Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
The aim of this Regulation is to establish the European Health Data Space (EHDS) in order to improve natural persons’ access to and control over their personal electronic health data in the context of healthcare, as well as to better achieve other purposes involving the use of electronic health data in the healthcare and care sectors that would benefit society, such as research, innovation, policymaking, health threats preparedness and response, including preventing and addressing future pandemics, patient safety, personalised medicine, official statistics or regulatory activities. In addition, this Regulation’s goal is to improve the functioning of the internal market by laying down a uniform legal and technical framework in particular for the development, marketing and use of electronic health record systems (‘EHR systems’) in conformity with Union values. The EHDS will be a key element in the creation of a strong and resilient European Health Union.
The COVID-19 pandemic highlighted the imperative of having timely access to quality electronic health data for health threats preparedness and response, as well as for prevention, diagnosis and treatment and for secondary use of such electronic health data. Such timely access could potentially contribute, through efficient public health surveillance and monitoring, to more effective management of future pandemics, to a reduction of costs and to improving the response to health threats, and ultimately could help to save more lives. In 2020, the Commission urgently adapted its Clinical Patient Management System, established by Commission Implementing Decision (EU) 2019/1269 , to allow Member States to share electronic health data of COVID-19 patients moving between healthcare providers and Member States during the peak of that pandemic. However, that adaptation was only an emergency solution, showing the need for a structural and consistent approach at Member State and Union level, both in order to improve the availability of electronic health data for healthcare and to facilitate access to electronic health data in order to steer effective policy responses and contribute to high standards of human health.
The COVID-19 crisis strongly cemented the work of the eHealth Network, a voluntary network of authorities responsible for digital health, as the main pillar for the development of contact-tracing and contact-warning applications for mobile devices and the technical aspects of the EU Digital COVID Certificates. It also highlighted the need for sharing electronic health data that are findable, accessible, interoperable and reusable (the ‘FAIR principles’), and ensuring that electronic health data are as open as possible, while respecting the data minimisation principle as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council . Synergies between the EHDS, the European Open Science Cloud and the European Research Infrastructures should be ensured, and lessons should be learned from data-sharing solutions developed under the European COVID-19 Data Platform.
Given the sensitivity of personal electronic health data, this Regulation seeks to provide sufficient safeguards at both Union and national level to ensure a high degree of data protection, security, confidentiality and ethical use. Such safeguards are necessary to promote trust in safe handling of electronic health data of natural persons for primary use and secondary use as defined in this Regulation.
The processing of personal electronic health data is subject to the provisions of Regulation (EU) 2016/679 and, for Union institutions, bodies, offices and agencies, of Regulation (EU) 2018/1725 of the European Parliament and of the Council . References to the provisions of Regulation (EU) 2016/679 should be understood also as references to the corresponding provisions of Regulation (EU) 2018/1725 for Union institutions, bodies, offices and agencies, where relevant.
More and more individuals living in the Union cross national borders to work, study, visit relatives, or for other reasons. To facilitate the exchange of health data, and in line with the need to empower citizens, they should be able to access their health data in an electronic format that can be recognised and accepted across the Union. Such personal electronic health data could include personal data related to the physical or mental health of a natural person, including related to the provision of healthcare services, and which reveal information about that natural person’s health status, personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, as well as data determinants of health, such as behaviour, environmental and physical influences, medical care, and social or educational factors. Electronic health data also include data that have been initially collected for research, statistical, health threat assessment, policymaking or regulatory purposes and it should be possible to make them available in accordance with the rules laid down in this Regulation. Electronic health data consist of all categories of those data, irrespective of whether such data are provided by the data subject or other natural or legal persons, such as health professionals, or are processed in relation to a natural person’s health or well-being and should also include inferred and derived data, such as diagnostics, tests and medical examinations, as well as data observed and recorded by automated means.
In health systems, personal electronic health data are usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies and vaccinations, as well as radiology images, laboratory results and other medical data, spread between different actors in the health system, such as general practitioners, hospitals, pharmacies or care services. In order to allow electronic health data to be accessed, shared and modified by natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. In addition, some Member States provide support to public and private healthcare providers to set up personal electronic health data spaces to enable interoperability between different healthcare providers. Several Member States also support or provide electronic health data access services for patients and health professionals, for instance through patient or health professional portals. Those Member States have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data to the central EHR system, for instance by providing a system of certification. However, not all Member States have put in place such systems, and those Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal electronic health data across the Union and avoid negative consequences for patients when receiving healthcare in a cross-border context, Union action is needed to improve natural persons’ access to their own personal electronic health data and to empower them to share those data. In this respect, appropriate action at Union and national level should be taken as a means of reducing fragmentation, heterogeneity and division, and to create a system that is user-friendly and intuitive in all Member States. Any digital transformation in the healthcare sector should aim to be inclusive and also benefit natural persons with limited ability to access and use digital services, including people with disabilities.