Patient Information Notice: Difference between revisions

From NCPeH CY
Jump to navigation Jump to search
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= '''General information about MyHealth@EU''' =
= '''(I)General information about MyHealth@EU''' =


= Patient Information Notice regarding cross-border transfer of personal health data  =  
= Patient Information Notice regarding cross-border transfer of personal health data  =  
Line 15: Line 15:
= The categories of your personal health data concerned =
= The categories of your personal health data concerned =


1)Patient Summary- It is a basic medical dataset that is transferred for the purpose of receiving treatment in another country. It includes important patient data such as allergies, current medication, previous illnesses and surgeries, that is necessary to treat the patient properly abroad.
1)'''Patient Summary'''- It is a basic medical dataset that is transferred for the purpose of receiving treatment in another country. It includes important patient data such as allergies, current medication, previous illnesses and surgeries, that is necessary to treat the patient properly abroad. The Patient Summary includes:


*Name of the health professional - Name of the Health Professional that has been treating or taking responsibility for the patient,
*Name of the health professional - Name of the Health Professional that has been treating or taking responsibility for the patient,
Line 25: Line 25:
*Related with - Identification of the entry or entries of this Patient Summary for which the health professional is the preferred contact.
*Related with - Identification of the entry or entries of this Patient Summary for which the health professional is the preferred contact.


2)Electronic prescription and dispensation - the patient can get a prescription for medicine from a healthcare provider in one country and receive medication through a pharmacy in another EU country. The electronic prescription contains essentially the same information as a regular paper prescription, i.e. identification of the prescriber, the patient and the medicine prescribed. The electronic dispensation includes information about the medicine dispensed. This information will be sent by the pharmacy back to the country that issued the prescription. ePrescribing is defined as prescribing medicines through the support of software by a health professional who is legally authorised to do so, so that the medicine can be dispensed by a pharmacy, and eDispensation (eDispensing) is defined as the act of electronically retrieving a prescription and reporting on the dispensation of the medicine to the patient as indicated in the corresponding ePrescription. Hence, the following information is included: a) data used to identify the health professional who is entitled (according to national law) to prescribe medicinal products, and b) data used to identify the health professionals/health care providers who are entitled (according to national law) to dispense medicinal products.
2)'''Electronic prescription and dispensation''' - the patient can get a prescription for medicine from a healthcare provider in one country and receive medication through a pharmacy in another EU country. The electronic prescription contains essentially the same information as a regular paper prescription, i.e. identification of the prescriber, the patient and the medicine prescribed. The electronic dispensation includes information about the medicine dispensed. This information will be sent by the pharmacy back to the country that issued the prescription. ePrescribing is defined as prescribing medicines through the support of software by a health professional who is legally authorised to do so, so that the medicine can be dispensed by a pharmacy, and eDispensation (eDispensing) is defined as the act of electronically retrieving a prescription and reporting on the dispensation of the medicine to the patient as indicated in the corresponding ePrescription. Hence, the following information is included: a) data used to identify the health professional who is entitled (according to national law) to prescribe medicinal products, and b) data used to identify the health professionals/health care providers who are entitled (according to national law) to dispense medicinal products.


To identify the prescribing health professional, the following information is processed:
To identify the prescribing health professional, the following information is processed:
Line 37: Line 37:
*Health care provider identifier - A unique number or code issued for the purpose of identifying a health care provider [ISO/TS 27527:2010]; this may be a license or registration number which can be used to trace the prescriber and to check whether a medicinal product was prescribed by the right person according to the law of the prescribing country.
*Health care provider identifier - A unique number or code issued for the purpose of identifying a health care provider [ISO/TS 27527:2010]; this may be a license or registration number which can be used to trace the prescriber and to check whether a medicinal product was prescribed by the right person according to the law of the prescribing country.


3)Laboratory Results - clinical documents containing the results of laboratory tests, stored in the home Country.
3)'''Original Clinical Documents'''- containing your health information.  
 
4)Imaging Reports - clinical documents containing the reports on images studies and, when requested, the images (e.g. in DICOM standard), stored in the home Country.
 
5)Discharge Reports - clinical document generated by the healthcare provider where the patient was treated, both as an inpatient and an outpatient, which gathers the main findings, stored in the Country of Affiliation.
 
