Presentation is loading. Please wait.

Presentation is loading. Please wait.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities."— Presentation transcript:

1 The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities potential challenges and opportunities Isabelle ANDOULSI Isabelle ANDOULSI Lawyer, EXELIA Lawyer, EXELIA isabelle.andoulsi@exelia.be isabelle.andoulsi@exelia.beisabelle.andoulsi@exelia.b AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

2 The European Union legal framework for clinical data access INTRODUCTION Some introductory reflexions... AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

3 The European Union legal framework for clinical data access INTRODUCTION Clinical data can be defined as: « Data from studies in man, as opposed to pre or non-clinical data derived from laboratory studies, disease models and animal studies » (www.clavispharma.be) And as: « Data pertaining to the medical well being or status of a patient or subject » (www.appliedclinicaltrialonline.find.pharma.com) Thus clinical data access seem to raise problems of data protection... AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

4 The European Union legal framework for clinical data access INTRODUCTION Clinical data access also raises problems of: Confidentiality and Security High standards, appropriate to the data type Liability Service supply Integrity of the data Intellectual property rights Data ownership Re-use of clinical data AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

5 The European Union legal framework for clinical data access CONFIDENTIALITY Confidentiality and Security issues include: Patient identifiable data must be protected Security is the responsibility of the data controller and/or the data processor Employers and employees have a duty of confidentiality AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

6 The European Union legal framework for clinical data access LIABILITY Liability issues include: Responsibility of the data Responsibility for down time AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

7 The European Union legal framework for clinical data access INTELLECTUAL PROPERTY RIGHTS Intellectual Property Rights issues include: Information Ownership Information Access Benefit sharing of clinical databases AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

8 The European Union legal framework for clinical data access DATA PROTECTION Data Protection issues include: Data processing Access rights of data subjects (patients) Responsibilities of data controllers and processors Free flows of personal (medical) data within the Member States Data protection national legislations harmonisation AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

9 The European Union legal framework for clinical data access DATA PROCESSING (1) Any processing of personal data has to comply with the rules for the protection of personal data, i.e. with: The Data Protection Directive 95/46/EC and with The Electronic Communications Directive 2002/58/EC AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

10 The European Union legal framework for clinical data access DATA PROCESSING (2) By virtue of its Article 3, first paragraph, Directive 95/46 applies: « (...) to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system ». AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

11 The European Union legal framework for clinical data access MEDICAL DATA PROCESSING Directive 95/46 main principle: Data subject’s rights infringement does not depend on the information contained in the data It depends on the purpose of the processing The principle is slightly different for medical data: Data content creates infringement risks for the data subject’s rights Medical data processing is thus banned (Art. 8, § 1) The ban of medical data processing is not absolute AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

12 The European Union legal framework for clinical data access MEDICAL DATA PROCESSING DEROGATIONS (1) Article 8, § 2, of the Directive prescribes that: “a) the data subject has given his explicit consent to the processing of those data, except where the laws of the Member State provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject's giving his consent; or b) processing is necessary for the purposes of carrying out the obligations and specific rights of the controller in the field of employment law in so far as it is authorized by national law providing for adequate safeguards; or c) processing is necessary to protect the vital interests of the data subject or of another person where the data subject is physically or legally incapable of giving his consent; or d) processing is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non-profit- seeking body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects; or e) the processing relates to data which are manifestly made public by the data subject or is necessary for the establishment, exercise or defence of legal claims”. AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

13 The European Union legal framework for clinical data access MEDICAL DATA PROCESSING DEROGATIONS (2) The processing of medical data is equally permitted when it: « (...) is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy ». (Art. 8, § 3, Directive) AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

14 The European Union legal framework for clinical data access MEDICAL DATA PROCESSING DEROGATIONS (3) Finally the Directive offers Member States the opportunity to lay down other derogations to process medical data (Art. 8, § 4, Directive) These derogations are: subject to suitable safeguards justified by public interest created by national laws AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

15 The European Union legal framework for clinical data access DATA PROCESSING LAWFULNESS (1) Other conditions ensuring the lawfulness of data processing apply to medical data processing, i.e.: AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

16 The European Union legal framework for clinical data access DATA PROCESSING LAWFULNESS (2) Conditions regarding the data quality: Data processed fairly and lawfully Data collected for specified, explicit, legitimate purposes Data adequate, relevant and not excessive Data accurate and up to date Data stored for a limited period AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

17 The European Union legal framework for clinical data access DATA PROCESSING LAWFULNESS (3) 2. Conditions regarding the rights of the data subject: Right to be informed Right to access his/her data Right to object the processing AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

18 The European Union legal framework for clinical data access DATA PROCESSING LAWFULNESS (4) 3.Duties of the data controller AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

19 The European Union legal framework for clinical data access TRANSFERS OF CLINICAL DATA oEU transfers: national European legislations harmonisation oInternational transfers: the impact of national legislations AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

20 The European Union legal framework for clinical data access CONCLUSION (1) Special protection for clinical data Other general principles in processing clinical data Problematic European and International transfers of clinical data Clinical data access and use raise legal issues other than data protection AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

21 The European Union legal framework for clinical data access CONCLUSION (2) Legal recommendations for clinical data exchange systems: Recommendation on patient consent Recommendation on specified and explicit purposes Recommendation on technical and organisational security measures Recommendation on privacy and health information infrastructure AER eHe@lth Network Seminar, 25th September 2008, Nottwil, Luzern (CH)

Download ppt "The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Protection of Personal Data, 11.02.2011. Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.

Protection of Personal Data, Historical context In 1982, Iceland signed the Council of Europe Convention nr. 108 from 1981 for the Protection.
EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.

EDUCATION Directive 2002/14/EC of 11 March 2002 establishing a general framework for informing and consulting employees in the European Community.
Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.

Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.

RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.
Oviedo Convention and Its Protocols – Impact on Polish Law International Bioethics Conference Oviedo Convention in Central and Eastern European Countries.

Oviedo Convention and Its Protocols – Impact on Polish Law International Bioethics Conference Oviedo Convention in Central and Eastern European Countries.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
SWISS DATA PROTECTION LAW AND PERSONAL DATA SECURITY MEASURES.

SWISS DATA PROTECTION LAW AND PERSONAL DATA SECURITY MEASURES.
Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.

Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google