BEUC NEWS - 06.02.2019

Digitalisation is advancing so quickly that even our health is going online. Electronic health records (EHRs) are one of the most important and sensitive elements in this respect. These files, which may contain the most intimate details about an individual’s health records, can be shared electronically. That way, health care professionals can access a patient’s medical history in just a few clicks.

In this context, the EU Commission just adopted recommendations for Member States on how the cross-border exchange of EHRs should be made possible. The Commission wants to ensure secure and seamless exchange and use of health data in the EU. In brief, when consumers are consulting a healthcare professional while abroad, their medical records should be easy to access while being protected against misuse.

The Commission mainly aims to set up a Europe-wide exchange format. The plan is to invite Member States to adapt their laws, where necessary, to make sure consumers can access their health data in a secure way. The Commission will develop an infrastructure that would enable a secure cross-border exchange of health data.

These recommendations hold good potential to promote higher quality and safer healthcare for all European consumers, wherever they are at home or abroad. Nonetheless, the highly sensitive nature of health data comes with privacy and security risks. Member States and the Commission urgently need to address such risks before more data is fed into the EU-wide exchange format. BEUC insists that:

• To make EHRs in line with the General Data Protection Regulation, consumers should be able to control how and with whom to share their personal data. For instance, it should be possible for a patient to request that inaccurate data is deleted.
• Also, security, i.e. protection against hacking or cyberattacks must be at the core of EHRs. To do so, it is imperative to guarantee robust IT security, both at EU and national levels.
• Also, consumer trust in electronic health records is crucial, as the Commission rightly underlines. We insist on the need for strong authentication systems. That would help reassure consumers that only authorised, and specifically trained health care professionals can access their medical records.

Now it is up to Member States to first develop their own health records system and join the EU exchange format in the coming years.

More information:

• EU Commission’s Recommendation on a European Electronic Health Record exchange format
• BEUC’s response to the EU Commission’s Consultation
• BEUC blog ‘E-health: your every personal detail online’, 2018
• BEUC Position paper ‘Digital health principles and recommendations’, 2018