EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 32019H0243
Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (Text with EEA relevance.)
Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (Text with EEA relevance.)
Commission Recommendation (EU) 2019/243 of 6 February 2019 on a European Electronic Health Record exchange format (Text with EEA relevance.)
C/2019/800
OJ L 39, 11.2.2019, p. 18–27
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
|
11.2.2019 |
EN |
Official Journal of the European Union |
L 39/18 |
COMMISSION RECOMMENDATION (EU) 2019/243
of 6 February 2019
on a European Electronic Health Record exchange format
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 292 thereof,
Whereas:
|
(1) |
Citizens have the right to access their personal data, including their health data as provided for by Regulation (EU) 2016/679 of the European Parliament and of the Council (1), which lays down the conditions for lawful processing of personal data, including data concerning health, as defined therein (2) (health data). However most citizens cannot yet access (nor securely share) their health data across borders. |
|
(2) |
The ability of citizens and healthcare providers to securely access and share electronic health records (‘EHR's), that is to say collections of longitudinal medical records or similar documentation of an individual, in digital form, within and across borders has a number of benefits: an improvement in the quality of care for citizens, reduction in the cost of healthcare to households, and it supports the modernisation of health systems in the Union that are under pressure from demographic changes, rising expectations and costs of treatment. For example, sharing the results of blood tests in a digital format among clinical teams prevents repeating invasive and costly tests on the same person. Similarly, where patients need to see different health professionals, sharing electronic health records can avoid a repetition of the same information about their medical history saving time for all parties involved and improving the quality of care. |
|
(3) |
Enabling the secure access and sharing of health records across borders in the Union will facilitate citizens' life in a number of cross-border situations, such as citizens, and their families, who are currently living in another Member State for work purposes or retired people living in another country, enabling them to have access to health records between the Member States in which they have been resident. It will also improve the quality of care in situations which require medical treatment while travelling in the Union or as part of a cross border agreement. There are over two million recorded instances a year where a citizen living in one Member State has sought healthcare in another (3). Moreover, in the future, it can be usefully linked to European Union initiatives in the field of social security coordination. |
|
(4) |
Healthcare needs are expected to further increase in the future as a result of population ageing, rising prevalence of chronic conditions and a rise in demand for long-term care. This is evidenced by health spending amounting to 9,6 % of Gross Domestic Product in the Union as a whole in 2017, up from 8,8 % in 2008 (4). Similarly, evidence from various countries suggest that up to 20 % of healthcare spending is wasteful, for example because patients receive unnecessary tests or treatments, or as a result of avoidable hospital admissions. |
|
(5) |
Digital technologies are powerful solutions to address those issues and to adapt health systems to future challenges. For example, digital solutions linked to health apps, or wearable devices, combined with a system that allows a citizen secure access to their own health data, should enable patients with chronic conditions, such as diabetes, or cancer, to monitor their own symptoms at home and share them quickly with their clinical teams. This should reduce the number of visits to a health facility for monitoring. Digital technologies can also help to detect early a need for a change in treatments, resulting in fewer hospitalisations due to complications. Better management of chronic conditions in the community, alongside reducing duplication of healthcare actions (such as tests) should not only make systems more sustainable but also improve overall quality of life, the quality of healthcare provided to citizens, and reduce the costs associated with healthcare for individuals and households. |
|
(6) |
The Council has regularly called for Member States to strengthen the implementation of their digital health strategies. In particular, the Council conclusions on Health in the Digital Society adopted on 8 December 2017 (5) stress the need for Member States to make their electronic health systems more interoperable in order to give citizens greater control over their health data. |
|
(7) |
To support the digital transformation of health and care, the Commission adopted the Communication on ‘enabling the digital transformation of health and care in the Digital Single Market: empowering citizens and building a healthier society’ (6). That Communication adapts for the health sector, the objectives set out in the Communication ‘A Digital Single Market Strategy for Europe’ adopted on 6 May 2015 (7) and the Communication ‘EU eGovernment Action Plan — Accelerating the Digital Transformation of Government’, adopted on 19 April 2016 (8). It addresses the concerns raised in the Communication on the Mid-Term Review on the implementation of the Digital Single Market Strategy, ‘A Connected Digital Single Market for All’ (9) regarding the fact that the uptake of digital solutions for health and care remains slow and varies significantly across the Member States and regions. |
