Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 19. Digital health authorities
- 1.Each Member State shall designate one or more digital health authorities responsible for the implementation and enforcement of this Chapter at national level. The Member States shall inform the Commission of the identity of the digital health authorities by 26 March 2027. Where a Member State designates more than one digital health authority or where the digital health authority consists of multiple organisations, the Member State concerned shall communicate to the Commission a description of the distribution of tasks between those various authorities or organisations. Where a Member State designates several digital health authorities, it shall designate one digital health authority to act as coordinator. The Commission shall make that information publicly available.
- 2.Each digital health authority shall be entrusted with the following tasks and powers:
- (a)ensuring the implementation of the rights and obligations provided for in this Chapter and Chapter III by adopting necessary national, regional or local technical solutions and by establishing relevant rules and mechanisms;
- (b)ensuring that complete and up-to-date information about the implementation of rights and obligations provided for in this Chapter and Chapter III is made readily available to natural persons, health professionals and healthcare providers;
- (c)in the implementation of technical solutions referred to in point (a) of this paragraph, ensuring that such technical solutions comply with this Chapter, Chapter III and Annex II;
- (d)contributing at Union level to the development of technical solutions enabling natural persons and health professionals to exercise their rights and comply with their obligations set out in this Chapter;
- (e)facilitating persons with disabilities to exercise their rights under this Chapter in accordance with Directive (EU) 2019/882 of the European Parliament and of the Council ;
- (f)supervising the national contact points for digital health and cooperating with other digital health authorities and the Commission on further development of MyHealth@EU;
- (g)ensuring the implementation at national level of the European electronic health record exchange format, in cooperation with national authorities and stakeholders;
- (h)contributing at Union level to the development of the European electronic health record exchange format, to the elaboration of common specifications, in accordance with Article 36, which address quality, interoperability, security, safety, ease of use, accessibility, non-discrimination or fundamental right concerns, and to the elaboration of the specifications of the EU database for registration of EHR systems and wellness applications referred to in Article 49;
- (i)where applicable, performing market surveillance activities in accordance with Article 43, while ensuring that any conflicts of interest are avoided;
- (j)building national capacity for implementing requirements concerning interoperability and security of electronic health data for primary use and participating in information exchanges and capacity building activities at Union level;
- (k)cooperating with market surveillance authorities, participating in the activities related to handling of risks posed by EHR systems and of serious incidents and supervising the implementation of corrective action in accordance with Article 44;
- (l)cooperating with other relevant entities and bodies at local, regional, national or Union level, to ensure interoperability, portability and security of electronic health data;
- (m)cooperating with supervisory authorities in accordance with Regulations (EU) No 910/2014 and (EU) 2016/679 and Directive (EU) 2022/2555 of the European Parliament and of the Council and with other relevant authorities, including those competent for cybersecurity and electronic identification.
- 3.Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers.
- 4.In the performance of its tasks, each digital health authority shall avoid any conflicts of interest. Each member of staff of the digital health authority shall act in the public interest and in an independent manner.
- 5.In the performance of their tasks, the relevant digital health authorities shall actively cooperate and consult with relevant stakeholders’ representatives, including patients’ representatives, healthcare providers and health professionals’ representatives, including health professional associations, as well as consumer organisations and industry associations.
Relevant Recitals for this Article
Member States should designate relevant digital health authorities for the planning and implementation of standards for access to and transmission of electronic health data and the enforcement of the rights of natural persons and health professionals, as separate organisations or as part of already existing authorities. The digital health authority staff should not have any financial or other interests in industries or economic activities which could affect their impartiality. Digital health authorities already exist in most of the Member States and they deal with EHRs, interoperability, security or standardisation. When carrying out their tasks, digital health authorities should cooperate in particular with the supervisory authorities established pursuant to Regulation (EU) 2016/679 and supervisory bodies established pursuant to Regulation (EU) No 910/2014. Digital health authorities can also cooperate with the European Artificial Intelligence Board established by Regulation (EU) 2024/1689 of the European Parliament and of the Council , the Medical Device Coordination Group established by Regulation (EU) 2017/745 of the European Parliament and of the Council , the European Data Innovation Board established pursuant to Regulation (EU) 2022/868 of the European Parliament and of the Council and the competent authorities under Regulation (EU) 2023/2854 of the European Parliament and of the Council . Member States should facilitate the participation of national actors in the cooperation at Union level, the conveying of expertise and the provision of advice on the design of solutions necessary to achieve the goals of the EHDS.
Digital health authorities should have sufficient technical skills, possibly by bringing together experts from different organisations. The activities of digital health authorities should be well-planned and monitored in order to ensure their efficiency. Digital health authorities should take the necessary measures to protect the rights of natural persons by setting up national, regional, and local technical solutions such as national EHR intermediation solutions and patient portals. When taking such necessary protective measures, digital health authorities should apply common standards and specifications in such solutions, promote the application of the standards and specifications in procurement procedures and use other innovative means including reimbursement of solutions that are compliant with interoperability and security requirements of the EHDS. Member States should ensure that appropriate training initiatives are taken. In particular, health professionals should be informed and trained with regard to their rights and obligations under this Regulation. To carry out their tasks, the digital health authorities should cooperate at Union and national level with other entities, including with insurance bodies, healthcare providers, health professionals, manufacturers of EHR systems and of wellness applications, as well as other stakeholders from the health or information technology sector, entities handling reimbursement schemes, health technology assessment bodies, medicinal products regulatory authorities and agencies, medical devices authorities, procurers and cybersecurity or e-ID authorities.