This is a presentation building a bridge to procurement for eStandards. More at www.estandards-project.eu

1. eStandards
eHealth Standards and Profiles in
Action for Europe and Beyond
643889
H2020-PHC-2014
11st eStandards Conference, conhIT – Berlin, April 21st, 2016

2. 1st eStandards Conference at conhIT
Bridging ICT standardization
with Procurement
Marcello Melgara
Lombardia Informatica
21st eStandards Conference, conhIT – Berlin, April 21st, 2016

3. Legal & Regulatory Requirements
Several Dimensions
 Public procurement obligations: Dir. 2014/24
 EU ICT standardisation policy:
standardisation to support EU policies,
legislation/regulation and public procurement
 Data Protection Regulation
 Medical Device Directive
- For Data derived from Medical Devices
- + National Interpretation
 mHealth integration
 Cross border Patient Rights: DIR 2011/24/EC
31st eStandards Conference, conhIT – Berlin, April 21st, 2016

4. Legal & Regulatory Requirements
 Standards/Specifications should be classified according to:
- Dir. 2014/24: Art. 42, Technical Specifications, (b)
- by reference to technical specifications and, in order of preference, to:
1. National standards transposing European standards,
2. European Technical Assessments,
3. Common technical specifications,
4. International standards,
5. other technical reference systems established by the European
standardization bodies or - when any of those do not exist - national
standards, national technical approvals or national technical
specifications relating to the design, calculation and execution of the
works and use of the supplies;
– each reference shall be accompanied by the words ‘or equivalent’;
– But: Section 3, Art. 8 Specific exclusions in the field of electronic communications….
(see also Directive 2002/21/EC)
41st eStandards Conference, conhIT – Berlin, April 21st, 2016

5. Legal & Regulatory Requirements
- Dir. 2014/24: Art. 44, Test reports, certification and other
means of proof
– 1. Contracting authorities may require that economic operators
provide a test report from a conformity assessment body or a
certificate issued by such a body as means of proof of conformity with
requirements or criteria set out in the technical specifications, the
award criteria or the contract performance conditions.
… A conformity assessment body shall be a body that performs
conformity assessment activities including calibration, testing,
certification and inspection accredited in accordance with Regulation
(EC) No 765/2008 of the European Parliament and of the Council
– 3. Member States shall make available to other Member States, upon
request, any information related to the evidence and documents
submitted in accordance with Article 42(6), Article 43 and paragraphs
1 and 2 of this Article.
51st eStandards Conference, conhIT – Berlin, April 21st, 2016

6. Legal & Regulatory Requirements
 EU ICT standardisation to support EU policies,
legislation/regulation and public procurement
 Regulation (EU) No 1025:2012 of the European Parliament and
of the Council on European standardisation adopted:
implementation on 1/01/2013
 Commission Decision 2011(C349)04 setting up the Multi -
Stakeholder Platform for ICT standardisation as an expert group
 COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN
PARLIAMENT, THE COUNCIL AND THE EUROPEAN ECONOMIC
AND SOCIAL COMMITTEE: The annual Union work programme
for European standardisation for 2016 (8.1.2016, COM(2015)
686 final)
- eHealth for supporting patients' rights in cross-border
healthcare
61st eStandards Conference, conhIT – Berlin, April 21st, 2016

7. REGULATION (EU) No 1025/2012
on European standardisation,
• European standards are adopted by the European
standardisation organisations, namely European Committee
for Standardisation (CEN), Committee for Electrotechnical
Standardisation (Cenelec) and European Telecommunications
Standards Institute (ETSI),
• Established in co-ordination with ISO, IEC, ITU
• Technical specifications for public procurement could refer to
ICT technical specifications, in order to respond to the fast
evolution in the field of ICT, facilitate the provision of cross-
border services, encourage competition and promote
interoperability and innovation.
71st eStandards Conference, conhIT – Berlin, April 21st, 2016

8. REGULATION (EU) No 1025/2012
Definitions:
• (a) ‘international standard’ means a standard adopted by an
international standardisation body;
• (b) ‘European standard’ means a standard adopted by a
European standardisation organisation;
• (c) ‘harmonised standard’ means a European standard
adopted on the basis of a request made by the Commission
for the application of Union harmonisation legislation;
• (d) ‘national standard’ means a standard adopted by a
national standardisation body;
81st eStandards Conference, conhIT – Berlin, April 21st, 2016

