fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " health "

EDPB and the EDPS consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

On July 12, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI).

The eHDSI system was established in the context of the eHealth Network and allows for the exchange of electronic health data of patients between Member States. Opinion confirms that Member States act as “joint controllers” and the European Commission acts as a processor in processing of patient data within the eHDSI .

Full article: The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

Hackers are stealing personal medical data to impersonate your doctor

While personally identifiable information — full names, social security numbers, home addresses, dates of birth, credit card numbers — can be exploited by criminals to commit identity fraud, the theft of medical information can have equally serious impact on victims.

How hackers exploit medical data? Administrative paperwork — like medical licenses — to forge a doctor’s identity sells on the dark web for around $500.  Insurance provider’s login information can be used to steal victim’s identity to claim insurance. Forging health insurance cards, prescriptions, and drug labels with an intention to carry drugs through the airport. Using hacked personal health information against individuals who have health issues for extortion and other crimes.

Source: Hackers are stealing personal medical data to impersonate your doctor

EDPB’s Position on Clinical Trials Creates Friction with Other EU Legislation

Clinical trials in the EU include the collection of sensitive health data from patients. Trial sponsors are obliged to reconcile their respect of regulations governing data protection with regulations governing the conduct of clinical trials.

The GDPR could not fully harmonize these rules since this area is already heavily regulated by public health regulations that vary between EU Member States. One of the most disconcerting areas of divergence between EU Member States is the different national positions on whether patient consent is a valid legal ground for processing personal data in clinical trials.

Full article: EDPB’s Position on Clinical Trials Creates Friction with Other EU Legislation

European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”).

The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on the same topic.

Full article: European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

Finland Approves Act On The Secondary Use Of Social And Health Care Personal Data

The Finnish Parliament has approved the new general Act on the Secondary Use of Social Welfare and Health Care Data in March 2019.

The new Act codifies the relevant legislation and broadens the possibilities to, under certain conditions, utilize and combine for secondary purposes personal data collected in relation to public or private social and health care operations.

Source: Finland: Parliament Approves New Act On The Secondary Use Of Social And Health Care Personal Data

Council of Europe issues recommendation on health-related data

On March 28, 2019, the Council of Europe issued a new Recommendation on the protection of health-related data.

The Recommendation calls on all Council of Europe member states to take steps to ensure that the principles for processing health-related data (in both the public and private sector) set out in the Appendix of the Recommendation are reflected in their law and practice.

Source: Council of Europe issues recommendation on health-related data

Personal health information has a value on the black market

Thieves collect personal data such as home addresses and contact information, but also details of physical or mental conditions and prescribed medications. Individuals can be threatened with public exposure of their data, especially those in high-profile positions, and future health benefit claims or even border crossings could be affected.

Compromised personal health data has a much greater and lasting impact. When a credit card is stolen, card numbers are changed and charges in question are typically reimbursed. Conversely, your health record stays with you for life, leaving you more vulnerable to future problems.

Full article: Michael Green: Personal health information has a value on the black market | Vancouver Sun

Can GDPR Work for Health Scientific Research?

On October 22, 2018, the Future of Privacy Forum (FPF), the European Federation of Pharmaceutical Industries and Associations (EFPIA), and the Centre for Information Policy Leadership (CIPL) hosted a workshop in Brussels, “Can GDPR Work for Health Scientific Research?,” to discuss the processing of personal data for health scientific research purposes under the European Union’s General Data Protection Regulation (GDPR). Workshop report is now available.

Full article: FPF, EFPIA, and CIPL Workshop Report Now Available: “Can GDPR Work for Health Scientific Research?”

>