Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 54. Prohibited secondary use
- Health data users shall only process electronic health data for secondary use on the basis of and in accordance with the purposes contained in a data permit issued pursuant to Article 68, health data requests approved pursuant to Article 69 or, in situations referred to in Article 67(3), an access approval from the relevant authorised participant in HealthData@EU referred to in Article 75. In particular, seeking access to and processing electronic health data obtained via a data permit issued pursuant to Article 68 or a health data request approved pursuant to Article 69 for the following uses shall be prohibited:
- (a)taking decisions detrimental to a natural person or a group of natural persons based on their electronic health data; in order to qualify as ‘decisions’ for the purposes of this point, they have to produce legal, social or economic effects or similarly significantly affect those natural persons;
- (b)taking decisions in relation to a natural person or a group of natural persons in relation to job offers, offering less favourable terms in the provision of goods or services, including exclusion of such persons or groups from the benefit of an insurance or credit contract, the modification of their contributions and insurance premiums or conditions of loans, or taking any other decisions in relation to a natural person or a group of natural persons which result in discriminating against them on the basis of the health data obtained;
- (c)carrying out advertising or marketing activities;
- (d)developing products or services that may harm individuals, public health or society at large, such as illicit drugs, alcoholic beverages, tobacco and nicotine products, weaponry or products or services which are designed or modified in such a way that they create addiction, contravene public order or cause a risk for human health;
- (e)carrying out activities in conflict with ethical provisions laid down in national law.
Relevant Recitals for this Article
Any attempt to use electronic health data for measures detrimental to natural persons, such as to increase insurance premiums, to engage in activities potentially detrimental to natural persons related to employment, pensions or banking, including mortgaging of properties, to advertise products or treatments, to automate individual decision-making, to re-identify natural persons or to develop harmful products should be prohibited. That prohibition should also apply to activities contrary to ethical provisions under national law, with the exception of ethical provisions relating to consent to the processing of personal data and ethical provisions relating to the right to opt out, since this Regulation takes precedence over national law in accordance with the general principle of the primacy of Union law. It should also be prohibited to provide access to, or otherwise make available, electronic health data to third parties not mentioned in the data permit. The identity of authorised persons, in particular the identity of the principal investigator, who will have the right pursuant to this Regulation to access electronic health data in the secure processing environment should be indicated in the data permit. The principal investigators are the main persons responsible for requesting access to the electronic health data and for processing the requested data within the secure processing environment on behalf of the health data user.