EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 02014D0287-20190818
Commission Implementing Decision of 10 March 2014 setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (Text with EEA relevance) (2014/287/EU)Text with EEA relevance
Consolidated text: Commission Implementing Decision of 10 March 2014 setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (Text with EEA relevance) (2014/287/EU)Text with EEA relevance
Commission Implementing Decision of 10 March 2014 setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (Text with EEA relevance) (2014/287/EU)Text with EEA relevance
02014D0287 — EN — 18.08.2019 — 001.001
This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document
COMMISSION IMPLEMENTING DECISION of 10 March 2014 setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks (Text with EEA relevance) (OJ L 147 17.5.2014, p. 79) |
Amended by:
|
|
Official Journal |
||
No |
page |
date |
||
COMMISSION IMPLEMENTING DECISION (EU) 2019/1269 of 26 July 2019 |
L 200 |
35 |
29.7.2019 |
COMMISSION IMPLEMENTING DECISION
of 10 March 2014
setting out criteria for establishing and evaluating European Reference Networks and their Members and for facilitating the exchange of information and expertise on establishing and evaluating such Networks
(Text with EEA relevance)
(2014/287/EU)
CHAPTER I
GENERAL PROVISIONS
Article 1
Subject matter
This Decision sets out:
the criteria for establishing and evaluating the Networks referred to in Article 12 of Directive 2011/24/EU; and
the measures to facilitate the exchange of information and expertise on establishing and evaluating the Networks referred to in Article 12 of Directive 2011/24/EU.
Article 1a
Definitions
For the purposes of this Implementing Decision the following definitions shall apply:
‘European Reference Networks' Coordinator’ means the person appointed as the Coordinator of the Network by the Member of a European Reference Network chosen as the coordinating Member as referred to in recital 3 and Article 4 of Delegated Decision 2014/286/EU;
‘Board of the Network’ means a body responsible for the governance of the Network, composed of representatives from each Member in the Network as referred to in recital 3 and point (1)(b)(ii) of Annex I to Delegated Decision 2014/286/EU;
‘Affiliated Partner’ means (Associated National Centre, Collaborative National Centre and National Coordination Hub), as referred to in recital 14 and point (7)(c) of Annex I of Delegated Decision 2014/286/EU and in the Statement of the Board of Member States of 10 October 2017;
‘Guest user’ means a healthcare provider who is not a member or Affiliated Partner and who has the right, following the approval of the competent European Reference Network Coordinator, for a limited period of time, to enrol patients in CPMS and participate in the panel related to that patient or to participate in a specific panel as an expert.
CHAPTER II
ESTABLISHMENT OF EUROPEAN REFERENCE NETWORKS
Article 2
Call for interest to establish a European Reference Network
Article 3
Membership applications
Article 4
Technical assessment of applications
The assessment body shall verify whether:
the content of an application containing a proposal to establish a Network fulfils the requirements set out in Annex I to this Decision;
the content of the membership applications fulfils the requirements of Annex II to this Decision;
the proposed Network fulfils the requirement to provide highly specialised healthcare in point 1(a) of Annex I to Delegated Decision 2014/286/EU;
the proposed Network fulfils the other criteria and conditions set out in Annex I to Delegated Decision 2014/286/EU;
the applicant healthcare providers fulfil the criteria and conditions set out in Annex II to Delegated Decision 2014/286/EU.
Article 5
Approval of Networks and Members
Article 6
Board of Member States
Article 7
Logo
When a Network is approved, the Commission shall license the use of a unique graphic identifier (‘logo’), which that Network and its Members shall use for the activities organised by the Network.
Article 8
Applications for membership of existing Networks
In case the Board of the Network receives comments, the deadline for the delivery of the final opinion is extended to five months from the moment the Commission has confirmed that the requirements set out in Article 8(2) and (3) are fulfilled. On receiving comments, the Board of the Network shall amend its opinion explaining whether the comments justify a change in its assessment. If the Board of the Network fails to send the draft opinion or to deliver its final opinion within the deadlines set above, the final opinion is deemed to be favourable.
