Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Contact
About UsNewsRecitalsTrackersNewsletterTerms of UsePrivacy NoticeLinkedIn
EHDS
  • Data & Privacy

    • Data Act
    • Data Governance Act
    • EHDS
    • ePrivacy Directive
    • GDPR
  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive
  • Cybersecurity

    • Cyber Resilience Act
    • Cybersecurity Act
    • DORA
    • NIS2
  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
EHDS

EHDS Article 2. Definitions

  • 1.
    For the purposes of this Regulation, the following definitions apply:
    • (a)
      the definitions of ‘personal data’, ‘processing’, ‘pseudonymisation’, ‘controller’, ‘processor’, ‘third party’, ‘consent’, ‘genetic data’, ‘data concerning health’ and ‘international organisation’ laid down in Article 4, points (1), (2), (5), (7), (8), (10), (11), (13), (15) and (26), respectively, of Regulation (EU) 2016/679;
    • (b)
      the definitions of ‘healthcare’, ‘Member State of affiliation’, ‘Member State of treatment’, ‘health professional’, ‘healthcare provider’, ‘medicinal product’ and ‘prescription’ laid down in Article 3, points (a), (c), (d), (f), (g), (i) and (k), respectively, of Directive 2011/24/EU;
    • (c)
      the definitions of ‘data’, ‘access’, ‘data altruism’, ‘public sector body’ and ‘secure processing environment’ laid down in Article 2, points (1), (13), (16), (17) and (20), respectively, of Regulation (EU) 2022/868;
    • (d)
      the definitions of ‘making available on the market’, ‘placing on the market’, ‘market surveillance’, ‘market surveillance authority’, ‘non-compliance’, ‘manufacturer’, ‘importer’, ‘distributor’, ‘economic operator’, ‘corrective action’, ‘recall’ and ‘withdrawal’ laid down in Article 3, points (1), (2), (3), (4), (7), (8), (9), (10), (13), (16), (22) and (23), respectively, of Regulation (EU) 2019/1020;
    • (e)
      the definitions of ‘medical device’, ‘intended purpose’, ‘instructions for use’, ‘performance’, ‘health institution’ and ‘common specifications’ laid down in Article 2, points (1), (12), (14), (22), (36) and (71), respectively, of Regulation (EU) 2017/745;
    • (f)
      the definitions of ‘electronic identification’ and ‘electronic identification means’ laid down in Article 3, points (1) and (2), respectively, of Regulation (EU) No 910/2014;
    • (g)
      the definition of ‘contracting authorities’ laid down in Article 2(1), point (1), of Directive 2014/24/EU of the European Parliament and of the Council ;
    • (h)
      the definition of ‘public health’ laid down in Article 3, point (c), of Regulation (EC) No 1338/2008 of the European Parliament and of the Council .
  • 2.
    In addition, for the purposes of this Regulation the following definitions apply:
    • (a)
      ‘personal electronic health data’ means data concerning health and genetic data, processed in an electronic form;
    • (b)
      ‘non-personal electronic health data’ means electronic health data other than personal electronic health data, including both data that have been anonymised so that they no longer relate to an identified or identifiable natural person (the ‘data subject’) and data that have never related to a data subject;
    • (c)
      ‘electronic health data’ means personal or non-personal electronic health data;
    • (d)
      ‘primary use’ means the processing of electronic health data for the provision of healthcare, in order to assess, maintain or restore the state of health of the natural person to whom those data relate, including the prescription, dispensation and provision of medicinal products and medical devices, as well as for relevant social, administrative or reimbursement services;
    • (e)
      ‘secondary use’ means the processing of electronic health data for the purposes set out in Chapter IV of this Regulation, other than the initial purposes for which they were collected or produced;
    • (f)
      ‘interoperability’ means the ability of organisations, as well as of software applications or devices from the same manufacturer or different manufacturers, to interact through the processes they support, involving the exchange of information and knowledge, without changing the content of the data, between those organisations, software applications or devices;
    • (g)
      ‘registration of electronic health data’ means the recording of health data in an electronic format, through the manual entry of such data, through the collection of such data by a device, or through the conversion of non-electronic health data into an electronic format, to be processed in an EHR system or a wellness application;
    • (h)
      ‘electronic health data access service’ means an online service, such as a portal or an application for mobile devices, that enables natural persons not acting in a professional capacity to access their own electronic health data or the electronic health data of those natural persons whose electronic health data they are legally authorised to access;
    • (i)
      ‘health professional access service’ means a service, supported by an EHR system, that enables health professionals to access data of natural persons under their treatment;
    • (j)
      ‘electronic health record’ or ‘EHR’ means a collection of electronic health data related to a natural person and collected in the health system, processed for the purpose of the provision of healthcare;
    • (k)
      ‘electronic health record system’ or ‘EHR system’ means any system whereby the software, or a combination of the hardware and the software of that system, allows personal electronic health data that belong to the priority categories of personal electronic health data established under this Regulation to be stored, intermediated, exported, imported, converted, edited or viewed, and intended by the manufacturer to be used by healthcare providers when providing patient care or by patients when accessing their electronic health data;
    • (l)
      ‘putting into service’ means the first use, for its intended purpose, in the Union of an EHR system covered by this Regulation;
    • (m)
      ‘software component’ means a discrete part of software which provides a specific functionality or performs specific functions or procedures and which can operate independently or in conjunction with other components;
    • (n)
      ‘European interoperability software component for EHR systems’ means a software component of the EHR system which provides and receives personal electronic health data under a priority category for primary use established under this Regulation in the European electronic health record exchange format provided for in this Regulation and which is independent of the European logging software component for EHR systems;
    • (o)
      ‘European logging software component for EHR systems’ means a software component of the EHR system which provides logging information related to access by health professionals or other individuals to priority categories of personal electronic health data established under this Regulation, in the format defined in point 3.2. of Annex II thereto, and which is independent of the European interoperability software component for EHR systems;
    • (p)
      ‘CE marking of conformity’ means a marking by which the manufacturer indicates that the EHR system is in conformity with the applicable requirements set out in this Regulation and other applicable Union law providing for its affixing pursuant to Regulation (EC) No 765/2008 of the European Parliament and of the Council ;
    • (q)
      ‘risk’ means the combination of the probability of an occurrence of a hazard causing harm to health, safety or information security and the degree of severity of such harm;
    • (r)
      ‘serious incident’ means any malfunction or deterioration in the characteristics or performance of an EHR system made available on the market that directly or indirectly leads, might have led or might lead to any of the following:
      • (i)

