Assessment of the EU Member States' rules on health data in the light of GDPR

Johan Hansen, Petra Wilson, Eline Verhoeven, M. Kroneman, Mary Kirwan, Robert Verheij, E-B. van Veen

Research output: Book/ReportReport

29 Downloads (Pure)


In the context of the Single Framework Contract Chafea/2018/Health/03 between the EUHealthSupport Consortium and the Consumers, Health and Food Executive Agency (Chafea), a study was conducted with the objective to examine and present the EU Member States’ rules governing the processing of health data in light of the GDPR, with the objective of highlighting possible differences and identifying elements that might affect the cross-border exchange of health data in the EU, and examining the potential for EU level action to support health data use and re-use. We distinguish between using health data for primary purposes (for treatment of the patient) and secondary purposes (for research, registries and management of the healthcare system). The study provides an evidence-based comparison of the state of play regarding health data governance within the EU. This will help to assess in what areas EU intervention might be needed and if so, through which types of measures, be it measures such as a Code of Conduct for data processing in the health area, which could be supported by an EU level implementing act or more direct legislative action, taking into account the particularities of the health systems in the Member States. The study uses a mixed-methods approach, consisting of the following elements: - Literature review to provide an overview of best practices, bottlenecks, policy options and possible solutions already identified in the literature. - Mapping legal and technical aspects of health data usage at national level to provide an overview of the differences among countries in legislation, regulation and governance models regarding processing health data. - In-depth case studies of national governance models for health data sharing. - Workshops held with MoH representatives, experts, stakeholder representatives and experts from national data protection offices. - Stakeholder Survey to cross validate and supplement the topics addressed and identified in the Member State legal and technical aspects mapping. The results of this study allow for a detailed assessment of possible elements at Member States/EU level that might affect the movement of health data across borders. It also identifies practices that could facilitate this exchange of data, as well as possible policy options for strategies in this area. Finally, we explored possibilities for sustainable governance structures for health data collection, processing and transfer, as well as measures empowering citizens to have more control of their own health data and to ensure portability and interoperability of these data.
Original languageEnglish
Place of PublicationLuxembourg
PublisherEuropean Union
Number of pages262
ISBN (Electronic)978-92-9478-785-9
Publication statusPublished - 2021


Dive into the research topics of 'Assessment of the EU Member States' rules on health data in the light of GDPR'. Together they form a unique fingerprint.

Cite this