Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 53. Purposes for which electronic health data can be processed for secondary use
- 1.Health data access bodies shall only grant access to electronic health data referred to in Article 51 for secondary use to a health data user where the processing of the data by that health data user is necessary for one of the following purposes:
- (a)the public interest in the areas of public or occupational health, such as activities to protect against serious cross-border threats to health, public health surveillance or activities ensuring high levels of quality and safety of healthcare, including patient safety, and of medicinal products or medical devices;
- (b)policymaking and regulatory activities to support public sector bodies or Union institutions, bodies, offices or agencies, including regulatory authorities, in the health or care sector to carry out their tasks defined in their mandates;
- (c)statistics as defined in Article 3, point (1), of Regulation (EC) No 223/2009, such as national, multi-national and Union-level official statistics, related to health or care sectors;
- (d)education or teaching activities in health or care sectors at vocational or higher education level;
- (e)scientific research related to health or care sectors that contributes to public health or health technology assessments, or ensures high levels of quality and safety of healthcare, of medicinal products or of medical devices, with the aim of benefiting end-users, such as patients, health professionals and health administrators, including:
(i)
development and innovation activities for products or services;(ii)
training, testing and evaluation of algorithms, including in medical devices, in vitro diagnostic medical devices, AI systems and digital health applications;
- (f)improvement of the delivery of care, of the optimisation of treatment and of the provision of healthcare, based on the electronic health data of other natural persons.
- 2.Access to electronic health data for the purposes referred to in paragraph 1, points (a), (b) and (c), shall be reserved for public sector bodies and Union institutions, bodies, offices and agencies exercising the tasks conferred on them by Union or national law, including where processing of data for carrying out those tasks is done by a third party on behalf of those public sector bodies or of Union institutions, bodies, offices and agencies.
Relevant Recitals for this Article
Electronic health data used for secondary use can bring great societal benefits. The uptake of real-world data and real-world evidence, including patient-reported outcomes, for evidence-based regulatory and policy purposes as well as for research, health technology assessment and clinical objectives should be encouraged. Real-world data and real-world evidence have the potential to complement health data currently made available. To achieve that goal, it is important that datasets made available for secondary use pursuant to this Regulation be as complete as possible. This Regulation provides the necessary safeguards to mitigate certain risks involved in the achievement of those benefits. The secondary use of electronic health data is based on pseudonymised or anonymised data, in order to preclude the identification of the data subjects.
The secondary use of health data under the EHDS should enable public, private and not-for-profit entities, as well as individual researchers, to have access to health data for research, innovation, policymaking, educational activities, patient safety, regulatory activities or personalised medicine, in line with the purposes as set out in this Regulation. Access to data for secondary use should contribute to the general interest of society. In particular, the secondary use of health data for research and development purposes should contribute to benefiting society in the form of new medicines, medical devices, and healthcare products and services at affordable and fair prices for Union citizens, as well as to enhancing access to and the availability of such products and services in all Member States. Activities for which access in the context of this Regulation is lawful could include using the electronic health data for tasks carried out by public sector bodies, such as the exercise of public duty, including public health surveillance, planning and reporting duties, health policymaking, and ensuring patient safety, quality of care and the sustainability of healthcare systems. Public sector bodies and Union institutions, bodies, offices and agencies might need to have regular access to electronic health data for an extended period of time, including in order to fulfil their mandate, as is provided for in this Regulation. Public sector bodies could carry out such research activities by using third parties, including sub-contractors, as long as the public sector body remains at all times the supervisor of those activities. The provision of the data should also support activities related to scientific research. The notion of scientific research purposes should be interpreted in a broad manner, including technological development and demonstration, fundamental research, applied research and privately funded research. Activities related to scientific research include innovation activities such as training of AI algorithms that could be used in healthcare or the care of natural persons, as well as the evaluation and further development of existing algorithms and products for such purposes. It is necessary that the EHDS also contribute to fundamental research, and, although its benefits to end-users and patients might be less direct, such fundamental research is crucial for societal benefits in the longer term. In some cases, the information of some natural persons, such as genomic information of natural persons with a certain disease, could contribute to the diagnosis or treatment of other natural persons. There is a need for public sector bodies to go beyond the scope of ‘exceptional need’ of Chapter V of Regulation (EU) 2023/2854. However, health data access bodies should be allowed to provide support to public sector bodies when processing or linking data. This Regulation provides for a channel for public sector bodies to obtain access to information that they require for fulfilling the tasks assigned to them by law, but does not extend the mandate of such public sector bodies.
This Regulation does not create an empowerment for the secondary use of health data for the purpose of law enforcement. The prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties by the competent authorities should not be among the secondary use purposes covered under this Regulation. Therefore, courts and other entities of the justice system should not be considered health data users for the secondary use of health data under this Regulation. In addition, courts and other entities of the justice system should not be covered under the definition of health data holders and should not therefore be addressees of obligations on health data holders under this Regulation. Moreover, the powers of the competent authorities for the prevention, investigation, detection and prosecution of criminal offences established by law to obtain electronic health data are unaffected by this Regulation. Likewise, electronic health data held by courts for the purpose of judicial proceedings are outside the scope of this Regulation.