Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 10. Right of natural persons to opt out in primary use
- 1.Member States’ laws may provide that natural persons have the right to opt out from the access to their personal electronic health data registered in an EHR system through the electronic health data access services referred to in Articles 4 and 12. In such cases, Member States shall ensure that the exercise of that right is reversible.
- 2.If a Member State provides for a right referred to in paragraph 1 of this Article, it shall establish the rules and specific safeguards regarding the opt-out mechanism. In particular, Member States may provide for a healthcare provider or health professional to be able to get access to the personal electronic health data in cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person as referred to in Article 9(2), point (c), of Regulation (EU) 2016/679, even if the patient has exercised the right to opt out in primary use.
Relevant Recitals for this Article
Regulation (EU) 2016/679 sets out specific provisions concerning the rights of natural persons in relation to the processing of their personal data. The EHDS builds upon those rights and complements some of them as applied to personal electronic health data. Those rights apply regardless of the Member State in which the personal electronic health data are processed, type of healthcare provider, sources of those data or Member State of affiliation of the natural person. The rights and rules related to the primary use of personal electronic health data under this Regulation concern all categories of those data, irrespective of how they have been collected or who has provided them, the legal ground for the processing under Regulation (EU) 2016/679 or the status of the controller as a public or private organisation. The additional rights of access and portability of personal electronic health data provided for in this Regulation should be without prejudice to the rights of access and portability as established under Regulation (EU) 2016/679. Natural persons continue to have those rights under the conditions set out in that Regulation.
In addition, due to the different sensitivities in the Member States on the degree of patients’ control over their health data, Member States should be able to provide for an absolute right to opt out from access to their personal electronic health data by anyone other than the original controller, without any possibility to override that opt-out in emergency situations. In such a case, Member States should establish the rules and specific safeguards regarding such opt-out mechanisms. Those rules and specific safeguards could also relate to specific categories of personal electronic health data, for example genetic data. The right to opt out means that personal electronic health data relating to the natural person who exercises that right would not be made available through the services set up under the EHDS other than to the healthcare provider that provided the treatment. Member States should be able to require the registration and storage of personal electronic health data in an EHR system used by the healthcare provider who provided the health services and accessible only to that healthcare provider. If a natural person has exercised the right to opt out, healthcare providers will still document the treatment provided in accordance with applicable rules, and will be able to access the data registered by them. Natural persons who exercise the right to opt out should be able to reverse their decision. In such cases, personal electronic health data generated during the period of the opt-out might not be available via the access services and MyHealth@EU.