European Union: European Health Data Space (EHDS) Regulation (2025/327) enters into force with grace period

On 25 March 2025, the European Health Data Space (EHDS) Regulation (2025/327) entered into force with a grace period. The Regulation facilitates access to electronic health data for primary use in healthcare and secondary use for research, policy making, and innovation across the European Union. It establishes common rules, standards, and infrastructures to enable secure and interoperable access to electronic health data. Individuals have the right to access, insert information, request rectification, restrict access, and control the portability of their personal electronic health data. Healthcare professionals can access relevant electronic health records of patients under their treatment, with cross-border exchange facilitated by MyHealth@EU, the EU-wide infrastructure for the secure exchange of health data. Electronic health record (EHR) systems must include harmonised software components to ensure interoperability, data security, and auditability in line with the technical and legal requirements of the Regulation. The Regulation defines several categories of electronic health data, including EHR data, health determinants, administrative data, and clinical research data. Health data users can only access electronic health data for specified purposes, such as public health, policy making, and research, with prohibitions on use for marketing, insurance discrimination, or any other unauthorised purpose. Governance is overseen by Health Data Access Authorities, which review applications, issue authorisations, and ensure compliance with data minimisation and security requirements.