Overview of the proposed Regulation:

Supports individuals to take control of their electronic personal health data, in their country and cross-border (primary use of data)1

  • People will have immediate, and easy digital access to the data, free of charge. They can easily share these data with health professionals at national level and EU-wide to improve health care delivery.
  • People will be in full control of their data and will be able to add information, rectify wrong data, restrict access to others and obtain information on how their data are used and for which purpose.

Enables the full use of the potential offered by a safe and secure exchange, use and reuse of health data, as well as fostering a genuine single market for electronic health record systems, relevant medical devices and high-risk AI systems.  

Member States will ensure that patient summaries, ePrescriptions, images and image reports, laboratory results, discharge reports are issued and accepted in a common European format.

Interoperability and security will become mandatory requirements. Manufacturers of EHR systems will need to certify compliance with these standards.

To ensure that peoples’ rights are safeguarded, all Member States have to appoint digital health authorities. These authorities will participate in the cross-border digital infrastructure (MyHealth@EU) that will support patients to share their data across borders.

Improving the use of health data for research, innovation, policymaking and regulatory activities (secondary use of data)2:

The EHDS creates a strong legal framework for the use of health data for research, innovation, public health, policy-making and regulatory purposes.

Under strict conditions, researchers, innovators, public institutions or industry will have access to large amounts of high-quality health data:

  • The access to such data will require a permit from a health data access body, to be set up in all Member States.
  • Access will only be granted if the requested data is used for specific purposes, in closed, secure environments and without revealing the identity of the individual.
  • It is also strictly prohibited to use the data for decisions, which are detrimental to citizens such as designing harmful products or services or increasing an insurance premium.

The health data access bodies will be connected to the new decentralised EU-infrastructure for secondary use (HealthData@EU) which will be set up to support cross-border projects. As such, the European Health Data Space is the first common EU data space in a specific area to emerge from the European strategy for data. It will provide a trustworthy setting for secure access to and processing of a wide range of health data taking into account the sensitivity of health data. It builds further on the General Data Protection Regulation (GDPR), proposed Data Governance Act [1], draft Data Act [2] and Network and Information Systems Directive (NIS) [3]. The EHDS will make use of the ongoing and forthcoming deployment of public digital goods in the EU, such as Artificial Intelligence, High Performance Computing, cloud and smart middleware. In addition, frameworks for AI, e-Identity and cybersecurity, will support the EHDS.

The proposal put forward by the European Commission will now (2022) be discussed by the Council and the European Parliament.

Note 1: The primary use of electronic health data supports the use of data for better healthcare at national and cross-border level.EC

Note 2: The secondary use of electronic health data takes place when health data is processed to inform and assess public health policies or to conduct research.


[1] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on European data governance (Data Governance Act). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020PC0767
[2] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on harmonised rules on fair access to and use of data (Data Act). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0068
[3] DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL-concerning measures for a high common level of security of network and information systems across the Union. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L1148&from=EN