This guideline supports how the European Health Data Space (EHDS) Regulation (EU) 2025/327 applies to the secondary use of electronic health data, clarifying the allowed purposes (Article 53), prohibited uses (Article 54) and the role of Article 52(3) where Intellectual Property Rights (IPR) and trade secrets may limit data availability. It is intended primarily for Health Data Access Bodies (HDABs) and is expert guidance from Towards the European Health Data Space 2 (TEHDAS2), not legally binding and not representing the European Commission. The document scope supports Health Data Access Body (HDAB) assessments by verifying eligibility under Article 53, screening for risks under Article 54 and determining proportionate legal, organisational and technical safeguards required by Article 52(3), with pointers to related TEHDAS2 deliverables for coordinated implementation across member states. The scope excludes detailed operational workflows (see Annex 7 for a summary of guideline D6.3), IPR/trade secret regimes beyond Article 52(3), opt‑out rules under Article 71 except where relevant to Article 53(1)(b), and broader EHDS infrastructure topics unrelated to application management and permit issuing. Article 53 provides an exhaustive list of six allowed purposes: (a) public or occupational health tasks; (b) policymaking and regulatory activities; (c) official statistics; (d) education in the health or care sectors; (e) scientific research (broadly interpreted, including innovation and Artificial Intelligence (AI) when conducted with scientific rigour and public health relevance); and (f) improvement of care delivery. Purposes (a)–(c) are reserved for public bodies and Union institutions (including mandated third parties), and every application must show necessity, proportionality and appropriate safeguards. Article 54 prohibits detrimental or discriminatory decisions, advertising or marketing, development of harmful or addictive products or services and activities conflicting with national ethical provisions. Because Article 53 is exhaustive and Article 54 is not, any use outside Article 53 is not permitted even if not named in Article 54. HDABs should verify mandate (including on‑behalf‑of arrangements), confirm purpose, necessity and proportionality, check for indicators of prohibited use and impose IPR/trade secret safeguards. Research applications should include a protocol, ethics approval where required and a data management plan (DMP), with binding commitments to refrain from misuse. Where protected elements are present, HDABs should use contractual measures, derived datasets or secure processing environments and may refuse access under Article 52(5) if adequate protection cannot be ensured. Process notes include accelerated timelines for Article 53(1)(b) and narrowly defined Article 71(4) opt‑out exceptions, with European Union (EU)‑level convergence encouraged via the EHDS Board.
Andacheh et al. (Tue,) studied this question.