On 29 January, a workshop took place in Brussels to explore how Member States are implementing the GDPR for the protection of personal data in the field of health, in order to identify possible differences and examine how this may affect the cross-border exchange of health data in the EU. It is the first of a three part series of workshops between January and April 2020, which will contribute to a legal study commissioned by the Commission in view of the future establishment of a European Health Data Space.
Existing national and EU rules on the processing of health data will be discussed in these workshops, including the specificities of these rules for the two main classifications of health data usage – primary use of data (used for healthcare delivery) and secondary use of data (used for research, policymaking and development of private services in the field of health). The discussions will address citizens’ access to their personal data and the portability of such data to other operators. Discussions will also explore different national governance models, databases and codes of conduct for secondary use of health data. Potential gaps and needs regarding health data usage within the EU, a priority of the new Commission, will be identified. The aim of the initiative is to facilitate the exchange and sharing of health data across Europe, for both primary and secondary uses, whilst ensuring citizens have control over their own health data.
One of the priorities set out in the new Commission mandate is the creation of a European Health Data Space (EHDS), which would foster the exchange, and sharing of different kinds of health data (electronic health records, genomics, registries, etc.) in Europe. Thus, supporting the delivery of primary care, as well as, the development of new treatments, medicines, medical devices and services. Beyond the citizens, this would help meet the needs of different users and actors in the system (healthcare providers, researchers, private companies, policy makers), whilst simultaneously protecting citizens’ data. The Commission is currently working with the Member States and stakeholders to define the best governance structure and set up the appropriate infrastructure for the EHDS. Additionally, some existing regulatory gaps regarding Member States implementation of the GDPR for the secondary use of data are being addressed.