Jennifer Carroll MacNeill (Dún Laoghaire, Fine Gael)

It certainly will be required. I am very glad. I understand that there will be a technical briefing next week or the week after in relation to that, which is a step in the ongoing engagement that is appropriate of that nature. I agree with what Deputy Cullinane said in respect of taking forward electronic health records generally, but, if I may, I will deal with the amendment before us.

It is important to say to Deputy Rice that there has been a really sustained and positive engagement with the Data Protection Commission throughout the drafting process relating to this Bill. It is envisaged that this engagement will continue into the implementation phase. Consultation is specifically provided for in relation to data processing safeguards, ministerial regulations and HSE guidelines, among other things. This is going to be a constant frame of engagement. In addition, the Bill already provides for a full review no later than five years after the passing of the Act. That has to be done in consultation with the Commissioner for Data Protection.

The Health Information Bill complements and builds on the rights of natural persons provided under the GDPR in respect of their personal data. By way of example, it provides that a patient or their representative may restrict access by health service providers to all or part of their electronic health records, subject to being advised of the consequence of their decision. Importantly, if a health service provider accesses restricted information, the HSE has to keep a record of that and the reasons why it was accessed. Patients have the right, subject to some caveats, to obtain information on access to their records, the date and time of access, how it was accessed and the personal health data that was accessed. This is an important transparency measure to ensure patient confidence in the health record system.

We can imagine the circumstances in which this may be important. If I was in long-term care in, for example, a particular hospital in Dublin and then was involved in a car accident in Cork and is brought to Cork University Hospital, which is a major trauma centre, I would very much want my electronic health records to be immediately available to the staff there in order that they could treat me in the best way possible. That is the huge advantage of electronic health records generally and of the sharing of information that is enabled by this legislation. It is not something that I would opt out of, but the Bill provides for people to be able to do that and to have that respect afforded to them, as long as they are advised of the potential consequences of doing so. We are not trying to force anybody to do anything in particular, but there are major advantages to the sharing of information in their own interests.

It is also important for the Deputy to note that this Bill is the first of a suite of legislative measures to give full effect to the EU regulation on the European health data space under which member states are required to appoint a digital health authority to oversee governance of the primary use of electronic health data. Member states must formally appoint their digital health authorities by March 2027. As part of its role, the digital health authority must publish an activity report every two years. That report must contain the measures to implement the regulation and information on the percentage of the population with access to the various data categories in the electronic health records and on the handling of requests from individuals regarding the exercise of their personal rights under the regulation.

The digital health authority will also be expected co-operate with a range of health stakeholders. This will include the Data Protection Commission. The authority will be mandated to accept complaints in respect of infringements and patient rights, and to immediately refer those to the Data Protection Commission. I am not sure if Deputies received an update on this, but I can confirm that it is intended to appoint the HSE to the role of digital health authority. The Bill provides the HSE with the clarity in Irish law that it will need.

For all of these different reasons and the safeguards that are built in, I am not in a position to accept this amendment. I hope I have given the Deputy some comfort as to the level of detail of engagement the Data Protection Commission will have at all stages.

See this speech in context