On May 3, 2022, the European Commission revealed a proposal for a Regulation on the European Health Data Space (EHDS) (“EHDS Regulation”, or “Proposal”). With the Proposal, the European Commission goals to make important progress in direction of a single marketplace for digital well being companies and merchandise.
This draft EHDS Regulation is a part of the European Strategy for knowledge (revealed in 2020) and enhances different main pending and deliberate legislative proposals for a complete algorithm on knowledge. This contains, for instance, the proposed Data Act on harmonized guidelines on truthful entry to and use of knowledge, the Data Governance Act on availability of knowledge to be used by rising belief in knowledge intermediaries and by strengthening data-sharing mechanisms throughout the EU, in addition to the draft ePrivacy Regulation.
The EHDS Regulation would rewrite guidelines for people, professionals, and corporations, in addition to state actors in the well being care sector in an effort to construct a framework to make use of well being knowledge for well being care companies in addition to analysis and innovation.
Why an EHDS?
The European Commission believes that there are important benefits for analysis, innovation, policy-making, and regulatory actions in having a single inside marketplace for well being knowledge between the EU Member States. For instance, in the view of the European Commission, the COVID-19 pandemic demonstrated the significance of having the ability to quickly entry digital well being knowledge to be ready for well being emergencies. Additionally, in an effort to diagnose and deal with sufferers rapidly anyplace in the EU, it’s thought of vital to make use of well being knowledge which are findable, accessible, interoperable and reusable (“FAIR principles”).
The Proposal’s total goal is to make sure that digital well being knowledge are as open as attainable and as closed as obligatory. Against this background, the draft EHDS Regulation goals to:
- enhance therapy and strengthen rights of particular person sufferers by way of higher digital entry to and management over their well being knowledge, whereas at the similar time guaranteeing a excessive degree of affected person security;
- enhance healthcare high quality and effectivity, e.g., by enabling well being professionals to have eased entry to related well being knowledge;
- foster analysis and innovation in the digital healthcare and life science sector by facilitating entry to non-identifiable well being knowledge, e.g., because it regards the improvement of latest merchandise, therapies and drug manufacturing in the EU;
- unleash the knowledge economic system in the digital healthcare and life science sector by, as an illustration, offering a unified authorized framework and standardization; and
- create synergies between the EHDS and different methods, similar to the European Open Science Cloud and the European Research Infrastructures.
To benefit from these alternatives, the Proposal gives for a complete authorized framework, widespread requirements and practices, infrastructures, and a governance framework for the use of digital well being knowledge.
Who can be topic to the EHDS Regulation?
Similar to the EU General Data Protection Regulation (GDPR), the EHDS will generally apply to corporations established in the EU, however it might additionally embrace non-EU corporations processing private knowledge when focusing on the EU market. The EHDS Regulation would additionally apply to non-personal digital well being knowledge, specifically to so-called knowledge holders and knowledge customers in the EU, no matter the place the knowledge is being processed. The EHDS Regulation would apply to the following (amongst others):
- Manufacturers and suppliers of digital well being file (EHR) methods and wellness purposes positioned on the market in the EU. An EHR contains any equipment or software program used for storing, intermediating, importing, exporting, changing, enhancing, or viewing digital well being information. A wellness software refers to software program which processes digital well being knowledge for different functions than healthcare, similar to well-being.
- Controllers and processors established in the EU. This contains corporations processing digital well being knowledge of EU residents (or non-EU residents residing in the EU) and knowledge customers to whom digital well being knowledge are made obtainable by knowledge holders in the Union.
- Controllers and processors established in third international locations which have been linked to or are interoperable with [email protected]. [email protected] is a central cross-border platform an infrastructure for digital well being. It facilitates the change of digital well being knowledge between the EU Member States. This platform is the technical foundation for the EHDS which goals to foster cross-border entry to well being knowledge inside the EU and allow protected transfers of non-personal digital well being knowledge to non-EU international locations (which is able to however be ruled by the GDPR necessities for switch of non-public knowledge outdoors the EU).
- Data customers to whom digital well being knowledge are made obtainable by knowledge holders in the EU. Data customers refers to anybody who pursues actions for causes of public curiosity, together with personal corporations. Data customers could declare entry to digital well being knowledge from knowledge holders, who could be entities of any variety (e.g., public or non-profit organizations or personal corporations) which are working or conducting analysis as regards to the well being sector.
Given the elementary significance of the processing of well being knowledge in the fields of well being care and life science the EHDS Regulation can be of important relevance for US and different non-EU-based corporations on this sector focusing on the EU market and focusing on, for instance, the improvement of latest remedies, medication, and different medical units.
What are key points of the draft EHDS Regulation?
The Proposal units out a complete framework of guidelines for the processing of digital well being knowledge each in so-called major use and in secondary use. The key points of this framework are the following:
Rules for Primary Health Data Use
Primary use pertains to the processing of non-public knowledge associated to offering well being care companies to people. Under the Proposal, people can have quick access to and can be in full management of their knowledge. Individuals will be capable to add or amend info of their EHR and should resolve with whom they need to share what knowledge. This contains well being care professionals (e.g., medical docs, hospitals, and pharmacies) and suppliers of digital well being care methods that straight course of affected person well being care knowledge.
