EHDS
Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS
EHDS Article 57. Tasks of health data access bodies
- 1.Health data access bodies shall carry out the following tasks:
- (a)deciding on health data access applications pursuant to Article 67 of this Regulation, authorising and issuing data permits pursuant to Article 68 of this Regulation to access electronic health data falling within their remit for secondary use and deciding on health data requests submitted pursuant to Article 69 of this Regulation in accordance with this Chapter and Chapter II of Regulation (EU) 2022/868, including with regard to:
(i)
providing access to electronic health data to health data users pursuant to a data permit in a secure processing environment in accordance with Article 73;(ii)
monitoring and supervising compliance by health data users and health data holders with the requirements laid down in this Regulation;(iii)
requesting electronic health data referred to in Article 51 from relevant health data holders pursuant to a data permit issued or a health data request approved;
- (b)processing electronic health data referred to in Article 51 such as by receiving, combining, preparing and compiling such data when requested from health data holders and the pseudonymisation or anonymisation of those data;
- (c)taking all measures necessary to preserve the confidentiality of intellectual property rights, for regulatory data protection and to preserve the confidentiality of trade secrets as provided for in Article 52, taking into account the relevant rights of both the health data holder and health data user;
- (d)cooperating with and supervising health data holders to ensure the consistent and accurate implementation of the provisions on data quality and utility label in Article 78;
- (e)maintaining a management system to record and process health data access applications, health data requests, decisions on those applications and requests and the data permits issued and health data requests handled, providing at least information on the name of the health data applicant, the purpose of access, the date of issuance, the duration of the data permit and a description of the health data access application or the health data request;
- (f)maintaining a public information system to comply with the obligations laid down in Article 58;
- (g)cooperating at Union and national level to lay down common standards, technical requirements and appropriate measures for accessing electronic health data in a secure processing environment;
- (h)cooperating at Union and national level and providing advice to the Commission on techniques and best practices for secondary use and the management of electronic health data;
- (i)facilitating cross-border access to electronic health data for secondary use hosted in other Member States through HealthData@EU referred to in Article 75 and cooperating closely with each other and with the Commission;
- (j)making public, through electronic means:
(ii)
any health data access application and health data request without undue delay after initial reception;(iii)
all data permits issued or health data requests approved as well as refusal decisions, including their justification, within 30 working days of the issuance, approval or refusal;(iv)
measures related to non-compliance pursuant to Article 63;(v)
results communicated by health data users pursuant to Article 61(4);(vi)
an information system to comply with the obligations laid down in Article 58;(vii)
information, at a minimum on an easily accessible website or web portal, on the connection to HealthData@EU of national contact points for secondary use of a third country, or of a system established at international level by an international organisation, as soon as the third country or the international organisation becomes an authorised participant in HealthData@EU;
- (k)fulfilling obligations towards natural persons pursuant to Article 58;
- (l)fulfilling any other tasks related to making possible the secondary use of electronic health data in the context of this Regulation.
The national dataset catalogue referred to in point (j)(i) of this paragraph shall also be made available to single information points under Article 8 of Regulation (EU) 2022/868.
- 2.In the exercise of their tasks, health data access bodies shall:
- (a)cooperate with supervisory authorities under Regulation (EU) 2016/679 in relation to personal electronic health data and the EHDS Board;
- (b)cooperate with all relevant stakeholders, including patient organisations, representatives of natural persons, health professionals, researchers, and ethics committees, where applicable in accordance with Union or national law;
- (c)cooperate with other national competent bodies, including the national competent authorities supervising data altruism organisations under Regulation (EU) 2022/868, the competent authorities under Regulation (EU) 2023/2854 and the national competent authorities under Regulations (EU) 2017/745, (EU) 2017/746 and (EU) 2024/1689, where relevant.
- 3.Health data access bodies may provide assistance to public sector bodies where those public sector bodies access electronic health data in accordance with Article 14 of Regulation (EU) 2023/2854.
- 4.Health data access bodies may provide support to a public sector body where it obtains data in the circumstances referred to in Article 15, point (a) or (b), of Regulation (EU) 2023/2854, in accordance with the rules laid down in that Regulation, by providing technical support to process those data or combining them with other data for joint analysis.