Genuine cross-border healthcare based on medical documentation accessible across the EU via interoperable electronic health data systems. Unlocking the potential of health data for science and developing new drugs and treatments. These are some of the benefits promised by the European Health Data Area.
European data strategy
In early 2020, the European Commission published the European Data Strategy, envisaging the creation of a single European data space. One of the pillars of the strategy is the creation of common European data spaces in nine strategic sectors of the economy, such as the green deal, energy, agriculture and finance. The first draft, of the European Health Data Space Regulation, was announced in May 2022.
When presenting the draft regulation, the Commission underlined the inherent potential of health data, which can be used for the benefit of patients, the health system, science and the development of new medical products and therapeutic programs, thanks to digitization of health data, the possibility of freely transferring health data within the European Union on a common platform, and the sharing and reuse of health data.
Objectives of the European Health Data Area
The regulation has three objectives:
- Empower individuals by increasing digital access to and control of their personal health data and facilitating the free flow of such data
- Define standards for electronic medical record systems to ensure their interoperability, security and use while respecting the rights of individuals with regard to their personal health data
- Create a consistent and effective framework for the secondary use of personal health data of individuals for research, innovation, policy-making, official statistics, patient safety and business purposes regulations.
By nature, personal health data mainly refers to the personal health data of natural persons, which constitute a special category of data. The draft regulation supports the implementation of the rights of natural persons established in the General Data Protection Regulation to protect electronic personal health data. Based on the provisions of the GDPR on personal health data, the draft regulation sets out the rules for the European health data area, where data can be freely transferred within the EU and used for specific purposes, while maintaining the required safety standards.
The draft regulation also takes into account many other European directives and regulations applicable to electronic personal health data and, in line with the purpose of the regulation, clarifies the provisions of the new data governance law and the draft law on the data.
An effort to maintain consistency with other EU laws in this area is also evident in the incorporation into the draft regulation of all definitions (as in the case of GDPR) or some definitions (e.g. Medical Devices Regulation, Directive 2011/24/EU on the application of patients’ rights in cross-border healthcare and the EU Digital Identity Framework Regulation) used in other regulations.
Purpose of the settlement
The project also includes thirty new definitions. For the purposes of this law, some of them specify the conceptual scope of previously used terms. Thus, for example, the definition of “electronic personal health data”, in addition to health and genetic data within the meaning of the GDPR, includes “data referring to the determinants of health, or data processed in connection with the provision health services, processed in electronic form. »
The draft regulation defines a “data holder” as “any natural or legal person, which is an entity or body in the health or care sector, or which carries out research in relation to these sectors, as well as institutions , bodies, offices and agencies of the Union”. agencies that have the right or obligation, … or, in the case of non-personal data, through the control of the technical design of a product and related services, the ability to make available, including recording, to provide, restrict access or exchange certain data.
It is already clear from these two definitions that the regulation is intended to be almost universal in its scope. It encompasses all electronic health data, whether obtained from data owners or other natural or legal persons (e.g. medical personnel), data processed in connection with the provision of health services or data obtained through the use of devices and equipment for the well-being of a natural person (data derived, for example, from medical devices measuring various processes occurring in the body of the person who uses them uses independently), as well as data in the form of conclusions, diagnoses or observations, including those obtained by automated means.
The collection of electronic health data, as defined, as well as the processing, sharing, etc., will require the involvement of a number of entities indicated in the definition of a data holder, who will be required to comply with the new regulations.
Main use of electronic health data
The draft regulation divides the use of electronic health data into primary and secondary. “Main use” is defined as “the processing of personal electronic health data for the provision of health services intended to assess, maintain or restore the state of health of the natural person to whom these data relate, including the prescription, dispensing and supply of drugs”. medical products and devices, as well as for the social security, administrative or reimbursement services concerned”.
With regard to the primary use of electronic health data, the draft regulation envisages strengthening the rights of natural persons to this data and the possibility of using them regardless of the Member State where they are located.
To this end, the draft regulation makes mandatory the participation of Member States in the [email protected] infrastructure (until now, this participation was voluntary and ten countries have collaborated within the framework [email protected]). Member States must include providers and pharmacies in [email protected] The platform is intended to ensure the exchange of electronic personal health data and thus facilitate the use of health services by natural persons in any Member State.
Secondary Use of Electronic Health Data
Types of data exhaustively listed in the draft regulation may be subject to secondary use of electronic health data. The Commission intends that these data categories be broad and flexible enough to meet the changing needs of data users over time.
The provision of this data by data holders must take place on the basis of a data access authorization, i.e. an administrative decision issued to a data user by an access authority. to health data or a data holder, authorizing the processing of the data specified in the authorization and for the purpose specified in the authorization, under the conditions set out in the regulations. The processing purposes authorized by the Regulation include those related to the public interest, scientific research, educational activities, the development of innovative products and services for public health and healthcare, or work on information systems. ‘artificial intelligence.
Widespread use of this data across the EU will be possible through the operation of the [email protected] online platform, to which Member State competent authorities and stakeholders, i.e. data holders and data users, will be connected.
In the following articles, we will discuss in more detail the system designed for the primary and secondary use of electronic health data, as well as the organizational solutions and guarantees envisaged.