Read your latest personalised notifications
No account yet? Start here
Don't miss out
Ok, got it
Technological advances mean that increasing numbers of patients are being monitored remotely and that large amounts of personal health data are being circulated via interconnected technological systems. But, where does this information go, who handles it, who is responsible for it, and are we subject to any risk linked to data sharing? ESC and EHRA are looking to find out more.
In 2018, a Joint Task Force was convened between the ESC Regulatory Affairs Committee and EHRA to consider data- related issues pertaining to remote monitoring of cardiac implanted electronic devices (CIEDs), namely, implantable defibrillators, pacemakers, cardiac resynchronisation therapy devices and implantable loop recorders. The remit of the Task Force is to evaluate how the new EU General Data Protection Regulation (GDPR) applies to CIEDs, to understand issues regarding cybersecurity and to evaluate the implications that exist for patients and clinicians regarding data produced from remote monitoring.
Professor Jens Cosedis Nielsen, Co-Chair of the Task Force for EHRA, explained, “As part of our work plan, we are currently reviewing informed consent forms for data handling, which carry important implications for patients and also for hospitals and doctors. The Task Force is reviewing such documents and has already noted some shortcomings and inconsistencies. We need to ensure that consent forms and information sheets are easy for patients to understand and are in line with GDPR—this isn’t always the case in our experience. Patients should be able to withdraw consent, to ask for their data to be erased and be able to view their data—we don’t know that this is happening at the moment. And of course, physicians should be clear about what they are liable for, if at all.
If possible, we will work on constructing an easy-to-read general consent form that fulfils all requirements.”
He continued to describe some of the questions about GDPR and remote monitoring that they are currently addressing. “Is the physician the controller and is the device company the processor, or is the device company also the controller? And what about ‘third parties’ handling personal data for research or administrative purposes?”
“The Task Force is looking into the responsibilities of each party and is taking legal advice on the optimal definitions of roles within GDPR requirements.”
Another area that the Task Force is reviewing relates to cybersecurity. “We don’t know if cybersecurity is a major area for concern,” said Prof. Nielsen, “and we are seeking advice from international experts on whether companies and also clinics need to look more into the security of data.”
A thorough understanding, not only of the technical functions, but also of the regulatory framework applicable to medical devices is essential for the delivery of state-of-the-art care.
Prof. Nielsen concluded, “It is our role to question the system and provide expert advice to EU decision makers so that appropriate regulation and legislation is designed for safe, efficient and timely cardiovascular disease interventions. This is what ESC Regulatory Affairs is all about! The Task Force is working towards publishing a position paper with recommendations later this year. EHRA 2019 and ESC Congress 2019 will be used as forums to present and discuss the issues with the cardiology community. We look forward to seeing you at the dedicated sessions!”
Regulatory Affairs is an important part of ESC Advocacy. Find out more at: https://www.escardio.org/ The-ESC/Advocacy
Don't miss! Update on remote cardiac implantable electronic device management: Monday; 11:00-12:30; Damato
Our mission: To reduce the burden of cardiovascular disease.
© 2020 European Society of Cardiology. All rights reserved.