The legislative act of the European Parliament and the Council "REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL on the European Health Data Space and amending Directive
2011/24/EU and Regulation (EU) 2024/2847" establishes the European Health Data Space (EHDS) to improve individuals' access to and control over their electronic health data while enabling secondary use for research, innovation, and policymaking. It builds on existing EU regulations like the General Data Protection Regulation (GDPR) and the Data Governance Act, ensuring secure and interoperable data sharing across Member States. The EHDS introduces mechanisms for cross-border health data exchange, a framework for electronic health records (EHR) interoperability, and guidelines for data processing by public and private entities. It mandates digital health authorities in each Member State to oversee implementation and enforcement. Additionally, it includes provisions for secondary use of health data with safeguards, allowing researchers and policymakers to use pseudonymized or anonymized health information while providing citizens the right to opt-out. Finally, the regulation also sets standards for certifying EHR systems and ensuring compliance with security and data protection laws. |
The whereas section and recitals of the European Health Data Space (EHDS) Regulation provide the legal and policy justifications for the framework, highlighting its objectives, guiding principles, and alignment with existing EU regulations. The recitals emphasize the importance of improving access to and control over electronic health data, ensuring secure cross-border exchange, and enabling secondary use of health data for research, policy-making, and innovation while safeguarding individuals' rights. The EHDS builds on the General Data Protection Regulation (GDPR) and the Data Governance Act, reinforcing data protection and security. The recitals also stress the need for interoperability, requiring harmonized technical standards for electronic health record (EHR) systems. Additionally, the regulation supports the MyHealth@EU and HealthData@EU infrastructures, ensuring cross-border exchange and governance coordination across Member States. Finally, it establishes clear roles and responsibilities for digital health authorities and health data access bodies, setting out principles for data minimization, transparency, and opt-out mechanisms to maintain a balance between public interest and individual rights.
|
General provisions |
Chapter I establishes the general provisions of the EHDS Regulation, outlining its scope, objectives, and key definitions. It aims to create a harmonized framework for secure access, use, and exchange of electronic health data across EU Member States. The regulation distinguishes between primary use (for healthcare purposes) and secondary use (for research, policy-making, innovation, and public health) of electronic health data. It defines key terms such as personal and non-personal health data, electronic health records (EHRs), health data access services, and interoperability standards. The chapter also emphasizes the need to align with existing EU laws, including the General Data Protection Regulation (GDPR) and the Data Governance Act, ensuring data protection, security, and interoperability. Additionally, it sets the legal basis for Member States' responsibilities in implementing and enforcing the EHDS framework. |
Primary use |
Chapter II establishes individual rights and governance mechanisms for the primary use of electronic health data. It grants individuals the right to access, control, and share their personal health data across Member States through national and cross-border digital health services. The MyHealth@EU platform is introduced as a central infrastructure to facilitate interoperability and secure exchange of health records, electronic prescriptions, and other health data categories. Member States must designate digital health authorities responsible for overseeing implementation, ensuring compliance, and maintaining security and interoperability standards. The regulation also mandates that healthcare providers and EHR systems comply with the European electronic health record exchange format (EEHRxF) to enhance cross-border usability. Furthermore, the chapter ensures that health data processing remains free of charge for individuals and prohibits any direct or indirect fees for accessing or transferring personal health data. |
EHR systems and wellness applications |
Chapter III establishes the requirements and standards for Electronic Health Record (EHR) systems to ensure interoperability, security, and compliance across the EU. It mandates that EHR systems must include harmonized software components, including a European interoperability software component for data exchange and a European logging software component for access tracking. The regulation sets out technical specifications for EHRs, requiring them to support structured data input, maintain detailed logging of access events, and adhere to data protection and cybersecurity measures. Member States must ensure that EHR systems comply with the European electronic health record exchange format (EEHRxF), facilitating cross-border compatibility. Additionally, it establishes a self-assessment and certification process for EHR system providers to ensure compliance with EU standards. The chapter also outlines market surveillance mechanisms, giving authorities the power to monitor, assess, and enforce regulations concerning EHR systems.
