Articles of the European Health Data Space (EHDS), Article 37, Tasks of health data access bodies

Article 37, Tasks of health data access bodies, Articles of the European Health Data Space (EHDS), (Proposal_3.5.2022)

1. Health data access bodies shall carry out the following tasks:

(a) decide on data access applications pursuant to Article 45, authorise and issue data permits pursuant to Article 46 to access electronic health data falling within their national remit for secondary use and decide on data requests in accordance with Chapter II of Regulation […] [Data Governance Act COM/2020/767 final] and this Chapter;

(b) support public sector bodies in carrying out the tasks enshrined in their mandate, based on national or Union law;

(c) support Union institutions, bodies, offices and agencies in carrying out tasks enshrined in the mandate of Union institutions, bodies, offices and agencies, based on national or Union law;

(d) process electronic health data for the purposes set out in Article 34, including the collection, combination, preparation and disclosure of those data for secondary use on the basis of a data permit;

(e) process electronic health data from other relevant data holders based on a data permit or a data request for a purposes laid down in Article 34;

(f) take all measures necessary to preserve the confidentiality of IP rights and of trade secrets;

(g) gather and compile or provide access to the necessary electronic health data from the various data holders whose electronic health data fall within the scope of this Regulation and put those data at the disposal of data users in a secure processing environment in accordance with the requirements laid down in Article 50;

(h) contribute to data altruism activities in accordance with Article 40;

(i) support the development of AI systems, the training, testing and validating of AI systems and the development of harmonised standards and guidelines under Regulation […] [AI Act COM/2021/206 final] for the training, testing and validation of AI systems in health;

(j) cooperate with and supervise data holders to ensure the consistent and accurate implementation of the data quality and utility label set out in Article 56;

(k) maintain a management system to record and process data access applications, data requests and the data permits issued and data requests answered, providing at least information on the name of the data applicant, the purpose of access the date of issuance, duration of the data permit and a description of the data application or the data request;

(l) maintain a public information system to comply with the obligations laid down in Article 38;

(m) cooperate at Union and national level to lay down appropriate measures and requirements for accessing electronic health data in a secure processing environment;

(n) cooperate at Union and national level and provide advice to the Commission on techniques and best practices for electronic health data use and management;

(o) facilitate cross-border access to electronic health data for secondary use hosted in other Member States through HealthData@EU and cooperate closely with each other and with the Commission.

(p) send to the data holder free of charge, by the expiry of the data permit, a copy of the corrected, annotated or enriched dataset, as applicable, and a description of the operations performed on the original dataset;

(q) make public, through electronic means:

(i) a national dataset catalogue that shall include details about the source and nature of electronic health data, in accordance with Articles 56 and 58, and the conditions for making electronic health data available. The national dataset catalogue shall also be made available to single information points under Article 8 of Regulation […] [Data Governance Act COM/2020/767 final];

(ii) all data permits, requests and applications on their websites within 30 working days after issuance of the data permit or reply to a data request;

(iii) penalties applied pursuant to Article 43;

(iv) results communicated by data users pursuant to Article 46(11);

(r) fulfil obligations towards natural persons pursuant to Article 38;

(s) request from data users and data holders all the relevant information to verify the implementation of this Chapter;

(t) fulfil any other tasks related to making available the secondary use of electronic health data in the context of this Regulation.

2. In the exercise of their tasks, health data access bodies shall:

(a) cooperate with supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 in relation to personal electronic health data and the EHDS Board;

(b) inform the relevant supervisory authorities under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 where a health data access body has imposed penalties or other measures pursuant to Article 43 in relation to processing personal electronic health data and where such processing refers to an attempt to re-identify an individual or unlawful processing of personal electronic health data;

(c) cooperate with stakeholders, including patient organisations, representatives from natural persons, health professionals, researchers, and ethical committees, where applicable in accordance with Union and national law;

(d) cooperate with other national competent bodies, including the national competent bodies supervising data altruism organisations under Regulation […] [Data Governance Act COM/2020/767 final], the competent authorities under Regulation […] [Data Act COM/2022/68 final] and the national competent authorities for Regulations (EU) 2017/745 and Regulation […] [AI Act COM/2021/206 final].

3. The health data access bodies may provide assistance to public sector bodies where those public sector bodies access electronic health data on the basis of Article 14 of Regulation […] [Data Act COM/2022/68 final].

4. The Commission is empowered to adopt delegated acts in accordance with Article 67 to amend the list of tasks in paragraph 1 of this Article, to reflect the evolution of activities performed by health data access bodies.