9. REGULATION (EU) No 1025/2012
• Technical specifications not adopted by European
standardisation organisations do not hold an equivalent status
to European standards.
• Lay down a procedure for the identification of ICT technical
specifications that could be referenced in public procurement,
and a list of criteria, for such technical specifications and their
associated development processes. The requirements for the
identification of ICT technical specifications should ensure
that public policy objectives and societal needs are respected,
and should be based on the founding principles.
21/04/20
16 9eStandards WP3 Overview and Planning

10. 101st eStandards Conference, conhIT – Berlin, April 21st, 2016

11. IHE Profiles Technical Specs for Procurement
11
1st eStandards Conference, conhIT – Berlin, April 21st, 2016
Decision 2015/1302,
28/7/2015, allows for the
27 IHE profiles to be
identified as ICT Technical
Specifications eligible for
referencing in public
procurement
Request for evidence
through Test Reports and
Conformance Reports on
Compliance to IHE profiles
through Connect-a-Thon
(cfr. Art. 44)

12. Cross-border interoperability and harmonised DBs
121st eStandards Conference, conhIT – Berlin, April 21st, 2016

13. International Patient Summary
131st eStandards Conference, conhIT – Berlin, April 21st, 2016

14. Mobile Health and Medical Devices
141st eStandards Conference, conhIT – Berlin, April 21st, 2016
BSI PAS 277: quality
criteria for the
development of
health&wellness apps

15. Gaps
• mHealth
– EC CONNECT Working document on Existing EU legal framework
applicable to lifestyle & wellbeing apps (2014)
– Producers of Apps used by EU citizens must have a “policy (&
regulatory?)” framework (?Law? Recommendations? Guidance?
Standards?) to be applied, not just in EU but anywhere they are based
• The problem was studied in order to allow an App/mobile device to
generate data that can be loaded in the EHR, under the direct control
Healthcare institutions
• What is still missing is the governance of data extracted from EHR by the
citizen, provided to “uncontrolled” Apps
• Also citizens’ Apps should follow the framework to allow generated data to
be included in the EHR
– Make reference to BSI PAS 277 on quality criteria for the development of
health&wellness apps
– Should an Apps registration process and Apps registry of compliant Apps
be created and maintained?
– To be considered: the API’s providers in the ecosystem
151st eStandards Conference, conhIT – Berlin, April 21st, 2016

16. Gaps
• Clouds
– The European cloud computing strategy adopted on 27 September 2012
and entitled ‘Unleashing the Potential of Cloud Computing in Europe’
aims to transform Europe into a ‘world cloud computing powerhouse’
for the benefits of citizens and business. It proposes actions in three
areas:
• standardization and certification
• contract and service level agreements
• public sector leadership through the creation of European Cloud
Partnership
– Actions of relevance to eHealth include among others:
• ETSI to identify by 2013 a map of necessary standards to secure interoperability,
security, data portability, reversibility
• Development of EU voluntary certification schemes by 2014
• Commission-industry cooperation to define harmonized levels for energy
consumption of cloud service by 2014
• Commission-industry cooperation to define a code of conduct on data protection
• Establishment of a European Cloud Partnership , including industry, to work on
common procurement requirements for cloud computing services
161st eStandards Conference, conhIT – Berlin, April 21st, 2016

17. Legal & Regulatory Requirements
From:
• Dir 2011/24 on cross border Health
• eIDAS Regulation
• Data Protection Regulation
To Policy agreements/guidelines on cross-border data sharing
- Implications on pre-requisites / exclusions
- Implications on workflows
- Implications on Identification (eIDAS) of Citizens / Patients / Health Professionals
- Implications on Consent: suitability of IHE BPPC / APPC
- Implications on Non-Repudiation / Audit trails and access to them
- Implications on security / e-signatures / e-sealing / encryption
- Others?
171st eStandards Conference, conhIT – Berlin, April 21st, 2016

18. Recommendations
• Public Procurement
– List of standards / technical specifications that can
be used for public procurement, by identifying the
category to which they belong.
– Define a process for the governance and the
maintenance of specs
• Application of the eHDSI governance process
 eHN, because of the Cross-border directive
(2011/24), to adopt a non mandatory guideline for
the National transposition of to the eHealth domain
181st eStandards Conference, conhIT – Berlin, April 21st, 2016

19. Thank you for
your attention
19
www.estandards-project.eu
marcello.melgara@cnt.lispa.it
1st eStandards Conference, conhIT – Berlin, April 21st, 2016