Your SlideShare is downloading. ×
An Implementation Framework for Trust: National Contact Points
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

An Implementation Framework for Trust: National Contact Points


Published on

An Implementation Framework for Trust: National Contact Points …

An Implementation Framework for Trust: National Contact Points
Legal and regulatory issues. Wilson P. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)

Published in: Health & Medicine

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. An Implementation Framework for Trust SALAR, SENA, ATNA, Elga, IZIP, DENA, Gematik,DKNA,ESNA, CATA,ANDA, GIPDMP, FRNA, LOMBARDY NLNA, NHIC, NHS, PHARMAXIS, Industry
  • 2. National Contact Points Legal and regulatory issues Zoi Kolitsi epSOS L&R WP Leader
  • 3. Basic Assumption to be tested In epSOS we shall establish condition so that … if a Member State (MS) already provides these ehealth services to its residents….. then it may also offer these services to them when they travel abroad to other epSOS Member States. 3
  • 4. epSOS as Pilot epSOS is a Large Scale Pilot must be of limited scope but comprehensive, robust and universally accepted across MS, professions and cultures. long-term operation is out of scope of epSOS But will deliver practical guidance and recommendations on how to make the transition from the pilots to normal operation. 4
  • 5. L&R Challenges Main Issues Legal Certainty Data Protection and sufficient Pilot and beyond Confidentiality Health Systems sufficient pilot Professional aspects and sufficient pilot social context Liability sufficient pilot Access to standards-IPR sufficient Pilot issues insufficient beyond
  • 6. Trust in epSOS -legal approach Trust is built by • elaboration of common epSOS “code of practice” around important issues such as privacy and confidentiality, – Privacy and safety by design – application of common epSOS safeguards by all actors involved in the pilots • systematic audit – MS level (NCP) – epSOS Level (PSB) 6
  • 7. epSOS Trusted Domain EU level- federating countries National level- federating organisations
  • 8. epSOS Trusted Domain epSOS Practice Standards National level- federating organisations
  • 9. epSOS Trusted Domain epSOS Practice Standards National level Agreements - To establish the NCP - To establish NCP-pilot partners relationships -
  • 10. National Agreements epSOS blue print A Framework Agreement Security Policy for the establishment of an Pilot Strategy epSOS NCP Pilot sites - duties & responsibilities National Pilot Set-up and Deployment Guide FW AGREEMENT Annexes: Patient Consent Information to Patients and HCPs
  • 11. What is the epSOS NCP?
  • 12. JANUS Janus is the Roman god of gates and doors (ianua), beginnings and endings, and hence represented with a double- faced head, each looking in opposite directions. Janus was represented with two faces, originally one face was bearded while the other was not. Later both faces were bearded.
  • 13. JANUS and the epSOS NCP
  • 14. A National Contact Point is… • an organization delegated by each participating country to act as a bidirectional technical, organisational and legal interface between the existing different national functions and infrastructures. • legally competent to contract with other organisations in order to provide the necessary services which are needed to fulfil the business use cases and support services and processes. • identifiable in both the epSOS domain and in its national domain as a communication gateway and establishes a Circle of Trust amongst national Trusted Domains. • a mediator as far as the legal and regulatory aspects are concerned. • an active part of the epSOS environment if, and only if, it is compliant to normative epSOS interfaces in terms of structure, behaviour and security policies.
  • 15. An epSOS NCP shall… • General- Terms to be embodied in national contracts • Duties and responsibilities to other NCPs • Duties for Patient Consent • Duties under the epSOS Security Policy • Relationships between NCP and other pilot partners
  • 16. Legal Relationships
  • 17. Part 2 Patient Consent for eHealth services across EU borders
  • 18. Patient Consent in the epSOS trial Petra Wilson, Continua Health Alliance on behalf of the Legal and Regulation Workpackage
  • 19. Patient Consent : Policy (I) Patient consent to the processing of health related data is a legal requirement in every EU country. It is defined as:  A Freely given specific and informed indication of the patient’s wishes by which s/he signifies his agreement to personal data relating to him being processed. ( Art 2(h) of the Data Protection Directive 1995/46/EC) This means:  Patient must be able to withhold consent without fear of getting less good healthcare.  Patient must be able to withdraw consent previously given  Patient must know who ( or what category) of person will process the data and why.  Patient must know which data will be processed and for what purpose.
