Christian Weigand
Anna ChiwonaOn March 26, 2025, the regulation for the European Health Data Space (EHDS) of the European Union came into effect. With that the first common EU data space was established and a significant milestone for the advancement of healthcare across Europe made. This innovative repository is designed to securely store health data for all insured individuals across member states. Now, the ball is in the member states’ court: They must implement the EHDS plans over the next two years. But what does that entail? Here’s a brief overview of the objectives, expected benefits, and data security measurements of the planned data space.
Hopes and dreams for the EHDS
The EHDS aims to make better use of health data in healthcare delivery, research and development, and to continuously improve the healthcare system. These are its overarching goals:
- Creating a common space for the simple exchange of health data, in which patients can also benefit from easier access and control sovereignty across borders, known as the so-called primary use.
- The pooling of nationally collected health data is intended to improve care, research, and the infrastructure of the health systems of the member states as a whole, known as the secondary use.
- Ensuring health data is secure and trustworthy for research, innovation, policymaking, and regulatory purposes.
Data security
Naturally, the question of trustworthy handling of data is a significant one. Here are the most important points summarized:
- Regulations: The EHDS refers to existing regulations, such as the General Data Protection Regulation (GDPR), the Data Governance Act, Data Act or the Network and Information Systems Directive.
- Data Storage: The data is only stored in the insured person’s country of origin; if the person wishes to access it abroad, they must give their own permission to do so.
- Objection: In primary use, patients can object to access as a whole or in part through a specific right of objection that the member states can introduce.
- Secondary Use: Secondary use requires a mandatory right to object and will only be possible for specific purposes described in the Regulation, within the framework of clear rules.
- Processing: Data processing may only take place in secure processing environments that meet the highest standards of privacy and cybersecurity. No personal data can be downloaded from these environments.
- Certification: There will also be strict requirements for placing new EHR systems on the market, such as the certification of security and interoperability criteria, which will ensure the security of patient data.
Who benefits?
As Europe’s first common data space, the EHDS is hoped to provide various advantages for different stakeholders:
Introducing the EHDS in Germany: The new electronic patient record (ePA)
The electronic patient file (ePA), introduced in Germany in January 2025, aims to gradually include all of a patient’s personal health data (laboratory reports, electronic doctor’s letters, X-rays, etc.). From October 1, 2025, doctors and other healthcare professionals, such as therapists, will be obliged to fill the health record with data. Patients themselves can also upload data, and health insurance companies can be asked to digitize medical information available in paper form and upload it to the ePA.
The connection between the ePA and the EHDS remains to be clarified, however. According to the Federal Ministry of Health, the ePA will serve as a central access point within the framework of the EHDS. This integration would enable German patients to receive care in other EU countries using their ePA. Furthermore, if insured individuals have opted out of having their health data used for research through their German ePA, this preference will also be respected across the EU.
Next steps
The EHDS must be implemented by all member states over the next two years. In March 2027, the Commission will then adopt detailed implementing acts with rules for its application. Overall, the enforcement of the regulations may extend over the next ten years. Probably the biggest hurdle for the European Health Data Space is the interoperability of data (for example, using the FHIR® interoperability standard): data from Germany must be collected in a way that it can also be used in other European countries. For this purpose, it’s beneficial that Germany has licensed the international coding standard SnomedCT and that the so-called Medical Information Objects (MIO) that fill the ePA are based on FHIR®.
At the same time, data protection guidelines must be complied with. In any case, it will be exciting to see how Germany and other member states gradually pave the way for an easy exchange of health data over the next years.
Copyright featured image: © Black Pig – stock.adobe.com
Grit Nickel
Add comment