Table 7.
Legal documents from the EUa.
| No | Legal document | Type |
| 1 | Penal Code [41,69] | Case law |
| 2 | Directive 95/46/EC | Directive [70,71] |
| 3 | NISb Directive | Directive [72] |
| 4 | The directive on patients’ rights in cross-border health care (Directive 2011/24) | Directive [73] |
| 5 | Directive 2009/136/EC amending Directive 2002/58/EC (Privacy Directive) | Directive |
| 6 | Data Protection and Privacy in Electronic Communications—e-Privacy Directive (it replaces Directive 97/66/EC) [74] | Directive |
| 7 | Directive 99/93/EC | Directive [75] |
| 8 | The Patients’ Rights Directive (2011/24/EU) [73] | Directive |
| 9 | Recommendation CM/Rec(2019)2 of the Committee of Ministers to member states on the protection of health-related data [76] | Guidelines |
| 10 | GCPc | Guidelines [71] |
| 11 | Recommendation No. R (97) 5 of the Committee of Ministers to Member States on the Protection of Medical Data | Recommendation [77] |
| 12 | GDPRd [16,78-83] | Regulation |
| 13 | EU regulation and compliance of national and transborder data flows | Regulation |
| 14 | Medical Device Regulation 2017/745 of EU [41] | Regulation |
| 15 | Regulation 2014/910 (the eIDASe Regulation) [78] | Regulation |
| 16 | A European standardization group for Security and Privacy of Medical Informatics (CEN TC 251/WG6f) [84,85] | Standard |
| 17 | GEHRg/CENh standards ENVi 12265 and ENV 13606 [86,87] | Standard |
aEU: European Union.
bNIS: Network and Information Security.
cGCP: Good Clinical Practice.
dGDPR: General Data Protection Regulation.
eeIDAS: electronic identification and trust services.
fCEN TC 251/WG6: Commission for European Normalization Technical Committee/Working Group 6.
gGEHR: Good European Health Record.
hCEN: European Committee for Standardization.
iENV: Electronic Healthcare Record Communication for the exchange of electronic health records.