The law is not the same as ethics

Posted on 1 juni 202521 november 2025 by admin

The law is not the same as ethics

Is ethics superior? Or is the law?

To properly understand our legal system and what the EHDS will bring us, it’s important to make a clear distinction between law and ethics. Morality is the question of whether we believe something is right, and the basis for that is ethics (although they are also referred to collectively as ethics). It is therefore a reasoned value judgment. Law, on the other hand, is the set of rules that determine what we may or may not do. Some believe that ethics is superior to law, more important, and more valuable. Others believe that ethics is simply an opinion, while law has been established by the majority of society through the democratic process. It is therefore more valuable than ethics. The question of who is right is irrelevant, as long as the difference is properly understood, and how they relate to each other.

Law is rules plus application

These rules of law are established by the legislature and then applied by courts in a specific case: for example, in the question of whether someone must pay damages. Law is therefore the totality of rules as applied by courts in specific cases. The system is structured in such a way that the highest court is always right; what the highest court declares to be law is, by definition, law. This ensures consistency in the application of law, allowing society to adjust its behavior accordingly. If the law is very clear, the court adds little, but rules are often somewhat vague; judges then elaborate on them. Law is therefore a sum of applied rules.

Ethics complements and forms new law

Ethics can be used by judges to flesh out open-ended norms, as is the case with the terms “good care” or “reasonableness and fairness.” Such vague terms are explained using interpretative methods such as dogmatics (what professors think), legislative history (what has been discussed in parliament), a purely linguistic application, or simply ethics. But when there is no open-ended norm, when it is crystal clear what a rule entails in a specific case, then ethics cannot really play a role; for example, with a statutory term of three years. Ethics is therefore used to give substance to open-ended norms. Moreover, ethics is an important guideline in determining what future law should look like. It then serves as an argument for legislative amendments. In this way, in a democratic society, law and ethics are achieved without significant differences, but that is not necessarily the case. Law is sometimes called “solidified ethics” in healthcare. But that’s only the case if ethics influenced the creation or interpretation of law. The rules on how to establish a private limited company are not solidified ethics, and the law of Nazi Germany was law, but not ethical.

A description of the law is not unethical

In discussions about the law surrounding medical research, which often has ethical implications, ethics and law are often confused. This complicates the discussions, which is why it’s important to clearly distinguish between them. One might feel that you should have a property right to data about yourself, for example, but as long as there’s no legal provision or case law (court rulings) that creates such a right, you don’t have one. One might argue on ethical grounds that an opt-in for secondary use of data would be preferable, but once the EHDS comes into effect, this European law will stipulate that an opt-out is sufficient. Lawyers who explain the law are sometimes accused of being unethical. But they don’t make any pronouncements on ethics; they merely explain how certain rules (probably or certainly) should be interpreted.

This is what the European Parliament thought

Ethics is thus used to define open standards. It also serves as a basis for drafting new laws. This also applies to legislators in Brussels. All Europeans have been patients at some point. They voted collectively on who should sit in the European Parliament. It was recently decided there that an opt-out is sufficient. Apparently, the majority considered this ethical.

The EHDS and the Secure Processing Environment

Under the EHDS, work must be performed in a Secure Processing Environment (SPE). Scientists don't receive data, but access it in a SPE that meets the strict technical and security standards established under the EHDS. What does this entail? And will everyone be required to work in such a SPE from now on? Will it become a supercomputer containing all our health data?

When will the EHDS come into effect?

The EHDS requires considerable preparation. A Health Data Access Body needs to be established, various software and hardware components need to be built or connected, and additional legislation needs to be drafted. Therefore, the EHDS will come into effect in several phases. What happens when it comes to the beneficial reuse of health data?

The EHDS leads to greater health (data) safety

The arrival of the EHDS is causing public unrest. Will our health data still be safe? The regulation will indeed make more data available for beneficial reuse. But at the same time, health data will also be much more secure. So, kudos to the EHDS.

Why is the EHDS revolutionary?

Posted on 2 april 202521 november 2025 by admin

Why is the EHDS revolutionary?

More data, because it's safer

The EHDS aims to make more data available for secondary use by making it more secure. The GDPR will continue to apply alongside the EHDS. This privacy regulation already stipulates that the use of health data (in short) is permitted if there is a good purpose, if the law is followed, and if sufficient technical and organizational measures have been taken. The EHDS stipulates the same, but in more detail: working with health data is permitted if it serves a useful purpose, as described in the EHDS. This will be assessed by a newly established government body, the Health Data Access Body (HDAB), which will assess compliance with the GDPR in addition to the EHDS. Subsequently, users will not receive data, but a permit to work with that data, which will specify the precise conditions, such as the requirement to work in a secure processing environment (SEPA). In other words, users will not receive data, but access to it. The HDAB will periodically verify whether the SEPAs are indeed (still) sufficiently secure.

