Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
Regulation (EU) 2016/679 sets out specific provisions concerning the rights of natural persons in relation to the processing of their personal data. The EHDS builds upon those rights and complements some of them as applied to personal electronic health data. Those rights apply regardless of the Member State in which the personal electronic health data are processed, type of healthcare provider, sources of those data or Member State of affiliation of the natural person. The rights and rules related to the primary use of personal electronic health data under this Regulation concern all categories of those data, irrespective of how they have been collected or who has provided them, the legal ground for the processing under Regulation (EU) 2016/679 or the status of the controller as a public or private organisation. The additional rights of access and portability of personal electronic health data provided for in this Regulation should be without prejudice to the rights of access and portability as established under Regulation (EU) 2016/679. Natural persons continue to have those rights under the conditions set out in that Regulation.
Under Regulation (EU) 2016/679, the right to data portability is limited to data processed based on consent or contract and provided by the data subject to a controller. Additionally, under that Regulation, natural persons have the right to have the personal data transmitted directly from one controller to another only where technically feasible. Regulation (EU) 2016/679, however, does not impose an obligation to make that direct transmission technically feasible. The right to data portability should be complemented under this Regulation, thereby empowering natural persons to provide access to, at least, priority categories of their personal electronic health data to the health professionals of their choice, to exchange such health data with such health professionals and to download such health data. In addition, natural persons should have the right to request a healthcare provider to transmit a part of their electronic health data to a clearly identified recipient in the social security or reimbursement services sector. Such a transfer should be one-way only.
The framework laid down by this Regulation should build on the right to data portability established in Regulation (EU) 2016/679 by ensuring that natural persons as data subjects can transmit their personal electronic health data, including inferred data, in the European electronic health record exchange format, irrespective of the legal basis for processing the electronic health data. Health professionals should refrain from hindering the application of the rights of natural persons, for example by refusing to take into account personal electronic health data originating from another Member State and which are provided through the interoperable and reliable European electronic health record exchange format.