Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 23. MyHealth@EU
- 1.The Commission shall establish a central interoperability platform for digital health (‘MyHealth@EU’) to provide services to support and facilitate the exchange of personal electronic health data between the national contact points for digital health of the Member States.
- 2.Each Member State shall designate one national contact point for digital health, as an organisational and technical gateway for the provision of services linked to the cross-border exchange of personal electronic health data in the context of primary use. Each national contact point for digital health shall be connected to all other national contact points for digital health in other Member States and to the central interoperability platform for digital health in the cross-border infrastructure MyHealth@EU. Where a national contact point for digital health is an entity consisting of multiple organisations responsible for implementing different services, the Member State concerned shall communicate to the Commission a description of the distribution of tasks between the organisations. Each Member State shall inform the Commission of the identity of its national contact point for digital health by 26 March 2027. The national contact point for digital health may be designated within the digital health authority referred to in Article 19. Member States shall inform the Commission of any subsequent modification of the identity of those national contact points for digital health. The Commission and the Member States shall make that information publicly available.
- 3.Each national contact point for digital health shall enable the exchange of the personal electronic health data referred to in Article 14(1) with national contact points for digital health in other Member States through MyHealth@EU. That exchange shall be based on the European electronic health record exchange format. Where Member States provide for additional categories of personal electronic health data under Article 14(1), third subparagraph, the national contact point for digital health shall enable the exchange of the additional categories of personal electronic health data referred to in Article 14(1), third subparagraph, insofar as the Member State concerned has provided for those additional categories of personal electronic health data to be accessed and exchanged in accordance with Article 14(1), third subparagraph.
- 4.By 26 March 2027, the Commission shall, by means of implementing acts, adopt the necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of personal electronic health data and the conditions for compliance checks necessary to join and remain connected to MyHealth@EU. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).
- 5.Member States shall ensure the connection of all healthcare providers to their national contact points for digital health. Member States shall ensure that connected healthcare providers are able to perform two-way exchanges of electronic health data with the national contact point for digital health.
- 6.Member States shall ensure that pharmacies operating on their territories, including online pharmacies, are able to dispense electronic prescriptions issued in other Member States, under the conditions laid down in Article 11 of Directive 2011/24/EU. Pharmacies shall access and accept electronic prescriptions transmitted to them from other Member States through MyHealth@EU, provided that the conditions laid down in Article 11 of Directive 2011/24/EU are fulfilled. Following the dispensation of medicinal products based on an electronic prescription from another Member State, the pharmacy concerned shall report through MyHealth@EU such dispensation to the national contact point for digital health of the Member State in which that prescription was issued.
- 7.The national contact points for digital health shall act as joint controllers of the personal electronic health data communicated through MyHealth@EU for the processing operations in which they are involved. The Commission shall act as processor.
- 8.The Commission shall, by means of implementing acts, lay down the rules regarding the requirements of cybersecurity, technical interoperability, semantic interoperability, operations and service management in relation to the processing by the processor referred to in paragraph 7 of this Article and its responsibilities towards the controllers, in accordance with Chapter IV of Regulation (EU) 2016/679. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 98(2).
- 9.The national contact points for digital health shall fulfil the conditions to join and to remain connected to MyHealth@EU as laid down in the implementing acts referred to in paragraph 4. The compliance of the national contact points for digital health with those conditions shall be verified by the Commission through compliance checks.
Relevant Recitals for this Article
Access to and transmission of electronic health data is relevant in cross-border healthcare situations, as it can support continuity of healthcare when natural persons travel to other Member States or change their place of residence. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions who cross the border frequently to get healthcare. In many border regions, some specialised healthcare services might be available closer across the border than in the same Member State. Infrastructure is needed for the transmission of personal electronic health data across borders, in situations where a natural person is using services of a healthcare provider established in another Member State. The gradual expansion of such infrastructure and its funding should be considered. A voluntary infrastructure for that purpose, MyHealth@EU, was established as part of the actions to achieve the objectives set up in Directive 2011/24/EU of the European Parliament and of the Council . Through MyHealth@EU, Member States started to provide natural persons with the possibility of sharing their personal electronic health data with healthcare providers when travelling abroad. Building on that experience, the participation of Member States in MyHealth@EU as established by this Regulation should be mandatory. Technical specifications for MyHealth@EU should enable the exchange of priority categories of electronic health data as well as additional categories supported by the European electronic health record exchange format. Those specifications should be defined by means of implementing acts and should be based on the cross-border specifications of the European electronic health record exchange format, complemented by further specifications on cybersecurity, technical and semantic interoperability, operations and service management. Member States should be required to join MyHealth@EU, comply with its technical specifications and connect healthcare providers, including pharmacies, to it, as this is necessary for enabling natural persons to exercise their rights under this Regulation to access and make use of their personal electronic health data regardless of the Member State where the natural persons are located.
MyHealth@EU provides a common infrastructure for the Member States to ensure connectivity and interoperability in an efficient and secure way to support cross-border healthcare, without affecting Member States’ responsibilities before and after the transmission of personal electronic health data through it. Member States are responsible for the organisation of their national contact points for digital health and for the processing of personal data for the purposes of the delivery of healthcare, before and after the transmission of those data through MyHealth@EU. The Commission should monitor through compliance checks the compliance of national contact points for digital health with the necessary requirements regarding the technical development of MyHealth@EU as well as with detailed rules concerning the security, confidentiality and protection of personal electronic health data. In the event of serious non-compliance by a national contact point for digital health, the Commission should be able to suspend the services affected by the non-compliance provided by that national contact point for digital health. The Commission should act as a processor on behalf of the Member States within MyHealth@EU and should provide central services for it. To ensure compliance with data protection rules and to provide a risk management framework for the transmission of personal electronic health data, the specific responsibilities of the Member States, as joint controllers, and the Commission’s obligations as processor on their behalf should be specified by means of implementing acts. Each Member State is solely responsible for data and services in that Member State. This Regulation provides the legal basis for the processing of personal electronic health data in MyHealth@EU as a task carried out in the public interest assigned by Union law referred to in Article 6(1), point (e), of Regulation (EU) 2016/679. That processing is necessary for the provision of healthcare in cross-border situations, as mentioned in Article 9(2), point (h), of that Regulation.