A right to data

So far, there seems to be little new; there must be a good purpose, the work must be done lawfully, and the work must be carried out safely. Yet, the effects of the EHDS, by creating an HDAB and a data permit, are truly groundbreaking or revolutionary. Firstly, because the data must be shared much more widely: if the HDAB has determined that a scientist is permitted to work with data (as described in the permit), then the data holder is obligated to actually make it available. We already have various laws requiring data holders to make data available to the government itself, such as the Statistics Netherlands Act (CBS Act) and the RIVM Act (RIVM Act). But now, there is an obligation to make data available to permit holders, i.e., non-governmental organizations.

If an academic hospital now wants to use data from a nursing home, that nursing home can refuse, invoking the GDPR. Whether that appeal and refusal are justified can never be submitted to a court, because sharing data by the nursing home is a favor. Now, this becomes an obligation. The downside of this is that the academic hospital effectively acquires a right to (work with) data. This is not explicitly stated in the EHDS. However, a decision on a permit application is an administrative decision. If the permit is denied, an objection can be filed (with the DHAB itself) and then, if necessary, appeal to the administrative court. If the court determines that the academic hospital meets all the conditions for obtaining the permit, it will be granted the permit. Compare this to a permit for a dormer window; if all the conditions are met, it can no longer simply be denied. By creating a data permit, the EHDS indirectly creates a right to data.

Academic freedom

Moreover, in principle, everyone has the right to work with health data. Anyone can apply for a permit; any natural person or legal entity throughout the European Union. Obtaining such a permit requires pursuing a recognized purpose under the EHDS, but no distinction is made between, for example, citizen scientists and scientists from academic institutions. Of course, applicants will be assessed for their qualifications to achieve the intended objectives and therefore possess appropriate expertise. However, people like Albert Einstein, who work at a patent office, will have more opportunities under the EHDS to demonstrate their capabilities. This isn’t dangerous, because the HDAB will anonymize or pseudonymize the data as much as possible, and will not transfer it but make it available in a secure processing environment from which no data can be extracted, only conclusions.

Transfer of confidentiality decisions in case of secondary use

The next striking fact is that the authority to decide on the secondary use of health data is being taken away from individual healthcare providers and placed with the HDAB, the newly established government agency. The EHDS is therefore seen in the medical sector as a worrying restriction of medical confidentiality. In my opinion, it would be better to view it as a partial relocation of medical confidentiality, which is also not illogical. Remember, medical confidentiality was introduced by doctors themselves, at a time when the rule of law did not yet exist; 2,000 years ago. That was fantastic, of course, but now we do have a well-functioning rule of law and a government agency that oversees the protection of privacy. Previously, there was no choice as to where decisions on secondary data use should be placed, but now there is. And in that case, an independent government agency is a more logical choice than the doctors themselves.

Most doctors are, of course, honest and well-meaning, but unfortunately, there are bad apples in every profession. A bad doctor has a personal interest in medical confidentiality. An independent government agency does not. The EHDS explicitly states that the HDAB must be safeguarded to ensure its independence; there must be no conflicting interests. Individual healthcare providers do, however. Moreover, we cannot expect healthcare providers to all be familiar with the GDPR, while an HDAB is. Ultimately, the importance of the privacy of the individual patient conflicts with the importance of medical progress for society as a whole; the interest of other patients and future generations in being able to research and discover new treatment methods. An independent agency is better positioned to weigh individual versus collective interests, current versus future interests. Therefore, with regard to secondary use of data, medical confidentiality is not so much restricted as displaced by the EHDS. And in our fairly well-functioning constitutional state, that is a logical choice from a legal perspective.

The EHDS and the Secure Processing Environment

When will the EHDS come into effect?

The EHDS leads to greater health (data) safety

Which data are covered by the EHDS?

Posted on 1 april 202521 november 2025 by admin

Which data are covered by the EHDS?

This web text is primarily a request for input from medical scientists. The EHDS stands for European Health Data Space, a European Regulation that will apply directly as law in the Netherlands. Chapter 4 of this regulation focuses on making health data more readily and securely available for beneficial reuse, such as scientific research. This means that health data must be made available (securely!) if a new government body (the HDAB) so decides. Article 51 of the EHDS contains a list of data that must (in principle) be made available. However, it also states that Member States may add data to this list. It is therefore important that we carefully examine this list and consider which data are not included, even though they are still important for science and policy evaluations. What data do you, as a scientist, use that are not yet included on the list below? What are we missing? Please share your thoughts via the contact form.

