Remote monitoring of cardiac implanted electronic devices: legal requirements and ethical principles - ESC Regulatory Affairs Committee/EHRA joint task force report.

Nielsen JC; Kautzner J; Casado-Arroyo R; Burri H; Callens S; Cowie MR; Dickstein K; Drossart I; Geneste G; Erkin Z; Hyafil F; Kraus A; Kutyifa V; Marin E; Schulze C; Slotwiner D; Stein K; Zanero S; Heidbuchel H; Fraser AG

doi:10.1093/europace/euaa168

Back

Journal article

Remote monitoring of cardiac implanted electronic devices: legal requirements and ethical principles - ESC Regulatory Affairs Committee/EHRA joint task force report.

Nielsen JC Department of Cardiology, Aarhus University Hospital, Palle Juul-Jensens Boulevard 99, DK-8200 Aarhus N, Denmark.
Kautzner J Institute for Clinical and Experimental Medicine, Prague and Palacky University Medical School, Olomouc, Czech Republic.
Casado-Arroyo R Department of Cardiology, Erasme University Hospital, Université Libre de Bruxelles, Brussels, Belgium.
Burri H Cardiac Pacing Unit, Cardiology Service, University Hospital of Geneva, Geneva, Switzerland.
Callens S Centre for Biomedical Ethics and Law, KU Leuven, Leuven, Belgium.
Cowie MR Imperial College London (Royal Brompton Hospital) & National Heart and Lung Institute, Dovehouse Street, London SW3 6LY, UK.
Dickstein K University of Bergen, Stavanger University Hospital, Stavanger, Norway.
Drossart I ESC Patient Forum member, Brussels, Belgium.
Geneste G Cyber Security Group, Delft University of Technology, Delft, The Netherlands.
Erkin Z Cyber Security Group, Delft University of Technology, Delft, The Netherlands.
Hyafil F Départment Médico-Universitaire DREAM, Bichat University Hospital, APHP.7, Inserm 1148, Université de Paris, Paris, France.
Kraus A BIOTRONIK SE & Co. KG, Berlin, Germany.
Kutyifa V University of Rochester Medical Center, Clinical Cardiovascular Research Center, Rochester, NY, USA.
Marin E School of Computer Science, University of Birmingham, Birmingham, UK.
Schulze C Division of Cardiology, Angiology, Pneumonology and Intensive Medical Care, Department of Internal Medicine I, University Hospital Jena, Friedrich-Schiller-University Jena, Am Klinikum 1, Jena, Germany.
Slotwiner D Division of Cardiology, New York Presbyterian Queens and School of Health Policy and Research, Weill Cornell Medical College, New York, NY, USA.
Stein K Boston Scientific, Arden Hills, MN, USA.
Zanero S Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano, Milan, Italy.
Heidbuchel H Department of Cardiology, UniversityHospital Antwerp, University of Antwerp, Antwerp, Belgium.
Fraser AG School of Medicine, Cardiff University, Cardiff, UK.

2020-07-30

Published in:

Europace : European pacing, arrhythmias, and cardiac electrophysiology : journal of the working groups on cardiac pacing, arrhythmias, and cardiac cellular electrophysiology of the European Society of Cardiology. - 2020

Cardiac implantable electronic device

ESC Regulatory Affairs Committee

General Data Protection Regulation

English The European Union (EU) General Data Protection Regulation (GDPR) imposes legal responsibilities concerning the collection and processing of personal information from individuals who live in the EU. It has particular implications for the remote monitoring of cardiac implantable electronic devices (CIEDs). This report from a joint Task Force of the European Heart Rhythm Association and the Regulatory Affairs Committee of the European Society of Cardiology (ESC) recommends a common legal interpretation of the GDPR. Manufacturers and hospitals should be designated as joint controllers of the data collected by remote monitoring (depending upon the system architecture) and they should have a mutual contract in place that defines their respective roles; a generic template is proposed. Alternatively, they may be two independent controllers. Self-employed cardiologists also are data controllers. Third-party providers of monitoring platforms may act as data processors. Manufacturers should always collect and process the minimum amount of identifiable data necessary, and wherever feasible have access only to pseudonymized data. Cybersecurity vulnerabilities have been reported concerning the security of transmission of data between a patient's device and the transceiver, so manufacturers should use secure communication protocols. Patients need to be informed how their remotely monitored data will be handled and used, and their informed consent should be sought before their device is implanted. Review of consent forms in current use revealed great variability in length and content, and sometimes very technical language; therefore, a standard information sheet and generic consent form are proposed. Cardiologists who care for patients with CIEDs that are remotely monitored should be aware of these issues.

Language

English

Open access status

green

Identifiers

DOI 10.1093/europace/euaa168
PMID 32725140

Persistent URL

https://sonar.ch/global/documents/170906

Statistics

Document views: 50 File downloads:

Full-text: 0

Journal article

Remote monitoring of cardiac implanted electronic devices: legal requirements and ethical principles - ESC Regulatory Affairs Committee/EHRA joint task force report.

Cardiac implantable electronic device

Cybersecurity

Data controller

Data processor

EHRA

ESC Regulatory Affairs Committee

General Data Protection Regulation

Informed consent

Informed consent form

Joint data controller

Remote monitoring

Statistics