Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Patients' rights in cross-border healthcare

2008/0142(COD)

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the proposal for a directive of the European Parliament and of the Council on the application of patients’ rights in cross-border healthcare.

On 2 July 2008, the Commission adopted a proposal for a directive of the European Parliament and of the Council on the application of patients’ rights in cross-border healthcare. The proposal was sent by the Commission to the European Data Protection Supervisor (EDPS) for consultation, in accordance with Article 28(2) of Regulation (EC) No 45/2001.

The proposal aims at establishing a Community framework for the provision of cross border healthcare within the EU, for those occasions where the care patients seek is provided in another Member State than in their home country. The objectives of this framework are twofold: (i) to provide sufficient clarity about rights to be reimbursed for healthcare provided in other Member States; and (ii) to ensure that the necessary requirements for high-quality, safe and efficient healthcare are ensured for cross-border care.

Conclusions of the EDPS: the EDPS expresses support to the initiatives of improving the conditions for cross-border healthcare. He expresses concerns, however, about the fact that EC healthcare related initiatives are not always well coordinated with regard to ICT use, privacy and security, thus hampering the adoption of a universal data protection approach towards healthcare.

Moreover, the EDPS welcomes that reference to privacy is made within the current proposal. However, a number of amendments are needed in order to provide clear requirements, both for the Member States of treatment and affiliation, as well as to properly address the data protection dimension of cross-border healthcare. These amendments are as follows:

  • a definition of health data should be included in Article 4, covering any personal data that can have a clear and close link with the description of the health status of a person. This should in principle include medical data, as well as administrative and financial data relating to health;
  • the introduction of a specific article on data protection is strongly recommended. This article should set clearly the overall picture, describing the responsibilities of the Member States of affiliation and treatment and identifying the main areas for further development, i.e. security harmonisation and privacy integration, especially in e-health applications;
  • it is recommended that the Commission adopt a mechanism in the framework of this proposal for the definition of a commonly acceptable security level of the healthcare data at national level, taking into account existing technical standards in this field. Additional and/or complementary initiatives, including all concerned stakeholders, the Article 29 Working Party and the EDPS, should also be encouraged;
  • It is recommended that the notion of ‘privacy-by-design’ be incorporated in the proposed Community template for e-Prescription (also at semantic level). This should be explicitly mentioned in Article 14(2)(a). The EDPS wishes to be informed about and involved in further actions taken on this issue through the proposed comitology procedure;
  • it is recommended to specify the language of Article 18 and to include a more explicit reference to the specific requirements relating to subsequent use of data concerning health as laid down in Article 8(4) of Directive 95/46/EC.