An Implementation Framework for Trust: National Contact Points
Legal and regulatory issues. Wilson P. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)
Call Girls Guntur Just Call 8250077686 Top Class Call Girl Service Available
An Implementation Framework for Trust: National Contact Points
1. An Implementation
Framework for Trust
SALAR, SENA, ATNA, Elga, IZIP, DENA, Gematik,DKNA,ESNA, CATA,ANDA, GIPDMP,
FRNA, LOMBARDY NLNA, NHIC, NHS, PHARMAXIS, Industry
3. Basic Assumption to be tested
In epSOS we shall establish condition so that
…
if a Member State (MS) already
provides these ehealth services to
its residents…..
then it may also offer these services
to them when they travel abroad to
other epSOS Member States.
3
4. epSOS as Pilot
epSOS is a Large Scale Pilot
must be of limited scope but comprehensive, robust
and universally accepted across MS, professions and
cultures.
long-term operation is out of scope of epSOS
But will deliver practical guidance and
recommendations on how to make the transition from
the pilots to normal operation.
4
5. L&R Challenges
Main Issues Legal Certainty
Data Protection and sufficient Pilot and beyond
Confidentiality
Health Systems sufficient pilot
Professional aspects and sufficient pilot
social context
Liability sufficient pilot
Access to standards-IPR sufficient Pilot
issues insufficient beyond
6. Trust in epSOS -legal approach
Trust is built by
• elaboration of common epSOS “code of
practice” around important issues such as
privacy and confidentiality,
– Privacy and safety by design
– application of common epSOS safeguards by all
actors involved in the pilots
• systematic audit
– MS level (NCP)
– epSOS Level (PSB)
6
7. epSOS Trusted Domain
EU level- federating countries
National level- federating organisations
8. epSOS Trusted Domain
epSOS Practice Standards
National level- federating organisations
9. epSOS Trusted Domain
epSOS Practice Standards
National level Agreements
- To establish the NCP
- To establish NCP-pilot partners
relationships
-
10. National Agreements
epSOS blue print
A Framework Agreement Security Policy
for the establishment of an Pilot Strategy
epSOS NCP Pilot sites - duties &
responsibilities
National Pilot Set-up
and Deployment Guide
FW AGREEMENT
Annexes:
Patient Consent
Information to Patients
and HCPs
12. JANUS
Janus is the Roman god of gates and
doors (ianua), beginnings and endings,
and hence represented with a double-
faced head, each looking in opposite
directions.
Janus was represented with two faces,
originally one face was bearded while
the other was not. Later both faces
were bearded.
14. A National Contact Point is…
• an organization delegated by each participating country to act as a
bidirectional technical, organisational and legal interface between
the existing different national functions and infrastructures.
• legally competent to contract with other organisations in order to
provide the necessary services which are needed to fulfil the
business use cases and support services and processes.
• identifiable in both the epSOS domain and in its national domain
as a communication gateway and establishes a Circle of Trust
amongst national Trusted Domains.
• a mediator as far as the legal and regulatory aspects are
concerned.
• an active part of the epSOS environment if, and only if, it is
compliant to normative epSOS interfaces in terms of structure,
behaviour and security policies.
15. An epSOS NCP shall…
• General- Terms to be embodied in national
contracts
• Duties and responsibilities to other NCPs
• Duties for Patient Consent
• Duties under the epSOS Security Policy
• Relationships between NCP and other pilot
partners
17. Part 2
Patient Consent for
eHealth services across EU borders
18. Patient Consent in the
epSOS trial
Petra Wilson, Continua Health Alliance
on behalf of the Legal and Regulation Workpackage
19. Patient Consent :
Policy (I)
Patient consent to the processing of health related data is
a legal requirement in every EU country.
It is defined as:
A Freely given specific and informed indication of the
patient’s wishes by which s/he signifies his agreement to
personal data relating to him being processed.
( Art 2(h) of the Data Protection Directive 1995/46/EC)
This means:
Patient must be able to withhold consent without fear of getting
less good healthcare.
