This course aims to provide an overview of how personal data protection affects the healthcare sector, from legal frameworks to current challenges. Module I will provide you with the basic principles of personal data protection under the GDPR about the healthcare environment.

Module II will provide an insight into the current European legal framework surrounding healthcare and data protection, like the proposed Regulation on the European Health Data Space and the Clinical Trials Regulation, which just came into force in 2022. A closer look at the challenges and opportunities facing the healthcare sector with regards to data protection, in particular the recent challenges faced, the complexities of data protection in clinical trials and research, the role of cybersecurity in protecting patients’ privacy.

What will you learn:

Module I:

• A refresher of the basic principles of data protection in relation to the healthcare sector
• GDPR principles and legal bases – different purposes in clinical trials, what health data is and how to tackle data retention
• GDPR obligations – transparency, records of processing activities and documentation system, international data flows in EU and global multi-centre trials
• Risk assessments and the DPIA – methodology and operational phases, data protection by design and default in the health research process, interactions with individuals data protection notice and consent, data subjects’ rights
• Interactions with third parties – roles of actors in the GDPR and healthcare sector: data controllers, data processors, data subjects, DPOs, sponsors, CROs, CRAs, investigators, monitors, laboratory, ethical committee
• GDPR compliance in relations with third parties
• The role of data security in the healthcare sector – the principle of adequacy, focus on anonymisation, pseudonymisation and cryptography, the data breach management

Module II:

• Data localisation
• Recent challenges to data sharing and data protection in the healthcare sector – COVID19, increased digitalisation
• Clinical Trials Regulation and the GDPR – the relations and prevalence between the two disciplines, with a focus on consent to treatment and to data processing
• Regulation on the European Health Data Space – explanation of the proposal, how it revolutionises the potential of health data, how it will benefit citizens, how it will benefit researchers on the one side and the critique by the EDPB/EDPS on the other side
• Technical tools applied to the management health data – app, telemedicine, e-signature, CCTV, medical device
• Artificial Intelligence in the Healthcare Sector – AI proposal and state of the art artificial intelligence