Skip to content
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt

Understanding the European Health Data Space: Part One

October 2024



The EURORDIS Patient Health Data programme has been made possible through the generous support of Fondation Ipsen, under the aegis of Fondation de France.

The European Health Data Space (EHDS) is set to revolutionise how health data is shared and used across borders in the European Union. It aims to create a secure, interoperable framework that facilitates the exchange of health data for both healthcare services and research, paving the way for better diagnoses, treatments, and innovation.

During our recent webinar, we explored the key aspects of the EHDS and its implications for healthcare professionals, researchers, and patients, particularly those with rare diseases.

Below we summarise the key points from the discussion, presented in a Q&A format, to provide clarity on this rather groundbreaking initiative.


What is the European Health Data Space (EHDS)?

The European Health Data Space (EHDS) is a new framework designed to enable the secure and efficient exchange of health data across EU Member States. It builds on existing regulations like the General Data Protection Regulation (GDPR), the Data Governance Act, and the Data Act, among others. The EHDS aims to improve healthcare delivery by ensuring that health data can be shared across borders, both for direct patient care and for research purposes. It is designed to promote better use of data in healthcare systems while safeguarding patient privacy and ensuring compliance with strict data protection laws.

Why is the EHDS particularly important for rare diseases?

For rare diseases, one of the biggest challenges is the scarcity of available data. Because rare diseases affect small populations, there is often insufficient data within individual countries to conduct meaningful research or develop effective treatments. The EHDS is critical in overcoming this hurdle by allowing countries to collaborate and share health data, thereby creating larger datasets that can be used for research and improving healthcare for patients with rare diseases. This cross-border data sharing can also help improve the accuracy of diagnoses and lead to more personalised treatments.

How will the EHDS operate?

The EHDS is a decentralised system, meaning that there isn’t a single repository where all data is stored. Instead, it’s a network of interconnected systems that communicate with one another. The framework focuses on interoperability, ensuring that data from different countries and healthcare systems can be exchanged securely. It builds on the existing legislative framework, particularly the GDPR, to ensure that privacy and security are prioritised. The aim is to create a secure environment where data can be shared for healthcare provision and research without compromising individual rights.

What are the primary and secondary uses of health data under the EHDS?

Primary use refers to the direct use of health data in providing healthcare services, such as when a patient visits a doctor or hospital. This data is used solely for that specific purpose and remains within the healthcare setting.

Secondary use involves using health data for research, policy-making, innovation, and the development of new technologies, such as artificial intelligence. For example, anonymised or pseudonymised health data might be used to develop AI systems for diagnostics or to conduct large-scale studies on public health.

What are the roles of data holders, data controllers, and data users in the EHDS?

Data holders: These are entities that generate or collect health data, such as hospitals, healthcare providers, research institutions, and even developers of health-related apps.

Data controllers: Data controllers are responsible for deciding how and why personal data is processed. Both data holders and health data access bodies can act as controllers, depending on the activities they’re engaged in, such as anonymising or sharing the data.

Data users: These are individuals or entities that access health data for secondary use, such as researchers or companies using data for innovation. When data users process data, they also become data controllers.

What is a trusted data holder, and how does it differ from a regular data holder?

A trusted data holder is a special designation that a data holder can apply for, allowing them to bypass the health data access body when sharing data. Normally, health data users must go through a health data access body to request data from a data holder. However, trusted data holders can provide data directly in a secure environment, making the process more streamlined and efficient. The procedure for becoming a trusted data holder is determined at the national level, and it might vary between countries.

How does the EHDS ensure the security and privacy of shared health data?

Security and privacy are central to the EHDS framework. All data sharing takes place in secure environments, where sensitive data is either anonymised or pseudonymised to protect individual identities. Data is never simply transferred via insecure channels like email. Instead, authorised data users access it through secure platforms designed to prevent unauthorised access or breaches. The entire system is built on principles outlined in the GDPR, ensuring that all data processing adheres to stringent European privacy standards.

What are the obligations of data users under the EHDS?

Data users have several obligations under the EHDS, particularly when it comes to transparency. After accessing and using the data, they must publish a report within 18 months, outlining the anonymised results of their research. This report must be made publicly available, helping to ensure that the data is being used responsibly and contributing to societal benefits, such as advancing medical research or improving healthcare policies.

How does the EHDS address intellectual property and trade secret issues?

One of the more controversial aspects of the EHDS is its stance on intellectual property (IP) and trade secrets. In the past, companies – especially in the pharmaceutical sector – have used IP rights to withhold data, citing business concerns. Under the EHDS, there is less room to claim IP rights or trade secrets as a reason not to share data, particularly when the data comes from publicly funded research or is part of a public health initiative. This shift aims to encourage more open data sharing for the public good.

What types of health data will be included in the EHDS?

The EHDS covers a broad range of health data types, including:

  • Electronic health records (EHRs)
  • Human genetic data
  • Data from biobanks
  • Data from wellness applications
  • Clinical trial data (for trials that have already concluded)
  • Registry data
  • Research cohort data

In addition, Member States can include other categories of data at the national level, further expanding the scope of the EHDS.

How will the EHDS impact cross-border healthcare in the EU?

One of the EHDS’s key goals is to improve cross-border healthcare by making it easier for patients to access their health records and prescriptions in any EU member state. With common standards for electronic health records and data sharing, citizens will be able to travel across the EU and continue receiving healthcare services without losing access to their medical history. This will be particularly beneficial for people who move frequently between countries or seek specialised treatments abroad.

How are Member States involved in the implementation of the EHDS?

While the EHDS is an EU-wide regulation, Member States have considerable flexibility in how they implement it. This could lead to some variations in how data is handled or shared, particularly regarding national healthcare systems and legal frameworks. Member States are responsible for designating their health data access bodies, setting procedures for becoming a trusted data holder, and aligning national laws with the broader European framework. This flexibility can be both a strength and a challenge, as it may result in some inconsistencies across borders.

What are the penalties for non-compliance with EHDS regulations?

The EHDS includes strict penalties for non-compliance. Data holders who fail to share data or misuse the system can face fines of up to €20 million or 4% of their global annual turnover. Similarly, data users who breach the rules – such as by attempting to re-identify anonymised data – can also be fined. These penalties mirror the fines imposed under the GDPR and are designed to enforce compliance and protect data security.


The European Health Data Space represents a significant step forward in the digitalisation of healthcare across Europe. By promoting secure data exchange and empowering individuals to control their health data, it holds the promise of improving patient outcomes, fostering research, and driving innovation. However, its success depends on effective implementation, harmonisation across Member States, and strong safeguards for privacy and security.

Explore our website for more information on the European Health Data Space and to participate in future webinars.