On 3 May, the European Commission officially launched a proposal for a Regulation on the European Health Data Space (EHDS), proposed Regulation n°2022/140 (COD).
Whilst recognising that electronic health and medical data (eHealth data) is particularly sensitive, the Commission simultaneously highlighted the unexplored opportunities for better healthcare and wellbeing for individuals. Moreover, it highlighted the fact that when collected en masse, this data is of high scientific and economic value (EUR 25-30 billion annually according the Commission’s press release).
However, there are many barriers when it comes to making the most of the potentials and opportunities of eHealth data, such as citizens not having direct access to their data or the lack of data portability between different hospital systems and/or hospitals located in different countries. Furthermore, the specific legal requirements imposed by data protection and privacy laws often impair or put additional burden on the (re)use of data for scientific purposes.
What can be expected from the proposed EHDS Regulation?
In this context, the Commission aims to create a new safe space to exchange and process data in a secure and legally compliant manner. The creation of the space follows three main purposes for creating this space are:
to enable more effective, accessible and resilient healthcare and a better quality of life for citizens both at an individual and societal level, for example:
by facilitating cross border transfers and the consultation of electronic medical files and e-prescriptions; and
by improving the treatment, prevention and diagnosis of diseases by making data available to researchers and healthcare providers.
to empower the individuals themselves to take a more active role in looking after their own data.
to unleash the potential of the data economy.
When pursuing these objectives, the EHDS will rely on three fundamental pillars:
fostering citizens’ trust that their data will be shared in a secure and privacy-compliant way, via structural solutions at EU level. The EHDS includes clear provisions on the ways in which data must be kept.
Boosting the primary and secondary use of electronic health data. The primary use strives for better healthcare at national and EU level (e.g. the standardisation of electronic health records). This allows for better diagnosis and treatment with fewer medical errors. The secondary use is intended to support the reuse of eHealth data in the context of research and/or public health policies, including the use of technologies such as A.I.
Reinforcing common governance, both at EU and national level, by building further upon the pre-existing infrastructures and creating a dedicated body – the European Health Data Space Board.
Fostering the primary use of eHealth data will include giving citizens a more active role and control of their data; giving health professionals enhanced and multilingual access to eHealth data and making it mandatory for Member States to adopt MyHealth@EU (digital infrastructure).
Secondary use of eHealth data will be boosted via data which will be anonymised at platform level and can be easily extracted for research or scientific purposes. In order to safeguard individuals’ rights and freedoms, it will be prohibited to use this data to take decisions which may have a detrimental effect on any individual.
As currently proposed, the EHDS will thus most likely impact and build further upon pre-existing acts in Belgium, such as the Act of 22 August 2002 on patient rights, as well as the title 4 (scientific, historical and statistical research) of the Belgian data protection act of 30 July 2018.
Other regulatory texts and policies
The EHDS will need to be read jointly with – and will support the EU public health initiatives (such as Europe’s Beating Cancer Plan or the Pharmaceutical Strategy for Europe). Moreover, the proposal will of course take into consideration the regulatory framework of the Digital Strategy, namely:
the General Data Protection Regulation
the proposed Digital Governance Act
the Draft Data Act
the NIS Directive
the Cyber Resilience Act
What’s in it for the industry?
The proposed regulation is expected to impact industries that focus on primary uses, such as the product markets for:
electronic health records
other health and medical software products
wellness apps
Furthermore, a more prominent positive outcome likely to benefit all industries is the interoperability, security and increased accessibility of eHealth data (which can be obtained in a trustworthy and anonymised way). This will prove to be helpful for developing and training future devices or applications running on artificial intelligence.
What comes next?
The Commission’s proposal still has to be reviewed and agreed upon politically by the other EU Institutions. Given the outstanding proposed initiatives that are already in the pipeline (see acts of the Digital Strategy above), it is unclear when we can expect the next steps. PwC Legal Belgium will be sure to keep you updated.