Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
(i)
(ii)
(iii)
(i)
(ii)
In health systems, personal electronic health data are usually gathered in electronic health records, which typically contain a natural person’s medical history, diagnoses and treatment, medications, allergies and vaccinations, as well as radiology images, laboratory results and other medical data, spread between different actors in the health system, such as general practitioners, hospitals, pharmacies or care services. In order to allow electronic health data to be accessed, shared and modified by natural persons or health professionals, some Member States have taken the necessary legal and technical measures and set up centralised infrastructures connecting EHR systems used by healthcare providers and natural persons. In addition, some Member States provide support to public and private healthcare providers to set up personal electronic health data spaces to enable interoperability between different healthcare providers. Several Member States also support or provide electronic health data access services for patients and health professionals, for instance through patient or health professional portals. Those Member States have also taken measures to ensure that EHR systems or wellness applications are able to transmit electronic health data to the central EHR system, for instance by providing a system of certification. However, not all Member States have put in place such systems, and those Member States that have implemented them have done so in a fragmented manner. In order to facilitate the free movement of personal electronic health data across the Union and avoid negative consequences for patients when receiving healthcare in a cross-border context, Union action is needed to improve natural persons’ access to their own personal electronic health data and to empower them to share those data. In this respect, appropriate action at Union and national level should be taken as a means of reducing fragmentation, heterogeneity and division, and to create a system that is user-friendly and intuitive in all Member States. Any digital transformation in the healthcare sector should aim to be inclusive and also benefit natural persons with limited ability to access and use digital services, including people with disabilities.
Regulation (EU) 2016/679 sets out specific provisions concerning the rights of natural persons in relation to the processing of their personal data. The EHDS builds upon those rights and complements some of them as applied to personal electronic health data. Those rights apply regardless of the Member State in which the personal electronic health data are processed, type of healthcare provider, sources of those data or Member State of affiliation of the natural person. The rights and rules related to the primary use of personal electronic health data under this Regulation concern all categories of those data, irrespective of how they have been collected or who has provided them, the legal ground for the processing under Regulation (EU) 2016/679 or the status of the controller as a public or private organisation. The additional rights of access and portability of personal electronic health data provided for in this Regulation should be without prejudice to the rights of access and portability as established under Regulation (EU) 2016/679. Natural persons continue to have those rights under the conditions set out in that Regulation.
Timely and full access by health professionals to the medical records of patients is fundamental for ensuring continuity of care, avoiding duplications and errors, and reducing costs. However, due to a lack of interoperability, in many cases health professionals cannot access the complete medical records of their patients and cannot make optimal medical decisions for their diagnosis and treatment, which adds considerable costs both for health systems and for natural persons and can lead to worse health outcomes for natural persons. Electronic health data made available in an interoperable format and which can be transmitted between healthcare providers can also reduce the administrative burden on health professionals of manually entering or copying health data between electronic systems. Therefore, health professionals should be provided with appropriate electronic means, such as electronic devices and health professional portals or other health professional access services, to use personal electronic health data for the exercise of their duties. As it is difficult to exhaustively determine in advance which data from the existing data in priority categories are medically relevant in a specific episode of care, health professionals should have a wide access to data. When accessing data relating to their patients, health professionals should comply with the applicable law, codes of conduct, deontological guidelines or other provisions governing ethical conduct with respect to sharing or accessing information, particularly in life-threatening or extreme situations. In accordance with Regulation (EU) 2016/679, in order to limit their access to what is relevant in a specific episode of care, healthcare providers should follow the data minimisation principle when accessing personal electronic health data, limiting the data accessed to data that are strictly necessary and justified for a given service. Providing health professional access services is a task assigned in the public interest by this Regulation and the performance of such task requires the processing of personal data as referred to in Article 6(1), point (e), of Regulation (EU) 2016/679. This Regulation provides for conditions and safeguards for the processing of electronic health data by the health professional access service in accordance with Article 9(2), point (h), of Regulation (EU) 2016/679, for instance detailed provisions regarding logging of access to personal electronic health data and that aim to provide transparency towards data subjects. However, this Regulation should be without prejudice to national law concerning the processing of health data for the delivery of healthcare, including national law establishing categories of health professionals that can process different categories of electronic health data.
In order to facilitate the exercise of the complementary access and portability rights established under this Regulation, Member States should establish one or more electronic health data access services. Those services could be provided at national, regional or local level, or by healthcare providers, in the form of an online patient portal, an application for mobile devices or by other means. They should be designed in an accessible way, in particular for persons with disabilities. Providing such a service to enable natural persons to have easy access to their personal electronic health data is a substantial public interest. The processing of personal electronic health data through those services is necessary for the performance of that task assigned by this Regulation in the sense of Article 6(1), point (e), and Article 9(2), point (g), of Regulation (EU) 2016/679. This Regulation lays down the necessary conditions and safeguards for the processing of electronic health data in electronic health data access services, such as electronic identification of natural persons accessing such services.
