Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
In the context of the EHDS, electronic health data already exist and are being collected by, among others, healthcare providers, professional associations, public institutions, regulators, researchers and insurers in the course of their activities. Those data should also be made available for secondary use, that is to say for processing of data for purposes other than those for which they were collected or produced, however, many of such data are not made available for processing for such purposes. This limits the ability of researchers, innovators, policy-makers, regulators and doctors to use those data for different purposes, including research, innovation, policymaking, regulatory purposes, patient safety or personalised medicine. In order to fully exploit the benefits of secondary use, all health data holders should contribute to this effort in making different categories of electronic health data they are holding available for secondary use, provided that such effort is always made through effective and secured processes, with due respect for professional duties, such as confidentiality duties.
Public or private entities often receive public funding from national or Union funds to collect and process electronic health data for research, official or unofficial statistics, or other similar purposes, including in areas where the collection of such data is fragmented or difficult, such as in relation to rare diseases or cancer. Such data, collected and processed by health data holders with the support of Union or national public funding, should be made available to health data access bodies, in order to maximise the impact of the public investment and support research, innovation, patient safety or policymaking, benefiting society. In some Member States, private entities, including private healthcare providers and professional associations, play a pivotal role in the health sector. The health data held by such providers should also be made available for secondary use. The health data holders in the context of secondary use should therefore be entities that are healthcare providers or care providers or carry out research with regard to the healthcare or care sectors, or develop products or services intended for the healthcare or care sectors. Such entities can be public, not for profit or private. In line with this definition, nursing homes, day-care centres, entities providing services for people with disabilities, entities carrying out business and technological activities related to care such as orthopaedics and companies providing care services should be considered health data holders. Legal persons developing wellness applications should also be considered health data holders. Union institutions, bodies, offices or agencies that process those categories of health and healthcare data as well as mortality registries should also be considered health data holders.In order to avoid a disproportionate burden for natural persons and microenterprises, they should be, as a general rule, exempted from the obligations on health data holders. Member States should, however, be able to extend the obligations of health data holders to natural persons and microenterprises in their national law. To reduce the administrative burden, and in light of the effectiveness and efficiency principles, Member States should be able to require in their national law that health data intermediation entities carry out the duties of certain categories of health data holders. Such health data intermediation entities should be legal persons able to process, make available, register, provide, restrict access to, and exchange electronic health data for secondary use provided by health data holders. Such health data intermediation entities perform tasks that differ from those of data intermediation services under Regulation (EU) 2022/868.