Article 9
Technical assessment of applications for membership of existing Networks
The assessment body shall verify whether:
the content of the membership application fulfils the requirements set out in Annex II to this Decision; and
the healthcare provider concerned fulfils the criteria and conditions set out in Annex II to Delegated Decision 2014/286/EU.
Article 10
Approval of new Members
Article 11
Termination of the Network
A Network shall be terminated in the following cases:
one of the minimum numbers set out in Article 2(2) is no longer reached;
a negative evaluation report of the Network has been drawn up pursuant to Article 14;
by decision of the Board of the Network according to its rules and procedures;
if the Coordinator fails to request an evaluation of the Network within the five- year period after it was set up or since its last evaluation.
Article 12
Loss of membership
A Member of a Network may lose membership for any of the following reasons:
voluntary withdrawal, according to the rules and procedures agreed by the Board of the Network;
by decision of the Board of the Network, according to the rules and procedures agreed by the Board;
if a Member State of establishment notifies to the Member of the Network that its participation in the Network no longer complies with national legislation;
if the Member refuses to be evaluated pursuant to Article 14;
if a negative evaluation report on the Member has been drawn up pursuant to Article 14;
if the Network where the Member participates is terminated.
Article 13
Assessment manual
CHAPTER III
EVALUATION OF EUROPEAN REFERENCE NETWORKS
Article 14
Evaluation
The evaluation body shall verify and assess:
the fulfilment of the criteria and conditions set out in Delegated Decision 2014/286/EU;
the accomplishment of the objectives set out in Article 12(2) of Directive 2011/24/EU; and
the outcomes and performance of the Network and the contribution of each Member.
Article 15
Evaluation manual
CHAPTER IV
EXCHANGE OF INFORMATION AND EXPERTISE
Article 15a
Exchange of information and expertise among the Member States
Member States are invited to exchange information and expertise within the Board of Member States in order to steer the development of the ERNs, provide guidance to the Networks and to the Member States and advise the Commission on matters related to the establishment of the Networks.
Article 16
Exchange of information on establishing and evaluating the Networks
The Commission shall facilitate the exchange of information and expertise on establishing and evaluating the Networks by:
making general information on establishing and evaluating the Networks, including information on the assessment and evaluation manuals referred to in Articles 13 and 15 publicly available;
publishing a regularly updated list of the Networks and their Members, together with the positive assessment and evaluation reports of the Networks and the decisions of the Board of Member States, in accordance with its rules of procedure;
organising conferences and experts meetings for technical and scientific debate among the Members of Networks, if appropriate;
providing electronic media and communication tools to the Networks, if appropriate.
Article 16a
The Clinical Patient Management System
Article 16b
Personal data processed in the CPMS
The Commission shall be regarded as controller of processing of personal data related to the management of access rights and shall process these data on the basis of the explicit consent of the individuals identified by the healthcare providers as users and authorised by the relevant ERNs in so far as necessary to ensure that:
access rights are granted to these individuals;
these individuals may exercise their rights and fulfil their obligations; and
it can fulfil its obligations as a controller.
Article 16c
Joint controllership of patients' personal data processed through the CPMS
CHAPTER V
FINAL PROVISIONS
Article 17
Revision
The Commission shall evaluate the functioning of this Implementing Decision five years after its entry into force.
Article 18
Entry into force
This Decision shall enter into force on the tenth day following that of its publication in the Official Journal of the European Union.
ANNEX I
CONTENT OF THE APPLICATION TO ESTABLISH A NETWORK
The application to establish a Network must be submitted according to the call for interest published by the Commission and must include:
the name of the proposed Network;
the completed application form, with the self-assessment questionnaire and additional documentation required in the assessment manual;
evidence that all applicant healthcare providers share the same area of expertise and focus on the same health condition or conditions;
the name of the healthcare provider that will act as Coordinator of the Network and the name and contact details of the person who will represent the proposed Coordinator;
the names of all applicant healthcare providers.
ANNEX II
CONTENT OF THE MEMBERSHIP APPLICATION
The application of healthcare providers must include:
the title of the relevant proposed Network or existing Network;
the completed application form, with the self-assessment questionnaire and additional documentation required in the assessment manual;
the name and contact details of the healthcare provider's representative.
