Secondary Use

On May 19, 2021, the Italian Supervisory Authority (“Garante”) fined a physician €5,000 for publishing a patient’s medical records without obtaining that patient’s specific consent to do so.  As background, the physician downloaded medical records about a patient she treated at a local hospital from the hospital’s online archive system, including images taken during surgery.  The physician used these records for a presentation at a medical conference, and also included them as documentation supporting a scientific research paper she submitted for a competition hosted by a surgeons’ association.  The physician’s paper was ultimately selected as the winner of that competition, resulting in the publication of her work on the association’s website.
Continue Reading Italian Supervisory Authority Fines Physician for Secondary Use of Patient Data Without Specific Consent

On 9 April 2019, the European Data Protection Board (“EDPB”) adopted new guidelines “on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.”

In general, the GDPR requires that processing of personal data be justified under a legal basis in Article 6 GDPR. 

On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the  EU General Data Protection Regulation (“GDPR”).  The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on

On March 28, 2019, the Council of Europe* issued a new Recommendation on the protection of health-related data.  The Recommendation calls on all Council of Europe member states to take steps to ensure that the principles for processing health-related data (in both the public and private sector) set out in the Appendix of the Recommendation

The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”).  The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health.  The Directorate General decided to create this Q&A

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient