Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 61. Duties of health data users
- 1.Health data users may access and process the electronic health data referred to in Article 51 for secondary use only in accordance with a data permit issued pursuant to Article 68, a health data request approved pursuant to Article 69 or, in situations referred to in Article 67(3), an access approval from the relevant authorised participant in HealthData@EU referred to in Article 75.
- 2.When processing electronic health data within the secure processing environments referred to in Article 73, health data users shall not provide access to the electronic health data, or make those data available, to third parties not mentioned in the data permit.
- 3.Health data users shall not re-identify or attempt to re-identify the natural persons to whom the electronic health data obtained by the health data users on the basis of a data permit, a health data request or an access approval by an authorised participant in HealthData@EU relate.
- 4.Health data users shall make public the results or output of secondary use, including information relevant for the provision of healthcare, within 18 months of the completion of the processing of the electronic health data in the secure processing environment or of having received the response to the health data request referred to in Article 69. In justified cases related to the permitted purposes of the processing of electronic health data, the period referred to in the first subparagraph may be extended by the health data access body, in particular in cases where the result is published in a scientific journal or other scientific publication. The results or output of secondary use shall contain only anonymous data. Health data users shall inform the health data access bodies from which a data permit was obtained about the results or output of secondary use and assist them to make that information public on health data access bodies’ websites. Such publication shall be without prejudice to publication rights in scientific journals or other scientific publications. When health data users use electronic health data in accordance with this Chapter, they shall acknowledge the sources of the electronic health data and the fact that the electronic health data have been obtained in the framework of the EHDS.
- 5.Without prejudice to paragraph 2, health data users shall inform the health data access body of any significant finding related to the health of the natural person whose data are included in the dataset.
- 6.Health data users shall cooperate with health data access bodies in those bodies’ performance of their tasks.
Relevant Recitals for this Article
Without hindering or replacing contractual arrangements or other mechanisms in place, this Regulation is aimed at establishing a common mechanism to access electronic health data for secondary use across the Union. Under that mechanism, health data holders should make the data they hold available on the basis of a data permit or a health data request. For the purpose of processing electronic health data for secondary use, one of the legal bases referred to in Article 6(1), points (a), (c), (e) or (f), of Regulation (EU) 2016/679 in conjunction with Article 9(2) thereof is required. Accordingly, this Regulation provides for a legal basis for the secondary use of personal electronic health data, including the safeguards required under Article 9(2), points (g) to (j), of Regulation (EU) 2016/679 to allow the processing of special categories of data, in terms of lawful purposes, trusted governance for providing access to health data through the involvement of health data access bodies, and processing in a secure processing environment, as well as arrangements for data processing, set out in the data permit. Consequently, Member States should no longer be able to maintain or introduce under Article 9(4) of Regulation (EU) 2016/679 further conditions, including limitations and specific provisions requesting the consent of natural persons, with regard to the processing for secondary use of personal electronic health data under this Regulation, with the exception of the introduction of stricter measures and additional safeguards at national level aimed at safeguarding the sensitivity and value of certain data as laid down in this Regulation. Health data applicants should also demonstrate a legal basis referred to in Article 6 of Regulation (EU) 2016/679 that allows them to request access to electronic health data pursuant to this Regulation and should fulfil the conditions set out in Chapter IV thereof. In addition, the health data access body should assess the information provided by the health data applicant, based on which it should be able to issue a data permit for the processing of personal electronic health data pursuant to this Regulation that should fulfil the requirements and conditions set out in Chapter IV of this Regulation. For processing of electronic health data held by the health data holders, this Regulation creates the legal obligation within the meaning of Article 6(1), point (c), of Regulation (EU) 2016/679, in accordance with Article 9(2), points (i) and (j), of that Regulation, for the health data holder to make available the personal electronic health data to health data access bodies, while the legal basis for the purpose of the initial processing, for example the delivery of healthcare, is unaffected. This Regulation also assigns tasks in the public interest within the meaning of Article 6(1), point (e), of Regulation (EU) 2016/679 to the health data access bodies, and meets the requirements of Article 9(2), points (g) to (j), as applicable, of that Regulation. If the health data user relies upon a legal basis set out in Article 6(1), point (e) or (f), of Regulation (EU) 2016/679, this Regulation should provide for the safeguards required under Article 9(2) of Regulation (EU) 2016/679.
Health data users who benefit from access to datasets provided for under this Regulation could enrich the data in those datasets with various corrections, annotations and other improvements, for instance by supplementing missing or incomplete data, thus improving the accuracy, completeness or quality of the data in the datasets. Health data users should be encouraged to report critical errors in datasets to health data access bodies. To support the improvement of the initial database and further use of the enriched dataset, Member States should be able to establish rules for the processing and the use of electronic health data containing improvements related to the processing of those data. The improved dataset should be made available free of charge to the original health data holder together with a description of the improvements. The health data holder should make the new dataset available, unless it provides a justified notification to the health data access body for not doing so, for instance in cases in which the enrichment by the health data user is of low quality. It should be ensured that non-personal electronic health data are available for secondary use. In particular, pathogen genomic data hold significant value for human health, as shown during the COVID-19 pandemic during which timely access to and sharing of such data proved to be essential for the rapid development of detection tools, medical countermeasures and responses to public health threats. The greatest benefit from pathogen genomics efforts will be achieved when public health and research processes share datasets and cooperate to inform and improve each other.