Data Protection and the Healthcare Sector

This course aims to provide an overview of how personal data protection affects the healthcare sector, from legal frameworks to current challenges. Module I will provide you with the basic principles of personal data protection under the GDPR about the healthcare environment.

Module II will provide an insight into the current European legal framework surrounding healthcare and data protection, like the proposed Regulation on the European Health Data Space and the Clinical Trials Regulation, which just came into force in 2022. A closer look at the challenges and opportunities facing the healthcare sector with regards to data protection, in particular the recent challenges faced, the complexities of data protection in clinical trials and research, the role of cybersecurity in protecting patients’ privacy.

What will you learn:

Module I:

• A refresher of the basic principles of data protection in relation to the healthcare sector
• GDPR principles and legal bases – different purposes in clinical trials, what health data is and how to tackle data retention
• GDPR obligations – transparency, records of processing activities and documentation system, international data flows in EU and global multi-centre trials
• Risk assessments and the DPIA – methodology and operational phases, data protection by design and default in the health research process, interactions with individuals e.g. data protection notice and consent, data subjects’ rights
• Interactions with third parties – roles of actors in the GDPR and healthcare sector: data controllers, data processors, data subjects, DPOs, sponsors, CROs, CRAs, investigators, monitors, laboratory, ethical committee
• GDPR compliance in relations with third parties
• The role of data security in the healthcare sector – the principle of adequacy, focus on anonymisation, pseudonymisation and cryptography, the data breach management process.

Module II:

• Data localisation
• Recent challenges to data sharing and data protection in the healthcare sector – COVID19, increased digitalisation
• Clinical Trials Regulation and the GDPR – the relations and prevalence between the two disciplines, with a focus on consent to treatment and to data processing
• Regulation on the European Health Data Space – explanation of the proposal, how it revolutionises the potential of health data, how it will benefit citizens, how it will benefit researchers on the one side and the critique by the EDPB/EDPS on the other side
• Technical tools applied to the management health data – app, telemedicine, e-signature, CCTV, medical device
• Artificial Intelligence in the Healthcare Sector – AI proposal and state of the art artificial intelligence

Course methodology/highlights:

We believe that practical know-how is the key to effective learning. This course therefore includes:

• Individual preparation for the course – you are invited to bring along any information about the mission, vision, values and data protection framework and governance within your organisation for case study;
• Group and individual assignments;
• An interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainers and other participants;
• There will be time for note-taking on what you learn, so you can apply it to in your daily work and to your organisation

You will be able to

• Understand the key data protection principles applicable to the healthcare sector
• Understand what health data is
• Implement a risk-based approach in risk assessment and the DPIA
• Understand how to better interact with individuals and third parties from a data protection standpoint
• Understand the role of data security in protecting privacy within the healthcare sector
• Understand and stay aware of recent challenges to data sharing and data protection within the healthcare sector
• Understand the impact of the Clinical Trials Regulation and how it is impacted by the GDPR
• Understand the impact of the proposal for a Regulation on the European Health Data Space
• Understand the technical tools applied to the management of health data
• Gain insights into the impact artificial intelligence does and will have in the healthcare sector

After taking this course, you can join EIPA’s dedicated community of practice together with former participants. You will also have access to the course materials for three months after the course.

• Research & Development teams
• Medical scientific research operators
• Employees, lawyers, consultants and DPOs from public and private sectors working in the healthcare sector
• International organisation focused on healthcare
• EU institutions
• Clinical research laboratories.

Course venue
European Institute of Public Administration (EIPA)
O.L. Vrouweplein 22
6211 HE, Maastricht
the Netherlands

Programme Organiser
Ms Eveline Hermens
Tel: +31 43 3296259
e.hermens@eipa.eu

Fee
The fee includes documentation, refreshments and lunches. Accommodation and travel costs are at the expense of the participants or their administration.

Discounts
EIPA member fee
EIPA offers a discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden.

For all other participants, the regular fee applies.

Early bird discount
The early bird discount is not cumulative with other discounts or promo codes, except for the EIPA member fee.

Meals
Dietary preferences can be indicated on the registration form.

Hotel reservations
EIPA has special price arrangements with a number of hotels. The hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out.

• Designhotel Maastricht
• Derlon

Confirmation
Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.

Payment
Prior payment is a condition for participation.

Cancellation policy
For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).