- 1: epSOS Home.
- 2: About epSOS.
- 3: Project Structure & Results.
- 3.1: Work Package 1.1.
- 3.2: Work Package 1.2.
- 3.3: Work Package 1.3.
- 3.4: Work Package 2.1.
- 3.5: Work Package 3.1.
- 3.6: Work Package 3.2 .
- 3.7: Work Package 3.3.
- 3.8: Work Package 3.4.
- 3.9: Work Package 3.5.
- 3.10: Work Package 3.6.
- 3.11: Work Package 3.7.
- 3.12: Work Package 3.8.
- 3.13: Work Packages 3.9 and 3.10.
- 3.14: Work Package 4.1.
- 3.15: Work Package 4.2.
- 3.16: Work Package 4.3.
- 3.17: Work Package 4.4.
- 3.18: Work Package 5.1.
- 3.19: Work Package 5.2.
- 3.20: Work Package 5.3 .
- 4: Use Cases.
- 5: epSOS Countries.
- 6: Large Scale Pilot.
- 7: Participants.
- 8: FAQ.
- 9: News & Events.
- 10: Press section.
- 11: Links & Collaborations.
- 12: Download Area.
- 13: Glossary.
| Title: | Legal and Regulatory Constraints |
|---|---|
| Author: | Zoi Kolitsi, George Pangalos |
| Work Package: | PD2 |
| Working Task: | 2.1. |
| D2.1.1: | Legal and Regulatory Constraints on epSOS Design |
Legal & regulatory constraints on epSOS design
Summary
The mission of Project Domain 2 (PD2) is to ensure that Legal and Regulatory (L&R) issues, which are critical to the realization of the epSOS pilots in a real life situation, are appropriately recognized and addressed in a timely manner. This is important in order to support and guide the participating MS to administer issues at a national level and in close collaboration with authorized organizations in the best possible way. PD2 will furthermore collect, process and convert experience from the pilots into practical guidance pertaining to the needs in the L&R domain, and thereby ensure transition from pilots to a large-scale deployment of these services.
From an L&R perspective, it is important to note that the epSOS services will be offered on a pilot basis. The intention is to gather and learn from this pilot operation in order to make deployment possible.
In this phase of analysis, four main groups of L&R issues relevant to epSOS have been identified and further analysed into a set of 24 legal issues. At the same time, the legal profiles of the epSOS Use Cases have been elaborated in the form of a 264-element matrix of legal issues correlated with steps in the processes of potential epSOS cross-border healthcare encounters. About half of these elements represent affinities of issues to each process step, which have in turn been processed to formulate a list of requirements.
The analysis yielded a comprehensive list of requirements, which are directly traceable to each of the 11 steps involved in the two processes (Use Cases). They are also traceable to the 24 L&R issues, identified as relevant to epSOS and spanning across the epSOS processes. Additional questions were included in the baseline epSOS questionnaire. For in depth analysis and understanding, the implications of the L&R issues of epSOS have been exemplified through two illustrative case studies.
Outstanding issues arise when considering the international data exchange scenario, the following being a non-exhaustive li
- data transfer abroad (relationship between data controller(s) allocated in country A (of affiliation) and in country B (other EU country of treatment)
- legal competence to access a patient’s medical record by foreign medical staff
- security measures to protect personal data at all time of communication
- trustworthiness of updating a medical record by foreign health professionals
- trustworthiness regarding the authorization of a foreign health professional
These issues have led to the elaboration of approximately 100 L&R requirements, which are essential for the design of epSOS components and services. On account of their varying levels of feasibility and the different types of activities needed to address them, these issues have different implications for the next phase and especially the work within the Work Packages of Project Domain 3. In terms of feasibility, the large majority is expected to be a challenge regarding innovation and encapsulation in the epSOS specification (privacy by design) as well as the design specification of the Patient Summary and ePrescription services (safeguards-processes-provisions for audit). A residual small number will represent restrictions that cannot be addressed in epSOS, such as the non-existence of legal pre-requisites or necessary functions, which go beyond the scope of the project.
The document has been divided into the following five chapters:
Chapter 1 presents the general background of the work in Project Domain 2 and focuses on the objectives of the analysis phase.
Chapter 2 presents the methodology for arriving at the epSOS constraints. It takes a departure from high level descriptions of Use Cases to establish the relevant key L&R issues; establishes discrete L&R views of the epSOS Use Cases; introduces a framework for organizing the data collection and analysis of national level information on the relevant L&R issues; and describes the methodological approach and tools used to deducing the L&R constraints.
Chapter 3 presents two case studies that act as illustrative examples of how L&R issues are manifested in the cross-border scenario.
Chapter 4 contains a comprehensive list of requirements and important information on how these requirements maybe used by PD3 and PD4 Work Packages in the future.
Chapter 5 offers the main conclusions from the consolidated analysis as well as recommendations for the next phase.