1. Introduction

Health data can be considered to be among the most sensitive personal data. Their processing is regulated by the GDPR^[1], while at the same time, their free movement within the European Union is of considerable interest for the functioning of the (digital) internal market^[2].

Art. 4, paragraph15, GDPR defines «data concerning health» as «personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status». This covers various aspects. On the one hand, it refers to individual data that accrue during medical treatment and that could be exchanged between different professionals involved in the treatment of the patient. Moreover, these individual data are processed by the respective health insurance system in order to settle the costs of treatment. These aspects are usually referred to as “primary use of health data”. On the other hand, the so-called “secondary use” aims at using health data for purposes other than those for which they were originally acquired^[3]. This refers to the processing of anonymous or anonymized data for reasons of public health, the importance of which has been proven by the experience in the SARS-CoV-2 pandemic: Data on – among others – incidence, hospitalisation and mortality were analysed in order to take targeted measures to combat the pandemic.

Whereas these kind of facts and figures were initially collected in paper form – often manually – digital data processing does not only allow for a faster flow of information, but also for the targeted granting of rights for access and use, and thus a more efficient exchange of information. Nevertheless, risks to data security should not be underestimated.
Furthermore, effective use of data in the internal market requires that systems are standardised or at least interoperable.

This article outlines the legal framework for the digitization of these different types of health data. In the European Union context, the first question to be addressed is that of competencies (2.). Thereafter, selected cases for the processing of digital health data will be presented, starting with the Commission proposal for a European Health Data Space (EHDS) (3.1.), the Electronic Exchange of Social Security Information (EESSI) which is part of social security coordination (3.2.) and finally instruments and institutions for data exchange within the European Health Union (3.3.)^[4].

2. Competencies for the digitalisation of health data

The creation of a digital European administrative space requires corresponding competences of the European Union. Shared competence applies to the «common safety concerns in public health matters», Art. 4, paragraph 2, letter k), TFEU. However, this applies only to the aspects defined in the TFEU. Art. 6, paragraph 3, letter a), TFEU specifies that EU actions are limited to support, coordinate or supplement the actions of the member states regarding the protection and improvement of human health. While Art. 168, paragraph 4, TFEU demands that a high level of human health protection shall be ensured in the definition and implementation of all Union policies and activities, other treaty provisions limit the scope of EU action to medicinal products and medical devices (Art. 168, paragraph 4, TFEU), encouraging cooperation among member states (Art. 168, paragraph 2, TFEU) and adopting incentives to combat major cross-border health scourges, to monitoring, early warning of and combating serious cross-border threats to health (Art. 168, paragraph 5, TFEU).

Since health services comprise both goods (Art. 28 TFEU) and services (Art. 56 TFEU)^[5], they touch upon Art. 114 TFEU, according to which the Council and Parliament take measures for the approximation of national legal provisions in order to ensure the functioning of the internal market. Full market freedoms are achieved only if patients can access their health records and obtain prescriptions or other healthcare services in any member state^[6]. This could be further facilitated by digital tools. However, harmonisation is not an option for Art. 168, paragraph 7, TFEU underlines the responsibilities of the member states for defining their health policy, including the organisation and delivery of health services and medical care^[7]. This also has an effect on the digitalisation and processing of health data: The EU’s role is that of a moderator and facilitator, bringing together the initiatives of the member states.

3. Selected fields of digitalisation of health data

In recent years, countless projects and initiatives, research and practice networks on digital health have emerged and are funded at Union level^[8]. The EU itself has established – or is about to do so – a legal framework for the exchange of digital health data in order to facilitate free movement of patients and to foster research on cross-border threats to public health. The following section presents three selected examples.

3.1. Proposal for a European Health Data Space

As early as the 1990s, the ECJ recognised that the use of health services in other member states – be it the purchase of glasses^[9] or dental treatment^[10] – is protected by the freedom to provide services. The clarification was necessary because the costs of these services are usually not borne by the consumers themselves, but are covered by the health insurance funds. Due to the exclusive competence of the member states to define their health systems, reimbursement mechanisms differed throughout the Union. Therefore, the ECJ held that national law must safeguard free movement of patients.

3.1.1. Starting point: Patients’ rights directive

This case law has been implemented into the Patients’ Rights Directive 2011/24/EU^[11], which is intended to facilitate access to safe and high-quality cross-border healthcare in the Union and to ensure patient mobility. It establishes – among others – rules for the reimbursement of costs that occur when patients receive health care outside the state in which they are insured, cf. Art. 7 dir. 2011/24/EU^[12]. So far, the exchange of information on health conditions, medication or treatments has to be organised by the patients themselves. Usually, all medical professionals keep their own patient records; there is no exchange or even automated reconciliation which may lead to a loss of information and – consequently – might even cause hazards to patients’ health. The member states’ competence to freely organise their health care system also applies to digitalisation. They decide whether they introduce electronic health systems and how to design them. The data required for effective medical treatment is therefore not processed digitally throughout the EU, nor are the systems – where they exist – necessarily interoperable.