6)Original documents containing your health information, such as laboratory results, hospital discharge letters, and medical images.  


<ol type="I">
<li>laboratory results report:- clinical documents containing the results of laboratory tests, stored in the home Country.
<li>hospital discharge report:- clinical document generated by the healthcare provider where the patient was treated, both as an inpatient and an outpatient, which gathers the main findings, stored in the Country of Affiliation.
<li>medical imaging report:- clinical documents containing the reports on images studies.
</ol>
This personal health data is available in so far as it is already recorded in electronic form in your home country.
This personal health data is available in so far as it is already recorded in electronic form in your home country.


The source(s) of this data varies from country to country.
The source(s) of this data varies from country to country.
In a subsequent phase, regarding the exchange of clinical documents, the system will support not only the transmission of reports in PDF format but also the exchange of detailed medical images in higher resolution.


= What is the legal basis for the use of your personal data? =
= What is the legal basis for the use of your personal data? =
Line 80: Line 81:
Finally, you have the right to lodge a complaint with a supervisory authority either in Cyprus or in the country of treatment, depending on the factual situation.  
Finally, you have the right to lodge a complaint with a supervisory authority either in Cyprus or in the country of treatment, depending on the factual situation.  


='''(II) Summary of Member State-specific information'''=


= Contact details =
{| class="wikitable"
 
! Member State
= Data controller =
! CYPRUS
 
|-
Rafael Michael
| Service(s) provided by country
 
|
67A Limassol Avenue, 2021, Aglantzia, Cyprus
* Patient Summary.
 
* Electronic Prescription and Dispensation.
Email: Rafael.michael@neha.org.cy
|-
 
| Data that is exchanged
Call Center: +357 22 436004
| Patient Summary:
 
* Identification of the patient/subject (National healthcare patient ID, Family name/surname, Given name, Date of birth, gender, Country of affiliation),
= Data processor =
* Contact information (Patient address),
 
* Preferred HP to contact,
Vanthia Toumpouri
* Contact person/ Legal guardian,
* Insurance information,
* Document data,
* Author and Organisation (Author organisation, Legal authenticator),
* Additional information / Knowledge resources (External reference, Related with),
* Allergy, Medical alert information, Medical history (Vaccination/ Prophylaxis information, Resolved, closed or inactive problems, Medical history),
* Medical problems (Current problems, Medical devices and implants, Procedures, Functional status),
* Medication summary (Current and relevant past medicines),
* Social history,
* Pregnancy history (Current pregnancy status, History of previous pregnancies),
* Patient provided data,
* Results,
* Plan of Care.
Electronic prescription and dispensation:
* Patient administrative data (Family name/surname, Given name, Date of birth, Personal identifier, gender, Native language),
* Authentication of the prescription (Identifier of the Prescription, Issue date),
* Identification of the prescribing health professional (Family name, Given name, Professional qualifications, Details for direct contact, Work address, signature, Health care provider identifier),
* Identification of the prescribed product (Name of the medicinal product, Identifier of the medicinal product, Identifier(s) of the pharmaceutical product, Identifier(s) of the packaged medicinal product, Marketing authorisation holder, Active substance(s), Strength of the active substance(s), Product classification, Pharmaceutical dose form(s), Unit of presentation(s), Package type, Pack size),
* Prescription information (Quantity of prescribed product, Dose regimen, Number of units per intake, Frequency of intakes, Route of administration, Duration of treatment, Starting date of therapy, Directions for use, Prescription expiry date, Repeats, Reason for prescription, Substitution),
* Dispensation information (Identifier of the dispenser, Family name of the dispenser, Given name of the dispenser, Identifier of the pharmacy, Address of the pharmacy, Details of direct contact, Identifier of the prescription, Medicinal product, Dispensed quantity, Dispensation date, Substitution).
|-
| Role of the Country in the data exchange
|
* Accessing personal data from your home country.
<span style="padding-left: 1.5em;">(in case of electronic prescription, will also send dispensation details back to your home country).
* Providing access to your data to other health professionals in other countries.
|-
| Legal basis
|
* Your consent is needed before the service can be provided to you.
* In case of an emergency to the patient, access to your data may be available also without the consent of the patient.


