During the first half of 2020, the European Commission conducted a study based on a series of workshops with the participation of representatives from Ministries of Health, Data Protection Authorities, stakeholders and independent experts consultations across the EU with the objective to examine and present the EU Member States' rules that govern the processing of health data in light of the General Data Protection Regulation (GDPR). As a result, the "Assessment of the EU Member States' rules on health data in the light of GDPR" has been recently published.
The study finds that while the GDPR lays down horizontal directly applicable rules in all Member States, variations on its application at the national level are found, leading to a fragmented approach in the way that health data processing for health and research is conducted in the Member States. The study also identified potential future EU level actions, including stakeholder driven Codes of Conduct as well as new targeted EU level legislation to support the upcoming development of the European Health Data Space.
Moreover it is highlighted the importance of co-operation among all the involved players, with a special focus on the interest of patients as key active agents in their healthcare. In addition, as one of the conclusions, more resilient healthcare systems and stronger collaborative public health protection and research are required to ensure that health data can be used to promote better patient care.