The Patients’ rights directive shall offer a remedy for this. According to Art. 14, paragraph 1, dir. 2011/24/EU, the Union shall support and facilitate cooperation and the exchange of information among member states. The basis, however, is a voluntary network, for any mandatory EU provisions are precluded by Art. 168, paragraph 7, TFEU. The eHealth Network shall connect the responsible national authorities that shall develop interoperable applications to ensure the continuity of treatment and care and to take account of patients’ expectations of trust and security. Furthermore, the network shall draw up guidelines on which data are to be included in a patients’ summary and how they can be exchanged among health professionals, and support the development of identification and authentication measures for organising cross-border data transfer.

3.1.2. myHealth@EU

First steps to implement these stipulations have been taken with the eHealth service infrastructure (eHDSI). The brand “myHealth@EU” gathers measures to introduce electronic prescriptions and patient summaries. E-Prescriptions shall enable patients to buy medicine upon prescription in any pharmacy across the EU, whereas the patient summary shall contain information on, e.g. allergies, medication, previous illnesses or surgeries in the language of the person treating the patient. It summarises essential health data, but not all information from the patient’s health record^[13]. It is not clear how the patients’ health information shall be translated into the official languages of all member states. However, the medical terminology used in prescriptions, laboratory reports or medical images should be comprehensible in a cross-border context as well.

Until now, only few member states have created an electronic health data infrastructure, and those that exist are interoperable between selected member states and with regard to isolated aspects only. For example, the cross-border use of e-prescriptions is possible for patients from Estonia in Finland, Croatia, Portugal and Spain, or for patients from Spain in Portugal and Croatia. The cross-border exchange of health data is possible for patients from the Czech Republic to doctors in Luxembourg, Croatia, Portugal, France, the Netherlands, while doctors in the Czech Republic can access health information of patients from Croatia, Malta, Portugal and Luxembourg^[14]. This lack of interoperability is proving to be the biggest obstacle for a truly European (Digital) Health Union^[15].

3.1.3. Proposal for a European Health Data Space

In order to drive development, the Commission presented a draft regulation to establish a European Health Data Space in May 2022^[16]. It is intended to «significantly support the free movement of natural persons and … promote the EU as a global standard setter in the field of digital health»^[17], by ensuring both patients’ control over their own data and an effective use of data in cross-border situations. The Commission thus aims to create a “true single market for digital health services”, referring to the positive experience with the European Digital Covid Certificate^[18].

As for the definition of the term “personal electronic health data”, the draft refers to the definition of health data as used in the GDPR that are processed in an electronic form. “Non-personal electronic health data” are data concerning health and genetic data in electronic format that fall outside the GDPR definition, and “electronic health data” comprise personal or non-personal electronic health data^[19]. However, the draft does not consistently adhere to this distinction, hence its scope of application does not generally extend to all electronic data^[20]. The main aim of the proposal is to collect the different patients’ records of the medical professionals in the hands of the patients themselves. To this end, electronic health record (EHR) systems shall be made available on the market^[21]. EHR systems serve as a collection of electronic health data related to a natural person and collected in the health system, that are processed for healthcare purposes^[22]. They cover measures to assess, maintain or restore health such as prescriptions of medicines or medical devices as well as social security data^[23]. Patients shall have immediate access to their personal electronic health data at any time and free of charge, and they may restrict access of health professionals to all or part of their electronic data^[24]. Even if complete access to all data may be helpful from a medical point of view for gaining a comprehensive picture of the individual health conditions, patients’ right to self-determination makes their individual and explicit consent indispensable^[25].

Member states are obliged to create electronic health data access services at national, regional or local level as well as proxy services with which a patient may authorise other persons to access their data on their behalf^[26]. Hence, the Commission’s proposal does not aim at establishing a European standard EHR system; instead the guidelines developed in the eHDSI may serve as a basis for a uniform conception, which would clearly be in the interest of the patients.

If data are processed in electronic format, health professionals shall have access to the electronic health data of their patients, irrespective of their country of residence or insurance affiliation. Besides, they shall be able to update these data if necessary for reasons of medical treatment. The rights of the health provider, however, depend on the patient’s consent to share his data with them^[27].

As for the member states, priority shall be given to implementing cross-border processing and exchange of electronic health data regarding patient summaries, electronic prescriptions and dispensations, medical images and image reports, laboratory results and discharge reports^[28]. They shall also designate a Digital Health Authority which is responsible for the implementation and enforcement of the regulation The Commission, on the other hand, will provide the necessary technical specifications for establishing a European electronic health record exchange format. This will serve as a uniform platform for the data sets, their coding and exchange. With the coming into force of the regulation, the hitherto voluntary participation of the member states in myHealth@EU will become mandatory^[29].

3.2. Processing of electronic health data via EESSI

While the creation of the European Health Data Space is still in the process of being established, the (analogue) cross-border exchange of data among the member states’ statutory health insurance systems has been established for a long time. Free movement of workers is one of the fundamental freedoms ever since the founding of the European Economic Community.

3.2.1. Basic principles of social security law coordination

Since social security law falls in the exclusive competence of the member states and is thus organised based on territoriality, a specific European system had to be created in order to prevent the loss of social security rights for migrant workers, Art. 48 TFEU. Social security coordination came into force in 1958 already and is now subject of regulation (EC) 883/2004^[30]. It does not harmonise national social security law but rather interconnects the different systems. According to Art. 11 reg. (EC) 2004/883, the state of employment is competent for insuring workers irrespective of their citizenship or domicile (lex loci laboris), whereas the state of residence is competent for insuring economically inactive persons like students, pensioners or unemployed persons (lex loci domicilii)^[31].

In case of illness, coordination law enables migrant workers and frontier workers and their family members to choose whether to be treated in the competent state or in their residence state^[32], the latter might be more convenient for the patient. Besides, insured persons have the right to necessary medical treatment in emergencies if they are outside the competent state, for example if they fall ill while on holiday^[33]. Moreover, it is possible to receive medical treatment outside the competent member state after authorisation, for example if the capacities in that state are not sufficient to receive necessary treatment in time^[34].

According to the Patients’ Rights Directive, the patient pays for medical treatment in other member states and receives a reimbursement of his expenses by his health insurance fund according to the rates applicable in the state of insurance. In coordination law, however, benefits in kind will be provided in the country of stay on behalf of the competent state. This means that medical professions will treat patients from other members states as if they were insured in this state. Hence, if sickness benefits in this state are awarded in kind, the treatment will be “free of charge” for the patient and covered directly by the health insurance funds, or, if benefits are awarded in cash, patients will have to pay for their medical treatment and claim reimbursement from their health insurance fund – irrespective of the legal provisions in the competent state. The amount of the sickness benefit varies, depending on whether the patient is a frontier worker, in case of emergencies or in case of planned treatment^[35]. Patients may prove their entitlements by means of so-called Portable Documents (PD). In case of sickness, the European Health Insurance Card (EHIC) is a PD to prove the patient’s affiliation with the statutory health insurance scheme of another member state. It is not necessarily digitised, e.g. in Germany, it is simply printed on the back of the health insurance card.

3.2.2. Digital exchange of health data

In any case, health data will be transferred from medical professionals to the statutory health insurance scheme of the member states involved. This was the case from the very beginning of social security coordination – initially on paper forms. Art. 78 reg. (EC) 2004/883 stipulates the gradual introduction of electronic processing and exchange of data, with each member state being responsible for managing its own part of the data-processing services.
Once they have declared that they are able to participate in the digital data management system, authorities and institutions of other member states may not reject electronic documents that have been issued in other member states.

The Implementation regulation (EC) 987/2009^[36] contains more detailed provisions for the use of the Community infrastructure. This “Electronic Exchange of Social Security Information” (EESSI) shall gradually replace the previous exchange of data by analogue mail^[37]. Its use is mandatory since 2019^[38]. The competent institutions shall provide or exchange all data without delay, be it directly by the institutions themselves or indirectly via so-called liaison bodies^[39]. Art. 4, paragraph 2, reg. (EC) 2009/987 provides for the electronic transmission of data and requires a «common secure framework in which the confidentiality and protection of the data exchanged is guaranteed».

Structure, content, format and the requirements for the exchange of documents are set up by an Administrative Commission^{[40] [41]}. For this purpose, the Administrative Commission has defined Business Use Cases (BUC) that represent typical processes and circumstances that can occur in social security coordination, for example planned health care treatment in another member state or registering for health care of pensioners living abroad. Data which are processed in a BUC are recorded in so-called Structured Electronic Documents (SED), designed for electronic exchange of information between member states^[42]. Their content and layout is uniform across all member states. This does not only serve the purpose of standardisation, but ensures completeness of the data, their availability in all official languages of the EU and the recognisability of the documents for the institutions. The Administrative Commission has determined which SED should be used, in which constellation and in which order. Health data between the statutory health insurance schemes are forwarded and synchronised via access points, which are electronic contact point that allow for automatic checking and routing^[43]. They have to be created by the member states; furthermore, they have to assign liaison bodies^[44] for each branch of social security; they are responsible for the implementation of benefit coordination and have to process the data they received in cross-border-cases^[45].

