EHDS Regulation: sharing and transferring high-quality health data in the EU
In April 2024, the European Parliament approved the European Health Data Space (EHDS) regulation, which is expected to be ratified by EU member states soon. The aim of these data spaces is to unlock extensive repositories of existing data and facilitate their accessibility for research, innovation, and development, while ensuring compliance with pertinent data protection regulations.
The European Health Data Space constitutes a specialized environment defined by regulations, shared standards, operational practices, infrastructure, and a governance framework. It aims to establish a unified structure across European Union Member States for the sharing and transfer of high-quality health data, including electronic health records, patient registries, and genomic data, throughout the EU.
1st EHDS key point – patients: primary use of health data
Individuals will have the increased ability to control and digital use of their electronic health data within their home country or across other Member States, granting them greater autonomy over their personal health information. The European Health Data Space, together with the GDPR, will provide individuals with several rights. Consequently, it ensures immediate and easy access to electronic health data without any cost to individuals. People can easily share these data in electronic form with other health professionals both within their own Member State and across borders, without hindrance from previous healthcare providers or manufacturers. They will retain full control and will be able to add information to their electronic health record, correct wrong data, limit access, and obtain information on how their data are used and for which purpose.
2nd EHDS key point – data users: secondary use of health data
The secondary use of data involves making it available for research and innovation. To facilitate this, data holders, which include both public and private entities, must identify the categories of data they possess and share them with health data access bodies. These bodies then provide the data to users, such as scientific researchers, through a secure platform.
Data users typically access anonymous data, but pseudonymized data is permitted if needed. Data holders are required to provide various data types, including health records, clinical trial data, genomic data, and nonpersonal data related to health determinants. They must organize and distribute this data to health data access bodies, who then grant access to users after approving permits for specific purposes like scientific research and product development.
Individuals have the right to opt-out of data sharing, although member states can override this for public data use. There are uncertainties regarding anonymization standards and responsibilities, as overly strict anonymization may limit data usefulness. Legal provisions ensure compliance with data protection regulations, but implementing these provisions, particularly concerning pseudonymous data, is complex.
3rd EHDS key point – electronic health records
The European Health Data Space (EHDS) underscores the significance of consistency and interoperability in electronic health records (EHRs) to facilitate cross-border healthcare, protect patient rights, and enable data sharing for secondary use. The EHDS features a section outlining technical criteria for EHRs, including conformity assessment, common specifications, documentation prerequisites, and a CE marking.
These specifications aim to facilitate the sharing of health data across the EU for healthcare delivery and research purposes. Medical devices and high-risk AI systems asserting interoperability with EHRs must adhere to these standards. Additionally, wellness apps must attain a compliance label if they claim compatibility with EHRs and meet the essential requirements.
4th EHDS key point – data localization
Originally, the European Health Data Space (EHDS) proposal from the Commission did not include specifications for data localization. However, prompted by apprehensions voiced by data protection authorities, proposed revisions in Parliament aimed to introduce extensive data localization duties. Ultimately, the EHDS’s final iteration mandated data localization solely for data managed by health data access bodies, leaving out data managed by data holders.
5th EHDS key point – international data transfers
Originally, the European Health Data Space (EHDS) proposal from the Commission did not include specifications for data localization. However, prompted by apprehensions voiced by data protection authorities, proposed revisions in Parliament aimed to introduce extensive data localization duties. Ultimately, the EHDS’s final iteration mandated data localization solely for data managed by health data access bodies, leaving out data managed by data holders.
Final considerations about the EHDS
The European Health Data Space (EHDS) will be enacted 20 days after its publication in the Official Journal of the European Union. However, most of its provisions won’t take effect until four to ten years later due to the extensive preparatory work required by stakeholders. Several practical issues, such as the need for secondary legislation and updates to electronic health records systems, still need resolution. Nonetheless, if member states and the Commission can streamline implementation without introducing unnecessary complexities, the EHDS has the potential to revolutionize healthcare and scientific research in the EU.