Navigating the European Health Data Space (EHDS): Opportunities & Regulatory Compliance
Digitalisation is vital for the future of healthcare, offering various benefits such as improving healthcare for citizens, strengthening health systems, fostering competitiveness and innovation in the EU's medical industry. However, despite the abundance of health data generated by Member States, access for citizens and researchers remains challenging. Responsible data use can significantly enhance everyday life, including healthcare. Data privacy and security as well as citizen trust are crucial components when the European Commission now picks up the pace for enhancements in this area.
In May 2022, the European Commission launched the European Health Data Space (EHDS), one of the key components of a stronger European health data union. It has two main components: the primary use of health data – how individuals can access their own health data, such as prescriptions and laboratory results – and secondary use of personal health data, such as in research and development.
Data Privacy and security
The EHDS builds upon the General Data Protection Regulation (GDPR) to ensure a high level of personal data protection. This involves careful handling of sensitive health data, including provisions for a legitimate legal ground for processing, data subject rights, and data minimisation.
Further, and given the sensitivity of health data, the EHDS emphasises robust cybersecurity measures. This includes secure data storage and transmission, regular security audits, and compliance with the latest cybersecurity standards. Here, the industry carries an important responsibility in ensuring continuously updated protocols. Another important aspect, recognising the unique sensitivity of health data, is additional safeguards tailored to the health sector with measures aiming to protect against unauthorised access, data breaches, and misuse of health data.
The EHDS outlines specific guidelines for how health data can be used. This includes restrictions on using data for decisions that might prove detrimental to individuals, such as increasing insurance premiums or marketing targeted health products. For secondary use of health data (such as research and policymaking), the EHDS mandates the processing of data in secure environments. These should comply with high standards of privacy and cybersecurity, ensuring that personal data is not compromised.
Citizen trust and transparency
Key to building trust amongst the EU population is transparency and control over personal data. The EHDS aims to ensure that individuals have clear information about how their health data is used and by whom – empowering citizens with full control. Citizens have the right to access their data, share it with healthcare providers of their choice, and control its use.
The initiative empowers individuals by providing them with direct access to their health data in a secure, user-friendly manner. This includes the ability to manage e.g. consent settings and understand the purposes for which their data is used.
To foster trust, the EHDS includes efforts to educate the public about the benefits of sharing health data, the security measures in place to protect their data, and their rights under the GDPR and other relevant legislation. The EHDS plans to establish mechanisms through which individuals can provide feedback or file complaints regarding the handling of their health data. This responsiveness to citizen concerns is vital for maintaining trust. Further, the EHDS will function closely with national data protection authorities to ensure compliance with data protection laws and to address any concerns related to privacy and data security.
To summarise, the success of EHDS depends on robust data privacy and security measures in combination with strong citizen trust. This involves not only technical and regulatory measures but also a commitment to transparency, individual empowerment, and ongoing public engagement.
What’s cooking?
Several potential business case scenarios and opportunities are associated with the EHDS, aligning with its objectives to improve healthcare initiatives and digitalisation, facilitate innovation and ensure secure and efficient use of health data. A snapshot from the industry could include the following:
The EHDS offers a baseline for startups focusing on digital health solutions. With standardised access to health data across EU member states, startups can develop innovative applications and services that can be scaled up across the European market.
Companies in the research and development field in pharmaceuticals, biotech and MedTech sectors have a lot to gain from the possibilities offered by the EHDS framework. Easier access to health data across the EU can lead to more efficient management of clinical trials and by that accelerate e.g. drug and vaccine research and the development of personalised medicine and MedTech products.
Related to the above is the potential for growth in healthcare analytics and AI-driven solutions. Companies specialising in data analysis can leverage the harmonised health data to provide insights into research initiatives but also into public health trends, disease and pandemic outbreaks as well as treatment outcomes, and provide useful input into decision-making and policy drafting.
With the emphasis on digital health records and data interoperability, the EHDS can also boost telemedicine services. Businesses offering remote healthcare solutions can expand their services across EU countries, benefiting from a larger market and more standardised data practices. This can also lead to new business models in cross-border healthcare services, such as specialised treatment centers for patients from different EU countries and health tourism. With patients having more access and control over their health data, there is a market for tools and platforms that help them manage their health information, make informed decisions about their care, and engage more actively in their health and wellness.
The harmonisation of health data can also lead to the development of collaborative platforms where researchers, healthcare providers and policymakers can share insights and best practices, facilitating a more integrated approach to healthcare research and policy. The importance and emphasis on data privacy and security in the EHDS as laid out above, presents opportunities for companies specialising in cybersecurity for healthcare data. These businesses can provide solutions for secure data storage, transmission, and compliance with health data regulations to further strengthen the trust of citizens. Further, there may be opportunities for businesses that specialise in aggregating and anonymising health data, making it accessible for secondary uses such as research while still ensuring compliance with privacy regulations.
Challenges ahead
So, what is next? The EHDS is setting the bar high in terms of ambition. What is the level of readiness in the different EU countries and how does the EHDS interact with other legislation? When digging deeper into the area of e.g. secondary use of health data, it is clear that although technical challenges often first come to mind, such as secure storage and transfer of, as well as access to, health data, there is a vast landscape of legal, governance and ethical matters yet to penetrate and analyse. Many EU states may have to amend national legislation within the area of health data to allow for the implementation of the EHDS.
Further, the Joint Action Towards the European Health Data Space (TEHDAS) coordinator Markus Kalliola, project director for the Health Data 2030 project at the Finnish Innovation Fund Sitra, points to ethical principles for health data as something that should be considered. “We need to trust that the researchers, who get access to the data, manage it in a safe and controlled environment and to avoid security problems.” And further: “One of the outcomes (from a previous TEHDAS study) was that the more people know about the secondary use of health data, the more they are in favour of it. The less they know, the more they fear and the more they are opposed,” Kalliola concluded[1].
Navigating the complexity of the EHDS coupled with the GDPR
The above-mentioned business case scenarios highlight the potential for economic growth, innovation, and improved healthcare which will hopefully come from the EHDS initiative. However, it is essential for businesses engaging in these opportunities to closely monitor regulatory developments and comply with the stringent data protection and privacy standards set by the EHDS as well as by the GDPR. As healthcare providers and businesses navigate the complexities of the EHDS, there will be a need for specialised data privacy, regulatory and compliance consultancy services to help organisations align with the new regulations and standards – to get the most out of the new opportunities while ensuring compliance.
EHDS status: Trilogue negotiations have now begun after the EU Parliament adopted its position on December 13th 2023. There is an ambition that these negotiations will be finalised during March/April 2024.
Learn more about our Privacy offering here.
For more information, please contact:
For further information on the subject:
https://health.ec.europa.eu/system/files/2022-05/com_2022-196_en.pdf
Legal issues, not infrastructure hampers research in health data revolution – Euractiv
[1] https://www.euractiv.com/section/health-consumers/news/legal-issues-not-infrastructure-hampers-research-in-health-data-revolution/