Hence, social security coordination is safeguarded within a truly European architecture with standardised semantics and structures, making the systems of all member states interoperable.

3.3. European Health Union

Continuous and systematic processing and evaluation of health data is of high importance for public health surveillance^[46]. The exchange of anonymous or anonymised health data among member states had already been initiated after the first outbreaks of a Corona-virus induced Severe Acute Respiratory Syndrome (SARS) in the early 2000s and the Zika virus disease outbreak in 2015 and 2016^[47]. However, since primary law does not allow for harmonisation in public health, member states are responsible for determining which data they collect, on what basis and with which tool. This may not only lead to incompatibility of systems, but also to information gaps and thus severely limits common monitoring of pandemic developments^[48]. The recent SARS-CoV2-pandemic has made it abundantly clear that cross-border health data exchange is essential, for infectious diseases or other health threats do not end at national borders. If such data is collected manually – as was the case until the pandemic in some member states – there is not only a risk of time delays, especially if the responsible authorities are overburdened, but also of errors and incompleteness^[49].

Despite its rather narrow competences, the EU has taken a broad range of measures. They closely relate to cross-border health threats and their prevention, but not to public health in general. In summary, the Commission has strengthened and expanded the mandate of several agencies concerned with health issues, while others have been newly created. These initiatives aim to foster coordination and cooperation between member states. They have gained momentum through the 2020 proposal for a European Health Union, which, in addition to the general protection of public health, aimed at cross-border exchange of medical treatment, protective equipment or medicines^[50].

3.3.1. Reshaping the Commission agencies

The newly created Health Emergency Preparedness and Response Authority (HERA)^[51] is – among others – to monitor the emergence of new viruses and virus variants throughout the European Union. Besides, it shall promote the formation of a network for sharing knowledge and research results gained in clinical trials of new medicines^[52], and exchanging information on supply and demand of key health commodities like medicines, vaccines and protective equipment^[53]. This should contribute to the development of strategies for new health crisis instead of merely reacting ad hoc to unknown dangers. For this purpose, HERA will build up capacities for horizon scanning and foresight^[54]. In close cooperation with the member states, research, industry and other EU authorities, HERA will establish real-time data on possible health threats and develop models in order to be able to forecast outbreaks of new viruses or virus variants^[55]. Research and development of platforms for the rapid sharing of data are one of the HERA Board’s tasks^[56]. Details, however, are unclear at that stage.

For coordinating national health measures in times of crisis, the Commission hosts the European Centre for Disease Prevention and Control (ECDC)^[57]. It is responsible for pandemic preparedness and for preventing shortages in the medical sector such as those that had occurred at the beginning of the SARS-CoV2-pandemic. ECDC operates epidemiological surveillance networks (cf. 3.3.2.) and supports networking activities of the member states^[58]. To this end, it shall foster the digitalisation of platforms and databases and strive for the harmonisation of terminologies and processes used in them. One example is the European Data Portal on Covid-19, which has been established in April 2020^[59]. This entails the processing, exchange and pooling of anonymous or anonymised health data at the ECDC^[60], for which according to Art. 9, paragraph 2, letter i), GDPR, a legal basis in national is required^[61]. It is conceivable to use Artificial Intelligence to evaluate large volumes of data^[62], though whether and to what extent this is possible depends on the member states, cf. Art. 168, paragraph 7, TFEU^[63].

In 2020, the Commission has proposed to broaden the mandate of the ECDC^[64]. For example, data on free hospital beds shall be exchanged across the Union^[65]; data exchange between ECDC and European Medicine Agency (EMA)^[66] shall contribute to better coordination of clinical trials and thus to faster approval of vaccines and medicine^[67].

ECDC observers are also members of the Health Security Council (HSC), within which representatives of the member states public health policies may consult each other regarding their preparedness for health threats and their responses^[68].

3.3.2. Network for the epidemiological surveillance and control of communicable disease

Decision 2013/1082/EC^[69] provides for the creation of a network for epidemiological surveillance and the establishment of a surveillance platform. It was issued well before the SARS-CoV-pandemic^[70] and is intended to support cooperation and coordination among the member states in order to prevent or combat serious diseases and other health threats. The network is operated by the ECDC. One core element is the Early Warning and Response System (EWRS) which shall assess health risks, notify alerts and determine necessary measures^[71]. Thus, the competent authorities of the member states have to communicate comparable and compatible data and necessary information for epidemiological surveillance^[72]. This comprises general data on case numbers of notifiable diseases, hospitalisation rates and death rates.

