CPME Rapporteur: dr. Sjaak NOUWT (NL) CPME Secretariat: Ms Sara RODA
European Health Data Space and its implementation
The European Health Data Space (EHDS) Regulation 2025/327 entered into force on 26 March 2025. CPME closely monitored and contributed to the regulation debate, making sure physicians’ views were taken into account. The work will continue to ensure implementation process is 'user-friendly'.
The EHDS Regulation aims to establish a common framework for the use and exchange of electronic health data across the EU. It enhances individuals’ access to and control over their personal electronic health data, while enabling certain data to be reused for public interest, policy support, and scientific research purposes. It supports a single market for digital health services and products; it harmonises legal and technical framework for electronic health record (EHR) systems, fostering interoperability.
Key CPME messages:
Easier access to individual’s data, specifically patients’ data, needs to be surrounded by strong legal safeguards and level of security.
Patient confidentiality and professional secrecy must be preserved online and offline.
To foster trust in health data sharing, there should be the involvement of research ethics committees or ethics review boards, in particular when the legal basis to share personal data is other than consent of the data subject.
Anonymisation as the default position to process health data for secondary use, and prohibition to re-identify electronic health data in a pseudonymised format.
Re-identification and disclosure of de-identified personal data is a major breach of trust. Sanctions should be high, and Member States should consider criminalising such conduct to serve as a deterrent measure.
Personal data protection
CPME believes that a high level protection of all citizens’ data is essential, in particular health and medical data. As the patient-doctor relationship is built on confidence and trust, medical records should be considered as particularly sensitive data. At the same time, it is of utmost importance that healthcare data be stored with the appropriate security standards, for purposes of proof of medical treatment and for future patient’s safety. Following the adoption of the General Data Protection Regulation (GDPR) on 27 April 2016, CPME closely monitors the implementation of this regulatory framework, as well as related legislation with impact to the processing of data concerning health, patient confidentiality and professional secrecy.
CPME is contributing to the Digital Omnibus Package discussions.
CPME is concerned with the workload and economic burden that cumbersome digital tools place on healthcare professionals and on healthcare systems. This policy calls on policy-makers and co-legislators in Europe to strive for an EHR for the patient and the healthcare professional, removing unnecessary administrative and statistical information obligations from the EHR. CPME calls on the healthcare software industry to accept the challenge of only placing on the market EHR systems that are verifiably ‘user-friendly’ and functional.
CPME recalls the need to reduce the complexity of the EHR technical models, as they are a driver of clinical burden. Field-driven system design at the expense of clinical reasoning and narrative documentation must not be encouraged. The increased structural granularity does not reduce clinical uncertainty, even if it creates the appearance of precision.
CPME comments that guidelines should explain how to involve cizens in the definion of ‘public interest’; and how to deal with conflicts of interest/competing duties within same the HDAB and between public entities to safeguard independence against undue pressure, polical or commercial influence.
CPME suggests adding as recommended best practices the following:
- Consider the interface of healthcare professionals, to be able to easily select relevant information in the EHR.
- Consider reducing documentation burden and alert fatigue for health professionals, meaning that data from consumer wellness apps shall not be sent to/seen in the patient summary unless requested by a qualified registered health professional.
- Medically certified apps that are documented cost-beneficial, if requested by the doctor, and in agreement with the patient, might be granted access to export data directly to the EHR.
Collection of information among CPME Members. it will feed into deliverable D9.3 on requirements for large-scale uptake of telemedicine services under the initiative MyHealth@EU
CPME statement highlighting key aspects for the trilogue negotiations on the European Health Data Space (EHDS), to ensure a positive impact for healthcare.
The response highlights the cultural shift on health data sharing, the high impact for European Doctors and small practices, in particular in relation to the primary use of health data. It comments among other on the importance of consent and research ethics committees, as well as on the need for a differentiated approach for the data categories in secondary use.
Report of the event co-organised by the Conseil National de l’Ordre des Médecins (CNOM) and the Standing Committee of European Doctors (CPME) within the context of the French Presidency of the Council of the European Union, to discuss and address the benefits and challenges of the digital transformation in healthcare in Europe.
Research opportunities using ‘big data’ cannot result in weakening of applicable ethical standards. There should be the involvement of research ethics committees or ethics review boards when the legal base to share personal data is other than consent of the data subject.
Sharing patient data needs to go along with strong legal safeguards and security. Governance structures and transparency are essential to supervise the use and re-use of data. To foster trust in the sharing, there should be the involvement of research ethics committees when the legal base to share patient data is other than consent of the data subject. The default position for sharing patient data for other purposes than primary care should be irreversible anonymisation, which should be legally guaranteed.
CPME and 13 civil rights organisations cdevelop scenarios to demonstrate the disproportionate impact of the future eEvidence Regulation on the protection of sensitive health data, among other.