EHDS Regulation : European Health Data Space

The EHDS regulation has the particularity of applying only to the health sector, however, the regulation interacts with and complements other more general European texts. Thus, the fundamental principles of the Data Governance Act (30 May 2022) and the Data Act (30 May 2022) and the Data Act (27 November 2023) are found in the EHDS, but are adapted to meet the specific requirements for the use of health data.

‍

Moreover, as the IA Act is a cross-cutting text, its implementation will have to comply with EHDS requirements. The European Data Strategy should enable the European Union to become a leading player in a data-driven society. The creation of a single market for data will allow the free flow of data within the EU and between sectors, in the interests of businesses, researchers and public administrations.

‍

Data-based innovation can bring major and concrete benefits, such as: personalized medicine, improved mobility, improved policy development, or even the modernization of public services. The regulation creates new rights and obligations based on two main pillars: the primary use of health data and the secondary use of health data.

‍

Primary use of health data: regulating and facilitating access to health data in Europe
‍

The objective of the regulation is clear: to ensure that individuals have better access to their health data. The Commission wants every European citizen to be able to access their health data free of charge and immediately, to receive a copy of them in a European format.

‍

However, for this objective to be achieved, electronic health records must be interoperable at European Union level, whereas to date, the formats used in the Union are incompatible. In addition, these electronic medical records must be accessible to the persons concerned, they must be able to insert or rectify data, while having the possibility of restricting access to certain professionals. Thus, regulations concerning the primary use of health data are essential.

‍

For the primary use of health data to be effective, the Commission insists on two fundamental principles: traceability and interoperability.

‍
1 — The new requirements for traceability and interoperability
‍

The regulation provides for the establishment of a self-certification system on the traceability and interoperability modules of electronic patient records. Health data traceability refers to the ability to record and trace the history of a person's health data throughout their life.

‍

This includes collecting, storing, sharing, sharing, accessing, and editing data. Traceability ensures that health data is managed transparently, securely and in accordance with current regulations, such as the GDPR. It plays a crucial role in protecting patient privacy, preventing abuse, and ensuring that data is used appropriately and responsibly.

‍

Second, interoperability makes it possible to facilitate the use of health data, this corresponds to the ability of information systems to easily connect and communicate with each other, even if they were developed by different manufacturers.

‍

The regulation requires professionals to ensure interoperability with the European data exchange format, and to obtain a CE mark. The aim is to offer healthcare professionals full access to their patients' medical records, regardless of which Member State they depend on.

‍

Fast and comprehensive access by healthcare professionals to patients' medical records is fundamental to ensure continuity of care, avoid duplication, errors, and reduce costs. The lack of interoperability of electronic health records leads to fragmentation and a decrease in the quality of cross-border care. The primary use of data must be carried out in accordance with the rights of the persons concerned.

‍

🔎 It should be emphasized that national law has solid foundations for the effective implementation of individual rights. Indeed, individuals have the possibility to access their personal health data in electronic format, to request information relating to access to this data, to add information to their electronic medical file, as well as to easily request the correction or portability of their personal data.

‍

Individuals also have the option of limiting access to all or part of their personal electronic health data for health professionals and care providers. In addition, they have the right to obtain information regarding access to this data. The EHDS regulation echoes the rules already enshrined in French law.

‍
2 — Establishment of a cross-border infrastructure to guarantee the interoperability and traceability of health data: challenges and implications

‍

In order to implement the requirements in terms of interoperability and traceability of health data, the regulation sets up a centralized cross-border infrastructure: MyHealth @EU, it will ensure the continuity of care. Such an infrastructure is essential for the transmission of personal electronic health data across borders, in particular when citizens use the services of a healthcare provider located in another Member State.

‍

Secure access and sharing of medical records across the borders of the Union simplifies the lives of citizens in cross-border situations, such as workers on the move or retirees residing in another country. Each year, more than two million cases are registered where citizens residing in one Member State seek care in another.

‍

The ability for citizens and healthcare providers to securely access and share electronic health records within and across borders brings several benefits. Indeed, it improves the quality of care for citizens, reduces health care costs for households, and it supports the modernization of health systems in the European Union. For example, the digital sharing of blood test results between clinical teams makes it possible to avoid the repetition of invasive and expensive tests. But will this infrastructure be detrimental to the individual freedoms of natural persons? ?

‍

Governance is established by the regulation in order to ensure compliance with the provisions relating to the primary use of health data. First of all, the Digital Health Authorities designated by the Member States contribute to the development of the European format for the exchange of electronic medical records, and develop common specifications in order to solve interoperability issues.

‍

They will also have to participate, at the national level, in the development of technical solutions to ensure the application of the specific rights granted to individuals by the EHDS regulation. Next, the national contact points, designated by the Member States, allow the exchange of personal electronic health data in European format. Finally, the Data Protection Supervisory Authorities ensure the protection of the rights of the person concerned.

Secondary use of health data: a desire to facilitate and develop the reuse of health data in Europe

‍

1 — The infrastructure dedicated to the reuse of health data and the classification of data concerned by secondary reuse

‍

The development of the reuse of health data in Europe, encouraged by the establishment of a common space, will improve scientific and medical research in Europe. In order to implement the requirements in terms of the reuse of health data, the regulation sets up a centralized cross-border infrastructure: HealthData @EU. This infrastructure will make it possible to create and deploy a network connecting the participating countries via their national control points (HDAB).

