Which data are covered by the EHDS?

This web text is primarily a request for input from medical scientists. The EHDS stands for European Health Data Space, a European Regulation that will apply directly as law in the Netherlands. Chapter 4 of this regulation focuses on making health data more readily and securely available for beneficial reuse, such as scientific research. This means that health data must be made available (securely!) if a new government body (the HDAB) so decides. Article 51 of the EHDS contains a list of data that must (in principle) be made available. However, it also states that Member States may add data to this list. It is therefore important that we carefully examine this list and consider which data are not included, even though they are still important for science and policy evaluations. What data do you, as a scientist, use that are not yet included on the list below? What are we missing? Please share your thoughts via the contact form.

The EHDS includes at least the following data:

electronic health data from EHRs;
data on factors impacting on health, including socioeconomic, environmental and behavioural determinants of health;
aggregated data on healthcare needs, resources allocated to healthcare, the provision of and access to healthcare, healthcare expenditure and financing;
data on pathogens that impact human health;
healthcare-related administrative data, including on dispensations, reimbursement claims and reimbursements;
human genetic, epigenomic and genomic data;
other human molecular data such as proteomic, transcriptomic, metabolomic, lipidomic and other omic data;
personal electronic health data automatically generated through medical devices;
data from wellness applications;
data on professional status, and on the specialisation and institution of health professionals involved in the treatment of a natural person;
data from population-based health data registries such as public health registries;
data from medical registries and mortality registries;
data from clinical trials, clinical studies, clinical investigations and performance studies subject to Regulation (EU) No 536/2014, Regulation (EU) 2024/1938 of the European Parliament and of the Council, Regulation (EU) 2017/745 and Regulation (EU) 2017/746;
other health data from medical devices;
data from registries for medicinal products and medical devices;
data from research cohorts, questionnaires and surveys related to health, after the first publication of the related results;
health data from biobanks and associated databases.

So, as Member States, we can add categories here, but I can’t think of anything missing. Someone suggested that perhaps the data of a fetus, which is not yet (legally) a natural person, falls outside of this. But it seems to me that a fetus doesn’t have its own EHR, but is included in an EHR? Therefore, my question to you: what health data is missing, even though it is indeed important to medical science? I’d like to hear from you via the contact form, and I’ll pass this on to the authors of the EHDS implementing legislation.

When will the EHDS come into effect?

The EHDS requires considerable preparation. A Health Data Access Body needs to be established, various software and hardware components need to be built or connected, and additional legislation needs to be drafted. Therefore, the EHDS will come into effect in several phases. What happens when it comes to the beneficial reuse of health data?

The EHDS leads to greater health (data) safety

The arrival of the EHDS is causing public unrest. Will our health data still be safe? The regulation will indeed make more data available for beneficial reuse. But at the same time, health data will also be much more secure. So, kudos to the EHDS.

The rule of law for medical scientists

As a medical scientist, you might think you have little professional involvement with the rule of law. Nothing could be further from the truth. Understanding the separation of powers, for example, is crucial for knowing when to ignore the Data Protection Authority. It's also helpful to understand that lobbying begins with the question of whether the Ministry of Health, Welfare and Sport is the right place to be.

Why the EHDS Regulation?

EHDS stands for European Health Data Space. It is a European law that will apply directly in the Netherlands, just like the GDPR. The European Union introduced the free movement of people, goods, capital, and services decades ago. Internal borders within the EU were abolished as much as possible. The goal of this was economic growth, in addition to, among other things, complicating war. Brussels quickly realized that this free movement would not function properly without the free flow of data. Therefore, a European, borderless data space was also needed. The GDPR was the first step in this process; to achieve the free flow of data, data protection had to be standardized in Europe. Countries can protect privacy themselves, but achieving the free flow of data required uniform data protection.

A data legislation matrix

A European data strategy was subsequently developed, best described as a legislative matrix. On the one hand, there are rules governing all data, regardless of content. These can be found in the GDPR, the Re-use of Government Information Act, the Data Regulation, and the Data Governance Regulation. On the other hand, there are (and will be) rules governing certain types of data. Nine Data Spaces have been designated for this purpose, including financial data, transport data, and therefore also healthcare data. Therefore, when reading the EHDS, one must remember that this law can only be properly understood as a cog in a larger system of laws that complement each other: European laws such as the GDPR and other data legislation, but also Dutch legislation such as the General Administrative Law Act.

An economic perspective on healthcare

The EHDS aims to improve healthcare in Europe by realizing the free movement of patients, healthcare providers, and medical scientists. It was expected that the free movement of goods would lead to economic growth and better products, and this proved to be true. Supporting regulations were developed, such as the two-week return policy for online orders throughout the EU. This gives consumers the confidence that they can order directly from anywhere in Europe. A reputable Italian organic farmer can thus serve the wine market in Wassenaar; prices will decrease, and quality will increase. Similar benefits are also expected to be realized in healthcare. The goal is for Dutch radiologists, for example, to be able to assess MRI scans from across the EU. Brussels expects this will make healthcare cheaper and better.

Broader data availability

In addition, the EHDS aims to stimulate innovation by making health data available for beneficial reuse. Universities, businesses, and citizens will soon be able to apply for a permit to work with health data. Whether you receive this permit will be assessed based on whether you are pursuing a useful purpose, such as education, scientific research, statistics, but also developing new products or training AI systems. If necessary, you can submit the decision on your application to a judge, who can assess it against, among other things, the prohibition on discrimination or scientific freedom. For example, it will no longer be permitted for an academic hospital to share data with physicians but not with scientists from the computer science faculty.

Within strict legal frameworks

Carelessness with health data is inconvenient, unethical, and unlawful. According to the GDPR, sharing is only permitted if there are sufficient “technical and organizational safeguards.” The EHDS prescribes what this entails. A permit must be requested (with some exceptions) from the Health Data Access Body, a new government body. The permit specifies the precise conditions, and the EHDS also contains a list of things that may not be done with the data. Violation of these conditions is punishable by fines. In such cases, the data is not given, but access to it in a secure processing environment. This should make more knowledge available securely throughout the Union. After all, in addition to a right to data protection, we also have a right to information.

Categorie: EHDS in English