Articles of the European Health Data Space (EHDS), Article 10, Digital health authority

Article 10, Digital health authority, Articles of the European Health Data Space (EHDS), (Proposal_3.5.2022)

1. Each Member State shall designate a digital health authority responsible for the implementation and enforcement of this Chapter at national level. The Member State shall communicate the identity of the digital health authority to the Commission by the date of application of this Regulation. Where a designated digital health authority is an entity consisting of multiple organisations, the Member State shall communicate to the Commission a description of the separation of tasks between the organisations. The Commission shall make this information publicly available.

2. Each digital health authority shall be entrusted with the following tasks:

(a) ensure the implementation of the rights and obligations provided for in Chapters II and III by adopting necessary national, regional or local technical solutions and by establishing relevant rules and mechanisms;

(b) ensure that complete and up to date information about the implementation of rights and obligations provided for in in Chapters II and III is made readily available to natural persons, health professionals and healthcare providers;

(c) in the implementation of technical solutions referred to in point (a), enforce their compliance with Chapter II, III and Annex II;

(d) contribute, at Union level, to the development of technical solutions enabling natural persons and health professionals to exercise their rights and obligations set out in this Chapter;

(e) facilitate for persons with disabilities to exercise their rights listed in Article 3 of this Regulation in accordance with Directive (EU) 2019/882 of the European Parliament and of the Council 55.

(f) supervise the national contact points for digital health and cooperate with other digital health authorities and the Commission on further development of MyHealth@EU;

(g) ensure the implementation, at national level, of the European electronic health record exchange format, in cooperation with national authorities and stakeholders;

(h) contribute, at Union level, to the development of the European electronic health record exchange format and to the elaboration of common specifications addressing interoperability, security, safety or fundamental right concerns in accordance with Article 23 and of the specifications of the EU database for EHR systems and wellness applications referred to in Article 32;

(i) where applicable, perform market surveillance activities in accordance with Article 28, while ensuring that any conflict of interest is avoided;

(j) build national capacity for implementing interoperability and security of the primary use of electronic health data and participate in information exchanges and capacity building activities at Union level;

(k) offer, in compliance with national legislation, telemedicine services and ensure that such services are easy to use, accessible to different groups of natural persons and health professionals, including natural persons with disabilities, do not discriminate and offer the possibility of choosing between in person and digital services;

(l) cooperate with market surveillance authorities, participate in the activities related to handling of risks posed by EHR systems and of serious incidents and supervise the implementation of corrective actions in accordance with Article 29;

(m) cooperate with other relevant entities and bodies at national or Union level, to ensure interoperability, data portability and security of electronic health data, as well as with stakeholders representatives, including patients’ representatives, healthcare providers, health professionals, industry associations;

(n) cooperate with supervisory authorities in accordance with Regulation (EU) 910/2014, Regulation (EU) 2016/679 and Directive (EU) 2016/1148 of the European Parliament and of the Council 56 with other relevant authorities, including those competent for cybersecurity, electronic identification, the European Artificial Intelligence Board, the Medical Device Coordination Group, the European Data Innovation Board and the competent authorities under Regulation […] [Data Act COM/2022/68 final];

(o) draw up, in collaboration where relevant with market surveillance authorities, an annual activity report, which shall contain a comprehensive overview of its activities. The report shall be transmitted to the Commission. The annual activity report shall follow a structure that is agreed at Union level within EHDS Board, to support benchmarking pursuant to Article 59. The report shall contain at least information concerning:

(i) measures taken to implement this Regulation;

(ii) percentage of natural persons having access to different data categories of their electronic health records;

(iii) information on the handling of requests from natural persons on the exercise of their rights pursuant to this Regulation;

(iv) number of healthcare providers of different types, including pharmacies, hospitals and other points of care, connected to MyHealth@EU calculated a) in absolute terms, b) as share of all healthcare providers of the same type and c) as share of natural persons that can use the services;

(v) volumes of electronic health data of different categories shared across borders through MyHealth@EU;

(vi) level of natural person satisfaction with MyHealth@EU services;

(vii) number of certified EHR systems and labelled wellness applications enrolled in the EU database;

(viii) number of non-compliance cases with the mandatory requirements;

(ix) a description of its activities carried out in relation to engagement with and consultation of relevant stakeholders, including representatives of natural persons, patient organisations, health professionals, researchers, and ethical committees;

(x) information on cooperation with other competent bodies in particular in the area of data protection, cybersecurity, and artificial intelligence.

3. The Commission is empowered to adopt delegated acts in accordance with Article 67 to supplement this Regulation by entrusting the digital health authorities with additional tasks necessary to carry out the missions conferred on them by this Regulation and to modify the content of the annual report.

4. Each Member State shall ensure that each digital health authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers.

5. In the performance of its tasks, the digital health authority shall actively cooperate with stakeholders’ representatives, including patients’ representatives. Members of the digital health authority shall avoid any conflicts of interest.