The EU Health Data Space – New rules for health data

On 5 March, the EU Com­mis­si­on published a pro­po­sal for a new Regu­la­ti­on on the Euro­pean Health Data Space. The plan­ned data space is inten­ded to enable an effi­ci­ent exch­an­ge of and direct access to dif­fe­rent health data. This is what distin­gu­is­hes the plan­ned regu­la­ti­on signi­fi­cant­ly from other plan­ned legal acts under the new EU data and cyber secu­ri­ty law, such as the Data Act. The pro­po­sed regu­la­ti­on aims to faci­li­ta­te both pri­ma­ry and secon­da­ry use of health data.

Pri­ma­ry use: access rights for the data subject

With pri­ma­ry use, the data sub­ject should be able to access his or her health data, such as elec­tro­nic pati­ent files, elec­tro­nic pre­scrip­ti­ons and labo­ra­to­ry reports, throug­hout Euro­pe. In the Euro­pean Health Data Space, health data that have been stored only in frag­ments up to now are inten­ded to be poo­led tog­e­ther across bor­ders. For the data sub­jects, pri­ma­ry use should be pos­si­ble elec­tro­ni­cal­ly, free of char­ge and inde­pen­dent of loca­ti­on. In addi­ti­on to con­trol­ling their own data, the data sub­jects should also be able to con­trol access to their data and share them with third par­ties, for example.

Secon­da­ry use for rese­arch and innovation

In addi­ti­on, secon­da­ry use, i.e. the use of health data for rese­arch pur­po­ses as well as for the deve­lo­p­ment of inno­va­tions in the medi­cal field, is meant to be pro­mo­ted. This is likely to invol­ve in par­ti­cu­lar the use of health data for the trai­ning of AI sys­tems, the regu­la­ti­on of which by a sepa­ra­te EU regu­la­ti­on is curr­ent­ly being pre­pared. The EU Mem­ber Sta­tes are to be obli­ged under the new regu­la­ti­on to crea­te so-called Health Data Access Bodies, which are respon­si­ble for gran­ting access to the­se data (Art. 36 No. 1 of the pro­po­sal). In addi­ti­on, Art. 35 of the plan­ned regu­la­ti­on also pro­hi­bits cer­tain forms of secon­da­ry use. This includes, for exam­p­le, the use of data for deter­mi­ning and chan­ging insu­rance pre­mi­ums or for adver­ti­sing purposes.

Requi­re­ments for pro­duct developers

The draft regu­la­ti­on also pro­vi­des for cer­tain requi­re­ments for soft­ware. For Elec­tro­nic Health Record (EHR) sys­tems, i.e. soft­ware with which elec­tro­nic health data are pro­ces­sed, a con­for­mi­ty assess­ment pro­ce­du­re is to be car­ri­ed out in the future befo­re they are pla­ced on the mar­ket. For other health apps, such as fit­ness or yoga apps, which are com­pa­ti­ble with an EHR sys­tem, a vol­un­t­a­ry label is envi­sa­ged by which com­pli­ance with cer­tain requi­re­ments of the regu­la­ti­on can be proven.


It is lau­da­ble that the Euro­pean Uni­on has reco­g­nis­ed the eco­no­mic and social importance of data and wants to take regu­la­to­ry mea­su­res to enable the cross-border use of health data. The plan­ned Euro­pean Health Data Space approa­ches the issue from the right ang­le and aims to pool data that have so far been stored in indi­vi­du­al silos and used, for exam­p­le, only for dia­gno­stic pur­po­ses. For com­pa­nies, the plan­ned regu­la­ti­on is the­r­e­fo­re expec­ted to crea­te inte­res­t­ing oppor­tu­ni­ties for the sci­en­ti­fic and inno­va­ti­ve use of health data. It is the­r­e­fo­re alre­a­dy wort­hwhile to deve­lop appro­pria­te busi­ness cases while taking into account the legal frame­work conditions.


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.