Health Professional Information Notice (HPIN) about MyHealth@EU services
(I) General information about MyHealth@EU
What is MyHealth@EU?
MyHealth@EU, also called the eHealth Digital Service Infrastructure (eHDSI) enables the safe processing of your personal data, related to your role as a healthcare professional involved in the treatment of patients and the provision of medicines. This is done by electronic means through secure gateways provided by National Contact Points for eHealth (NCPeH) designated by each country. Each country identifies which organization assumes the responsibility as a data controller for the processing of your data, as this is subject to the country's legislation. See the last page for information specific to this country.
Which categories of your data are exchanged?
1) Patient summary – the most important information about your health is collected from the country where it is stored, such as your home country, in order to use it for treatment in another country. The patient summary includes relevant information needed for identifying the health professional that is treating the patient:
- Name of the health professional - Name of the Health Professional that has been treating or taking responsibility for the patient,
- Role of the health professional - The health professional's role in the organisation (i.e., healthcare provider),
- Health professional's organisation - Name of the health professional's organisation (i.e., healthcare provider),
- Telephone no. - telephone number of the health professional at the organisation (i.e., healthcare provider),
- Email - Email of the health professional or organisation (i.e., healthcare provider),
- Network affiliation - the health professional's organization that is affiliated with a European network, e.g., the European Reference Networks (ERN),
- Related with - Identification of the entry or entries of this Patient Summary for which the health professional is the preferred contact.
2) Electronic prescription and dispensation - the patient can get a prescription for medicine from a healthcare provider in one country and receive medication through a pharmacy in another EU country. The electronic prescription contains essentially the same information as a regular paper prescription, i.e. identification of the prescriber, the patient and the medicine prescribed. The electronic dispensation includes information about the medicine dispensed. This information will be sent by the pharmacy back to the country that issued the prescription. ePrescribing is defined as prescribing medicines through the support of software by a health professional who is legally authorised to do so, so that the medicine can be dispensed by a pharmacy, and eDispensation (eDispensing) is defined as the act of electronically retrieving a prescription and reporting on the dispensation of the medicine to the patient as indicated in the corresponding ePrescription. Hence, the following information is included: a) data used to identify the health professional who is entitled (according to national law) to prescribe medicinal products, and b) data used to identify the health professionals/health care providers who are entitled (according to national law) to dispense medicinal products.
To identify the prescribing health professional, the following information is processed:
- Family name - The family name/surname/last name of the prescriber. This enables the prescriber to be traced in the event of questions or emergencies,
- Given name - The given name/first name of the prescriber. This enables the prescriber to be traced in the event of questions or emergencies,
- Professional qualifications - The professional title of the prescribing health professional, which may be used to prove the authority of the prescriber,
- Details for direct contact - Details for direct contact could be an email address and/or phone/fax number of the prescriber in order for the dispenser and/or patient to contact the prescriber. This might be necessary if problems arise with dosage, allergies, reimbursement etc.,
- Work address - This is the address of the hospital or the practice, etc. where the health professional normally works, meets patients and prescribes medication. Minimally, the country is specified,
- Signature - Digital signature or token as proof of the authenticity of the prescriber,
- Health care provider identifier - A unique number or code issued for the purpose of identifying a health care provider [ISO/TS 27527:2010]; this may be a license or registration number which can be used to trace the prescriber and to check whether a medicinal product was prescribed by the right person according to the law of the prescribing country.
3) Original clinical documents – documents containing your health information, such as laboratory results, hospital discharge letters, and medical images. This personal data is available in so far as it is already recorded in electronic form in your home country. The source(s) of this data varies from country to country. See the last page for information specific to this country.
What is the legal basis for the use of your personal data?
The MyHealth@EU services will become available for you depending on the conditions set individually by each country. When the patient receives treatment or medicine abroad, your data will be recorded in the country of treatment (or medicine dispensation) according to the EU General Data Protection Regulation, the national legislation of that country and the internal rules of the particular healthcare provider. Emergency situations may justify the use of your data for the treatment of the patient without the patient’s consent. See the last page for information specific to this country.
What is the purpose of the processing?
The primary purpose for processing your data is the medical treatment of your patient or the provision of medicine. However, due to the national legislation of each Member State, there may be additional purposes. See the last page to check if such additional purposes are applicable to this country.
Who processes and has access to this data? (recipients of personal data)
Your personal data will be accessible by the National Contact Points for eHealth, i.e., entities that process your data to ensure its secure transmission to and from the specific healthcare organization or pharmacy, logging, or other related activities. The list of data processors is indicated on the last page.
Where and for how long is the personal data stored?
The collected personal data may be stored in the information systems of the health institutions both in your home country and the country of treatment or dispensation of medicine. The data shall be stored for no longer than is necessary for the purpose for which your personal data is processed. The storage period(s) in this Member State is indicated on the last page.
What are your rights and how to exercise them?
You have the right to access your personal data.
Apart from that, you can exercise the rights of rectification, erasure, restriction of the processing and data portability.
In order to exercise your rights, you may contact us.
Contact details are available on the last page.
Also, you have the right to lodge a complaint before the supervisory data protection authority.
The list of the national supervisory authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
(II Summary of Member State-specific information)
Member State | CYPRUS |
---|---|
Service(s) provided by country |
|
Data that is exchanged | Patient Summary:
Electronic prescription and dispensation:
|
Role of the Country in the data exchange |
(in case of electronic prescription, will also send dispensation details back to your home country).
|
Legal basis |
Applicable law(s): |
Restriction of access to specific data |
Narcotic Drugs and Psychotropic Substances Regulations (Regulation 12).
Cross-border prescriptions | Pharmaceutical Services | (moh.gov.cy) |
Purpose of use |
|
Storage of data | Your data will be stored for:
1) PSA data will be stored for 15 years from the last reviewing. 2) PSB data will not be stored. 3) Log data will be stored forever.
Purpose: secondary use (anonymized databases). |
Data Controller(s)
(You may need to contact the data controller for example in order to exercise your data protection rights) |
Name: Rafael Michael |
Data Processor(s) |
Name: Vanthia Toumpouri |
Data Protection Officer
(You may need to contact the data protection officer for example in order to lodge a complaint) |
Name: Office of the Commissioner for Personal Data Protection. |