Health Data in the EU and UK: Regulatory Trends and Developments

With the General Data Protection Regulation (GDPR) resulting in a rise in enforcement incidents, it is prudent for organizations operating in the health and life sciences industries across the United Kingdom, European Union (EU) and other European Economic Area (EEA) nations to assess their responsibilities regarding the gathering and handling of health data.

Major Points:

  • “Data concerning health” is a wide term; it doesn’t just apply to medical records. Policies and processing records should accurately capture all health data, including inference data.
  • Most EEA countries, and the United Kingdom, have national laws that supplement GDPR.
  • Consent is not the only legal basis for collecting, storing and using health data; there are other options available, but be aware that “insufficient legal basis for data processing” is a common type of GDPR violation.
  • If used, health data consents must be granular, specific and transparent, and they must break down all the purposes for which the data is being processed. Consent must be granted on an “opt-in” basis and not as a result of a pre-filled tick box.
  • Health data may be reused for genuine scientific research purposes provided the processing is compatible with the original use, appropriate safeguards are in place and any separate national law conditions are satisfied.
  • Privacy policies and transparency notices must be clear about the basis on which health data is processed.
  • Proceed carefully and consider reidentification risk when relying on anonymisation to process data; document any reidentification risk assessment and periodically review risk assessment in light of developments in publicly available data and evolving risk environment. Technical measures, such as evolving encryption standards, should be reviewed periodically.

Read more here.

Sharon Lamb
Sharon Lamb focuses her practice on transactional and regulatory advice in the health and life sciences sector. She advises on global transactional mandates, including mergers and acquisitions and joint ventures in health services, pharma and life sciences, digital health and health data technologies. Read Sharon Lamb's full bio.

Deniz Tschammler
Dr. Deniz Tschammler counsels pharmaceutical companies, manufacturers of medical devices and in vitro diagnostics, providers of healthcare platforms as well as their investors in complex sector-specific projects. He advises his clients on the various regulatory challenges of the German and European health market, transactions and strategic collaborations, disputes in competition and with authorities, market entry and reimbursement pathways, data protection and the establishment of compliance organizations. Read Dr. Deniz Tschammler's full bio.

Daniel F. Gottlieb
Daniel F. Gottlieb counsels a wide range of health care industry clients, including health care providers, health plans, health information technology (IT) vendors and life sciences companies. He represents these entities on health IT acquisitions, privacy and data protection, reimbursement, fraud and abuse, and other health care regulatory and transactional matters. Daniel is a co-leader of the Firm’s Global Privacy and Cybersecurity Practice. Read Daniel Gottlieb's full bio.

Lorraine Maisnier-Boché
Lorraine Maisnier-Boché focuses her practice on data protection and information technology (IT) law. She has deep experience in the digital and IT sector as well as the health care industry, frequently advising health care professionals, hospitals, governmental entities, insurance companies, medical device manufacturers, software editors and hosting service providers on complex IT projects. ReadLorraine Maisnier-Boché's full bio.

Pilar Arzuaga
With nearly a decade of experience focused on data privacy law, Pilar advises health, life sciences, robotics, artificial intelligence, ad tech, retail, telecommunications, media, internet of things, cloud services and financial organizations on local and global solutions for their data and privacy compliance issues. She has extensive experience working with in-house lawyers on global compliance projects and liaising directly with business and technical teams to achieve effective and practical legal implementation. Read Pilar Arzuaga's full bio.




Top ranked chambers 2022
US leading firm 2022