67A Limassol Avenue, 2021, Aglantzia, Cyprus
Applicable law(s):


Email: Vanthia.toumpouri@neha.org.cy
[https://www.neha.org.cy/wp-content/uploads/2022/10/%CE%9F-%CF%80%CE%B5%CF%81%CE%AF-%CE%97%CE%BB%CE%B5%CE%BA%CF%84%CF%81%CE%BF%CE%BD%CE%B9%CE%BA%CE%AE%CF%82-%CE%A5%CE%B3%CE%B5%CE%AF%CE%B1%CF%82-%CE%9D%CF%8C%CE%BC%CE%BF%CF%82-%CF%84%CE%BF%CF%85-2019.pdf Ο περί Ηλεκτρονικής Υγείας Νόμος του 2019 (neha.org.cy)]


Call Center: +357 22 436031
[https://www.cylaw.org/nomoi/indexes/2013_1_149.html Ο περί Εφαρμογής των Δικαιωμάτων των Ασθενών στο πλαίσιο της Διασυνοριακής Υγειονομικής Περίθαλψης Νόμος του 2013 (cylaw.org)]


= Supervisory authority in Cyprus =
[https://www.cylaw.org/nomoi/enop/non-ind/2001_1_138/full.html Ο Περί Επεξεργασίας Δεδομένων Προσωπικού Χαρακτήρα (Προστασία του Ατόμου) Νόμος του 2001 - 138(I)/2001 (cylaw.org)]
|-
Office of the Commissioner for Personal Data Protection
| Restriction of access to specific data
|
* You may restrict access to specific data.
<span style="padding-left: 1.5em;">Narcotic Drugs and Psychotropic Substances Regulations (Regulation 12).
<br>
<span style="padding-left: 1.5em;">More information about the restrictions you may set:


Address: 15, Kypranoros, 1061 Nicosia,
<span style="padding-left: 1.5em;">[https://www.moh.gov.cy/moh/phs/phs.nsf/crossborder_en/crossborder_en?OpenDocument Cross-border prescriptions | Pharmaceutical Services | (moh.gov.cy)]
|-
| Purpose of use
|
* Treatment purposes.
* Dispensation of medicinal products.
* Research, policy-making, and other secondary uses.
<span style="padding-left: 1.5em;">https://www.neha.org.cy/en/national-contact-point/
|-
| Storage of data
|Your data will be stored for:
1) PSA data will be stored for 15 years from the last reviewing.
2) PSB data will not be stored.
3) Log data will be stored forever.
* Data will be stored also for additional purposes.


P.O.Box: 23378, 1682
Purpose: secondary use (anonymized databases).<br>
Storage period: will be deleted upon the receipt of patient’s request.<br>
Any restrictions that apply to the storage period: for secondary use all the data must be anonymized, all the data (for primary & secondary use) are stored encrypted.<br>
Conditions under which the data can be erased ("right to be forgotten"), e.g., the right only applies to data held at the time the request is received. It does not apply to data that may be created in the future. The right is not absolute and only applies in certain circumstances.
|-
| Data Protection Officer (DPO)


Telephone: +357 22818456
|
'''Name:''' Terpsithea Kittou <br>
'''Address:''' 67Α Limassol Avenue, Aglantzia, 2121, Nicosia, Cyprus <br>
'''Email:''' dpo@neha.org.cy <br>
'''Phone:''' +357 22436046 <br>
|-
| Data Processor(s)
|
'''Name:''' National eHealth Authority <br>
'''Address:''' 67Α Limassol Avenue, Aglantzia, 2121, Nicosia, Cyprus <br>
'''Email:''' info@neha.org.cy <br>
'''Phone:''' +357 22436000 <br>
|-
| Supervisory Authority
(You may need to contact the data protection officer for example in order to lodge a complaint)
|
'''Name:''' Office of the Commissioner for Personal Data Protection. <br>
'''Address:''' 15, Kypranoros Street, 1061 Nicosia, P.O. Box. 23378, 1682, Nicosia. <br>
'''Email:''' commissioner@dataprotection.gov.cy <br>
'''Phone:''' +357 22818456 <br>
|}


Fax: +357 22304565
='''(III) Link to Member State detailed health professional information notice'''=


Email: commissioner@dataprotection.gov.cy
{| class="wikitable"
! Member State
! CYPRUS
|-
| CYPRUS
|
* Patient Summary
* Electronic prescription and dispensation.
|}

Latest revision as of 10:30, 13 November 2025

(I)General information about MyHealth@EU

Patient Information Notice regarding cross-border transfer of personal health data

The following information is provided to fulfil the requirement of the EU General Data Protection Regulation to inform citizens about the processing of their personal data.