  • 20. Patient Consent : Policy (II) In addition national transpositions of the EU Directive have clauses which:  Limit access to patient data to accredited healthcare professionals and their support staff.  Require that access to data is only in the context of a care relationship.  Specify that only relevant information may be collected and stored.
  • 21. Patient Consent : Policy (III) There will also be clauses which  provide some exceptions to allow certain data to be processed for running an efficient and effective health service. and  provide some exceptions to allow treating patients when it is impossible to obtain consent (incompetence or incapacity) Some countries may require additionally that consent is explicit and given in writing for all or certain categories of data . .
  • 22. Patient Consent: epSOS (I)  epSOS does not create new uniform patient consent practices BUT epSOS must ensure that all European Data Protection duties are observed.  epSOS patients must be aware of the level of data protection assured in epSOS and must give informed consent for data access in that context. Two modes of epSOS consent for data access are envisaged: General epSOS consent for data access in any Country B given in the country of origin and confirmed in a specific Country B at the time of an encounter. or Specific epSOS consent given and documented at the time of the encounter in Country B at the time of the encounter.
  • 23. Patient Consent: epSOS (II) NOTE:  No special epSOS consent is needed for epSOS data collection in Country A if the epSOS data are part of data already collected. If a new summary record is created specifically for epSOS normal country A rules will apply for obtaining consent for the creation of such a record.  No special epSOS consent is needed for data collection in Country B for the purpose of treatment in country B is outside the scope of epSOS, normal country B rules will apply
  • 24. Patient Consent: epSOS (III) General epSOS consent with local confirmation:  The consent confirmation given at the PoC is valid for the given treatment eposide.  If a further access to the PS or eP is necessary the HCP will need to confirm consent again, by asking the patient again if data may be accessed and again ticking the box
  • 25. Patient Consent: epSOS (IV) Specific epSOS consent at PoC  Once the patient has been given epSOS information at the first time of registering at a PoC, the patient is in the same position as the patient who has given a general consent in his/her home country  Therefore if a further access to PS or eP is necessary only the confirmation box will need to be completed  Note that this is valid only for the HCO which has document that epSOS information and general consent has been documented ( HCO may comprise several PoC)  If access to PS or eP is needed in another HCO in the same country B or in another country B the information will have to be given again.
  • 26. Patient Consent : process General + Confirmation Patient obtains epSOS background information in Country A and provides a generalized prior consent. Country A stores record of general prior consent Patient is identified at PoC in country B as epSOS eligible. ID shows prior general Patient not consent exists able to confirm OR consent, HCP HCP at PoC confirms that patient is still happy ticks override for Country A record dot be accessed. Ticks box box in epSOS process to confirm. Patient is Some Country A given opportunity to revoke prior consent NCPs may not require further confirmation of HCP sends request to local NCP consent. In this case the confirmation box may be pre- poulated and a note attached HCP granted access to patient data stating that further confirmation is not required
  • 27. Patient Consent : process consent provided at PoC Patient is identified at PoC in country B as epSOS eligible. ID shows no prior general consent exists HCP at PoC accesses relevant language and format information for patient, prints copy and asks patient sign if s/he consents Country B stores record of consent. This consent is valid only to the given HCO Patient not able to confirm Some Country A HCP at PoC ticks box in epSOS process to O consent, HCP confirm consent has been provided. Opportunity ticks override NCPs may not to revoke any prior consent. R box require written proof of consent, in this case a HCP sends request to local NCP further check box could indicate that the patient has been shown the HCP granted access to patient data information necessary for informed consent.
  • 28. Thank you!