Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

14
Legal Guidelines on the Use of Electronic Patient Data Do we need new rules of the game?

description

Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?. Van Overstraeten T. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)

Transcript of Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Page 1: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Legal Guidelines on the Use

of Electronic Patient Data

Do we need new rules of the game?

Page 2: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Introduction

• Health informatics increase ability to collect and process

patient data

• Positive effects on patient care

• Help reduce medical errors

• Promote evidence-based medicine by increasing

clinical data for research and enhancing scientific

knowledge (secondary use)

• Limitation: privacy and secrecy of patient data

Page 3: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

EU Legal Framework

• EU Directive 95/46 of 24 October 1995

• Privacy and personal data protection recognised as

fundamental rights (Article 16 Lisbon TFEU 2009)

• Other Directives re. electronic data

• Directive 2002/58/EC of 12 July 2002

• Modified by Directive 2009/136/EC of 25 November

2009

Page 4: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

EU Directive 95/46

• Main purposes

• Freedom of circulation of personal data within the EU

• Protection of personal data

• Personal data = data related to an identified or identifiable

individual

• Processing broadly defined as any type of use

• Specific category for electronic patient data

• Health-related data (“sensitive”, additional protection)

Page 5: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

EU Directive 95/46

• Main principles

• Fair and lawful processing

• For limited purposes (no further incompatible processing)

• Adequate, relevant and not excessive

• Accurate and up to date

• Not kept for longer than is necessary

• Data subjects’ rights (information and access)

• Secured processing (technically and organisationally)

• No transfer to third countries without adequate protection

• Notification to relevant regulator

Page 6: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Health-related data

• Relevant legal ground for processing (Article 8)

• Explicit consent of the data subject

• Protection of data subject’s vital interests

• For preventive medicine, medical diagnosis,

treatment or healthcare services, with supervision by

a health professional bound by professional secrecy

Page 7: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

• Hierarchy for the further processing of personal data

for scientific purposes (WP 29 No. 136 of 2007):

• Anonymous data

• If impossible to achieve the scientific purpose with

the latter: pseudonymised data (key-coded data)

• If impossible to achieve the scientific purpose: non

pseudonymised data (= personal data)

• Issue of (ir)reversibility of data

Secondary use

Page 8: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Secondary use

• Directive flexible for scientific research and public health

interest (with local implementation issues):

• Further data processing not incompatible with initial

purpose (Article 6.1 b and Recital 29)

• Data may be stored for longer period (Article 6.1, e)

• Member States may derogate from the prohibition to

process sensitive data (Recital 34)

• No obligation of information when impossible or

disproportionate (Article 11.2 and Recital 40)

Page 9: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Guidelines re. secondary processing

1. Prepare inventory of candidate sources (e.g. database of clinical trials, routine healthcare)

2. Review extent of anonymisation/codification and perform risk assessment re. identifiability of data subjects

3. Pay particular attention to potential identifiers, including presence of rare disorders, key coded data

Source: Association of the

British Pharmaceutical Industry (ABPI) - 2007

Page 10: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Guidelines re. secondary processing

4. Review information provided to data subjects and their

consents upon data collection for primary purpose

• Statement re. potential future uses or planned duration or storage of data?

• Compatibility of proposed processing with original consent (i.e. not truly a secondary use)?

5. Generate a risk statement with

• Evaluation of likelihood of data subject’s identification

• Compatibility with original stated purpose

• Justification for proposed secondary use of the data

Page 11: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Guidelines re. secondary processing

6. Determine if

• Tracking down and re-consenting of data subject is

needed OR

• The data should be anonymised OR

• Other legal grounds enabling processing for

secondary use

Page 12: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

New Rules?

• Existing legal framework in the EU under review

• Two main developments since 1995

• Digital technology (telemedicine, electronic health

records, eHealth platform, etc.)

• Globalisation of medical research

Page 13: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

New Rules?

• Need for a single legal framework to respond to

globalisation

• Need for harmonisation and standardisation of approach

(e.g. template consent forms)

• Same protection to all health-related data irrespective of

geographic location of data subjects

• ⇒ International Convention (WHO)

Page 14: Legal Guidelines regarding the Use of Electronic Patient Data. Do we need new Rules of the Game?

Questions?

Tanguy Van Overstraeten

Linklaters LLP

Rue Brederode 13

1000 Brussels

Belgium

Tel: +32 2 501 94 05

[email protected]