What is the eHealth Digital Service Infrastructure?

MyHealth@EU, also called the eHealth Digital Service Infrastructure (eHDSI), enables safe and easy access to your health data for healthcare professionals involved in your treatment and the provision of medicines - anytime and anywhere within the EU. This is done by electronic means through secure gateways provided by National Contact Points for eHealth (NCPeH) designated by each country.

Each country identifies which organization assumes the responsibility as a data controller for the processing of your data, as this is subject to the country's legislation.

See the last page for information specific to Cyprus.

The categories of your personal health data concerned

1)Patient Summary- It is a basic medical dataset that is transferred for the purpose of receiving treatment in another country. It includes important patient data such as allergies, current medication, previous illnesses and surgeries, that is necessary to treat the patient properly abroad. The Patient Summary includes:

  • Name of the health professional - Name of the Health Professional that has been treating or taking responsibility for the patient,
  • Role of the health professional - The health professional's role in the organisation (i.e., healthcare provider),
  • Health professional's organisation - Name of the health professional's organisation (i.e., healthcare provider),
  • Telephone no. - telephone number of the health professional at the organisation (i.e., healthcare provider),
  • Email - Email of the health professional or organisation (i.e., healthcare provider),
  • Network affiliation - the health professional's organization that is affiliated with a European network, e.g., the European Reference Networks (ERN),
  • Related with - Identification of the entry or entries of this Patient Summary for which the health professional is the preferred contact.

2)Electronic prescription and dispensation - the patient can get a prescription for medicine from a healthcare provider in one country and receive medication through a pharmacy in another EU country. The electronic prescription contains essentially the same information as a regular paper prescription, i.e. identification of the prescriber, the patient and the medicine prescribed. The electronic dispensation includes information about the medicine dispensed. This information will be sent by the pharmacy back to the country that issued the prescription. ePrescribing is defined as prescribing medicines through the support of software by a health professional who is legally authorised to do so, so that the medicine can be dispensed by a pharmacy, and eDispensation (eDispensing) is defined as the act of electronically retrieving a prescription and reporting on the dispensation of the medicine to the patient as indicated in the corresponding ePrescription. Hence, the following information is included: a) data used to identify the health professional who is entitled (according to national law) to prescribe medicinal products, and b) data used to identify the health professionals/health care providers who are entitled (according to national law) to dispense medicinal products.

To identify the prescribing health professional, the following information is processed:

  • Family name - The family name/surname/last name of the prescriber. This enables the prescriber to be traced in the event of questions or emergencies,
  • Given name - The given name/first name of the prescriber. This enables the prescriber to be traced in the event of questions or emergencies,
  • Professional qualifications - The professional title of the prescribing health professional, which may be used to prove the authority of the prescriber,
  • Details for direct contact - Details for direct contact could be an email address and/or phone/fax number of the prescriber in order for the dispenser and/or patient to contact the prescriber. This might be necessary if problems arise with dosage, allergies, reimbursement etc.,
  • Work address - This is the address of the hospital or the practice, etc. where the health professional normally works, meets patients and prescribes medication. Minimally, the country is specified,
  • Signature - Digital signature or token as proof of the authenticity of the prescriber,
  • Health care provider identifier - A unique number or code issued for the purpose of identifying a health care provider [ISO/TS 27527:2010]; this may be a license or registration number which can be used to trace the prescriber and to check whether a medicinal product was prescribed by the right person according to the law of the prescribing country.

3)Original Clinical Documents- containing your health information.

