The European Commission published, on Friday 12 February, a study on the confidentiality of health data which identifies several projects to be carried out at European level. This study, which focuses in particular on the provisions of the General Data Protection Regulation (GDPR), should feed into the future initiative on the European Health Data Space.
As a reminder, the General Data Protection Regulation (2016/679) offers Member States the possibility of introducing additional specifications in order to adapt the application of the Regulation in (existing) national law, in particular in the field of health.
However, the EUHealthSupport consortium, which carried out this study for the European Commission, notes that “While the GDPR is a much appreciated piece of legislation, variation in interpretation of the law and national level legislation linked to its implementation have led to a fragmented approach which makes cross-border cooperation for care provision, healthcare system administration or research difficult”.
For example, the researchers note that while most Member States rely on consent for the use of health data, all except Cyprus use another legal basis. The same applies to data sharing between health professionals: informed consent is the sole legal basis in only four Member States (Cyprus, Italy, Malta and the Netherlands).
The study identified potential future EU level actions, including Codes of Conduct as well as new targeted and sector-specific EU level legislation.
In addition to legal requirements and governance, the study also points to the need for a more harmonised approach across the Member States when it comes to technical infrastructure, technical and semantic interoperability.
Data quality and acquisition, digital skills and capacity-building for primary and secondary use of health data were also areas identified where a harmonised approach could be beneficial.
Link: https://bit.ly/3dbHfHb (Original version in French by Sophie Petitjean)