This TEHDAS2 expert guideline supports the implementation of the European Health Data Space (EHDS).In the scope of the second joint action Towards the European Health Data Space (TEHDAS2), this guideline elaborates in detail the different processes that health data access bodies (HDABs) go through in order toimplement their responsibilities under Articles 67–69, 72 and 73 of the European Health Data Space (EHDS) regulation (2025/327): to manage and assess health data access applications and health data requests, to issue data permits and approve health data requests, to obtain data from health data holders, to interact with trusted health data holders, to cooperate with health data users and to enable data access to facilitate the secondary use of health data. As such, the guideline focuses on three distinct stages in the workflow: the necessary application pre-screening that is followed by the thorough assessment and evaluation of the applications and requests.Subsequently, the guideline briefly describes what takes place after a data permit has been granted or a data request approved. Pre-screening of health data access applications and health data requests is the necessary first step to verify that all required information is provided and filled out properly, without prejudging the legal admissibility or scientific validity of the application. The checks described in this guideline aim to ensure technical completeness, semantically valid input and contextual consistency of the application. Following the application pre-screening, the assessment process - to decide whether a data permit should be issued, or a health data request approved - is comprehensively described. This guideline sets out the requirements that must be met for information included in an application to be considered complete, in accordance with the EHDS Regulation. During the assessment of the application, and for the purposes of issuing a data permit or approving a data request, this guideline emphasises the fulfilment of the specific criteria that are outlined in the EHDS Regulation. It should be noted that the suggested framework allows Member States to define and operationalise their own specific processes, provided they remain within the boundaries of the EHDS Regulation. A concise overview of the procedural time frame is also provided in the document. Finally, the guideline briefly describes the actions undertaken by the HDAB that follow the decision, in coordination with health data holders and health data users. The decision is either a data permit, a data request approval, or a refusal. The guideline briefly outlines the coordination of secure data extraction and transmission, the data preparation, making data available in secure processing environments (SPEs) and communicating with the SPEs. Additionally, the guideline also provides basic information of administrative processes such as invoicing for the provided services, the continuous monitoring of compliance and documentation processes. Especially the actions to be taken after the decision are largely in the scope of other TEHDAS2 documents and in such cases the relevant document is referred to. This guideline serves as operational guidance for HDABs describing all the procedural steps from receiving an application, to issuing a decision, to actions to be conducted after the decision. In doing so, it ensures alignment with both the EHDS Regulation and the General Data Protection Regulation (GDPR).
Juuti et al. (Tue,) studied this question.