|
(8) |
Digitising health records, and creating systems that enable them to be securely accessed by citizens and securely shared within and between the different actors in the health system (patients, their clinical teams in the community and hospital facilities) is an important step towards integrating digital technologies into health and care approaches. That integration requires electronic health records, to be interoperable across the Union whereas currently many of the formats and standards in electronic health record systems — that are information systems for recording, retrieving and managing electronic health records — used across the Union are incompatible. |
|
(9) |
New technologies for health should support citizens to become active agents of their own health journey. To this end, citizens' and patients' needs should be taken into account when designing health information systems including making these systems more accessible to users, in particular to persons with disabilities, according to the accessibility requirements laid down by Directive (EU) 2016/2102 of the European Parliament and of the Council (10), where applicable |
|
(10) |
The aim of interoperability with regard to electronic health records is to allow for the processing of information in a consistent manner between those health information systems, regardless of their technology, application or platform in a way that it can be meaningfully interpreted by the recipient. |
|
(11) |
The lack of interoperability with regard to electronic health records leads to fragmentation and a lower quality of cross-border healthcare provision. The Commission has already identified specific ‘Integrating the Healthcare Enterprise’ (IHE) profiles listed in the Annex to Commission Decision (EU) 2015/1302 (11) (12) with the potential to increase interoperability of eHealth services and applications to the benefit of citizens and the healthcare professional community and to be eligible for referencing in public procurement. Those profiles provide detailed specifications for different layers of interoperability. Some of those profiles are already used to address specific business requirements in the eHealth Digital Service Infrastructure (‘eHDSI’). |
|
(12) |
The highest possible standards for security and data protection are central to developing and exchanging electronic health records. The General Data Protection Regulation requires patient data to be protected and properly secured so that its confidentiality, integrity and availability are ensured. As a consequence, systems must be secure, safe, trustable and integrate data protection by design and by default. A series of European wide digital solutions and common approaches for government and institutions lay the basis for this. |
|
(13) |
The use of secure electronic identification and authentication means provided for in Regulation (EU) No 910/2014 of the European Parliament and of the Council (13) (eIDAS) should enhance access, security and trust in electronic health record systems. That Regulation lays down the conditions under which recognised electronic identification means, falling under a notified electronic identification scheme of a Member State, may be used by citizens to gain access to online public services from abroad, including access to health services and health data. It also lays down rules for trust services such as electronic signatures, electronic seals and electronic registered delivery services, to securely manage and exchange health data by minimising the risk of possible tampering and misuse. |
|
(14) |
Under Directive (EU) 2016/1148 of the European Parliament and of the Council (14) healthcare providers, that are identified as operators of essential services by Member States and digital service providers falling in its scope are required to take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems they use in their operations of provision of service. They are also required to notify security incidents having a significant or substantial impact on the continuity of the services they provide to the competent national authorities or to the national Computer Security Incident Response Teams (CSIRTs). As regards in particular cybersecurity for electronic health record systems, cybersecurity certification may allow the demonstration that cybersecurity requirements are fulfilled, under the relevant Union cybersecurity framework (15). |
|
(15) |
Member States have taken important steps to foster interoperability with the support of the Commission, through the activities of the eHealth Network established under Article 14 of Directive 2011/24/EU. The eHealth Network's main objective is to support the development of sustainable eHealth systems, services and interoperable applications, facilitate cooperation and the exchange of information among Member States, enhance continuity of care and ensure access to safe and high-quality healthcare. Consequently it plays a crucial role for the interoperability of electronic health records. |
|
(16) |