The EHDS includes at least the following data:

electronic health data from EHRs;
data on factors impacting on health, including socioeconomic, environmental and behavioural determinants of health;
aggregated data on healthcare needs, resources allocated to healthcare, the provision of and access to healthcare, healthcare expenditure and financing;
data on pathogens that impact human health;
healthcare-related administrative data, including on dispensations, reimbursement claims and reimbursements;
human genetic, epigenomic and genomic data;
other human molecular data such as proteomic, transcriptomic, metabolomic, lipidomic and other omic data;
personal electronic health data automatically generated through medical devices;
data from wellness applications;
data on professional status, and on the specialisation and institution of health professionals involved in the treatment of a natural person;
data from population-based health data registries such as public health registries;
data from medical registries and mortality registries;
data from clinical trials, clinical studies, clinical investigations and performance studies subject to Regulation (EU) No 536/2014, Regulation (EU) 2024/1938 of the European Parliament and of the Council, Regulation (EU) 2017/745 and Regulation (EU) 2017/746;
other health data from medical devices;
data from registries for medicinal products and medical devices;
data from research cohorts, questionnaires and surveys related to health, after the first publication of the related results;
health data from biobanks and associated databases.

So, as Member States, we can add categories here, but I can’t think of anything missing. Someone suggested that perhaps the data of a fetus, which is not yet (legally) a natural person, falls outside of this. But it seems to me that a fetus doesn’t have its own EHR, but is included in an EHR? Therefore, my question to you: what health data is missing, even though it is indeed important to medical science? I’d like to hear from you via the contact form, and I’ll pass this on to the authors of the EHDS implementing legislation.

The EHDS and the Secure Processing Environment

When will the EHDS come into effect?

The EHDS leads to greater health (data) safety

Why the EHDS?

Posted on 31 maart 202521 november 2025 by admin

Why the EHDS Regulation?

EHDS stands for European Health Data Space. It is a European law that will apply directly in the Netherlands, just like the GDPR. The European Union introduced the free movement of people, goods, capital, and services decades ago. Internal borders within the EU were abolished as much as possible. The goal of this was economic growth, in addition to, among other things, complicating war. Brussels quickly realized that this free movement would not function properly without the free flow of data. Therefore, a European, borderless data space was also needed. The GDPR was the first step in this process; to achieve the free flow of data, data protection had to be standardized in Europe. Countries can protect privacy themselves, but achieving the free flow of data required uniform data protection.

A data legislation matrix

A European data strategy was subsequently developed, best described as a legislative matrix. On the one hand, there are rules governing all data, regardless of content. These can be found in the GDPR, the Re-use of Government Information Act, the Data Regulation, and the Data Governance Regulation. On the other hand, there are (and will be) rules governing certain types of data. Nine Data Spaces have been designated for this purpose, including financial data, transport data, and therefore also healthcare data. Therefore, when reading the EHDS, one must remember that this law can only be properly understood as a cog in a larger system of laws that complement each other: European laws such as the GDPR and other data legislation, but also Dutch legislation such as the General Administrative Law Act.

An economic perspective on healthcare

The EHDS aims to improve healthcare in Europe by realizing the free movement of patients, healthcare providers, and medical scientists. It was expected that the free movement of goods would lead to economic growth and better products, and this proved to be true. Supporting regulations were developed, such as the two-week return policy for online orders throughout the EU. This gives consumers the confidence that they can order directly from anywhere in Europe. A reputable Italian organic farmer can thus serve the wine market in Wassenaar; prices will decrease, and quality will increase. Similar benefits are also expected to be realized in healthcare. The goal is for Dutch radiologists, for example, to be able to assess MRI scans from across the EU. Brussels expects this will make healthcare cheaper and better.

Broader data availability

In addition, the EHDS aims to stimulate innovation by making health data available for beneficial reuse. Universities, businesses, and citizens will soon be able to apply for a permit to work with health data. Whether you receive this permit will be assessed based on whether you are pursuing a useful purpose, such as education, scientific research, statistics, but also developing new products or training AI systems. If necessary, you can submit the decision on your application to a judge, who can assess it against, among other things, the prohibition on discrimination or scientific freedom. For example, it will no longer be permitted for an academic hospital to share data with physicians but not with scientists from the computer science faculty.

Within strict legal frameworks

Carelessness with health data is inconvenient, unethical, and unlawful. According to the GDPR, sharing is only permitted if there are sufficient “technical and organizational safeguards.” The EHDS prescribes what this entails. A permit must be requested (with some exceptions) from the Health Data Access Body, a new government body. The permit specifies the precise conditions, and the EHDS also contains a list of things that may not be done with the data. Violation of these conditions is punishable by fines. In such cases, the data is not given, but access to it in a secure processing environment. This should make more knowledge available securely throughout the Union. After all, in addition to a right to data protection, we also have a right to information.

Categorie: EHDS in English