When health data is reused for research, innovation, public health, policy-making and personalised medicine, in European law this is referred to as ‘secondary’ use.
Such data is analysed to identify trends, develop new treatments and improve healthcare services. It can be used again by researchers, companies, public health organisations or healthcare providers following the European Health Data Space (EHDS) regulation.
Benefits of secondary use of health data
- Better healthcare outcomes – Helps identify best practices, improve patient care, and develop new treatments. Advances in medical research – Supports scientific discoveries and a deeper understanding of diseases.
- Stronger public health policies – Helps track disease outbreaks, assess risk factors, and inform decision-making.
- Greater transparency and accountability – Improves healthcare service evaluation and promotes responsible data use.
Benefits for researchers
- easy and quick access to a wide range of health data
- awareness of what health data is available, its quality and where to find it
- improved research on rare diseases, such as rare cancers
Benefits for industry and innovators
- easier access to anonymized and pseudonymized health data for research and innovation
- Boosting the health data economy, fostering new healthcare solutions and AI-driven innovations
Benefits for regulators and policymakers
- Easier data findability and access for public health, patient safety and general functioning of healthcare systems
- Stronger evidence-based policymaking, ensuring well-informed regulations
Benefits for patients
- Better treatments and medical advancements in the long run
- transparency of data use – citizens will be able to see who accessed/used their health data and for what purpose
Legal provisions introduced by EHDS
The European Health Data Space (EHDS) establishes a legal framework to ensure the responsible and secure secondary use of health data.
- Data protection – Strict processing conditions, including:
- Authorisation by Health Data Access Bodies (HDABs).
- Data minimisation, anonymisation, and pseudonymisation.
- Use of secure processing environments.
- Data governance – Clear rules for data findability, access, sharing, and use.
- Opt-out option – Individuals can withdraw their data from secondary use through a simple, reversible and transparent process.
- Data quality and security –
- Strict security and quality standards to protect individual privacy.
- Prohibited uses, such as making decisions that negatively impact individuals or groups based on their health data.
Initiatives implementing secondary use of data
Several initiatives help implement the EHDS and promote the secondary use of health data:
- EHDS2 Pilot project
- Towards a European Health Data Space Second Joint Action(TEHDaS2)
- Direct grant to Member states to set upHDABs
- Capacity Building
- Stakeholder Engagement
- Communications
- Compliance Checks
How can I participate in the implementation of EHDS?
- stay informed by following the European Commission's website and social media for updates on the EHDS
- provide feedback by participating in public consultations (such as TEHDAS) and providing feedback on draft specifications and guidelines
- join a stakeholder group, such as the Stakeholder Forum; many organisations, such as patient associations and research institutions, are helping develop the EHDS
- participate in pilot projects to test and demonstrate the value of the EHDS
Types of data used for secondary purposes
Under the EHDS Regulation, health data used for secondary purposes can come from:
- electronic health records (EHRs) such as medical history, diagnoses and treatments
- administrative data such as insurance claims and hospital discharge records
- research data such as clinical trials and observational studies
- wearables and mobile apps such as fitness trackers and health monitors
How is personal data protected during secondary use?
The EHDS Regulation, along with GDPR and other EU laws, ensures that health data remains secure and protected:
- Permitted and prohibited purposes – Data can only be used for authorized purposes.
- Access control by Health Data Access Bodies (HDABs) – Applications are reviewed to ensure compliance.
- Data minimisation – Only the minimum necessary data is accessed and processed.
- Anonymisation & pseudonymisation – Ensuring privacy through data protection techniques.
- Restricted access – Only authorized individuals and entities can access health data.
- Secure processing environments – Data is processed in controlled, high-security environments.
By ensuring strict safeguards, EHDS allows health data to drive medical progress while protecting individuals' rights and privacy.
