Skip to content
EHDS Jurist — Mr. Dr. Antoinette Vlieger
NL/EN
Back to the regulation
Recital 65

Recital 65

Health data access bodies should monitor the application of Chapter IV of this Regulation and contribute to its consistent application throughout the Union. For that purpose, health data access bodies should cooperate with each other and with the Commission. Health data access bodies should also cooperate with stakeholders, including patient organisations. Health data access bodies should support health data holders that are small enterprises in accordance with Commission Recommendation 2003/361/EC (18), in particular medical practitioners and pharmacies. Since the secondary use of health data involves the processing of personal data concerning health, the relevant provisions of Regulations (EU) 2016/679 and (EU) 2018/1725 apply and the supervisory authorities under those Regulations should remain the only authorities competent for enforcing those provisions. Health data access bodies should inform the data protection authorities of any penalties imposed and any potential issues related to data processing for secondary use and exchange any relevant information at their disposal to ensure enforcement of the relevant rules. In addition to the tasks necessary to ensure effective secondary use of health data, the health data access body should strive to expand the availability of additional health datasets, and promote the development of common standards. They should apply tested state-of-the-art techniques that ensure electronic health data are processed in a manner that preserves the privacy of the information contained in the data for which secondary use is allowed, including techniques for pseudonymisation, anonymisation, generalisation, suppression and randomisation of personal data. Health data access bodies can prepare datasets for the health data user as required under the issued data permit. In that regard, health data access bodies should cooperate across borders to develop and exchange best practices and techniques. This includes rules for pseudonymisation and anonymisation of micro datasets. When relevant, the Commission should set out the procedures and requirements, and provide technical tools, for a unified procedure for pseudonymising and anonymising electronic health data.