Patient must be able to withdraw consent previously given
Patient must know who ( or what category) of person will process
the data and why.
Patient must know which data will be
processed and for what purpose.
20. Patient Consent :
Policy (II)
In addition national transpositions of the EU Directive
have clauses which:
Limit access to patient data to accredited
healthcare professionals and their support staff.
Require that access to data is only in the context of
a care relationship.
Specify that only relevant information may be
collected and stored.
21. Patient Consent :
Policy (III)
There will also be clauses which
provide some exceptions to allow certain data to
be processed for
running an efficient and effective health service.
and
provide some exceptions to allow treating patients
when it is impossible to obtain consent
(incompetence or incapacity)
Some countries may require additionally that
consent is explicit and given in writing for all or
certain categories of data .
.
22. Patient Consent:
epSOS (I)
epSOS does not create new uniform patient consent practices
BUT epSOS must ensure that all European Data Protection
duties are observed.
epSOS patients must be aware of the level of data protection
assured in epSOS and must give informed consent for data
access in that context.
Two modes of epSOS consent for data access are envisaged:
General epSOS consent for data access in any Country B given
in the country of origin and confirmed in a specific Country B at the
time of an encounter.
or
Specific epSOS consent given and documented at the time of the
encounter in Country B at the time of the encounter.
23. Patient Consent:
epSOS (II)
NOTE:
No special epSOS consent is needed for epSOS
data collection in Country A if the epSOS data
are part of data already collected. If a new summary
record is created specifically for epSOS normal
country A rules will apply for obtaining consent for
the creation of such a record.
No special epSOS consent is needed for data
collection in Country B for the purpose of
treatment in country B is outside the scope of
epSOS, normal country B rules will
apply
24. Patient Consent:
epSOS (III)
General epSOS consent with local confirmation:
The consent confirmation given at the PoC is
valid for the given treatment eposide.
If a further access to the PS or eP is necessary
the HCP will need to confirm consent again, by
asking the patient again if data may be
accessed and again ticking the box
25. Patient Consent:
epSOS (IV)
Specific epSOS consent at PoC
Once the patient has been given epSOS information at the
first time of registering at a PoC, the patient is in the same
position as the patient who has given a general consent in
his/her home country
Therefore if a further access to PS or eP is necessary only the
confirmation box will need to be completed
Note that this is valid only for the HCO which has
document that epSOS information and general consent has
been documented ( HCO may comprise several PoC)
If access to PS or eP is needed in
another HCO in the same country B or
in another country B the information will have to be given again.
26. Patient Consent : process
General + Confirmation
Patient obtains epSOS background information in
Country A and provides a generalized prior consent.
Country A stores record of general prior consent
Patient is identified at PoC in country B as
epSOS eligible. ID shows prior general Patient not
consent exists able to confirm
OR
consent, HCP
HCP at PoC confirms that patient is still happy ticks override
for Country A record dot be accessed. Ticks box
box in epSOS process to confirm. Patient is
Some Country A given opportunity to revoke prior consent
NCPs may not
require further
confirmation of
HCP sends request to local NCP
consent. In this
case the
confirmation box
may be pre-
poulated and a
note attached HCP granted access to patient data
stating that
further
confirmation is
not required
27. Patient Consent : process
consent provided at PoC
Patient is identified at PoC in country B as
epSOS eligible. ID shows no prior general
consent exists
HCP at PoC accesses relevant language and format
information for patient, prints copy and asks patient
sign if s/he consents
Country B stores record of consent. This consent
is valid only to the given HCO
Patient not
able to confirm
Some Country A
HCP at PoC ticks box in epSOS process to O consent, HCP
confirm consent has been provided. Opportunity ticks override
NCPs may not to revoke any prior consent. R box
require written
proof of consent,
in this case a HCP sends request to local NCP
further check box
could indicate that
the patient has
been shown the HCP granted access to patient data
information
necessary for
informed consent.