POLICY MONITOR

European Commission – Proposal for a regulation of the European Parliament and of the Council on the European Health Data Space

The European health data space should become the first domain-specific common European data space, a concept that was launched in the European data strategy proposal. Data spaces for industry & manufacturing, agriculture, mobility, energy and other themes will follow later. The EHDS will be a common space where natural persons can easily control their electronic health data. It will also make it possible for researchers, innovators and policy makers to use electronic health data in a trusted and secure way that preserves privacy. This should ensure better diagnosis, treatment and well-being of natural persons, and lead to better and well- informed policies. It also aims to contribute to a genuine single market for digital health products and services, by harmonising rules, and so boost healthcare system efficiencies.

What: Legislative proposal

Impact score: 2

For who: citizens, health care professionals, researchers, regulators, policy makers

URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022PC0197

Key takeaways for Flanders

  • In the EU there is a need for norms and standards for a better exchange of health data. But the text of the proposal leaves open whether the choice is made for standardisation of the underlying ICT architecture (the structure needed for systems to communicate with each other) or for message traffic (the communication between the various ICT systems). A change in the ICT architecture would be a sensitive issue because the current way of working (with different ICT systems) is a good earning model for ICT suppliers.
  • The harmonisation of the digital healthcare landscape will continue in our country. It will therefore be important to keep checking whether the federal and regional developments in the field of legislation and regulations are in line with the European Commission's proposals.


Summary

The EHDS is a health-specific data sharing framework establishing clear rules, common standards and practices, infrastructures and a governance framework for the use of electronic health data by patients and for research, innovation, policy making, patient safety, statistics or regulatory purposes. One of the key elements of the proposal is the international standardisation, which should give an important impetus to the desire of the healthcare field to enforce interoperability between healthcare providers and to give patients more control over their medical data. It should also make the exchange of healthcare data in and between countries of the European Union uniform. The text builds on General Data Protection Regulation (GDPR), proposed Data Governance Act, draft Data Act and Network and Information Systems Directive.

Whether the EHDS will be a success depends on how legal uncertainties, created by the uneven implementation of the GDPR, will be addressed effectively and on convincing researchers that they can reuse and share health data in a safe and legally compliant environment. The barriers around the secondary use of health data are well identified clearly by the Joint Action Towards the European Health Data Space (TEHDAS). One of the biggest problems facing health care professionals are the difficulties difficulties in linking health care systems. This is caused by the choices made in the past with regard to the architecture of ICT programmes.

Cross-border infrastructure

The regulation aims to harmonise the European digital healthcare landscape through European control over data exchange. To enforce this, a compulsory cross-border infrastructure ('MyHealth@EU') was already set up, but will be expanded (MRI scans, lab results) whereby member states will be obliged to create patient records, electronic prescriptions, images, laboratory requirements and discharge reports in a common European format. The draft proposal indicates that member states will have to create a national contact point that will act as joint controller for the processing carried out in MyHealth@EU. The Commission would be their processor. The proposal also lays down rules for the commercialisation of electronic health records (EHRs) (See Article 12).

Furthermore, a new European Digital and Health Data Board will be set up, chaired by the Commission. The board will consist out of digital health authorities and health data access bodies, as well as observers. The board should help ensure consistent application of the rules across the EU, including by advising the European Commission and working with other EU bodies and stakeholders, such as patient organisations.

Primary use of health care data

This concerns use of health data for:

  • treating the patient;
  • prescription and dispensing of medicines and medical devices;
  • social security, administrative or reimbursement services.

The success of the European Health Data Space and its objectives depend on the willingness of citizens to share their most legitimate data. The proposed EHDS regulation will strengthen patients' rights to their electronic health data, in addition to the rights already provided for in the GDPR. Patients will have the following additional rights:

  • The regulation gives citizens more control over their own medical records. First of all, the regulation creates the right to have free electronic access to one's own health data. Access would be made available through the use of a personal electronic health data access service. In addition, citizens will have the choice to share this data with care providers in their own country and other Member States.
  • The possibility of entering health data in their own electronic patient record (EPR), provided that this data is clearly marked as having been added by the patient .
  • The right to restrict access by health professionals to all or part of their electronic health records.

On the other hand, health professionals will

  • have access to the electronic health records of natural persons undergoing treatment, regardless of the Member State of affiliation and the Member State of treatment;
  • ensure that the personal electronic health records of the natural persons they treat are updated with information concerning the health services provided.

Secondary use of health care data

This concerns use of health data for other purposes that benefit society:

  • research & innovation
  • policy making
  • patient safety
  • personalised medicine
  • official statistics
  • regulatory activities.

The proposed system will be based on three actors: health data access bodies, data holders and data users.

Data holders

Data holders are persons and bodies who hold electronic health data and will be obliged to make these data available for secondary use, for example: hospitals, research institutes, national and European public administrations, and private companies managing certain health data. According to the proposal, data holders may charge a reasonable fee for making electronic health data available for secondary use.

Data users

These can be all sorts of people or organisations, such as researcher, health professionals, policy makers and regulators. Data users may request access to data either directly from the data controller or through the intermediary of health data access bodies. To do so, they must first apply for a data authorization. Data users should, no later than 18 months after the completion of the processing of electronic health data, make public the results or outputs of the secondary use of electronic health data.

There are a number of purposes for which the secondary use of health data is prohibited. These include making decisions against an individual to exclude him from a benefit for an insurance contract, commercial advertising or automated decision-making such as profiling.

Health Data Acces Bodies

These bodies are set up by the member states to ensure simplified access to electronic health data for secondary purposes. This can be an existing body or a newly created body. They act as intermediaries between data holders, potential data users and - in some cases – patients. The bodies examine requests from potential users and issue data permits, i.e. administrative decisions granting a data user access to data. Some Member States have already created Health Data Access Bodies such as Findata, French Data Hub, German Forschungsdatenzentren

Next steps

After its launch, the regulation will be discussed by the Council and the European Parliament. Once both institutions have adopted a position, they can start interinstitutional negotiations to reach an agreement on the regulation. Given the major impact the proposal will have on the infrastructure, product certifications and working practices of healthcare providers and EHR manufacturers, it is not to be expected that the proposed regulation will enter into force in the short term.

By 2025, the EC hopes to have all member states on board for cross-border infrastructure