|
Secondary use |
Chapter IV establishes the framework for the secondary use of electronic health data, outlining the conditions under which health data can be accessed and processed for purposes beyond direct healthcare, such as research, policy-making, and innovation. It requires Member States to designate Health Data Access Bodies (HDABs) to facilitate access to such data while ensuring security, privacy, and compliance with data protection laws. The chapter defines minimum categories of health data that must be made available for secondary use, including electronic health records, genetic data, and healthcare-related administrative data. Strict technical and legal safeguards are set to prevent re-identification and ensure that data processing remains in a secure environment. Researchers and organizations seeking access to health data must apply for data permits, and their requests are assessed based on transparency, necessity, and public interest. Additionally, the regulation introduces mechanisms for fees and funding, ensuring that data access bodies can recover operational costs while maintaining fair and non-discriminatory access to health data. |
Additional actions |
Chapter V outlines additional actions supporting the effective implementation of the EHDS framework. It mandates the European Commission to assist Member States in capacity building, particularly in digital health systems for both primary and secondary use. This includes the establishment of self-assessment indicators to evaluate progress. The regulation also requires Member States to develop training programs for health professionals, ensuring they understand their role in electronic health data management. Furthermore, public awareness campaigns on digital health literacy are promoted to educate citizens on their rights, the benefits, and potential risks of EHDS participation. The chapter also establishes technical and financial criteria for public procurement and EU funding, ensuring alignment with EHDS standards in publicly funded health projects |
European governance and coordination |
Chapter VI establishes the European governance and coordination framework for the EHDS, introducing the European Health Data Space Board (EHDS Board) to oversee cooperation among Member States and the European Commission. The board consists of representatives from each Member State, with a focus on both primary and secondary use of health data. It is responsible for facilitating coordination of digital health authorities, promoting interoperability, and ensuring compliance with technical standards. The chapter also introduces steering groups for MyHealth@EU and HealthData@EU to manage cross-border digital health infrastructures and operational decisions. Additionally, the European Commission is tasked with maintaining and developing key EHDS infrastructures, ensuring technical support, and setting guidelines for effective implementation. |
Delegation of powers and committee procedure |
Chapter VII establishes the delegation of powers and committee procedures for the implementation and amendment of the EHDS Regulation. It grants the European Commission the authority to adopt delegated acts for updating technical specifications, interoperability standards, and governance mechanisms. These delegated powers are subject to revocation by the European Parliament or the Council if necessary. Additionally, the chapter defines the procedure for adopting implementing acts, which require consultation with Member State experts before finalisation. The Commission is also responsible for monitoring and reporting on EHDS progress, including assessing the impact of interoperability measures, the secondary use framework, and data protection mechanisms. Evaluations will be conducted every few years, with reports submitted to the European Parliament and the Council, potentially leading to further regulatory refinements. |
Miscellaneous |
Chapter VIII focuses on penalties, compensation, and evaluation mechanisms related to the EHDS. It requires Member States to establish penalties for violations of the regulation, ensuring they are effective, proportionate, and dissuasive. Criteria for imposing penalties include the nature and gravity of the infringement, financial gains from violations, and previous infractions. The chapter also grants individuals the right to compensation if they suffer material or non-material damage due to non-compliance with EHDS provisions. Additionally, individuals can mandate non-profit organizations to lodge complaints on their behalf. Lastly, the European Commission is tasked with evaluating the regulation every eight years, assessing interoperability, data categories, secondary use mechanisms, and the certification framework for electronic health records (EHRs), with findings reported to the European Parliament and the Council. |
Deferred application, transitional and final provisions |
Chapter IX outlines the final provisions of the EHDS Regulation, detailing entry into force, implementation timelines, and amendments to existing EU laws. It specifies the applicability of different chapters at various timeframes after the regulation's adoption, ensuring a phased rollout. The European Commission is tasked with monitoring and evaluating the EHDS, submitting progress reports on its implementation to the European Parliament and the Council. Additionally, the regulation introduces amendments to Directive 2011/24/EU and Regulation (EU) 2024/2847 to align with the EHDS framework. Member States must ensure interoperability mechanisms, such as cross-border digital identity verification, are in place. The chapter concludes by affirming that the regulation is binding and directly applicable in all Member States, reinforcing its legal enforceability across the EU.
|
The Annexes of the European Health Data Space (EHDS) Regulation provide detailed technical specifications and implementation guidelines for ensuring interoperability, security, and compliance. Annex I defines the priority categories of electronic health data for primary use, including patient summaries, electronic prescriptions, medical imaging, laboratory test results, and hospital discharge reports. Annex II outlines the essential requirements for EHR systems, covering interoperability, security, and logging mechanisms. Annex III specifies the technical documentation requirements for EHR system manufacturers, detailing system architecture, compliance measures, and performance evaluation. Annex IV establishes the EU declaration of conformity, requiring manufacturers to demonstrate compliance with EHDS standards, list relevant technical specifications, and provide certification results. Together, these annexes ensure the secure and standardized implementation of the EHDS across all Member States. |