CPME Rapporteur: dr. Sjaak NOUWT (NL)
CPME Secretariat: Ms Sara RODA
Personal data protection
CPME believes that a high level protection of all citizens’ data is essential, especially health and medical data. As the patient-doctor relationship is built on confidence and trust, medical records should be considered as particularly sensitive data. At the same time, it is of utmost importance that healthcare data be stored with the appropriate security standards, for purposes of proof of medical treatment and for future patient’s safety. Following the adoption of the General Data Protection Regulation (GDPR) on 27 April 2016, CPME closely monitors the implementation of this regulatory framework, especially in respect of the processing of data concerning health.
In February 2020, the European Commission published a ‘European strategy for data’ whose ambition is to enable the EU to become the most attractive, secure and dynamic data-agile economy in the world. The strategy aims at developing common European data spaces in strategic economic sectors and domains of public interest, such as the common European health data space. A proposal for a regulation on the European Health Data Space is expected by April 2022. CPME is closely monitoring and contributing to the debate, making sure physicians’ views are taken into account.
CPME believes that easier access to individual’s data, specifically patients’ data, needs to be surrounded by strong legal safeguards and level of security. Moreover, in order to foster trust in the sharing of health data, there should be the involvement of research ethics committees or ethics review boards when the legal base to share personal data is other than consent of the data subject. The default position for provision of information should be anonymisation, which should be irreversible and legally guaranteed. Pseudonymisation, if necessary, can be only in accordance with the national medical practitioner regulator.