Publication date

Assessment of the EU Member States’ rules on health data in the light of GDPR.

Hansen, J., Wilson, P., Verhoeven, E., Kroneman, M., Kirwan, M., Verheij, R., Veen, E.B. van. Assessment of the EU Member States’ rules on health data in the light of GDPR. Brussels: Publications Office of the European Union, 2021. 262 p.
Download the PDF
In the context of the Single Framework Contract Chafea/2018/Health/03 between the EUHealthSupport Consortium and the Consumers, Health and Food Executive Agency (Chafea), a study was conducted with the objective to examine and present the EU Member States’ rules governing the processing of health data in light of the GDPR, with the objective of highlighting possible differences and identifying elements that might affect the cross-border exchange of health data in the EU, and examining the potential for EU level action to support health data use and re-use.

The study provides an evidence-based comparison of the state of play regarding health data governance within the EU. This will help to assess in what areas EU intervention might be needed and if so, through which types of measures, be it measures such as a Code of Conduct for data processing in the health area, which could be supported by an EU level implementing act or more direct legislative action, taking into account the particularities of the health systems in the Member States.

We distinguish between using health data for primary purposes (for treatment of the patient) and secondary purposes (for research, registries and management of the healthcare system). We use a mixed-methods approach, consisting of the following elements:
• Literature review to provide an overview of best practices, bottlenecks, policy options and possible solutions already identified in the literature.
• Mapping legal and technical aspects of health data usage at national level to provide an overview of the differences among countries in legislation, regulation and governance models regarding processing health data.
• In-depth case studies of national governance models for health data sharing.
• Workshops held with MoH representatives, experts, stakeholder representatives and experts from national data protection offices.
• Stakeholder Survey to cross validate and supplement the topics addressed and identified in the Member State legal and technical aspects mapping.

The results of this study allow for a detailed assessment of possible elements at Member States/EU level that might affect the movement of health data across borders. It also identifies practices that could facilitate this exchange of data, as well as possible policy options for strategies in this area. Finally, we explored possibilities for sustainable governance structures for health data collection, processing and transfer, as well as measures empowering citizens to have more control of their own health data and to ensure portability and interoperability of these data.

Whatever next steps are chosen a EU level, it is clear that co-operation between EU Member States is crucial. Such co-operation should draw upon the work of national level data protection authorities coming together as the European Data Protection Board, as well as the numerous national and EU level bodies that represent patients, patients of specific disease groups, healthcare professionals, researchers and industry. The COVID-19 pandemic has done much to increase willingness for such co-operation and provides many new models for rapid, responsive and impactful action.