‍

HealthData @EU should accelerate the secondary use of electronic health data while increasing legal certainty, respecting the privacy of natural persons and being interoperable. Data subject to secondary reuse includes personal health data, which includes information about an individual's physical and mental health, as well as information about the provision of care. There are also priority categories of data, which include electronic health data such as patient medical records, electronic prescriptions and dispensations, and laboratory results and reports.

‍

Finally, non-personal health data is also very useful, including data that has been anonymized so that it can no longer be linked to an identified or identifiable natural person, as well as data that has never been associated with an individual. The reuse of health data is strictly regulated because it offers considerable potential, especially for research and development. It could thus contribute to the well-being of society by facilitating the creation of new medicines, medical devices, health care products and services at affordable and fair prices for EU citizens.

‍

However, it is forbidden to reuse health data for advertising or marketing purposes to health professionals. This prohibition presents a certain complexity, insofar as advertising plays an essential role, in particular in allowing the valorization of research results. In addition, it is forbidden to reuse health data to make decisions that are harmful to a natural person or to develop products or services that may harm individuals, or public health.

‍

2 — Key actors and governance framework in the reuse of health data

‍

Thus, the person who holds health data must make the data available to the user.

‍

The appreciation of the term “data holder” is broad, it includes health care or care providers, but also retirement homes, day care centers, entities providing services to people with disabilities, commercial and technological activities related to care such as orthopedics and companies providing care services such as orthopedics and companies providing care services such as orthopedics and companies providing care services, but also companies providing care services, legal entities that provide care services, legal persons that develop wellness applications, or even institutions, bodies, offices or agencies of the Union that deal with data Categories of health and health care and mortality registers.

‍

However, holders have the option of invoking trade secrets when their data can benefit from intellectual property rights protections, but they must inform the health data organization.

‍

When the user requests access in order to obtain a data set, compensation may be requested to include the costs associated with conducting the access request procedure, consolidating, preparing, anonymizing, anonymizing, anonymizing, anonymizing, pseudonymizing and providing electronic health data.

‍

It is evaluated by the data holder, who informs the Health Data Access Body (HDAB). The HDAB provides the user with information about the compensation that the user will have to pay even if the request is withdrawn. Compensation is carried out at two levels, one being collected by the HDAB and the other by the data holder.

‍

Governance is established by the regulation in order to ensure compliance with the provisions relating to the reuse of health data. Each Member State must designate a body responsible for access to data (Health Data Access Body). Several missions are entrusted to this organization.

‍

For example, it will have to manage requests for access to data as well as requests for permits for secondary use, monitor and supervise the compliance of data holders and users with the requirements of the EHDS, and punish violations. Finally, the supervisory authorities responsible for monitoring and enforcing the application of Regulation (EU) 2016/679 are responsible for monitoring and enforcing the right to oppose the processing of personal electronic health data for secondary use.

‍

3 — Focus on the French health data strategy

‍

On September 30, 2024, the Government unveiled its “Interministerial Strategy to build our health data heritage.” The proposed version is the result of this collaborative work and is currently being put out for public consultation. The results of this consultation will be announced on 3 December, along with the procedures for implementation and follow-up.

‍

The French health data strategy has a double objective: on the one hand, to jointly develop a common, coherent and ambitious trajectory for the development of databases and the secondary exploitation of health data, and on the other hand, to support stakeholders, in particular the holders and users of these data, in particular the holders and users of these data, in their preparation for the entry into force of the European regulation on health data.

‍

The strategy presented is based on four axes to achieve its goals. First of all, the Government aims to promote transparency and the trust of citizens by establishing clear and representative national governance, by refounding the Strategic Health Data Committee, and by simplifying the exercise of rights while improving information for citizens.

‍

Second, it aims to create reusable databases by enriching the data heritage and ensuring their availability from the design phase.

‍

In addition, in order to create conditions conducive to the sharing and reuse of health data, the strategy proposes to develop a balanced data sharing model and to set up a national directory of French databases.

‍

Finally, the Government wishes to facilitate and simplify the use of data by encouraging streamlined provision procedures, by reducing the use of the authorization procedures of the CNIL and CESREES, as well as by exploring the possibility of using synthetic data to simplify administrative procedures.

‍

In addition, the accessibility of data will be improved through the establishment of harmonized principles for their availability in warehouses, as well as by optimizing access to data from the SNDS main database.

After the creation of the European Health Data Space, are we moving towards the creation of a “European space dedicated to artificial intelligence in health”?

‍

A European call for projects aimed at promoting the development of AI solutions in medical devices (MDs) has been won by the Health Data Hub.

‍

This project, entitled Shaiped, aspires to maintain Europe's leading position in the field of artificial intelligence in health, in the face of increasing international competition. Launched in 2025, Shaiped will rely on 3 use cases to demonstrate the potential of AI in order to improve patient care and strengthen the efficiency of European health systems.

‍

The first case will focus on chronic kidney disease by analyzing the adaptability of artificial intelligence models to data from several European countries, thanks to the collaboration of the University Hospital of Aarhus. A second case will focus on the evaluation of AI software for pacemakers, in partnership with the French company Implicity.

‍

Finally, the third case, in collaboration with the Léon-Bérard Cancer Center in Lyon, will examine the effectiveness of a technology for detecting lung metastases and mammograms.

‍

Is this project really adequate to justify the emergence of a European space dedicated to artificial intelligence in health? Are we really building a “European area for artificial intelligence in health”, or is this ambition currently out of reach?