Ringholm-Logo Ringholm
 EHDS Reference 		Ringholm page header
EHDS-Index    Training   
Home | Ringholm bv | Learn * Share * Connect | info@ringholm.com

Member State Obligations

EHDS requirements for member states

In short: The EHDS defines a number of member states obligations that they have to adhere to.

The following is a subset of 'member state obligations' as defined by the EHDS regulation. Obligations of a procedural/administrative nature as well as obligations related to the secondary use of data have been omitted.

Member States shall ensure that one or more electronic health data access services at national, regional or local level are established, thereby enabling natural persons to access their personal electronic health data and exercise their rights provided for in Articles 3 and 5 to 10. Such electronic health data access services shall be free of charge for the natural persons and their representatives. (Article 4(1))

Member States shall ensure that one or more proxy services are established as a functionality of electronic health data access services which enables:

  • (a) natural persons to authorise other natural persons of their choice to access their personal electronic health data, or part thereof, on their behalf for a limited or unlimited period and, if needed, for a specific purpose only, and to manage those authorisations; and
  • (b) legal representatives of natural persons to access personal electronic health data of those natural persons whose affairs they administer, in accordance with national law.
Member States shall establish rules regarding the authorisations referred to in point (a) of the first subparagraph and actions of guardians and other legal representatives. (Article 4(2))

Member States shall establish the rules and specific safeguards regarding such restriction mechanisms [Natural persons shall have the right to restrict the access of health professionals and healthcare providers to all or parts of their personal electronic health data]. (Article 8)

If a Member State provides for a right [to opt out of access to their personal data], it shall establish the rules and specific safeguards regarding the opt-out mechanism. Member States shall ensure that the exercise of that right is reversible. (Article 10)

Member States shall establish rules [access control rules] providing for the categories of personal electronic health data accessible by different categories of health professionals or for different healthcare tasks. Such rules shall take into account the possibility of restrictions imposed under Article 8 of this Regulation. (Article 11)

For the provision of healthcare, Member States shall ensure that health professionals are able to access free of charge the priority categories of personal electronic health data referred to in Article 14, including for cross-border care, through health professional access services.
The services referred to [above] shall be accessible only to health professionals who are in possession of electronic identification means which are recognised pursuant to Article 6 of Regulation (EU) No 910/2014 or other electronic identification means compliant with common specifications referred to in Article 36 of this Regulation. (Article 12)

Member States shall ensure that, where electronic health data are processed for the provision of healthcare, healthcare providers register [import/process] the relevant personal electronic health data falling fully or partially under at least the priority categories of personal electronic health data referred to in Article 14 in an electronic format in an EHR system. (Article 13)

Member States shall ensure that the priority categories of personal electronic health data referred to in Article 14 are issued in the European electronic health record exchange format. (Article 15)

Member States shall ensure the connection of all healthcare providers to their national contact points for digital health. Member States shall ensure that connected healthcare providers are able to perform two-way exchanges of electronic health data with the national contact point for digital health. (Article 23(5))

Member States shall operate digital testing environments for the assessment of harmonised software components of EHR systems. (Article 40(2))

In accordance with the general principles of Union law, which include the fundamental rights enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, Member States shall ensure that a particularly high level of protection and security is in place when processing personal electronic health data for primary use, by means of appropriate technical and organisational measures. In this respect, this Regulation shall not preclude a requirement under national law, taking into account the national context, that, in cases where personal electronic health data are processed by healthcare providers for the provision of healthcare or by the national contact points for digital health connected to MyHealth@EU, the storage of personal electronic health data referred to in Article 14 of this Regulation for the purpose of primary use be located within the Union, in compliance with Union law and international commitments. (Article 86)

Member States shall lay down the rules on penalties applicable to infringements of this Regulation, and shall take all measures necessary to ensure that they are implemented. (Article 99)

Feedback

Please e-mail ehds@ringholm.com should the information on this page be incorrect or incomplete; we welcome your suggestions to improve its content.

About Ringholm bv

Ringholm bv is a group of European experts in the field of messaging standards and systems integration in healthcare IT. We provide the industry's most advanced training courses and consulting on healthcare information exchange standards.