Over the past two years, the COVID-19 pandemic has demonstrated more clearly than ever before how important cross-border data sharing, especially of health data, can be, despite the challenges discussed here.

The EU has recognised that trusted cross-border sharing of health data not only provides the basis for successful and secure coordination of health threat measures and the general improvement of cross-border health protection, but also has potential to fuel a huge surge in innovation in the fields of healthcare and life sciences if the data can be accessed by a range of private and governmental stakeholders.

With these benefits in mind and with the aim of providing digital health services across European borders, the EU Commission plans to create a European Health Data Space (EHDS) by 2025.

Why an EHDS?

Processing of personal health data in the EU must comply with data protection law. The GDPR classifies health data as special category data and its processing is generally prohibited unless one of the Article 9 exceptions applies. Member State laws may impose further requirements and restrictions and vary from country to country.  This means it is not always easy for stakeholders in the health care and life sciences sector to leverage health data.

The EC believes that some of the barriers to innovation and cross-border healthcare provision could be overcome by allowing access to an EU health database for healthcare research, development and supply purposes.  Specifically, it expects an EHDS to:

• strengthen Europe as a favored location for scientific research
• establish medical standards across the EU
• ensure and develop cross-border healthcare
• facilitate the development of digital health services and/or products, and
• develop the use of artificial intelligence in the healthcare sector, by providing significant volumes of high quality health data.

Where would the data come from?

Large amounts of health data have already been collected throughout the EU. In theory, the EHDS would attempt to integrate as many of these existing data sets as possible. This would allow for an efficient exchange and direct access to various health data (electronic patient records, genomics data, data from patient registries, etc) for healthcare provision as a primary use.

Further use of this data in the context of health research and health policy would also be extremely useful but there are challenges to re-using personal data for further purposes as discussed here. Overall, finding a legal basis for re-use may be problematic in many EU countries, as the original lawful basis for the processing may preclude further use (for example where the original basis was consent).

The best solution would be to establish a standardised procedure to collect health data into an EHDS in future. It would be particularly important to ensure that the lawful basis for the original data processing activity includes the transfer to the EHDS and any potential further use as a result of that transfer.  Whether or not this will happen remains to be seen and depends on the final set-up of the EHDS.

What could an EHDS do?

The goal of an EHDS would be to connect the European national health systems in order to provide for the secure and efficient transfer of health data among stakeholders (eg clinics, research facilities, care facilities, general physicians, governmental agencies).

Access to cross-border health data would become possible within a trusted governance framework based on clear rules. A framework for the use and reuse of the health data would be established, which could also facilitate creating further sectoral data spaces in order to install a strong cross-border data management system and corresponding rules for the exchange of health data.

An EHDS could also contribute to defining cross-border standards for data quality on which healthcare providers as well as research facilities can rely. A uniformly high standard of data quality and data security is particularly important for individual medical care as any divergence could lead to serious risks for the respective individuals. Overall, an EHDS and the health data it contains should aim at meeting all the components entailed in the “principle of FAIR” – Findable - Accessible - Interoperable – Reusable.

What needs to happen to create an EHDS?

There are a number of challenges to overcome on the path to implementing an EHDS that meets all of the EC's goals.

A recent public consultation of the EU initiative on an EHDS, which included private individuals, non-governmental organisations, academic research institutions, private companies, and many others, found (unsurprisingly) that different groups have very different opinions on key issues, including who would have access to the data and what an accreditation process might look like.

The EC will need to consult further on a range of issues, particularly:

• Who will operate and maintain the database?
• What are the organisational and technical requirements with regard to IT and data security?
• How will data be collected and processed in compliance with applicable data protection laws?
• How will data subject rights under applicable data protection laws be addressed?
• How and when will data be deleted?
• Which quality standards will be set for the data stored?

It will be interesting to see how or even whether these questions will be answered. Even if an implementation plan is agreed, there are likely to be further challenges during the implementation phase. While the initiative to create an EHDS has been very well received among stakeholders, it remains to be seen whether the ambitious time frame and targets can be met. The COVID-19 pandemic may, however, have helped to push this project forward and given it higher priority than originally planned – there are rumours that draft regulations are imminent.