In 2020, the Commission has proposed to improve the cross-border preparedness planning by extending the member states’ reporting obligations and striving for complementing the national pandemic plans^[73]. In 2021, the previously separate systems TESSy (European Surveillancy Tool) – a database for surveillance data of the member states – and EPIS (Epidemic Intelligence Information System) – a tool for exchanging information among experts – merged into the surveillance platform EpiPulse. Within this framework, digital health data have been processed and analysed for several years. However, the platform shall be further developed to enable the automated collection of surveillance and laboratory data, the use of information from electronic health records as well as media monitoring, and the application of artificial intelligence for data validation, analysis and automated reporting. Besides, it shall allow for the computerised handling and exchange of information, data and document^[74]. The technical specifications shall be laid down by the Commission^[75].

3.3.3. Secondary use of health data

The processing of individual patient data within the EHR (cf. 3.1.3) shall not only facilitate cross-border medical treatment, but the EU also aims at fostering their secondary use, which refers to «lifting the data treasure»^[76] for purposes outside the treatment relationship for which data were originally collected^[77]. These purposes are research and innovation^[78], but also public and occupational health, statistics, training and testing of medical algorithms or public health policies^[79]. Within the eHealth Network, the EU shall develop guidelines on effective methods for enabling the use of medical information for public health and research^[80].

With the new proposal for a European Health Data Space, the Commission aims at not only at secondary use of the EHR, but also genetic data, public health registers, data from clinical trials, or data from biobanks or other databases^[81]. Obviously, these data are much more specific than those processed within the epidemiological surveillance network. Access to these data is to be ensured if the processing of the data serves the mentioned purposes. Hence, patients can hardly prevent secondary use, as no right of objection is provided for in the Commission proposal^[82]. member states shall designate health data access bodies that are responsible for granting access to secondary use^[83]. This also means that standards, infrastructure and standardised processes have to be created. In some member states, this is probably still a long way off, for it depends on their (technical) progress in digitising patient records even for primary use.

4. Conclusions

Health data reveal highly personal information. Protecting it against unauthorized access is therefore an essential task. At the same time, medical treatment relies on the exchange of data between different medical professions in order to be effective and sage. In the internal market, this touches upon the freedom to use and provide services. Hence, cross-border exchange of data has to be ensured, without, however, making them become a commodity. The Commission proposal for EHR safeguards patients’ autonomy because they shall have control over their data and who they wish to share them with.

While this EU-wide exchange of individual health data in the interest of patient mobility is still emerging, data exchange in the context of social security coordination is well established since the 1950s. Initially in standardised paper form, these long years of experience can be drawn on to meet the practical demands of health insurance institutions, medical professions and insures persons for the digital data exchange.

Beyond these individual aspects, which directly serve the interests of patients, the SARS-CoV2-pandemic has shown that health data must also be used for health protection. Data sharing enables research and exchange of experience, helping to address uncertainty that characterises early stages of pandemics or other new health threats^[84]. However, this can only be successful, if data sets are (technically and semantically) and digital infrastructure are standardised^[85]: Data must be FAIR – findable, accessible, interoperable and reusable^[86].

The common experiences with the SARS-CoV2-pandemic have strongly the political will to build up a European Health Data Space, for health threats do not stop at the borders of the member states. Nevertheless, for an effective and efficient exercise of its advisory and coordinating powers, the European Union depends on the cooperation of the member states. Yet, even in an EU-wide coordinated system of data exchange, capacities of the member states like staff shortages and deficits in technical equipment will have a negative impact. At the same time, with the multitude of actors – agencies, networks and platforms at the European level, and authorities and bodies at national level –, it is not foreseeable whether the exchange and evaluation of data on health protection will be effective and efficient^[87]. Coordinating the various actors, instruments and initiatives on a day-to-day basis is a challenge. But accepting it can create a real added value of the European Health Union.

1. Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46/EC (General Data Protection Regulation). ↑
2. T. Petri, Die primäre und sekundäre Nutzung elektronischer Gesundheitsdaten. Zum Vorschlag der EU-Kommission für einen Europäischen Gesundheitsdatenraum, in DuD, 2022, p. 413. ↑
3. A. Bucher, Eine neue Ära für Gesundheitsdienstleistungen in Europa, in J. Baas (Ed.), Digitale Gesundheit in Europa, Berlin, 2020, p. 257. ↑
4. The comprehensive and complex issues of data protection remain out of consideration in this article; for details cf. J. Buchheim, Die elektronische Patientenakte als Datenfundus für Pharmaindustrie und Gesundheitssektor, in PharmR, 2022, p. 546 (passim). ↑
5. F. Wollenschläger, Patientenmobilität in der Europäischen Union – von der Rechtsprechung des EuGH zur neuen Richtlinie 2011/24/EU über die Ausübung der Patientenrechte in der grenzüberschreitenden Gesundheitsversorgung, in EuR, 2012, pp. 149-158. ↑
6. M. Schmidt, W. Schulz-Weidner, Digitale grenzüberschreitende Gesundheitsversorgung – vom Binnenmarkt über Freihandelsabkommen zur Globalisierung, in ZESAR, 2016, pp. 55-57. ↑
7. C. Schutz vor Epidemien und Pandemien in der Europäischen Union, in EuZW, 2020, 449 (450); C. Calliess, Braucht die Europäische Union eine Kompetenz zur (Corona-)Pandemiebekämpfung?, in NVwZ, 2021, 505 (507 f.); D. E. Lach, Die Gewährleistung der grenzüberschreitenden Gesundheitsversorgung während der COVID-19-Pandemie, in ZESAR, 2022, 365 (366 and 368); P. Stockebrandt, Impuls für eine Europäische Gesundheitsunion, in I. Spiecker gen. Döhmann (Ed.), Mehrebenensystem im Gesundheitswesen. Ein Jahr Corona: Welche Lehren können wir ziehen?, Berlin, 2022, p. 45 et seq. ↑
8. Cf. I. Meyer, Die Nutzbarmachung von Daten für Public Health und Gesundheitsversorgung – ein gemeinsames Ziel der EU-Mitgliedsstaaten, in Bundesgesundheitsblatt 2021, pp. 64-610. ↑
9. Court of Justice, judgement 28 April 1998, C-120/95, Decker, ECLI:EU:C:1998:167. ↑
10. Court of Justice, judgement 28 April 1998, C-158/96, Kohll, ECLI:EU:C:1998:171. ↑
11. Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare. ↑
12. For details cf. F. Wollenschläger, Patientenmobilität in der Europäischen Union – von der Rechtsprechung des EuGH zur neuen Richtlinie 2011/24/EU über die Ausübung der Patientenrechte in der grenzüberschreitenden Gesundheitsversorgung, mentioned, 149 (173 et seq.); K.-J. Bieback, Patientenrichtlinie, in M. Fuchs, C. Janda, Europäisches Sozialrecht, Baden-Baden, 2022, p. 817 et seq.; J.-P. Lhernould, Access to Health Care by Cross-Border Patients, in S. Hennion, O. Kaufmann, EU Citizenship and Free Movement of Patients, Heidelberg 2014, p. 177 et seq. ↑
13. A. Bucher, Eine neue Ära für Gesundheitsdienstleistungen in Europa, mentioned, p. 252. ↑
14. An overview of the status of implementation can be found here: https://health.ec.europa.eu/ehealth-digital-health-and-care/electronic-cross-border-health-services_en . Patients from Germany or Italy cannot participate in this system to far. ↑
15. M. Schmidt, W. Schulz-Weidner, Digitale grenzüberschreitende Gesundheitsversorgung – vom Binnenmarkt über Freihandelsabkommen zur Globalisierung, in ZESAR, 2016, 55 (57). ↑
16. European Commission, Proposal for a Regulation of the European Parliament and of the Council on the European Health Data Space, COM(2022) 197 final. ↑
17. Ibid. ↑
18. Regulation (EU) 2021/953 of the European Parliament and of the Council of 14 June 2021 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic; cf. D. E. Lach, Die Gewährleistung der grenzüberschreitenden Gesundheitsversorgung während der COVID-19-Pandemie, mentioned, pp. 365-368. ↑
19. Art. 2, paragraph 2, letter a) – c), COM(2022) 197 final. ↑
20. T. Petri, Die primäre und sekundäre Nutzung elektronischer Gesundheitsdaten. Zum Vorschlag der EU-Kommission für einen Europäischen Gesundheitsdatenraum, mentioned, pp. 413-415. ↑
21. Art. 2, prargraph 2, letter b), COM(2022) 197 final. ↑
22. Art. 2, paragraph 2, letter m), COM(2022) 197 final. ↑
