The EU Health Data Space – New rules for health data

On 5 March, the EU Com­mis­si­on published a pro­po­sal for a new Regu­la­ti­on on the Euro­pean Health Data Space. The plan­ned data space is inten­ded to enable an effi­ci­ent exch­an­ge of and direct access to dif­fe­rent health data. This is what distin­gu­is­hes the plan­ned regu­la­ti­on signi­fi­cant­ly from other plan­ned legal acts under the new EU data and cyber secu­ri­ty law, such as the Data Act. The pro­po­sed regu­la­ti­on aims to faci­li­ta­te both pri­ma­ry and secon­da­ry use of health data.

Pri­ma­ry use: access rights for the data subject

With pri­ma­ry use, the data sub­ject should be able to access his or her health data, such as elec­tro­nic pati­ent files, elec­tro­nic pre­scrip­ti­ons and labo­ra­to­ry reports, throug­hout Euro­pe. In the Euro­pean Health Data Space, health data that have been stored only in frag­ments up to now are inten­ded to be poo­led tog­e­ther across bor­ders. For the data sub­jects, pri­ma­ry use should be pos­si­ble elec­tro­ni­cal­ly, free of char­ge and inde­pen­dent of loca­ti­on. In addi­ti­on to con­trol­ling their own data, the data sub­jects should also be able to con­trol access to their data and share them with third par­ties, for example.

Secon­da­ry use for rese­arch and innovation

In addi­ti­on, secon­da­ry use, i.e. the use of health data for rese­arch pur­po­ses as well as for the deve­lo­p­ment of inno­va­tions in the medi­cal field, is meant to be pro­mo­ted. This is likely to invol­ve in par­ti­cu­lar the use of health data for the trai­ning of AI sys­tems, the regu­la­ti­on of which by a sepa­ra­te EU regu­la­ti­on is curr­ent­ly being pre­pared. The EU Mem­ber Sta­tes are to be obli­ged under the new regu­la­ti­on to crea­te so-called Health Data Access Bodies, which are respon­si­ble for gran­ting access to the­se data (Art. 36 No. 1 of the pro­po­sal). In addi­ti­on, Art. 35 of the plan­ned regu­la­ti­on also pro­hi­bits cer­tain forms of secon­da­ry use. This includes, for exam­p­le, the use of data for deter­mi­ning and chan­ging insu­rance pre­mi­ums or for adver­ti­sing purposes.

Requi­re­ments for pro­duct developers

The draft regu­la­ti­on also pro­vi­des for cer­tain requi­re­ments for soft­ware. For Elec­tro­nic Health Record (EHR) sys­tems, i.e. soft­ware with which elec­tro­nic health data are pro­ces­sed, a con­for­mi­ty assess­ment pro­ce­du­re is to be car­ri­ed out in the future befo­re they are pla­ced on the mar­ket. For other health apps, such as fit­ness or yoga apps, which are com­pa­ti­ble with an EHR sys­tem, a vol­un­t­a­ry label is envi­sa­ged by which com­pli­ance with cer­tain requi­re­ments of the regu­la­ti­on can be proven.

Con­clu­si­on

It is lau­da­ble that the Euro­pean Uni­on has reco­g­nis­ed the eco­no­mic and social importance of data and wants to take regu­la­to­ry mea­su­res to enable the cross-border use of health data. The plan­ned Euro­pean Health Data Space approa­ches the issue from the right ang­le and aims to pool data that have so far been stored in indi­vi­du­al silos and used, for exam­p­le, only for dia­gno­stic pur­po­ses. For com­pa­nies, the plan­ned regu­la­ti­on is the­r­e­fo­re expec­ted to crea­te inte­res­t­ing oppor­tu­ni­ties for the sci­en­ti­fic and inno­va­ti­ve use of health data. It is the­r­e­fo­re alre­a­dy wort­hwhile to deve­lop appro­pria­te busi­ness cases while taking into account the legal frame­work conditions.