Author

Elisa-Marlen Eschborn, LL.M. (Turin)

Associate

Read More
Author

Elisa-Marlen Eschborn, LL.M. (Turin)

Associate

Read More

14 March 2022

March - Health data – getting the right balance between innovation and data protection – 3 of 7 Insights

EU cross-border health data spaces – where are we now?

Over the past two years, the COVID-19 pandemic has demonstrated more clearly than ever before how important cross-border data sharing, especially of health data, can be, despite the challenges discussed here.

The EU has recognised that trusted cross-border sharing of health data not only provides the basis for successful and secure coordination of health threat measures and the general improvement of cross-border health protection, but also has potential to fuel a huge surge in innovation in the fields of healthcare and life sciences if the data can be accessed by a range of private and governmental stakeholders.

With these benefits in mind and with the aim of providing digital health services across European borders, the EU Commission plans to create a European Health Data Space (EHDS) by 2025.

Why an EHDS?

Processing of personal health data in the EU must comply with data protection law. The GDPR classifies health data as special category data and its processing is generally prohibited unless one of the Article 9 exceptions applies. Member State laws may impose further requirements and restrictions and vary from country to country.  This means it is not always easy for stakeholders in the health care and life sciences sector to leverage health data.

The EC believes that some of the barriers to innovation and cross-border healthcare provision could be overcome by allowing access to an EU health database for healthcare research, development and supply purposes.  Specifically, it expects an EHDS to:

  • strengthen Europe as a favored location for scientific research
  • establish medical standards across the EU
  • ensure and develop cross-border healthcare
  • facilitate the development of digital health services and/or products, and
  • develop the use of artificial intelligence in the healthcare sector, by providing significant volumes of high quality health data.

Where would the data come from?

Large amounts of health data have already been collected throughout the EU. In theory, the EHDS would attempt to integrate as many of these existing data sets as possible. This would allow for an efficient exchange and direct access to various health data (electronic patient records, genomics data, data from patient registries, etc) for healthcare provision as a primary use.

Further use of this data in the context of health research and health policy would also be extremely useful but there are challenges to re-using personal data for further purposes as discussed here. Overall, finding a legal basis for re-use may be problematic in many EU countries, as the original lawful basis for the processing may preclude further use (for example where the original basis was consent).

The best solution would be to establish a standardised procedure to collect health data into an EHDS in future. It would be particularly important to ensure that the lawful basis for the original data processing activity includes the transfer to the EHDS and any potential further use as a result of that transfer.  Whether or not this will happen remains to be seen and depends on the final set-up of the EHDS.

What could an EHDS do?

The goal of an EHDS would be to connect the European national health systems in order to provide for the secure and efficient transfer of health data among stakeholders (eg clinics, research facilities, care facilities, general physicians, governmental agencies).

Access to cross-border health data would become possible within a trusted governance framework based on clear rules. A framework for the use and reuse of the health data would be established, which could also facilitate creating further sectoral data spaces in order to install a strong cross-border data management system and corresponding rules for the exchange of health data.

An EHDS could also contribute to defining cross-border standards for data quality on which healthcare providers as well as research facilities can rely. A uniformly high standard of data quality and data security is particularly important for individual medical care as any divergence could lead to serious risks for the respective individuals. Overall, an EHDS and the health data it contains should aim at meeting all the components entailed in the “principle of FAIR” – Findable - Accessible - Interoperable – Reusable.

What needs to happen to create an EHDS?

There are a number of challenges to overcome on the path to implementing an EHDS that meets all of the EC's goals.

A recent public consultation of the EU initiative on an EHDS, which included private individuals, non-governmental organisations, academic research institutions, private companies, and many others, found (unsurprisingly) that different groups have very different opinions on key issues, including who would have access to the data and what an accreditation process might look like.

The EC will need to consult further on a range of issues, particularly:

  • Who will operate and maintain the database?
  • What are the organisational and technical requirements with regard to IT and data security?
  • How will data be collected and processed in compliance with applicable data protection laws?
  • How will data subject rights under applicable data protection laws be addressed?
  • How and when will data be deleted?
  • Which quality standards will be set for the data stored?

It will be interesting to see how or even whether these questions will be answered. Even if an implementation plan is agreed, there are likely to be further challenges during the implementation phase. While the initiative to create an EHDS has been very well received among stakeholders, it remains to be seen whether the ambitious time frame and targets can be met. The COVID-19 pandemic may, however, have helped to push this project forward and given it higher priority than originally planned – there are rumours that draft regulations are imminent.

In this series

Data & cyber

Defining and using health data

Victoria Hordern looks at what constitutes health data and the lawful bases on which it can be processed under the (UK) GDPR.

31 January 2022

by Victoria Hordern

Data & cyber

Diagnosed by big data

Victoria Hordern looks at the use of big data and AI in medical diagnostics in the context of data protection and AI regulation.

1 March 2022

by Victoria Hordern

Data & cyber

EU cross-border health data spaces – where are we now?

Elisa-Marlen Eschborn looks at the opportunities created by the planned European Health Data Space, and at whether they can be realised by 2025.

14 March 2022

by Elisa-Marlen Eschborn, LL.M. (Turin)

Data & cyber

Fairness and lawfulness in the context of health data

Ed Hadcock looks at the importance of fair and lawful processing of health data to establish trust as well as data protection compliance.

1 March 2022

Data & cyber

More health data, more risk

Jo Joyce looks at cybersecurity challenges facing health data and at ways to manage risk.

1 March 2022

by Jo Joyce

Data & cyber

UK data protection law – a barrier or the key to unlocking health data for scientific research?

Debbie Heywood looks at the scientific research provisions in the UK GDPR and Data Protection Act 2018, in the context of health data.

1 March 2022

by Debbie Heywood

Data & cyber

Why isn't transferring health data across borders for research purposes easier?

Victoria Hordern looks at the restrictions on exporting health data and at whether they are really proportional given that potential benefits could well outweigh any risk.

1 March 2022

by Victoria Hordern

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Data & cyber

Global Data Hub: Health data – getting the right balance between innovation and data protection

15 March 2022

by multiple authors

Click here to find out more