Patient Rights
According to the European Commission, the guidelines for major well being knowledge use primarily purpose to strengthen affected person rights. To guarantee complete management of knowledge, sufferers have the proper to limit entry to others and procure info (freed from cost) on how the affected person knowledge is used and for which goal.
Complementary to this, Member States shall be sure that affected person summaries, ePrescriptions, photographs and picture experiences, laboratory outcomes, and discharge experiences are issued in a typical European format. Thus, well being knowledge can then be shared between well being professionals in and throughout Member States.
Electronic Health Record (EHR) Systems
The proposal regulates the exercise of Electronic Health Record (EHR) Systems to guarantee interoperability and a excessive degree of safety. Manufacturers of such methods should meet a number of necessities (as a part of a pre-market conformity evaluation) together with, amongst others:
- registration earlier than putting the service on the market;
- technical specs adopted by the European Commission (high quality, safety, and interoperability);
- draw up the technical documentation of EHR methods; and
- provisions on CE marking (Regulation (EU) 765/2008) and market surveillance (Regulation (EU) 2019/1020).
The Proposal gives a voluntary labelling of wellness purposes if they’re interoperable with EHR methods. Such a label would reveal that the respective software complies with the technical specs for EHR methods.
Rules for Secondary Health Data Use
Secondary use describes the additional use of well being knowledge that doesn’t straight serve the therapy of the respective particular person however goes past this. As it pertains to the secondary use of well being knowledge, the Proposal, particularly, gives the following important guidelines:
- Secondary use ought to allow private and non-private organizations to have entry to well being knowledge for functions of analysis, innovation, coverage making, instructional actions, affected person security, regulatory actions, or personalised well being care. Of specific significance for researchers in addition to corporations is the use of knowledge for coaching, testing, and evaluating algorithms in medical units (together with digital well being purposes and AI methods).
- To totally unleash the advantages of the secondary use of digital well being knowledge, present knowledge holders ought to contribute and make their knowledge obtainable beneath sure situations. To guarantee the high quality of their knowledge, knowledge holders should enhance their knowledge bases, for instance, eliminating knowledge incompleteness. As such burdens mustn’t turn out to be disproportionate, small entities are excluded from the obligation to make their knowledge obtainable for secondary use.
- To receive secondary knowledge, corporations and establishments want a allow from a well being knowledge entry physique in the Member States. Using the knowledge is restricted to particular functions and solely permitted in closed, safe environments and with out revealing the id of the particular person. The future well being knowledge entry our bodies can be linked to a brand new decentralized platform ([email protected]).
- The Proposal additionally clearly regulates which secondary use is prohibited. This contains, for instance, taking choices detrimental to a pure particular person based mostly on their digital well being knowledge, excluding sufferers from the good thing about an insurance coverage contract, performing promoting or advertising actions in direction of well being professionals/organizations, or transferring knowledge to unauthorized third events.
Supervision and Enforcement
Under the Proposal, EU Member States should designate an unbiased digital well being authority answerable for the implementation and enforcement of the guidelines of major use of well being knowledge. In the occasion of breaches of those guidelines, the competent knowledge safety authorities could impose fines beneath the GDPR of as much as the increased of 20 million EUR, or in the case of an enterprise, as much as 4% of the whole worldwide annual turnover of the previous monetary yr. In addition, a number of well being knowledge entry our bodies should be established which can be answerable for granting entry to knowledge for secondary use. If recipients don’t adjust to the necessities for secondary use, well being knowledge entry our bodies could revoke an issued knowledge allow and order to stop the respective digital well being knowledge processing. If knowledge holders significantly fail to offer knowledge, well being knowledge entry our bodies could impose fines or exclude these corporations or organizations from utilizing the EHDS for as much as 5 years. A brand new “European Digital and Health Data Board” would even be shaped which must coordinate with the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS).
What open questions stay?
The EHDS Regulation can have important overlap with different laws, similar to the GDPR, the Medical Device Regulation (2017/745), the In Vitro Diagnostic Medical Device Regulation (2017/746), the Directive regarding safety of community and knowledge methods (2016/1148), in addition to guidelines presently nonetheless in the making (e.g., the Data Governance Act, the Data Act, and the AI Act). If contradictions or frictions between the numerous units of guidelines ought to come up in apply, similar to with the GDPR necessities, appreciable authorized uncertainty for the affected actors will consequence. It additionally stays to be seen how the technical necessities for the methods and purposes are finalized. These may even be decisive for the implementation of the regulation with out problems.
Next steps
The Proposal will now be mentioned by the European Parliament and the Council and make its means via the legislative procedures. The European Commission goals to have the backing of all the EU member states for the widespread knowledge platform [email protected] for sufferers by 2025, after which unfold the platform’s full potential. We are following the negotiations on the proposal for the EHDS Regulation and can present updates as this strikes ahead.