On 5 March, the EU Commission published a proposal for a new Regulation on the European Health Data Space. The planned data space is intended to enable an efficient exchange of and direct access to different health data. This is what distinguishes the planned regulation significantly from other planned legal acts under the new EU data and cyber security law, such as the Data Act. The proposed regulation aims to facilitate both primary and secondary use of health data.
Primary use: access rights for the data subject
With primary use, the data subject should be able to access his or her health data, such as electronic patient files, electronic prescriptions and laboratory reports, throughout Europe. In the European Health Data Space, health data that have been stored only in fragments up to now are intended to be pooled together across borders. For the data subjects, primary use should be possible electronically, free of charge and independent of location. In addition to controlling their own data, the data subjects should also be able to control access to their data and share them with third parties, for example.
Secondary use for research and innovation
In addition, secondary use, i.e. the use of health data for research purposes as well as for the development of innovations in the medical field, is meant to be promoted. This is likely to involve in particular the use of health data for the training of AI systems, the regulation of which by a separate EU regulation is currently being prepared. The EU Member States are to be obliged under the new regulation to create so-called Health Data Access Bodies, which are responsible for granting access to these data (Art. 36 No. 1 of the proposal). In addition, Art. 35 of the planned regulation also prohibits certain forms of secondary use. This includes, for example, the use of data for determining and changing insurance premiums or for advertising purposes.
Requirements for product developers
The draft regulation also provides for certain requirements for software. For Electronic Health Record (EHR) systems, i.e. software with which electronic health data are processed, a conformity assessment procedure is to be carried out in the future before they are placed on the market. For other health apps, such as fitness or yoga apps, which are compatible with an EHR system, a voluntary label is envisaged by which compliance with certain requirements of the regulation can be proven.
It is laudable that the European Union has recognised the economic and social importance of data and wants to take regulatory measures to enable the cross-border use of health data. The planned European Health Data Space approaches the issue from the right angle and aims to pool data that have so far been stored in individual silos and used, for example, only for diagnostic purposes. For companies, the planned regulation is therefore expected to create interesting opportunities for the scientific and innovative use of health data. It is therefore already worthwhile to develop appropriate business cases while taking into account the legal framework conditions.back