While EHR systems are widespread, the level of digitalisation of health data varies in Member States depending on data categories and on the coverage of healthcare providers that register health data in electronic format. In order to support the application of data subjects’ rights of access to and exchange of electronic health data, Union action is needed to avoid further fragmentation. In order to contribute to a high quality and continuity of healthcare, certain categories of health data should be registered in electronic format systematically and in accordance with specific data quality requirements. The European electronic health record exchange format should form the basis for specifications related to the registration and exchange of electronic health data.
In order to enable the seamless exchange of electronic health data and ensure respect for the rights of natural persons and health professionals, EHR systems marketed in the internal market should be able to store and transmit, in a secure way, high quality electronic health data. It is a key objective of the EHDS to ensure the secure and free movement of electronic health data across the Union. To that end, a mandatory conformity self-assessment scheme for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through the self-assessment, EHR systems will prove compliance with the requirements on interoperability, security and logging for communication of personal electronic health data established by the two mandatory EHR software components harmonised by this Regulation, namely the European interoperability software component for EHR systems and the European logging software component for EHR systems (the ‘harmonised software components of EHR systems’). The harmonised software components of EHR systems mainly concern data transformation, although they may imply the need for indirect requirements for data registration and data presentation in EHR systems. Technical specifications for the harmonised software components of EHR systems should be defined by means of implementing acts and should be based on the use of the European electronic health record exchange format. The harmonised software components of EHR systems should be designed to be reusable and to integrate seamlessly with other components within a larger software system. The security requirements of the harmonised software components of EHR systems should cover elements specific to EHR systems, as more general security properties should be supported by other mechanisms such as those under Regulation (EU) 2024/2847 of the European Parliament and of the Council . To support that process, European digital testing environments should be set up to provide automated means to test whether the functioning of the harmonised software components of an EHR system is compliant with the requirements laid down in this Regulation. To that end, implementing powers should be conferred on the Commission to determine the common specifications for those environments. The Commission should develop the necessary software for the testing environments and make it available as open source. Member States should be responsible for the operation of the digital testing environments, as they are closer to manufacturers and better placed to support them. Manufacturers should use those digital testing environments to test their products before placing them on the market while continuing to bear full responsibility for the compliance of their products. The results of the test should become part of the product’s technical documentation. Where the EHR system or any part of it complies with European standards or common specifications, the list of the relevant European standards and common specifications should also be indicated in the technical documentation. To support the comparability of EHR systems, the Commission should prepare a uniform template for the technical documentation accompanying such systems.
Manufacturers should affix in the accompanying documents of the EHR system, and where applicable on its packaging, a CE marking of conformity indicating that the EHR system is in conformity with this Regulation and, in respect of aspects not covered by this Regulation, with other applicable Union law which also requires the affixing of such marking. Member States should build upon existing mechanisms to ensure the correct application of the provisions on the CE marking of conformity under relevant Union law and should take appropriate action in the event of improper use of that marking.
Compliance with essential requirements on interoperability and security should be demonstrated by the manufacturers of EHR systems through the implementation of common specifications. To that end, implementing powers should be conferred on the Commission to determine such common specifications regarding datasets, coding systems, technical specifications, standards, specifications and profiles for data exchange, as well as requirements and principles related to patient safety and the security, confidentiality, integrity and protection of personal data, and specifications and requirements related to identification management and the use of electronic identification. Digital health authorities should contribute to the development of such common specifications. Where applicable, those common specifications should be based on existing harmonised standards for the harmonised software components of EHR systems and be compatible with sectoral law. Where common specifications have a particular importance in relation to personal data protection requirements concerning EHR systems, they should be subject to consultation with the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) before their adoption, pursuant to Article 42(2) of Regulation (EU) 2018/1725.
Users of wellness applications, including applications for mobile devices, should be informed about the capacity of such applications to be connected and to supply data to EHR systems or to national electronic health solutions in cases where data produced by wellness applications are useful for healthcare purposes. The capability of those applications to export data in an interoperable format is also relevant for data portability purposes. Where applicable, users should also be informed about the compliance of such wellness applications with interoperability and security requirements. However, given the large number of wellness applications and the limited relevance for healthcare purposes of the data produced by many of them, a certification scheme for these applications would not be proportionate. A mandatory labelling scheme for wellness applications for which interoperability with EHR systems is claimed should therefore be established as an appropriate mechanism for providing transparency for the users of wellness applications regarding compliance with requirements under this Regulation, thereby supporting users in their choice of appropriate wellness applications with high standards of interoperability and security. The Commission should set out by means of implementing acts the details regarding the format and content of such label.
