Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
European Health Data Space Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
EHDS Article 8. Right to restrict access
- Natural persons shall have the right to restrict the access of health professionals and healthcare providers to all or parts of their personal electronic health data as referred to in Article 3. When exercising the right referred to in the first paragraph, natural persons shall be made aware that restricting access might impact the provision of healthcare to them. The fact that a natural person has restricted access under the first paragraph shall not be visible to healthcare providers. Member States shall establish the rules and specific safeguards regarding such restriction mechanisms.
Relevant Recitals for this Article
Regulation (EU) 2016/679 sets out specific provisions concerning the rights of natural persons in relation to the processing of their personal data. The EHDS builds upon those rights and complements some of them as applied to personal electronic health data. Those rights apply regardless of the Member State in which the personal electronic health data are processed, type of healthcare provider, sources of those data or Member State of affiliation of the natural person. The rights and rules related to the primary use of personal electronic health data under this Regulation concern all categories of those data, irrespective of how they have been collected or who has provided them, the legal ground for the processing under Regulation (EU) 2016/679 or the status of the controller as a public or private organisation. The additional rights of access and portability of personal electronic health data provided for in this Regulation should be without prejudice to the rights of access and portability as established under Regulation (EU) 2016/679. Natural persons continue to have those rights under the conditions set out in that Regulation.
Natural persons might not want to allow access to some parts of their personal electronic health data while enabling access to other parts. This could especially be relevant in cases of sensitive health issues such as those related to mental or sexual health, sensitive procedures such as abortions, or data on specific medication which could reveal other sensitive issues. Such selective sharing of personal electronic health data should therefore be supported and implemented through restrictions set by the natural person concerned in the same way within the territory of a given Member State and for cross-border data sharing. Those restrictions should allow for sufficient granularity to restrict parts of datasets, such as elements of the patient summaries. Before setting the restrictions, natural persons should be informed of the risks for patient safety associated with limiting access to health data. Given that the unavailability of the restricted personal electronic health data may impact the provision or quality of health services provided to the natural person, natural persons making use of such access restrictions should assume responsibility for the fact that the healthcare provider cannot take the data into account when providing health services. The restrictions on access to personal electronic health data could have life-threatening consequences and, therefore, access to those data should nevertheless be possible where necessary to protect vital interests in emergency situations. More specific legal provisions on the mechanisms of restrictions placed by natural persons on parts of their personal electronic health data could be provided for by Member States in their national law, in particular as regards medical liability in cases where restrictions have been placed by the natural person concerned.