The European Commission on Tuesday presented its much-anticipated health data space, aiming to dramatically reshape access to medical data and its use in research and policy.
The legislative proposal won’t only change how patients, doctors, researchers and policymakers access and use health data; it’s also hoped the plan will lead to billions in economic gains. The EU claims it will add up to €11 billion over the next 10 years, with half coming from improved data exchanges in health care itself, and the other half from the use of health data in research and policy.
The health data space is the EU’s first sector-specific regulation under its 2020 data strategy, but it’s the coronavirus pandemic that has made it clear just how important health data is. What emerged from the crisis was a vision for a European Health Union, with the data space forming the “backbone” of that health union, Health Commissioner Stella Kyriakides said on Tuesday.
The EU has lined up €810 million in funding to build the necessary infrastructure. But more than funding, the success of the plan will depend on people’s willingness to share their most intimate data — at a time when technology like COVID passes was greeted with distrust. We take you through all you need to know about the proposal.
1. Harnessing the power of the bloc’s data
The EU is sitting on a potential goldmine. The bloc has troves of health data that could help in the development of new treatments, lead to better care of patients, save doctors and patients countless hours, and contribute to better-functioning health systems.
But to achieve that, the data can’t sit gathering dust in paper binders. It needs to be organized in such a way that it is accessible across the bloc, can be easily shared and understood in all 27 member countries, and can be safely accessed by external researchers and organizations.
The picture varies dramatically across the pad. In Estonia, a doctor may have trouble even remembering how to write a paper-based prescription, but in Germany, it’s taken over 10 years just to implement an electronic health record.
2. Easier cross-border health care
The regulation aims to make it possible for a Spanish patient traveling to Italy on holiday to access a prescription in a local pharmacy, or for a doctor in an emergency room in France to access a Finnish patient’s basic health information. Infrastructure for this already exists in the form of [email protected], but the proposal would see this expanded to include things such as lab results and MRI scans. There would also be mandatory requirements on interoperability and security. Patients would have access to this health data “immediately, free of charge, [and] in an easily readable format,” said a senior Commission official.
Kyriakides argued that this will save money in addition to lives, with, for example, duplicated medical imaging procedures becoming a thing of the past.
However, there are already concerns about more EU control over this infrastructure. The fear is that countries could be stripped of their decision-making role, making them mere consumers of the service, said Klára Jiráková, IT project coordinator and lawyer at the Czech Republic’s Vysočina Region Regional Authority and co-chair of the eHealth Member State Expert Group.
3. Putting data to work for research and policy
Healthtech companies have slammed Europe’s fragmented digital health market — which impedes them from quickly rolling out their devices or data-driven services or tapping into data to improve them. “Due to different standards and limited interoperability, the providers of the digital health services … face barriers and additional costs when entering the market of other member states,” the senior Commission official said.
To avoid this, the EU aims to put in place a new legal framework. New health data access bodies in the EU’s member countries will evaluate data access requests, and grant permits for specific purposes. The use of such data for commercial advertising, designing harmful products or increasing an insurance premium is prohibited.
4. 2025 is a milestone date
The Parliament and Council will now look into the plans. The Commission is optimistic that the first results will start to show in 2025, especially for the exchange of data in health care itself, the [email protected] program. “For the [email protected], we’re already working with member states. We have pilot projects on the way. While we have two-thirds of the member states on board at the moment, we should by 2025 already have all member states on board,” the senior Commission official said.
A new European Digital and Health Data board will also be set up, chaired by the Commission and consisting of digital health authorities and health data access bodies as well as observers. But DIGITALEUROPE’s Managing Director Cecilia Bonefeld-Dahl warns it’s crucial that the board also includes patient associations, researchers, industry and health care professionals, “or there will never be the trust needed.” On Tuesday, Kyriakides clarified that there would be patient representatives on the board.
5. Privacy and security will be key
Building the infrastructure is one thing, but getting the public to trust that their data is safe is another. “Citizens must be confident that their health data is adequately protected,” the text reads. It raises the question of how the plans work together with the EU’s data protection rules, the General Data Protection Regulation.
The GDPR opened the door for individuals to control their health data, but it wasn’t sufficient, the text admits: “Today, individuals face challenges in exercising their right to control their health data … despite the relevant rules laid down in the GDPR.”
The GDPR requires consent, which is not relevant and can even be cumbersome in some cases, like for research purposes. “A lot of data is anonymized or pseudonymized data. So, it’s not really directly relevant at that point to talk about individual consent,” the senior Commission official said.
The EU claims to have put in place strong “guarantees” — health data access bodies grant permits only for specific purposes, and processing data can only happen in “secure” environments.
This article is part of POLITICIAN Pro
The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology
Exclusive, breaking scoops and insights
Customized policy intelligence platform
A high-level public affairs network