        the death of a natural person or serious harm to a natural person’s health;
      • (ii)

        serious prejudice to a natural person’s rights;
      • (iii)

        serious disruption of the management and operation of critical infrastructure in the health sector;
    • (s)
      ‘care’ means a professional service the purpose of which is to address the specific needs of a natural person who, on account of impairment or other physical or mental conditions, requires assistance, including preventive and supportive measures, to carry out essential activities of daily living in order to support his or her personal autonomy;
    • (t)
      ‘health data holder’ means any natural or legal person, public authority, agency or other body in the healthcare or the care sectors, including reimbursement services where necessary, as well as any natural or legal person developing products or services intended for the health, healthcare or care sectors, developing or manufacturing wellness applications, performing research in relation to the healthcare or care sectors or acting as a mortality registry, as well as any Union institution, body, office or agency, that has either:
      • (i)

        the right or obligation, in accordance with applicable Union or national law and in its capacity as a controller or joint controller, to process personal electronic health data for the provision of healthcare or care or for the purposes of public health, reimbursement, research, innovation, policymaking, official statistics or patient safety or for regulatory purposes; or
      • (ii)

        the ability to make available non-personal electronic health data through the control of the technical design of a product and related services, including by registering, providing, restricting access to or exchanging such data;
    • (u)
      ‘health data user’ means a natural or legal person, including Union institutions, bodies, offices or agencies, which has been granted lawful access to electronic health data for secondary use pursuant to a data permit, a health data request approval or an access approval by an authorised participant in HealthData@EU;
    • (v)
      ‘data permit’ means an administrative decision issued to a health data user by a health data access body to process certain electronic health data specified in the data permit for specific secondary use purposes, based on conditions laid down in Chapter IV of this Regulation;
    • (w)
      ‘dataset’ means a structured collection of electronic health data;
    • (x)
      ‘dataset of high impact for secondary use’ means a dataset the re-use of which is associated with significant benefits due to its relevance for health research;
    • (y)
      ‘dataset catalogue’ means a collection of dataset descriptions, arranged in a systematic manner and including a user-oriented public part, in which information concerning individual dataset parameters is accessible by electronic means through an online portal;
    • (z)
      ‘data quality’ means the degree to which the elements of electronic health data are suitable for their intended primary use and secondary use;
    • (aa)
      ‘data quality and utility label’ means a graphic diagram, including a scale, describing the data quality and conditions of use of a dataset;
    • (ab)
      ‘wellness application’ means any software, or any combination of hardware and software, intended by the manufacturer to be used by a natural person, for the processing of electronic health data, specifically for providing information on the health of natural persons, or the delivery of care for purposes other than the provision of healthcare.

Relevant Recitals for this Article

Resources for this Article

© 2025 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2025 StreamLex