In order to bring you the best possible user experience, this site uses Javascript. If you are seeing this message, it is likely that the Javascript option in your browser is disabled. For optimal viewing of this site, please ensure that Javascript is enabled for your browser.
Did you know that your browser is out of date? To get the best experience using our website we recommend that you upgrade to a newer version. Learn more.
COVID-19 and Cardiology Read more

How will data protection impact remote monitoring?

ESC Congress News 2019 - Paris, France

When patients get a pacemaker or a defibrillator with the option for remote monitoring they need to sign a consent form regarding the treatment of their personal data for all purposes that are non-therapeutic. But what exactly are these ‘other’ purposes, and where does the information go? Who is ultimately responsible for looking after and ensuring the security of data from cardiac implantable electronic devices (CIED)? The doctor? The hospital? The manufacturer?

Device Therapy
Home and Remote Patient Monitoring
Implantable Cardioverter \ Defibrillator

Prof. Jens Cosedis NielsenProf. Josef KautznerProf. Hein HeidbuchelA joint Task Force from the Regulatory Affairs Committee of the ESC Advocacy Committee and the European Heart Rhythm Association (EHRA), has been looking into the situation. The objective is to understand the roles of the different stakeholders and to assess whether any risks or liabilities exist for patients and clinicians in light of the new EU General Data Protection Regulation (GDPR), which, since May 2018, harmonises data privacy laws across Europe. The main findings and recommendations will be presented at a symposium this afternoon.

Co-Chair of the Task Force for EHRA, Professor Jens Cosedis Nielsen (Aarhus University Hospital, Aarhus, Denmark) explains, “Someone has to take responsibility for the handling of personal data, and we are recommending that this should be a joint venture between the hospital and the manufacturer. Within this agreement, the physician should at best act on behalf of the hospital with no individual responsibility. Nevertheless, he/she should be well informed so that—as primary contact for patients—he/she can answer any questions. As this is unexplored territory, the Task Force will develop a list of recommendations to guide hospitals and manufacturers in the definition of their respective obligations under GDPR.”

Session Co-Chair and Co-Chair of the Task Force for Regulatory Affairs, Professor Josef Kautzner (Institute for Clinical and Experimental Medicine, Prague, Czech Republic) describes additional levels of complexity. “Hospitals and manufacturers have obligations to hold records for a certain period of time, but there is some contradiction with GDPR, which states that data can be deleted at the patient’s request,” he says. “Are hospitals and manufacturers technically even equipped to comply with such provisions? And what do patients expect from remote monitoring? Patients are not required to have remote monitoring of their device, as it is not the primary function, but they can consent to have this extra service and they can also change their minds. Patients may have concerns and sometimes they ask that only specific parameters are monitored, which may not be feasible. We have also been trying to clear up uncertainties about the medical benefits of remote monitoring—is it useful for the patient? The evidence will be discussed as part of the symposium.”

Another important issue under discussion is the consent forms used by patients. Now essential, many hospitals use forms from manufacturers and there is no standardisation as Professor Ruben Casado Arroyo (Université Libre de Bruxelles-Erasme Hospital, Brussels, Belgium) will explain in his presentation. At the moment, the consent forms available from manufacturers are very different and there is a need for greater consistency in the information they contain. The Task Force, which counted a patient with a CIED among its members, is developing an informed consent template that aims to comply with GDPR requirements, while meeting the needs of patients in terms of readability and addressing patient concerns such as what happens to their data and who they can contact for more information. The Task Force has faced quite a challenge capturing sufficient information in a succinct easy-to-understand format that takes into consideration the average age of the patient base and their wide range of educational abilities.

“We should also be concerned about the security of patients’ data,” says Session Co-Chair and EHRA President, Professor Hein Heidbuchel (University Hospital Antwerp, Antwerp, Belgium). “The potential for devices to be hacked was thrown into the spotlight in March this year with a warning from the US FDA that this is a real possibility with some devices. We have sought the advice of international experts on whether companies and hospitals need to look closer at cybersecurity, and the Task Force will be reporting back. The goal of the Task Force is to provide all involved in remote monitoring with very concrete guidance on its instalment.”
Prof. Nielsen and Prof. Kautzner emphasise that everyone working with implantable electronic devices may benefit from attending today’s session. “These are very difficult issues, but it is our role to question the system and to ensure not only that it works well, but also that physicians and all healthcare providers are well informed about the regulations to ensure state-of-the art treatment and care of their patients.”


Don’t miss!

Remote monitoring of cardiac implanted electronic devices: new ESC Recommendations
Today, 14:30 – 15:40; Digital Health Stage 1  – Digital Health Area

Regulatory Affairs is an important part of ESC Advocacy. Find out more at:




Click here to read other scientific highlights in the ESC Congress news.

Download the Tuesday Edition in PDF format.

Access all the resources from congress presentations on ESC 365.

Follow the congress live!

Notes to editor

About the European Society of Cardiology

The European Society of Cardiology brings together healthcare professionals from more than 150 countries, working to advance cardiovascular medicine and help people lead longer, healthier lives.

About ESC Congress 2019

ESC Congress is the world’s largest and most influential cardiovascular event contributing to global awareness of the latest clinical trials and breakthrough discoveries. ESC Congress 2019 takes place 31 August to 4 September at the Paris Expo Porte de Versailles, Paris - France. Explore the scientific programme