ANNEX III
ALLOCATION OF RESPONSIBILITIES AMONG JOINT CONTROLLERS
1. The Commission shall be responsible for:
the setting up, operation and administration of the CPMS;
providing, where necessary, the technical means to the healthcare providers to enable patients to exercise their rights through the CPMS in accordance with Regulation (EU) 2018/1725 and responding and attending to the requests of data subjects where so required by applicable legislation;
ensuring that the CPMS complies with the requirements applicable to Commission's communication and information systems ( 1 );
defining and implementing the technical means to enable patients to exercise their rights in accordance with Regulation (EU) 2018/1725;
communicating any personal data breaches within the CPMS to the healthcare providers;
exporting personal data sets from the CPMS in the event of a change of personal data processor;
identifying the categories of staff and other individuals to whom access to the CPMS may be granted, affiliated to the healthcare providers authorised to access CPMS;
ensuring that the patients' name and place of birth (unless necessary for diagnosis and treatment), and the exact date of birth are encrypted and pseudonymised and that other personal data necessary for the purpose of diagnosis and treatment are pseudonymised in CPMS;
putting adequate safeguards in place to ensure the security and confidentiality of patients' personal data processed through the CPMS.
2. Each healthcare provider authorised to access CPMS shall be responsible for:
selecting the patients whose personal data are processed through the CPMS;
collecting and maintaining explicit, informed, freely-given and specific consent(s) of the patients whose data are processed through the CPMS in compliance with the mandatory minimum requirements for the consent form specified in Annex IV;
acting as the contact point for its patients, including when they exercise their rights, responding to the requests of patients or their representatives and ensuring that patients whose data are processed through the CPMS are enabled to exercise their rights in compliance with data protection legislation, using, where necessary, the technical means provided by the Commission in line with point 1(ii);
reviewing, at least every 15 years, the necessity of processing specific patients' personal data through the CPMS;
ensuring the security and confidentiality of any processing of patients' personal data outside the CPMS done by that healthcare provider, where such data is processed for the purposes of or in connection to processing patients' personal data through the CPMS;
communicating any personal data breaches with regard to patient data processed through the CPMS to the Commission, to the competent supervisory authorities and, where so required, to patients, in accordance with Articles 33 and 34 of Regulation (EU) 2016/679 or if requested by the Commission;
identifying, in compliance with access criteria referred to in point 1(vii) of this Annex, staff and other individuals affiliated to them, whom shall be granted access to patients' personal data within the CPMS and communicating it to the Commission;
ensuring that their staff and other individuals affiliated to them, who have access to patients' personal data within the CPMS, are adequately trained to ensure that they perform their tasks in compliance with the rules applicable to the protection of personal data, and are subject to the obligation of professional secrecy in accordance with Article 9(3) of the Regulation (EU) 2016/679.
ANNEX IV
Mandatory minimum requirements for the consent form to be provided by healthcare providers authorised to access CPMS
1. The consent form shall describe the legal basis and lawfulness of processing, concept and purpose of the European Reference Networks (ERNs) established by Directive 2011/24/EU on the application of patients' rights in cross-border healthcare. It shall inform about the specific processing operations and the respective rights of the data subject in accordance with applicable data protection legislation. It shall explain that Networks are constituted of Members that are highly specialised healthcare providers, with the purpose to allow healthcare professionals to work together to support patients with rare or low prevalence complex diseases or conditions that need highly specialised healthcare.