23. T. Petri, Die primäre und sekundäre Nutzung elektronischer Gesundheitsdaten. Zum Vorschlag der EU-Kommission für einen Europäischen Gesundheitsdatenraum, mentioned, pp. 413-415. ↑
24. Art. 3, paragraph 1 and 9, COM(2022) 197 final. ↑
25. Cf. Art. 9, paragraph 2, letters h), i), j), and paragraph 4, GDPR. For details see A.-L. Hoffmann, Die datenschutzrechtliche Einwilligung im Gesundheitsbereich unter der DSGVO, Frankfurt 2021. ↑
26. Art. 3, paragraph 5, COM(2022) 197 final. ↑
27. Art. 4, paragraph 1 and 4, COM(2022) 197 final. ↑
28. Art. 5, COM(2022) 197 final. ↑
29. Art. 12, COM(2022) 197 final; cf. T. Petri, Die primäre und sekundäre Nutzung elektronischer Gesundheitsdaten. Zum Vorschlag der EU-Kommission für einen Europäischen Gesundheitsdatenraum, mentioned, pp. 413-415. ↑
30. Regulation (EC) 883/2004 of the European Parliament and of the Council of 29 April 2004 on the coordination of social security systems. ↑
31. F. Pennings, European Social Security Law, VII ed., Cambridge, 2022, p. 80 et seq. ↑
32. Art. 17, and 18 reg. (EC) 883/2004. ↑
33. Art. 19, reg. (EC) 883/2004. ↑
34. Art. 20, reg. (EC) 883/2004. ↑
35. For more details on the coordination of health benefits cf. F. Wollenschläger, Patientenmobilität in der Europäischen Union – von der Rechtsprechung des EuGH zur neuen Richtlinie 2011/24/EU über die Ausübung der Patientenrechte in der grenzüberschreitenden Gesundheitsversorgung, mentioned, 149 (152 f.); F. Pennings, European Social Security Law, mentioned, p. 179 et seq.; K.-J. Bieback, Leistungen bei Krankheit sowie Leistungen bei Mutterschaft und gleichgestellte Leistungen bei Vaterschaft, in M. Fuchs, C. Janda, Europäisches Sozialrecht, mentioned, p. 249 et seq. ↑
36. Regulation (EC) 987/2009 of the European Parliament and of the Council of 16 September 2009 laying down the procedure for implementing Regulation (EC) No 883/2004 on the coordination of social security systems. ↑
37. This system does not only apply to the member states of the European Union, but also to the members of the European Economic Area (EEA), Switzerland and the United Kingdom. ↑
38. B. Orak, EESSI – elektronischer Sozialversicherungsdatenaustausch, in NZS, 2021, pp. 914-916 f. ↑
39. Art. 2, paragraph 2, reg. (EC) 987/2009. ↑
40. The Administrative Commission is attached to the European Commission composed of a government representative from each member state. It is assisted, where necessary, by expert advisers, Art. 71, paragraph 1, reg. (EC) 883/2004. ↑
41. Art. 4, paragraph 1, reg. (EC) 987/2009. ↑
42. Art. 1, paragraph 2, letter d), reg. (EC) 987/2009; cf. M. Landeck, T. Schwarz, Artikel 78: Elektronische Datenverarbeitung, in M. Fuchs, C. Janda, Europäisches Sozialrecht, mentioned, p. 602. ↑
43. Art. 1, paragraph 2, letter a), reg. (EC) 987/2009. ↑
44. Art. 1, paragraph 2, letter b), reg. (EC) 987/2009. ↑
45. As for the procedures, cf. B. Orak, EESSI – elektronischer Sozialversicherungsdatenaustausch, mentioned, 914 (915); M. Landeck, T. Schwarz, Artikel 78: Elektronische Datenverarbeitung, in M. Fuchs, C. Janda, Europäisches Sozialrecht, mentioned, p. 601 et seq. ↑
46. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, in MedR, 2022, 730 (730). ↑
47. H.-H. Trute, Pandemien als potentiell globale Katastrophe, in GSZ, 2018, pp. 125-127. ↑
48. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, mentioned, pp. 730-733 f. ↑
49. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, mentioned, 730 (731). ↑
50. European Commission, Building a European Health Union: Reinforcing the EU’s resilience for cross-border health threats, COM(2020) 724 final; For details cf. C. Janda, Die Europäische Gesundheitsunion – Vorschläge der Kommission, in I. Spiecker gen. Döhmann (Ed.), Mehrebenensystem im Gesundheitswesen. Ein Jahr Corona: Welche Lehren können wir ziehen?, mentioned, p. 9 et seq.; K. Henke, Der Aufbau der Europäischen Gesundheitsunion – Lernen aus der Corona-Krise, in MedR, 2021, p. 890 et seq. ↑
