In this privacyespresso, Magdalena Kogut-Czarkowska , attorney at law at the Belgian law firm Timelex explains the relevance of the proposal presented by the European Commission for a European Health Data Space (“EHDS”) regulation and provides her views from the privacy and data protection perspective.
The EHDS is a proposal of an EU regulation aiming at regulating the use of electronic health data. EHDS is broader than the GDPR as it involves not only personal data but also any information that is related to the health and treatment of patients. The regulation is supposed to help in various areas starting from enhancing the rights of patients to better control their medical data to enabling researchers and policymakers to access such data for their purposes to benefit the society. The latter became particularly relevant nowadays as Covid has shown that the fragmentation of laws in accessing such information was hindering governments to stop the pandemic.
These two mentioned areas can be distinguished as the two main pillars of the proposal:
As for the first pillar, the EDHS will bring more rights to patients. This proposal is intended for electronic health data specifically and in this area, it will strengthen the access and data transfer rights beyond the GDPR standard. For example, patients will have the right to access their data immediately, much faster than within the time limit set by GDPR. Also, patients will be able to share data with different health providers within the EU or, if they wish, restrict the accessibility of such data by certain doctors.
As for the second pillar, which is focused on the secondary use of data, the scope is to simplify the access to quality data sets for researchers and authorities. For example, this is very much needed for AI model training as without rich and well-structured data such systems cannot be developed. The EHDS adds relevant provisions in this regard by making certain types of data mandatory to be shared with researchers. To achieve this, the proposed regulation aims to strike a balance between the pursuits of innovators, the interests of the society and the protection of individuals’ privacy. For instance, accessed information will undergo pseudonymization or anonymization procedures and be safeguarded by secure processing environments. These are perceived as some of the most relevant effects of the EHDS.
There are also other benefits for companies such as standardization of the electronic health data systems to simplify the communication of such data among different providers in EU countries. Also, the proposal outlines the infrastructure and governance framework among EU authorities in this area.
To learn more about this topic, listen to Magdalena in this privacyespresso and read her detailed article on the topic.