Publications

Healthcare and Life Sciences | Health Information Mobility Law

February 2023

In January 2023, the Israeli Ministry of Health (the “MOH”) published a draft memorandum of the “Health Information Mobility Law” (the “Proposed Law”). The Proposed Law is open for public comments until February 14, 2023. The purpose of the Proposed Law, among others, sets regulations and guidelines intended to allow patients to access to their medical information, as well as to transfer such medical information to third parties; to improve the quality of medical care; to allow maintenance of the therapeutic sequence; to exercise patients’ rights; and to enable the rapid entry of innovative technologies into the healthcare sector.

The following are the main issues that are addressed under the Proposed Law:

1. Information Standardization and Quality. The Proposed Law provides the Director General of the MOH (the “Director General”) authorities with respect to the quality and structure of the data, including the definition of clinical terminologies that must be used when data is coded into patients’ medical records.

2. Setting “Information Baskets”. The Proposed Law establishes a new definition of “Information Basket”, which is a consolidated group of information items divided according to clinical or administrative content (e.g., diagnoses, medications, appointments). The Information Baskets will allow a proportional transfer of information, according to needs and circumstances.

3. Data Sources. The Proposed Law further defines who are the bodies that fall within the definition of “Data Sources”, to which the provisions of the Proposed Law will apply, among other things with respect to standardization and quality (e.g., HMOs, hospitals). In addition, the Minister of Health is given the authority to declare additional bodies that provide health services as sources of information.

4. Obligation to Transfer Data to the Data Recipients; Data Recipient License. It is proposed to obligate the Data Sources to transfer health information to “Data Recipient” (i.e., bodies authorized by the Director General to receive information in accordance with a Data Recipient License(, who were granted a license to act as such, in accordance with the access authorization given by the patient. The Proposed Law establishes a reciprocity mechanism, according to which a body which is a Data Recipient will also be defined as a Data Source, unless exempt accordance with the provisions of the Proposed Law. Those who wish to act as Data Recipients are required to obtain a license from the Director General. The Proposed Law distinguishes between different types of Data Recipients, such as all Data Recipients are required to provide an evidence that they have the skills and technological means required in order to meet the obligations that apply to Data Recipients by the law; and other bodies that provide health services (e.g., healthcare apps, private companies) which are further required to present to the Director General a business model and a revenue model that demonstrate that such bodies act in line with the public interest.
We note that the Proposed Law allows the Director General to exempt a foreign corporation from some of the conditions for obtaining a such a license, as long as such body’s activity is regulated at a sufficient level, as such is determined, in the Director General discretion within the applicable law of the foreign country.

5. Purposes of Use. The Proposed Law determines a list of purposes for which medical data can be obtained. Such purposes include, among others, research and development (subject to, among others, an approval from the applicable Helsinki Committee and an informed consent from the relevant patents).

6. Obligations of Data Recipients & Data Sources. The Proposed Law regulates the manner of activity of Data Recipients and the duties imposed to such bodies (e.g., confidentiality, instructions in case of conflict of interest, data security), as well as the Data Sources. It is proposed that the Director General will have authorization to determine the data security and privacy protection requirements that will apply to Data Sources, as well as the level of service such bodies will be required to meet.

7. Enforcement. The Proposed Law sets forth certain penalties which may be imposed on bodies that breach the obligations under such Proposed Law (in some circumstances up to 2-years imprisonment or up to NIS 2,825,000 fines). The Proposed Law further provides the Director General authorization to impose sanctions (e.g., administrative fines and notice ordering the breaching bodies to cease the activity causing the violation) on Data Sources and the Data Recipients who fails to comply the provisions of the Proposed Law.

For additional information please contact Partner Hili Cohen, Head of Life Sciences Department (Hili@gkh-law.com), Partner Tami Fishman (Tamif@gkh-law.com), Adv. Ofir Goldstein (Ofirg@gkh-Law.Com) or Adv. Moran Oren Shoham (morans@gkh-law.com).


Goldfarb Gross Seligman & Co. Law Firm is one of the leading law firms in Israel, with over 520 attorneys. Goldfarb Gross Seligman & Co. specializes, both in Israel and abroad, in various fields of law including Mergers and Acquisitions, Capital Markets, Hi-Tech and Venture Capital, Healthcare and Life Science, Banking, Real Estate, Litigation, Antitrust, Energy & Project Financing, Administrative Law, Tenders and Municipal Government, Infrastructure, Environmental Law, Sustainability–ESG and Cleantech, Intellectual Property, Labor Law and Tax.

This alert is prepared as an informational service to clients and colleagues of Goldfarb Gross Seligman & Co. and the information presented is not intended to provide legal opinions or advice. Readers should seek professional legal advice regarding the matters about which they are particularly concerned.