51. Commission Decision of 16. September 2021 establishing the Health Emergency Preparedness and Response Authority, C(2021) 6712 final. ↑
52. M. Ambrosius, L. Klement, Lehren aus der Pandemie: Vorschläge zur Verbesserung und Beschleunigung im Zusammenhang mit der Zulassung von Arzneimitteln zur Behandlung von COVID-19 und zur Bekämpfung der Pandemie, in PharmR, 2021, pp. 237-238. ↑
53. K. Henke, Der Aufbau der Europäischen Gesundheitsunion – Lernen aus der Corona-Krise, mentioned, 890 (896). ↑
54. COM(2020) 724 final, p. 20. ↑
55. https://health.ec.europa.eu/health-emergency-preparedness-and-response-hera/operating-modes_en . ↑
56. Art. 6, paragraph 5, letter a), n. iv), C(2021) 6712. ↑
57. It has been established by Regulation (EC) 851/2004 of the European Parliament and of the Council of 21 April 2004 establishing a European Centre for disease prevention and control. ↑
58. Art 5, paragraph 1, reg. 851/2004. ↑
59. https://www.ecdc.europa.eu/en/covid-19/data ; cf. C. Seitz Schutz vor Epidemien und Pandemien in der Europäischen Union, in EuZW, 2020, pp. 449-452 f. ↑
60. Art. 10, paragraph 1, reg. (EC) 851/2004. ↑
61. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, mentioned, 730 (732) deals with the legal basis and its shortcomings in Germany. ↑
62. COM(2020) 724 final, p. 18. ↑
63. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, mentioned, 730 (734). ↑
64. COM(2020) 726 final; the European Parliament has proposed amendments, OJ C117/255 of 11 March 2022. ↑
65. COM(2020) 724 final, p. 2; cf. C. Janda, Die Europäische Gesundheitsunion – Vorschläge der Kommission, mentioned, p. 11 et seq.; Henke, Der Aufbau der Europäischen Gesundheitsunion – Lernen aus der Corona-Krise, mentioned, 890 (894) for further details of the Commission proposal. ↑
66. The role of the EMA has recently been strengthened by Regulation (EU) 2022/123 of the European Parliament and of the Council of 25 January 2022 on a reinforced role for the European Medicines Agency in crisis preparedness and management for medicinal products and medical devices. ↑
67. COM(2020) 725 final, p. 15 ↑
68. COM(2020) 724 final, p. 6. ↑
69. Decision 1082/2013/EU of the European Parliament and of the Council of 22 October 2013 on serious cross-border threats to health. ↑
70. H.-H. Trute, Pandemien als potentiell globale Katastrophe, mentioned, pp. 125-128. ↑
71. Art. 8, paragraph 1, dec. 1082/2013/EU. ↑
72. Art. 6, paragraph 3, letter a, dec. 1082/2013/EU. ↑
73. COM(2020)727 final. The European Parliament has proposed amendments, OJ C205/64 of 20 May 2022. Cf. C. Janda, Die Europäische Gesundheitsunion – Vorschläge der Kommission, mentioned, p. 20 et seq. ↑
74. Art. 14, paragraph 2, COM(2020) 727 final. ↑
75. For details cf. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, mentioned, pp. 730-734. ↑
76. J. Buchheim, Die elektronische Patientenakte als Datenfundus für Pharmaindustrie und Gesundheitssektor, mentioned, pp. 546-547. ↑
77. A. Bucher, Eine neue Ära für Gesundheitsdienstleistungen in Europa, mentioned, p. 257. ↑
78. Art. 4, letter f), reg. (EU) 2021/522. ↑
79. Art. 34, paragraph 1, COM(2022) 197 final. ↑
80. Art. 14, 2, letter b), dir. 2011/24/EU. ↑
81. Art. 33, paragraph 1, COM(2022) 197 final. ↑
82. This is criticised by T. Petri, Die primäre und sekundäre Nutzung elektronischer Gesundheitsdaten. Zum Vorschlag der EU-Kommission für einen Europäischen Gesundheitsdatenraum, mentioned, pp. 413-418. ↑
83. Art. 36 COM(2022) 197 final. ↑
84. Ausführlich H.-H. Trute, Ungewissheit in der Pandemie als Herausforderung, in GSZ, 2020, 93 (passim). ↑
85. S. Kuhlmann, Wissensgenerierung zur Pandemievorsorge und -steuerung durch (digitale) Public Health Surveillance, mentioned, pp. 730-736. ↑
86. A. Bucher, Eine neue Ära für Gesundheitsdienstleistungen in Europa, mentioned, p. 259. ↑
87. C. Janda, Die Europäische Gesundheitsunion – Vorschläge der Kommission, mentioned, p. 35; with a critical view on the distribution of competences C. Calliess, Braucht die Europäische Union eine Kompetenz zur (Corona-)Pandemiebekämpfung?, mentioned, pp. 505-510. ↑