Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 2
CHAPTER II
PRIMARY USEArticles 3 — 24
CHAPTER III
EHR SYSTEMS AND WELLNESS APPLICATIONSArticles 25 — 49
CHAPTER IV
SECONDARY USEArticles 50 — 81
CHAPTER V
ADDITIONAL ACTIONSArticles 82 — 91
CHAPTER VI
EUROPEAN GOVERNANCE AND COORDINATIONArticles 92 — 96
CHAPTER VII
DELEGATION OF POWERS AND COMMITTEE PROCEDUREArticles 97 — 98
CHAPTER VIII
MISCELLANEOUSArticles 99 — 104
CHAPTER IX
DEFERRED APPLICATION, TRANSITIONAL AND FINAL PROVISIONSArticles 105 — 105
ANNEXES
In order to ensure that the EHDS fulfils its objectives, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of the modification, addition or removal in Annex I of the main characteristics of the priority categories of personal electronic health data, the list of required data to be entered by the manufacturers of EHR systems and wellness applications into the EU database for registration of EHR systems and wellness applications as well as the modification, addition or removal of elements to be covered by the data quality and utility label. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Inter-institutional Agreement of 13 April 2016 on Better Law-Making . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.
In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission as regards:
— technical specifications for the interoperability of the proxy services of the Member States,
— data quality requirements for the registration of personal electronic health data in an EHR system,
— cross-border specifications for priority categories of personal electronic health data,
— technical specifications for the categories of personal electronic health data, setting out the European electronic health record exchange format,
— updates of the European electronic health record exchange format to integrate relevant revisions of the healthcare coding systems and nomenclatures,
— technical specifications to extend the European electronic health record exchange format to additional categories of personal electronic health data,
— requirements for the interoperable, cross-border identification and authentication mechanism for natural persons and health professionals, in accordance with Regulation (EU) No 910/2014,
— requirements for the technical implementation of the rights of natural persons in relation to the primary use of their personal electronic health data,
— necessary measures for the technical development of MyHealth@EU, detailed rules concerning the security, confidentiality and protection of personal electronic health data and the conditions for compliance checks necessary to join and remain connected to MyHealth@EU,
— rules regarding the requirements of cybersecurity, technical interoperability, semantic interoperability, operations and service management in relation to the processing by the Commission and its responsibilities towards the controllers,
— technical aspects of supplementary services provided through MyHealth@EU,
— technical aspects of exchanges of personal electronic health data between MyHealth@EU and other services or infrastructures,
— connection and disconnection of other infrastructures, of national contact points for digital health of third countries or of systems established at international level by international organisations to or from the central interoperability platform of MyHealth@EU,
— common specifications in respect of the essential requirements laid down in Annex II,
— common specifications for the European digital testing environment,
— justifications of national measures taken by market surveillance authorities in the case of non-compliance by EHR systems,
— format and content of the label of wellness applications,
— principles for the fee policies and fee structures regarding the fees that health data access bodies and trusted health data holders can charge for making electronic health data available for secondary use,
— the architecture of an IT tool aimed at supporting and making transparent to health data access bodies enforcement measures,
— the logo for acknowledging the contribution of the EHDS,
— templates for the health data access application, the data permit and the health data request,
— technical, organisational, information security, confidentiality, data protection and interoperability requirements for the secure processing environments,
— templates for agreements between controllers and processors,
— decisions on the compliance of a national contact point for secondary use of a third country or a system established at international level by international organisations with the requirements of HealthData@EU for the purposes of secondary use of health data, on the compliance with Chapter IV and on whether that national contact point for secondary use or that system provides equivalent access for health data users located in the Union to the electronic health data it has access to,
— HealthData@EU’s requirements, technical specifications and IT architecture; conditions and compliance checks to join and remain connected to HealthData@EU; minimum criteria to be met by national contact points for secondary use and the authorised participants in HealthData@EU; responsibilities of the controllers and processors which participate in HealthData@EU; responsibilities of the controllers and processors for the secure processing environment managed by the Commission; and common specifications for the architecture of HealthData@EU and for its interoperability with other common European data spaces,
— decisions to connect individual authorised participants to HealthData@EU,
— minimum elements for datasets and the characteristics of those elements to be provided by health data holders,
— visual characteristics and technical specifications of the data quality and utility label,
— minimum specifications for datasets of high impact for secondary use,
— decisions on whether a third country allows Union health data applicants to access electronic health data in that third country under conditions that are not more restrictive than those provided for in this Regulation,
— necessary measures for the establishment and operation of the EHDS Board.
Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council .