support harmonization on interpretations of data protection legislation in respect of EHR implementations 3. Identifying benefits of cross-border utilisation of information contained within EHRs for specific purposes EHR stakeholder workshop – 10-11th March 2008 7

  8. Recommendations 4. Defining good practices in privacy enhancing techniques (PET) and providing ‘consent-enabling technologies’ to meet appropriate measures and considerations to protect the privacy of individuals 5. Developing accreditation mechanism and “model contract terms” for Third-parties (TPs) to provide services such as de-identify, filter, or aggregate EHR data 6. Establishing professional certification mechanisms for medical researchers to meet ‘professional secrecy obligations’ consistently across EU Member states regarding EHR data EHR stakeholder workshop – 10-11th March 2008 8

  9. Way forward • “Primary” and “Secondary” use of EHR cannot be separated from each other • The key aspect is instead to understand that the transitional environment in the area of EHRs bring large societal and economic benefits such as enhance support mobility, enhance safe and efficient health care for EU citizens • Legal aspects should not be treateded in isolation but need to be integrated in organizational and technical aspects of EHR utilisation • For this to happen needs collaboration - but also more political engagement accross EU EHR stakeholder workshop – 10-11th March 2008 9

  10. Backup slides EHR stakeholder workshop – 10-11th March 2008 10

  11. Background • A modern healthcare system brings together a wide range of stakeholders who often have only a limited understanding of each other’s needs outside their immediate areas of interaction • Broaden stakeholders understanding of EHRs and their potential wider use we need to raise not only technical understanding, but also to develop a deeper understanding of the social, legal and ethical issues raised by EHRs • While all European countries have now adopted legislation which protects a patient’s fundamental right of privacy with respect to his or her medical information, the legal approaches vary across the European Union EHR stakeholder workshop – 10-11th March 2008 11

  12. Legal issues for utilisation of EHR • Healthcare is generally provided in a more dispersed way than most other services (normally on a supplier-customer basis), • which introduces additional complexities and the need to share data more widely to the benefit of all, including the citizen and society, while respecting the fundamental right to privacy EHR stakeholder workshop – 10-11th March 2008 12

  13. Examples of issues in Article 29 • That are neither not addressed, nor sufficiently developed in the legal framework are: • Inconsistencies between national legislations – both current and future EHR-enabling legislation • Need of industry guidance document based on WP131 as well as WP136 – ‘Personal Data’ opinion • Transparency & cooperation across EU Member States in order to nurture harmonisation on interpretations of data protection legislation in respect of EHR implementations [need to ‘sharpen’ – who, how, where, what] • Need of accreditation mechanism for Third-parties (TPs) to provide services, such as de-identify, filter, or aggregate data • Guidance on the implementation of data protection principles in the context of a medical data processing in co-operation with all stakeholders EHR stakeholder workshop – 10-11th March 2008 13

  14. 1. Respecting self determination 2. Identification & authentification 3. Authorization of EHR 4. Use of EHR for other purposes 5. Organisational structure of EHR systems 6. Categories of data stored & modes of presentation 7. International transfer 8. Data security 9. Transparency 10. Liability 11. Controll mechanism WP 131– Topics EHR stakeholder workshop – 10-11th March 2008 14

  15. WP 131 - Topic 4 (other purposes) • “Processing of EHR-data for the purposes of medical scientific research and government statistics could be allowed as an exception to the rule set out above, provided that all these exceptions are in line with the Directive (Article 8 (4)… • …whenever feasible and possible, data from EHR systems should be used for other purposes (e.g. statistics or quality evaluation) only in anonymised form or at least with secure pseudonymisation." Article 8 (4): “Substantial public interest exemptions” EHR stakeholder workshop – 10-11th March 2008 15

  16. WP 131 - Topic 4 (other purposes) • “The Working Party is of the opinion that accessing medical data in an EHR for purposes other than those mentioned in Article 8 (3) should in principle be prohibited.” • “This would for instance exclude access to EHR by medical practitioners who act as experts for third parties: e.g. for private insurance companies, in litigations, for granting retirement aid, for employers of the data subject.” Article 8 of the EU Charter of Fundamental Rights - (3): “Processing of (medical) data by health professionals” EHR stakeholder workshop – 10-11th March 2008 16

  17. The Legal Basics • Directive 95/46/EC on Data Protection • ‘Personal data’ means all personal identifiable date, not just name and address! • ‘Processing’ means more than collection – it includes any operation on the data • The position on medical data: • “Member States shall prohibitthe processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.” Article 8 (1) • Exceptions: • Consent • Processing of (medical) data by health professionals • Substantial public interest exemptions EHR stakeholder workshop – 10-11th March 2008 17

More Related