  1. laboratory results report:- clinical documents containing the results of laboratory tests, stored in the home Country.
  2. hospital discharge report:- clinical document generated by the healthcare provider where the patient was treated, both as an inpatient and an outpatient, which gathers the main findings, stored in the Country of Affiliation.
  3. medical imaging report:- clinical documents containing the reports on images studies.

This personal health data is available in so far as it is already recorded in electronic form in your home country.

The source(s) of this data varies from country to country.

In a subsequent phase, regarding the exchange of clinical documents, the system will support not only the transmission of reports in PDF format but also the exchange of detailed medical images in higher resolution.

What is the legal basis for the use of your personal data?

The eHDSI services will become available for you only upon your explicit consent. Although emergency situations may justify the use of your data for your treatment without consent, if you don’t give explicit consent before travelling, your data will not be available through the eHDSI system when you are in another country, not even in case of emergency. When you are abroad in an actual care situation, your Patient Summary data or Electronic Prescriptions will be recorded in the country of treatment in accordance with the EU General Data Protection Regulation (GDPR), the laws of that country and the practices of the particular healthcare institution.

What is the purpose of processing?

Your medical data will only be used for your personal treatment or provision of medicine. In Cyprus, the data collected for inclusion in your Patient Summary will not be used for secondary purposes, other than for statistical purposes after it has been completely anonymised. Information about the purposes of such further processing according to the laws of various countries is available at the eHDSI website.

Who processes and has access to this data?

Your Patient Summary data will be accessible only by authorised and identifiable health professionals involved in your treatment, under professional secrecy, in the country of treatment. These are health professionals in the healthcare organization where you receive your treatment or the pharmacy where you receive your prescribed medicine. Each country of treatment participating in the eHDSI system has undertaken to ensure that the participating health professionals and healthcare providers on their territory have adequate information and training about their duties. Please refer to the eHDSI website for details of the participating countries. The Patient Summary data and Electronic Prescriptions will be transferred through a secure gateway provided by the eHealth National Contact Point designated by each country.

Where and how long is the personal data stored?

The Patient Summary data may be stored for 15 years from the last update for permanent residents of Cyprus and is automatically deleted after this period. However, for visitors from other European countries, the Patient Summary is not stored at all. The retention period may vary in other countries that offer Electronic Cross-Border Health Services, with relevant information available on the eHDSI website. The storage period in other participating countries may vary. Information about the storage periods is available on the eHDSI website.

Your access rights

If you consent to the processing of your Patient Summary data by the eHDSI system, you must explicitly provide your consent. You have the right to: a) rectify any inaccurate data in your Patient Summary data, according to Article 16 of the GDPR. b) obtain the erasure of your Patient Summary data, according to Article 17 of the GDPR. c) object to the processing of your Patient Summary data on grounds relating to your particular situation, according to Article 21 of the GDPR.

You have the right to withdraw your consent at any time.

If you do not consent for your personal data to be processed by the eHDSI system, your data will not be available for you through this system when you are in another country, not even in case of emergency.

Finally, you have the right to lodge a complaint with a supervisory authority either in Cyprus or in the country of treatment, depending on the factual situation.

(II) Summary of Member State-specific information

Member State CYPRUS
Service(s) provided by country
  • Patient Summary.
  • Electronic Prescription and Dispensation.
Data that is exchanged Patient Summary:
  • Identification of the patient/subject (National healthcare patient ID, Family name/surname, Given name, Date of birth, gender, Country of affiliation),
  • Contact information (Patient address),
  • Preferred HP to contact,
  • Contact person/ Legal guardian,
  • Insurance information,
  • Document data,
  • Author and Organisation (Author organisation, Legal authenticator),
  • Additional information / Knowledge resources (External reference, Related with),
  • Allergy, Medical alert information, Medical history (Vaccination/ Prophylaxis information, Resolved, closed or inactive problems, Medical history),
  • Medical problems (Current problems, Medical devices and implants, Procedures, Functional status),
  • Medication summary (Current and relevant past medicines),
  • Social history,
  • Pregnancy history (Current pregnancy status, History of previous pregnancies),
  • Patient provided data,
  • Results,
  • Plan of Care.