Without hindering or replacing contractual arrangements or other mechanisms in place, this Regulation is aimed at establishing a common mechanism to access electronic health data for secondary use across the Union. Under that mechanism, health data holders should make the data they hold available on the basis of a data permit or a health data request. For the purpose of processing electronic health data for secondary use, one of the legal bases referred to in Article 6(1), points (a), (c), (e) or (f), of Regulation (EU) 2016/679 in conjunction with Article 9(2) thereof is required. Accordingly, this Regulation provides for a legal basis for the secondary use of personal electronic health data, including the safeguards required under Article 9(2), points (g) to (j), of Regulation (EU) 2016/679 to allow the processing of special categories of data, in terms of lawful purposes, trusted governance for providing access to health data through the involvement of health data access bodies, and processing in a secure processing environment, as well as arrangements for data processing, set out in the data permit. Consequently, Member States should no longer be able to maintain or introduce under Article 9(4) of Regulation (EU) 2016/679 further conditions, including limitations and specific provisions requesting the consent of natural persons, with regard to the processing for secondary use of personal electronic health data under this Regulation, with the exception of the introduction of stricter measures and additional safeguards at national level aimed at safeguarding the sensitivity and value of certain data as laid down in this Regulation. Health data applicants should also demonstrate a legal basis referred to in Article 6 of Regulation (EU) 2016/679 that allows them to request access to electronic health data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV thereof. In addition, the health data access body should assess the information provided by the health data applicant, based on which it should be able to issue a data permit for the processing of personal electronic health data pursuant to this Regulation that should fulfil the requirements and conditions set out in Chapter IV of this Regulation. For processing of electronic health data held by the health data holders, this Regulation creates the legal obligation within the meaning of Article 6(1), point (c), of Regulation (EU) 2016/679, in accordance with Article 9(2), points (i) and (j), of that Regulation, for the health data holder to make available the personal electronic health data to health data access bodies, while the legal basis for the purpose of the initial processing, for example the delivery of healthcare, is unaffected. This Regulation also assigns tasks in the public interest within the meaning of Article 6(1), point (e), of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2), points (g) to (j), as applicable, of that Regulation. If the health data user relies upon a legal basis set out in Article 6(1), point (e) or (f), of Regulation (EU) 2016/679, this Regulation should provide for the safeguards required under Article 9(2) of Regulation (EU) 2016/679.
Electronic health data used for secondary use can bring great societal benefits. The uptake of real-world data and real-world evidence, including patient-reported outcomes, for evidence-based regulatory and policy purposes as well as for research, health technology assessment and clinical objectives should be encouraged. Real-world data and real-world evidence have the potential to complement health data currently made available. To achieve that goal, it is important that datasets made available for secondary use pursuant to this Regulation be as complete as possible. This Regulation provides the necessary safeguards to mitigate certain risks involved in the achievement of those benefits. The secondary use of electronic health data is based on pseudonymised or anonymised data, in order to preclude the identification of the data subjects.
The health data access bodies should provide information about the available datasets and their characteristics so that health data users can be informed of elementary facts about the dataset and assess the possible relevance of those facts to those users. For this reason, each dataset should include, at least, information concerning the source and nature of the data and the conditions for making the data available. The health data holder should, at least every year, check that its dataset description in the national dataset catalogue is accurate and up to date. Therefore, an EU dataset catalogue should be established to: facilitate the discoverability of datasets available in the EHDS; help health data holders to publish their datasets; provide all stakeholders, including the general public, taking into account the specific needs of people with disabilities, with information about datasets placed on the EHDS, such as quality and utility labels and dataset information sheets; and provide health data users with up-to-date data quality and utility information about datasets.
Information on the quality and utility of datasets increases the value of outcomes from data-intensive research and innovation significantly while, at the same time, promoting evidence-based regulatory and policy decision-making. Improving the quality and utility of datasets through informed customer choice and harmonising related requirements at Union level, taking into account existing Union and international standards, guidelines and recommendations for data collection and data exchange, such as FAIR principles, also benefits health data holders, health professionals, natural persons and the Union economy overall. A data quality and utility label for datasets would inform health data users about the quality and utility characteristics of a dataset and enable them to choose the datasets that best fit their needs. The data quality and utility label should not prevent datasets from being made available through the EHDS, but provide a transparency mechanism between health data holders and health data users. For example, a dataset that does not fulfil any requirement of data quality and utility should be labelled with the class representing the poorest quality and utility, but should still be made available. Expectations set by frameworks created pursuant to Article 10 of Regulation (EU) 2024/1689 and the relevant technical documentation specified in Annex IV to that Regulation should be taken into account when developing the data quality and utility framework. Member States should raise awareness about the data quality and utility label through communication activities. The Commission could support those activities. The use of datasets could be prioritised by their users according to their usefulness and quality.