Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
Member States ought to strive to adhere to ethical principles, such as the European ethical principles for digital health adopted by the eHealth Network on 26 January 2022 and the principle of health professional-patient confidentiality, in the application of this Regulation. Recognising the importance of ethical principles, the European ethical principles for digital health provide guidance to practitioners, researchers, innovators, policy-makers and regulators.
In order to ensure that all health data access bodies issue data permits in a similar way, it is necessary to establish a standard common process for the issuance of data permits, with similar requests in different Member States. The health data applicant should provide health data access bodies with several elements of information that would help the body evaluate the health data access application and decide if the health data applicant can receive a data permit, and coherence should be ensured between different health data access bodies. The information provided as part of the health data access application should comply with the requirements established under this Regulation in order to enable it to be thoroughly assessed, as a data permit should only be issued if all the necessary conditions set out in this Regulation are met. In addition, where relevant, that information should include a declaration by the health data applicant that the intended use of the health data requested does not pose a risk of stigmatisation, or of causing harm to the dignity, of natural persons or groups to which the dataset requested relates. An ethical assessment could be requested based on national law. In that case, it should be possible for existing ethics bodies to carry out such assessments for the health data access body. Existing ethics bodies of Member States should make their expertise available to the health data access body for that purpose. Alternatively, Member States should be able to provide for ethics bodies to be part of the health data access body. The health data access body, and where relevant health data holders, should assist health data users in the selection of the suitable datasets or data sources for the intended purpose of secondary use. Where the health data applicant needs data in an anonymised statistical format, it should submit a health data request, requiring the health data access body to provide the result directly. A refusal of a data permit by the health data access body should not preclude the health data applicant from submitting a new health data access application. In order to ensure a harmonised approach between health data access bodies and to limit the administrative burden for the health data applicants, the Commission should support the harmonisation of health data access applications, as well as health data requests, including by establishing the relevant templates. In justified cases, such as in the case of a complex and burdensome request, the health data access body should be allowed to extend the time period for health data holders to make the requested electronic health data available to it.