Main use of electronic health data


All EU citizens will have access to their electronic health record by 2030 through the EU’s central eHealth platform linking national contact points to the [email protected] effective national digital health infrastructure and authorities.

Types of electronic health data

The draft regulation on the European health data area divides electronic health data into personal and non-personal data.

Electronic personal health data includes:

  • Personal data about the physical and mental health of a natural person, including information about the use of health services, which provides a picture of the person’s health
  • Genetic data on the hereditary or acquired genetic characteristics of a natural person, revealing unique information on the physiology or the health of this person, resulting in particular from the analysis of a biological sample taken from the person
  • Data, including that extracted from wellness applications, about behavior, environmental impact, physical factors, social factors, medical care or education, i.e. factors determining the health
  • Data processed in connection with the provision of health services, such as images and image reports.

The above data must be processed in electronic form.

The data of the first two groups are personal data within the meaning of the General Data Protection Regulation and are subject to its provisions relating to the protection of the rights of natural persons in the context of data processing and to the provisions of the future regulation. The data of the other groups are related to health and their use must therefore be carried out in accordance with the draft regulation.

As defined in the draft regulation, non-personal electronic health data are health data and genetic data in electronic format that do not fall within the concept of personal data provided for in Art. 4(1) GDPR. These are therefore data, even sensitive ones, which do not identify or make it possible to identify a specific natural person to whom the data relate, but which are subject to the regime of the draft regulation.

The draft regulations distinguish a category of priority electronic personal health data because of its importance for the delivery of health care. It includes six types of data: patient summaries, e-prescriptions, e-dispensations, medical images and image reports, lab results, and discharge reports. More detailed characteristics of each category are specified in Annex 1 of the Regulation. Member States should prioritize the implementation of access by natural persons and authorized entities to these categories of electronic personal health data for primary use and to enable their use in other Member States.

Over time, the list of categories of such data will grow as the technical capacity to exchange them between Member States increases.

Access to electronic health data

The right of access to computerized personal health data is open to the natural persons to whom they relate. The proposed regulations require states to provide this access in an easy-to-read, consolidated, and accessible format. Individuals entitled to such access could complete their electronic health data, make corrections, grant or restrict access to their data to entities in the health sector and have the right to request the transfer of their data from health to a data recipient of their choice, including abroad. The effective respect of the rights of the data subjects depends on the state of progress of the implementation of the European format for the exchange of electronic medical records.

The draft regulation does not forget people excluded from digital technology for various reasons. These individuals could exercise their electronic health data rights through an agent. Each state is required to establish a power of attorney service, which will also be used, for example, by guardians of minors.

The draft regulation also provides for an access service for health professionals to the electronic health data of the people they treat, in particular access to priority data, regardless of the state of origin or the insurance status of the patient. On the other hand, healthcare professionals are required to update this data with information about the healthcare services provided to the patient, i.e. enter this information into electronic medical records.

Digital Health Authorities

The draft regulation obliges each member state to establish a digital health authority (if such an authority is not already in place in a given state). It is responsible for implementing the regulations relating to the access and exchange of electronic health data and for enforcing the rights of access to health data for individuals and medical personnel. National digital health authorities should take various measures to achieve the objectives set out in the regulation. The list of tasks of these bodies in the draft regulation may be supplemented by Commission delegated acts.

An interesting competence granted to the digital health authority is the power to investigate complaints lodged by natural or legal persons. The draft does not limit the object of these complaints, so it is reasonable to think that they could concern any issue related to the primary use of health data governed by the future regulation. The authority has the exclusive power to conduct a procedure on the matter raised in the complaint and to make a decision. The draft regulations do not provide for any appeal procedure against the authority’s decision. It is to be expected that specific provisions relating to the complaints procedure will be laid down by national regulations.

Cross-border digital infrastructure for primary use of electronic health data

One of the objectives of the new regulation is to establish uniform rights across the EU for natural persons to access health data, and the possibility of cross-border exchange of health data for primary use (we write more about this in “The European Health Data Space”). A condition for the achievement of this goal is the construction of a digital infrastructure with the participation of all EU countries, coordinated and managed at EU level. EU A “central platform for digital health”, created and financed by the Commission, “providing services to support and facilitate the exchange of electronic health data between national contact points for digital health”, must serve this objective. Each State has the duty to designate a point of contact (it can operate within the digital health authority) and, through this point of contact, to participate in the [email protected] Infrastructure.

A “National Digital Health Contact Point” is defined as “an organizational and technical gateway for the provision of cross-border digital health information services for the primary use of electronic health data, under the responsibility of Member States”. It is the responsibility of each Member State to connect all healthcare providers to the national digital health contact point, allowing them to exchange electronic health data in both directions with the national contact point. Likewise, national pharmacies, including online pharmacies, must have access via [email protected] to digital prescriptions transmitted from other Member States. They must report the filling of prescriptions to the State where the prescription was issued, also by [email protected]

The national digital health contact points have the status of joint controllers of the electronic health data transferred by [email protected] as part of the treatment in which they participate. The Commission acts as a processor. The details of the operation of the infrastructure, including the arrangements for ensuring the security and confidentiality of transmitted electronic health data, should be included in the Commission’s implementing acts.

The [email protected] the infrastructure can be used to provide additional services by Member States, such as telemedicine, but also to support public health. A contact point from a third country may be authorized to operate on [email protected] if it meets the requirements of the infrastructure and the [email protected] the infrastructure administration group makes a relevant decision. This will extend the primary use of electronic health data, including the exchange of such data, beyond the territory of the Member States. This could be crucial, for example in the event of a pandemic.


Comments are closed.