Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 50. Applicability to health data holders
- 1.The following categories of health data holders shall be exempt from the obligations on health data holders laid down in this Chapter:
- (a)natural persons, including individual researchers;
- (b)legal persons that qualify as microenterprises as defined in Article 2(3) of the Annex to Commission Recommendation 2003/361/EC.
- 2.Member States may provide in their national law that the obligations of health data holders laid down in this Chapter apply to the health data holders referred to in paragraph 1 which fall under their jurisdiction.
- 3.Member States may provide in their national law that the duties of certain categories of health data holders are to be fulfilled by health data intermediation entities. In that case, the data shall nevertheless be considered as being made available by several health data holders.
- 4.Member States shall notify to the Commission the national law referred to in paragraphs 2 and 3 by 26 March 2029. Any subsequent law or amendment affecting such law shall be notified to the Commission without delay.
Relevant Recitals for this Article
In the context of the EHDS, electronic health data already exist and are being collected by, among others, healthcare providers, professional associations, public institutions, regulators, researchers and insurers in the course of their activities. Those data should also be made available for secondary use, that is to say for processing of data for purposes other than those for which they were collected or produced, however, many of such data are not made available for processing for such purposes. This limits the ability of researchers, innovators, policy-makers, regulators and doctors to use those data for different purposes, including research, innovation, policymaking, regulatory purposes, patient safety or personalised medicine. In order to fully exploit the benefits of secondary use, all health data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use, provided that such effort is always made through effective and secured processes, with due respect for professional duties, such as confidentiality duties.
Public or private entities often receive public funding from national or Union funds to collect and process electronic health data for research, official or unofficial statistics, or other similar purposes, including in areas where the collection of such data is fragmented or difficult, such as in relation to rare diseases or cancer. Such data, collected and processed by health data holders with the support of Union or national public funding, should be made available to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policymaking, benefiting society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. The health data holders in the context of secondary use should therefore be entities that are healthcare providers or care providers or carry out research with regard to the healthcare or care sectors, or develop products or services intended for the healthcare or care sectors. Such entities can be public, not for profit or private. In line with this definition, nursing homes, day-care centres, entities providing services for people with disabilities, entities carrying out business and technological activities related to care such as orthopaedics and companies providing care services should be considered health data holders. Legal persons developing wellness applications should also be considered health data holders. Union institutions, bodies, offices or agencies that process those categories of health and healthcare data as well as mortality registries should also be considered health data holders.In order to avoid a disproportionate burden for natural persons and microenterprises, they should be, as a general rule, exempted from the obligations on health data holders. Member States should, however, be able to extend the obligations of health data holders to natural persons and microenterprises in their national law. To reduce the administrative burden, and in light of the effectiveness and efficiency principles, Member States should be able to require in their national law that health data intermediation entities carry out the duties of certain categories of health data holders. Such health data intermediation entities should be legal persons able to process, make available, register, provide, restrict access to, and exchange electronic health data for secondary use provided by health data holders. Such health data intermediation entities perform tasks that differ from those of data intermediation services under Regulation (EU) 2022/868.