Will the European Health Data Space cure all our diseases?
For years, healthcare public policies meant setting up a system that allowed public and private insurances to identify beneficiaries and to pay for their healthcare expenses. Now, especially, after the Covid global crisis, arises the need for better health-related data allowing to set up more efficient and more reactive government policies. At the same time, managing healthcare data in a more efficient manner will undoubtedly lead to a better allocation of resources.
European countries are the best example of the complexity of legacy systems for healthcare. Most systems only deal with health-related payments while the Covid crisis has made evident the need for a better global administration of health data for each citizen. At the same time, privacy is key in this domain and a system has to be established with the best balance between the protection of medical confidentiality and the availability of data allowing the setup of public health policies.
In this context, the European Commission is starting its process to launch the "European Health Data Space (EHDS)." The goal of the project is to develop a " health specific ecosystem comprised of rules, common standards and practices, infrastructures and a governance framework that aims at (…) empowering individuals through increased digital access to and control of their electronic personal health data (…) and providing a consistent, trustworthy and efficient set-up for the use of health data for research, innovation, policy-making and regulatory activities," according to the European Commission documents. Reaching this goal means lots of work will have to be done in harmonizing rules, standards, medical terms, and health systems across member states, including agreeing on member states' particularities and even different languages, tools and vocabulary.
Backers of the project insist on the privacy aspect: citizens will keep control of their own health data and whose, when, and with who they want to share them, but at the same time, they guarantee healthcare professionals will have a faster and easier access to patient health records. The project also anticipates to give access to large amounts of health data, of higher quality, to researchers. At the same time the project is anticipated to provide regulators and policy-makers with non-identifiable health data for the benefit of public health and to generate new markets for electronic health records in other Member States.
The project is also under control of the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS), which reaffirm "that the provisions in this Proposal will add yet another layer to the already complex (multi-layered) collection of provisions (to be found both in the EU and Member States law) on the processing of health data (in the healthcare sector). The interplay between those different pieces of legislation needs to be (crystal) clear". For instance, "these applications [which] generate an enormous amount of data, can be highly invasive and may reveal particularly sensitive information, such as religious orientation," said EDPS Supervisor Wojciech Wiewiórowski.
On the other hand, many European citizens are concerned with the privacy issues that arise from such a large scale project in a sensitive area. National data protection authorities from Member States are already demanding that the project include provisions guaranteeing that citizens’ health data would be stored locally, inside the European Economic Area (EEA), to avoid the risk of unlawful access. This consideration takes us to the need for a European sovereign cloud service, still in limbo as of now.
Also, some analysts consider the amount of data collected about each of us is a threat: electronic health data might include clinical trial data, data from medical devices, patient registries, identification data relating to health professionals as well as electronic data related to insurance status, professional status, education, lifestyle, wellness and behavior data relevant to health. Having more data also means the cybersecurity risk become higher, as has been demonstrated recently by the numerous cyberattacks against healthcare services such as hospitals.
Our secure transactions industry, which defines itself as providing hardware and software solutions to provide digital identity while preserving privacy is in the best position to propose technology solutions for the implementation of EHDS. If we do not succeed, we can bet non-European providers will be ready to make offers to European decision makers. Control of our most private data is at stake as a part of the quest for reinforcing European sovereignty.