The European Parliament adopted by 445 votes to 142, with 39 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on the European Health Data Space.
The European Parliament’s position adopted at first reading under the ordinary legislative procedure amends the proposal as follows:
The aim of this Regulation is to establish the European Health Data Space (‘EHDS’) in order to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as to better achieve other purposes in the healthcare and care sector that would benefit society, such as research, innovation, policy-making, health threats preparedness and response including to prevent and address future pandemics, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data).
Primary use of electronic health data
Natural persons should have the right to give access to or request a healthcare provider to transmit all or part of their electronic health data to another healthcare provider of their choice immediately, free of charge and without hindrance from the health care provider or from the manufacturers of the systems used by that healthcare provider. The Regulation should allow healthcare professionals to consult their patients' files with their consent, even from other EU countries.
The priority categories of personal electronic health data should be the following: patient summaries; electronic prescriptions; electronic dispensations; medical imaging studies and related imaging reports; medical test results, including laboratory and other diagnostic results and related reports; discharge reports.
Where electronic health data is processed for the provision of healthcare, healthcare providers should register the relevant personal health data falling fully or partially under at least the priority categories in the electronic format in an EHR system.
Member States should ensure that one or more proxy services are established as a functionality of health data access services enabling natural persons to authorise other natural persons of their choice to access their personal electronic health data.
Natural persons should have the right to: (i) insert information in their own HER; (ii) rectify their personal data; (iii) give access to or request a healthcare provider to transmit all or part of their electronic health data to another healthcare provider of their choice immediately, free of charge; (iv) restrict access of health professionals and healthcare providers to all or parts of their personal electronic health data; (v) obtain information, including through automatic notifications, on any access to their personal electronic health data; (vi) refuse to allow their health data to be consulted by practitioners (unless this is necessary to protect the vital interests of the person concerned or of another person).
Health professional access services
For the provision of healthcare, Member States should ensure that access to the priority categories of electronic health data is made available to health professionals, including for cross-border care, through health professional access services. These services should be accessible only to health professionals who are in possession of recognised electronic identification means. The electronic health data in the electronic health records should be presented in a user-friendly manner to allow for easy use by health professionals.
MyHealth@EU
The Commission should establish a central interoperability platform for digital health, MyHealth@EU, to provide services to support and facilitate the exchange of personal electronic health data between national contact points for digital health of the Member States.
Conformity assessment of EHR systems
This Regulation establishes a mandatory scheme of self-conformity assessment for EHR systems processing one or more priority categories of electronic health data should be established to overcome market fragmentation while ensuring a proportionate approach. Through this self-assessment, EHR systems will prove compliance with the requirements on interoperability, security and logging for communication of personal electronic health data established by the two mandatory EHR components harmonised by this Regulation, namely the ‘European EHR systems exchange interoperability component’ and the ‘European logging component for EHR systems’.
The CE marking should be affixed before placing the EHR system on the market.
Secondary use of electronic health data
Data including health records, clinical trials, pathogens, health claims and reimbursements, genetic data, public health registry information, wellness data and information on healthcare resources, expenditure and financing, could be processed for public interest purposes, including research, statistics and policy-making (so-called secondary use).
Secondary use should not be allowed for commercial purposes including advertising, assessing insurance requests or making job market decisions or offering less favourable terms in the provision of goods or services, including to exclude them from the benefit of an insurance or credit contract or to modify their contributions and insurance premiums or conditions of loans. Access decisions should be made by national data access bodies.
Natural persons should have the right to opt-out at any time and without stating reasons from the processing of personal electronic health data relating to them for secondary use under this Regulation. Member States should provide for an accessible and easily understandable opt-out mechanism to exercise this right, whereby natural persons should be offered the possibility to explicitly express their will not to have their personal electronic health data processed for secondary use.