- This page is under construction -
Table of Contents
Purpose and Future Update
The purpose of this page is to provide basic information to health professionals participating in the end-to-end functional testing about the use of the explicit consent and the vital interest of the data subject justification in the eHDSI Project. The intention is, therefore, to facilitate understanding the workflow and the different steps in the process of accessing patient's data when this access is needed in a cross-border context - when providing healthcare in an emergency department or when requested to dispense a medicine in a pharmacy in Country B.
This page will be updated with the opinion from the Article 29 Data Protection Party on how to ensure data protection and the data subjects' rights via the Cross-Border eHealth Information Services under the new General Data Protection Regulation (see the Recommendation for a request of the eHN to the Art. 29 Data Protection WP)
The two-steps-consent by the data subject to the transfer and processing of his/her health data consist on:
Firstly, an explicit consent should be given to the participation of the data subject in the eHDSI Project or parts of it. This first consent in Country A would allow healthcare providers to prepare specific data with the intention to make them available in the future to other healthcare providers in the framework of the eHDSI. It would be required only once at the point where (actually before) the data subject's data are prepared or made available to the system. Therefore, that first consent necessarily has to be given before the second consent. If there, following the first consent, are any major changes in the processing of data within the eHDSI, a new consent will be required.
Where the country of affiliation requests (A) and the country of treatment (B) can make it feasible, it is possible to allow patients (data subjects) to also give their first consent for instance in a secure way over the Internet in Country B.
- The second consent shall be given explicitly for the processing of data in the case of the actual treatment/dispensation in Country B.
It might be possible that a patient from Country A gives/revokes his consent at the point of care in Country B: a HP will execute the patient's request to modify his consent for Country B in the national infrastructure of Country A.
Vital interests of the data subject
Article 8 (2) (c) of Directive 95/46/EC sets out that the processing of sensitive personal data can be justified if it is necessary to protect the vital interests of the data subject or of another person where the data subject is physically or legally incapable of giving his consent.
The processing must relate to esential individual interests of the data subject or of another person and it must - in the medical context - be necessary for a life-saving treatment in a situation where the data subject is not able to express his intentions (emergency case). Accordingly, this exception could be applied only to a small number of cases of treament and only where the first consent of the two-steps-model has been given.
Therefore, processing of personal and sensitive data can be justified without second consent in Country B if it is necessary to protect the vital interests of a data subject or of another person if in the emergency case the data subject is physically or legally incapable of giving his consent.
In that event, the patient should be informed about the override of consent upon leaving the point of care, including details of the access or the patient is provided access to the audit trails.
Preconditions for a valid consent
Consent must be a "freely given, specific and informed indication of the data subjecy's wishes" (Article 2(h) of the Directive 95/46/EC)
- 'Free' consent means a voluntary decision by an individual in possession of all of his faculties, taken un the absence of coertion of any kind, be it socialn financial, psychological or other.
- 'Specific' consent must relate to a well-defined, concrete situation in which the processing of medical data is envisaged.
- 'Informed' consent means consent by the data subject, based upon an appreciation and understanding of the facts and implications of an action. The individual concerned must be given, in a clear and understandable manner, accurate and full information of all relevant issues, in particular, those specified in Articles 10 and 11 of the Directive, such as the nature of the data processed, purposes of the processing, the recipients of possible transfers, and the rights of the data subject.
The information regarding the first consent should contain a comprehensive, clear and understable description of the eHDSI Project, mentioning at least the categories of data that would be transferred by which healthcare providers to which other healthcare providers and other institutions. Information must also be provided about the purpose of the transfer and how long the data would be stored. Finally, it must be lade clear that there is the option of withdrawing consent at any time. The data subject should also be informed about the right of access and rectification of data concerning him/her.
The information given before the second consent must at least contain the explanation which healthcare provider and other institution will process which categories of data and for which purpose.
- Agreement between National Authorities or National Organisations responsible for National Contact Points for eHealth on the Criteria required for the participation in Cross-Border eHealth Information Services
- Regulation (EU) 2016/679 on the Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (shall apply from 25 May 2018)
- Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (applies until 24 May 2018)
- Article 29 Data Protection Working Party - Working Document 01/2012 on epSOS. Adopted on 25 January 2012
- Identity Management Specification v2.1.0
- Requirements Consolidation I - Appendix A
- Requirements Consolidation II - Appendix A
- No labels