Summary
The regulation harmonizes regulations on a European scale, which is a major issue in terms of the health of populations across Europe on the one hand, and in terms of innovation on the other.
The regulation creates, in very concrete terms, for example:
• An infrastructure enabling the sharing of health data contained in medical records, respecting the rights of individuals, for cross-border care of people during their travels in Europe;
• An infrastructure, procedures for accessing harmonized and regulated data in member states, and catalogs of data available to facilitate the secondary reuse of health data that has been previously anonymized or pseudonymized.
The regulation strengthens and harmonizes, in addition to the GDPR, the rights of individuals concerning health data: the right of direct access to medical records, the right to object to the processing of health data, settings for access to this data, enhanced information, and facilitation of the exercise of rights for individuals, and rules for data localization.It also provides for a robust framework of European and national governance for digital health. It requires the creation, in each member state, of national authorities competent to support and control the proper application of the regulation. It strengthens European governance of digital health by replacing the eHealth network, co-chaired by France, with a committee of the EHDS with a comitology involving all stakeholders in the decisions (patients, health professionals, researchers, industrialists, institutional representatives, etc.).
The European Commission will establish the central infrastructure and services supporting the EHDS.In the medium term, the regulation also provides for the possibility of connection for countries and organizations based outside the EU, under conditions of guaranteed security and data protection.Its implementation will be spread over the next 2 to 6 years and will require adjustments to existing regulations in France, particularly concerning the reuse of health data (secondary use).
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Vendor GDPR in Clinical Trials: What the IQVIA CNIL Ruling Changes for Sponsors and Healthtech Companies
On 26 May 2026 the CNIL fined IQVIA Operations France EUR 5 million for failures in its two authorised health data warehouses, LRX and EMR. The decision exposes weaknesses in CRO data protection practice that have direct consequences for every pharmaceutical sponsor relying on a CRO to process patient, prescription or trial data. This article unpacks the four areas of failure, explains why pseudonymisation no longer offers the cover many sponsors assume, and sets out a practical oversight checklist for sponsor data controllers.
EU AI Act for Healthcare: What Life Sciences Companies Need to Know before August 2026
EU AI Act 2026 healthcare enforcement requires immediate compliance to avoid penalties.
Navigating US Regulatory Requirements for AI-Powered Medical Devices: A Comprehensive Guide to FDA, HIPAA, and IRB Compliance
US AI medical device compliance requires navigating FDA, HIPAA, IRBs, and consent waivers strategically.
FAQs
Our frequently questions