PURPOSE: to improve cross-border access to EU health data.
LEGISLATIVE ACT: Regulation (EU) 2025/327 of the European Parliament and of the Council on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847.
CONTENT: the Regulation establishes the European Health Data Space (EHDS) to improve access to and control by natural persons over their personal electronic health data in the context of healthcare (primary use of electronic health data), as well as for other purposes that would benefit the society such as research, innovation, policy-making, patient safety, personalised medicine, official statistics or regulatory activities (secondary use of electronic health data). It provides for a health-specific data environment that will ensure cross-border access to digital health services and products within the EU.
Rights of individuals regarding the primary use of their personal electronic health data
Under the new rules, individuals will have faster and easier access to personal electronic health data such as patient record summaries, electronic prescriptions, medical imaging scans, medical examination results, and hospital discharge reports, whether they are in their home country or in another Member State. The Regulation will also allow healthcare professionals to access their patients' records with their consent, also from other EU countries.
Individuals will have more control over how this data is used. They will have the right to:
- add information to their own electronic medical record (EHR),
- request the rectification of their data,
- grant access to all or part of their electronic health data to a healthcare provider of their choice,
- restrict access by healthcare professionals and healthcare providers to all or part of their personal electronic health data,
- obtain information on data access;
- refuse to have their health data accessed by practitioners (unless this is necessary to protect the vital interests of the data subject or another person).
Member States will be required to establish a Digital Health Authority responsible for implementing the new provisions.
Secondary use
The EHDS will also allow researchers and policymakers to access specific types of anonymised and secure health data, including medical records, clinical trials, pathogens, health claims and reimbursements, genetic data, public health registry information, well-being data, and information on healthcare resources, expenditures, and financing, so that these data can be processed for purposes of public interest, such as research, statistics, and public policy development.
However, sharing of these data will not be permitted for commercial uses, such as advertising or making decisions regarding job offers or applying less favourable terms in the provision of goods or services, including excluding individuals from an insurance or credit contract or changing their contributions and premiums or loan terms.
Individuals will have the right to object at any time and without providing reasons to the processing of their electronic personal health data for secondary use. Member States must provide an accessible and easily understandable opt-out mechanism to exercise this right.
Each Member State will designate a national contact point for secondary use.
Trusted health data holders
To reduce administrative burden, Member States may designate trusted health data holders who can securely process requests for access to health data. Health data access bodies will make information on the conditions under which electronic health data are made available for secondary use publicly available, easily searchable through electronic means and accessible for natural persons.
Where a health data access body is informed by a health data user of a significant finding related to the health of a natural person, the health data access body will inform the health data holder about that finding.
Interoperability
The Regulation requires all electronic health record (EHR) systems to comply with the specifications of the European electronic health record exchange format, ensuring their interoperability at EU level. It establishes a mandatory conformity self-assessment system for EHR systems handling one or more priority categories of electronic health data to address market fragmentation.
The Commission will establish a central interoperability platform for digital health, MyHealth@EU, to provide services to support and facilitate the exchange of personal electronic health data between national contact points for digital health of the Member States. This will enable health data to be securely transferred to healthcare professionals in other EU countries through the platform, for example when citizens move to another state.
The Regulation requires all electronic health record (EHR) systems to comply with the specifications of the European electronic health record exchange format, ensuring that they are interoperable at EU level.
ENTRY INTO FORCE: 25.3.2025.
APPLICATION: From 26.3.2027.