Data Strategy — EU regulation

The Council presidency and European Parliament negotiators struck a provisional agreement on the European Health Data Space (EHDS) on 15 March 2024, aligning rules for cross-border patient access, data altruism, and secondary use permits. This provisional agreement represents a landmark development in EU health data governance, establishing a full framework for both primary use (patient care) and secondary use (research, policy, innovation) of electronic health data across Member States. Healthcare organizations, technology vendors, and research institutions should prepare for significant changes in how health data is accessed, shared, and governed throughout the European Union.

EHDS Vision and Objectives

The European Health Data Space aims to address longstanding fragmentation in health data access and interoperability that has limited citizens' ability to access their health records across borders and impeded health research and innovation. Primary use provisions ensure citizens can access their electronic health data in standardized formats and share it with healthcare providers regardless of location within the EU.

Secondary use provisions create governance frameworks enabling researchers, policy makers, and innovators to access health data for approved purposes while protecting patient privacy and rights. The EHDS complements other EU data governance initiatives including the Data Governance Act, Data Act, and AI Act, creating an integrated framework for health data specifically.

Primary Use Framework

The EHDS establishes rights for citizens to access their electronic health data and share it with healthcare providers across Member State borders. National contact points will enable cross-border health data exchange using standardized formats and semantic interoperability frameworks. Healthcare providers must support data portability enabling patients to obtain their records and transfer them to alternative providers. Electronic health record systems must implement common technical specifications ensuring interoperability across the EU. Priority data categories include patient summaries, electronic prescriptions, laboratory results, medical images, and hospital discharge reports.

Secondary Use Governance

Map datasets eligible for health data access bodies, including quality metrics, pseudonymization requirements, and data permit workflows that secondary use applicants must follow. Health data access bodies will be established in each Member State to receive and evaluate secondary use applications, determine appropriate data access conditions, and oversee compliance with data permits.

Secondary use purposes include scientific research, health statistics, public health monitoring, policy development, and regulatory activities. Data permit applicants must show legitimate purposes, appropriate technical and organizational measures, and compliance with ethical requirements. Certain secondary uses including insurance risk assessment and advertising are explicitly prohibited.

Data Holder Obligations

Identify electronic health record systems and registries that must support common technical specifications and access through national EHDS contact points. Data holders encompass healthcare providers, health insurers, research institutions, and other organizations maintaining electronic health data covered by the regulation.

Obligations include implementing technical interoperability standards, supporting data portability requests, making data available for approved secondary uses, and maintaining data quality indicators. Data quality requirements address accuracy, completeness, timeliness, and documentation enabling meaningful secondary use. Data holders must also implement security measures protecting health data throughout its lifecycle.

Cross-Border Services Readiness

Assess readiness to provide patient access to electronic health data in a standardized format across the EU and to participate in cross-border secondary use data sharing. Cross-border primary use requires connection to the MyHealth@EU infrastructure enabling health data exchange between Member States. Cross-border secondary use may involve data requests from access bodies in other Member States, requiring coordination on applicable rules and data transfer mechanisms. Organizations operating across multiple Member States should evaluate their readiness for both domestic and cross-border EHDS participation.

Technical and Standards Alignment

Track forthcoming implementing acts on EHR interoperability, semantic standards, and data quality indicators that will specify detailed technical requirements. The EHDS builds upon existing European standards work including the European Interoperability Framework and emerging HL7 FHIR setups. Semantic interoperability requires standardized terminologies including SNOMED CT, ICD, and LOINC for consistent data interpretation across systems and jurisdictions. If you are affected, assess their current standards adoption and plan upgrades to meet EHDS technical specifications.

Implementation Planning

Prepare to engage with health data access bodies, ensuring governance charters, ethics reviews, and application pipelines meet EHDS standards. Run maturity assessments covering EHR interoperability, consent capture, and audit trails against EHDS requirements. Coordinate with hospitals, insurers, and digital health vendors to align on consent, logging, and breach notification obligations. Update regulatory roadmaps to incorporate EHDS adoption alongside national health IT initiatives and other EU data governance requirements.