2. The consent form shall request the patient's explicit consent for sharing her/his personal data with one or more ERNs, with the sole purpose to improve her/his access to diagnosis and treatment and the provision of high-quality healthcare. To that end, it shall explain that:
if the consent is given, the patients' personal data will be processed by healthcare providers authorised to access CPMS respecting the following conditions:
the name of the patient, as well as place and exact date of birth will not be included in the shared data; the patient's identifying data will be replaced by a unique identifier which will not allow identification of the patient to anyone else other than the healthcare provider (pseudonymisation);
only data that are relevant for the purpose of diagnosis and treatment will be shared; this may include area of birth and area of residence, gender, year and month of birth, medical images, laboratory reports, as well as biological sample data. It may also include letters and reports from other healthcare professionals who have cared for the patient in the past;
the patient's data will be shared through the Clinical Patient Management System (CPMS), a secure electronic information system;
only healthcare professionals and other individuals affiliated to such healthcare providers subject to the obligation of professional secrecy who are entitled to have access to patients' data in the Networks will have access to the patient's data;
healthcare professionals and other individuals affiliated to such healthcare providers who are entitled to have access to patients' data may run queries in the CPMS and create reports in order to identify similar patient cases;
if the consent is not given, it will by no means affect the patient's care by the respective healthcare provider.
3. The consent form may also request the patient's additional consent to her/his data being entered in registries or other databases for rare and low prevalence complex diseases, which serve scientific research, clinical or policy purposes. If consent is requested for this purpose, the consent form shall describe the concept and purpose of rare disease registries or databases and explain that:
if the consent is given, the patient's personal data will be processed by healthcare providers authorised to access CPMS respecting the following conditions:
only relevant data related to the patient's medical condition will be shared;
healthcare professionals and other individuals affiliated to such healthcare providers who are entitled to have access to patients' data may run queries in the CPMS and create reports in order to identify similar patient cases;
if the consent is not given, it will by no means affect either the patient's care by the respective healthcare provider, or the fact that the Network will provide advice on diagnoses and treatment, at the request of the patient.
4. The consent form may also request the patient's additional consent to being contacted by a Network Member who believes the patient could be suitable for a scientific research initiative, a specific scientific research project or parts of a scientific research project. If consent is requested for this purpose, the consent form shall explain that giving at this stage the consent to be contacted for scientific research purposes does not mean giving the consent for the patient's data to be used for a specific scientific research initiative, neither does it mean that the patient will in any event be contacted in connection with, or that the patient will be part of, a specific scientific research project and that:
if the consent is given, the patient's personal data will be processed by healthcare providers authorised to access CPMS respecting the following conditions:
healthcare professionals and other individuals affiliated to such healthcare providers who are entitled to have access to patients' data may run queries in the CPMS and create reports in order to find patients suitable for scientific research;
if the patient's disease or condition is found relevant for a specific scientific research project, the patient may be contacted for this specific scientific research project, in order to obtain the patient's consent to her/his data being used for that scientific research project;
if the consent is not given, it will by no means affect either the patient's care by the respective healthcare provider, or the fact that the Network will provide advice on diagnoses and treatment, at the request of the patient.
5. The consent form shall explain the rights of the patient as regards her/his respective consent(s) to share personal data and in particular provide the information that the patient:
has the right to give or withhold any of the consents and this will not affect her/his care;
can withdraw the consent given previously at any time;
has the right to know which data are shared in a Network and to access data held about them and request corrections of any errors;
can request the blocking or erasure of her/his personal data and has the right to data portability.
6. The consent form shall inform the patient that the healthcare provider will keep the personal data only for as long as necessary for the purposes to which the patient consented, with a review of the necessity of storing specific patient's personal data in the CPMS at least every 15 years.
7. The consent form shall inform the patient about the identity and the contact details of the controllers, clearly specifying that the contact point to exercise the patient's rights is the particular healthcare provider authorised to access CPMS, about the contact details of the data protection officers, and where applicable, about available remedies related to data protection, and provide the contact details of the National Data Protection Authority.
8. The consent form shall record separately the individual consent for each of the three different forms of data sharing in a specific, explicit and unambiguous way:
the consent must be shown through a clear affirmative action, for example by the use of a ticking box and a signature on the form;
both options (to provide or to refuse the consent) shall be included.
( 1 ) Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission (OJ L 6, 11.1.2017, p. 40) and Commission Decision of 13 December 2017 laying down implementing rules for Articles 3, 5, 7, 8, 9, 10, 11, 12, 14, 15 of Decision (EU, Euratom) 2017/46 on the security of communication and information systems in the Commission (C(2017) 8841 final).