Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Contact
About UsNewsRecitalsTrackersNewsletterTerms of UsePrivacy NoticeLinkedIn
EHDS
  • Data & Privacy

    • Data Act
    • Data Governance Act
    • EHDS
    • ePrivacy Directive
    • GDPR
  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive
  • Cybersecurity

    • Cyber Resilience Act
    • Cybersecurity Act
    • DORA
    • NIS2
  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
EHDS

EHDS Article 67. Health data access applications

  • 1.
    A natural or legal person may submit a health data access application for the purposes referred to in Article 53(1) to a health data access body.
  • 2.
    The health data access application shall include:
    • (a)
      the health data applicant’s identity, a description of that health data applicant’s professional functions and activities, including the identity of the natural persons who would have access to the electronic health data if a data permit were issued; the health data applicant shall notify the health data access body of any update of the list of natural persons;
    • (b)
      the purposes referred to in Article 53(1) for which access to data is applied for;
    • (c)
      a detailed explanation of the intended use of the electronic health data and expected benefit related to that use and how that benefit would contribute to the purposes referred to in Article 53(1);
    • (d)
      a description of the requested electronic health data, including their scope, time range, format, sources and, where possible, the geographical coverage where such data are requested from health data holders in several Member States or from authorised participants in HealthData@EU referred to in Article 75;
    • (e)
      a description explaining whether the electronic health data need to be made available in a pseudonymised or anonymised format; in the case of a pseudonymised format, a justification as to why the processing cannot be carried out using anonymised data;
    • (f)
      where the health data applicant intends to bring datasets already held by that health data applicant into the secure processing environment, a description of those datasets;
    • (g)
      a description of the safeguards, which are to be proportionate to the risks, planned to prevent any misuse of the electronic health data, as well as to protect the rights and interests of the health data holder and of the natural persons concerned, including to prevent any re-identification of natural persons in the dataset;
    • (h)
      a justified indication of the period during which the electronic health data are needed for processing in a secure processing environment;
    • (i)
      a description of the tools and computing resources needed for a secure processing environment;
    • (j)
      where applicable, information on any assessment of ethical aspects of the processing, required under national law, which may serve to replace the health data applicant’s own ethics assessment;
    • (k)
      where the health data applicant intends to make use of an exception under Article 71(4), the justification required by national law pursuant to that Article.
  • 3.
    When seeking access to electronic health data held by health data holders established in more than one Member State or from the relevant authorised participants in HealthData@EU referred to in Article 75, the health data applicant shall submit a single health data access application through the health data access body of the Member State where the main establishment of the health data applicant is located, through the health data access body of the Member State in which one of those health data holders is established or through the services provided by the Commission in HealthData@EU referred to in Article 75. The health data access application shall be automatically forwarded to the relevant authorised participants in HealthData@EU and to the health data access bodies of the Member States where the health data holders identified in the health data access application are established.
  • 4.
    When seeking access to the personal electronic health data in a pseudonymised format, the health data applicant shall provide, together with the health data access application, a description of how the processing would comply with applicable Union and national law on data protection and privacy, in particular with Regulation (EU) 2016/679 and, more specifically, with Article 6(1) thereof.
  • 5.
    Public sector bodies and Union institutions, bodies, offices and agencies shall provide the same information as required under paragraphs 2 and 4, except for paragraph 2, point (h), in which case they shall submit instead information concerning the period for which the electronic health data can be accessed, the frequency of that access or the frequency of the data updates.

Relevant Recitals for this Article

© 2025 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2025 StreamLex