Electronic prescription and dispensation:

  • Patient administrative data (Family name/surname, Given name, Date of birth, Personal identifier, gender, Native language),
  • Authentication of the prescription (Identifier of the Prescription, Issue date),
  • Identification of the prescribing health professional (Family name, Given name, Professional qualifications, Details for direct contact, Work address, signature, Health care provider identifier),
  • Identification of the prescribed product (Name of the medicinal product, Identifier of the medicinal product, Identifier(s) of the pharmaceutical product, Identifier(s) of the packaged medicinal product, Marketing authorisation holder, Active substance(s), Strength of the active substance(s), Product classification, Pharmaceutical dose form(s), Unit of presentation(s), Package type, Pack size),
  • Prescription information (Quantity of prescribed product, Dose regimen, Number of units per intake, Frequency of intakes, Route of administration, Duration of treatment, Starting date of therapy, Directions for use, Prescription expiry date, Repeats, Reason for prescription, Substitution),
  • Dispensation information (Identifier of the dispenser, Family name of the dispenser, Given name of the dispenser, Identifier of the pharmacy, Address of the pharmacy, Details of direct contact, Identifier of the prescription, Medicinal product, Dispensed quantity, Dispensation date, Substitution).
Role of the Country in the data exchange
  • Accessing personal data from your home country.

(in case of electronic prescription, will also send dispensation details back to your home country).

  • Providing access to your data to other health professionals in other countries.
Legal basis
  • Your consent is needed before the service can be provided to you.
  • In case of an emergency to the patient, access to your data may be available also without the consent of the patient.

Applicable law(s):

Ο περί Ηλεκτρονικής Υγείας Νόμος του 2019 (neha.org.cy)

Ο περί Εφαρμογής των Δικαιωμάτων των Ασθενών στο πλαίσιο της Διασυνοριακής Υγειονομικής Περίθαλψης Νόμος του 2013 (cylaw.org)

Ο Περί Επεξεργασίας Δεδομένων Προσωπικού Χαρακτήρα (Προστασία του Ατόμου) Νόμος του 2001 - 138(I)/2001 (cylaw.org)

Restriction of access to specific data
  • You may restrict access to specific data.

Narcotic Drugs and Psychotropic Substances Regulations (Regulation 12).
More information about the restrictions you may set:

Cross-border prescriptions | Pharmaceutical Services | (moh.gov.cy)

Purpose of use
  • Treatment purposes.
  • Dispensation of medicinal products.
  • Research, policy-making, and other secondary uses.

https://www.neha.org.cy/en/national-contact-point/

Storage of data Your data will be stored for:

1) PSA data will be stored for 15 years from the last reviewing. 2) PSB data will not be stored. 3) Log data will be stored forever.

  • Data will be stored also for additional purposes.

Purpose: secondary use (anonymized databases).
Storage period: will be deleted upon the receipt of patient’s request.
Any restrictions that apply to the storage period: for secondary use all the data must be anonymized, all the data (for primary & secondary use) are stored encrypted.
Conditions under which the data can be erased ("right to be forgotten"), e.g., the right only applies to data held at the time the request is received. It does not apply to data that may be created in the future. The right is not absolute and only applies in certain circumstances.

Data Protection Officer (DPO)

Name: Terpsithea Kittou
Address: 67Α Limassol Avenue, Aglantzia, 2121, Nicosia, Cyprus
Email: dpo@neha.org.cy
Phone: +357 22436046

Data Processor(s)

Name: National eHealth Authority
Address: 67Α Limassol Avenue, Aglantzia, 2121, Nicosia, Cyprus
Email: info@neha.org.cy
Phone: +357 22436000

Supervisory Authority

(You may need to contact the data protection officer for example in order to lodge a complaint)

Name: Office of the Commissioner for Personal Data Protection.
Address: 15, Kypranoros Street, 1061 Nicosia, P.O. Box. 23378, 1682, Nicosia.
Email: commissioner@dataprotection.gov.cy
Phone: +357 22818456

(III) Link to Member State detailed health professional information notice

Member State CYPRUS
CYPRUS
  • Patient Summary
  • Electronic prescription and dispensation.
Retrieved from "https://wiki.ncpeh.en.neha.org.cy/index.php?title=Patient_Information_Notice&oldid=1925"