In particular, in order to facilitate the interoperability of European eHealth systems, a number of Member States participating in the eHealth Network have worked together with the Commission to build the eHealth Digital Services Infrastructure, supported by the Connecting Europe Facility (CEF) Programme (16). In some of those Member States, the exchange of ‘ePrescriptions’ between health professionals across borders through the eHealth Digital Services Infrastructure has started, while the exchange of ‘Patient Summaries’ is expected to start soon. Enhancing the interoperability of electronic health records should help expanding the datasets currently being exchanged within the eHealth Digital Services Infrastructure to include valuable information concerning laboratory results, medical imaging and reports, and hospital discharge reports, which would enhance continuity of care. A number of tools developed for the eHealth Digital Services Infrastructure are a resource for Member States for the exchange of electronic health records. |
|
(17) |
In the context of exchanging electronic health records, the eHealth Network plays a valuable role in further developing the European electronic health record exchange format, by using it for the eHealth Digital Services Infrastructure and promoting its use for exchanges between healthcare providers at national level. |
|
(18) |
Digitising health records and enabling their exchange could also support the creation of large health data structures which combined with the use of new technologies, such as big data analytics and artificial intelligence can support the search for new scientific discoveries. |
|
(19) |
Existing national specifications for electronic health record systems may continue to apply in parallel with a European electronic health record exchange format, |
HAS ADOPTED THIS RECOMMENDATION:
OBJECTIVES
|
(1) |
This Recommendation sets out a framework for the development of a European electronic health record exchange format in order to achieve secure, interoperable, cross-border access to, and exchange of, electronic health data in the Union.
The framework includes:
It also encourages Member States to ensure secure access to electronic health record systems at national level. |
ELECTRONIC HEALTH RECORD SYSTEMS IN MEMBER STATES
Ensuring secure access to electronic health record systems
|
(2) |
Member States should ensure that electronic health record systems meet high standards for the protection of health data, and the security of network and information systems on which such electronic health record systems rely, to avoid data breaches and minimise the risks of security incidents. |
|
(3) |
Member States should ensure that citizens and their healthcare professionals have online access to their electronic health records using secure electronic identification means, taking into account the framework for security and trust established by the Regulation (EU) No 910/2014. |
Tools and incentives
|
(4) |
Member States should use the tools and building blocks provided by the eHealth Digital Services Infrastructure supported under the Connecting Europe Facility Programme and refer to the Refined eHealth European Interoperability Framework (17) as the common framework for managing interoperability in the eHealth domain. |
|
(5) |
Member States should take appropriate measures to support the use of interoperable electronic health record systems such as leveraging dedicated financial investments, including incentive mechanisms, and adapting legislation where appropriate. |
National digital health networks
|
(6) |
To enhance the interoperability and security of national health systems and support the secure exchange of health data across borders, each Member State should set up a national digital health network involving representatives of the relevant competent national authorities and, where appropriate, regional authorities dealing with digital health matters and the interoperability of electronic health records, and security of networks and information systems, and the protection of personal data. In particular national digital health networks should involve the following:
|
|
(7) |
The results of discussions or consultations of the national digital health networks should be transmitted to the eHealth Network and to the Commission. |
FRAMEWORK FOR CROSS-BORDER EXCHANGE OF ELECTRONIC HEALTH RECORDS
Principles for access to and cross-border exchange of electronic health records
|
(8) |
Member States should ensure that citizens are able to access and securely share their electronic health data across borders. |
|
(9) |
Member States are encouraged to give citizens the ability to choose to whom they provide access to their electronic health data, and which health information details are shared. |
|
(10) |
Member States should ensure that the principles set out in the Annex are observed when developing solutions enabling access to, and exchange of electronic health data in the Union. |
Baseline for a European electronic health record exchange format
|
(11) |
Member States should take measures to ensure that the following health information domains, as a baseline, are part of a European electronic health record exchange format:
The cross-border exchange of information should take place in accordance with the baseline standards, interoperability specifications and the profiles depending on the health information domain as set out the Annex. |
Further elaboration of a European electronic health record exchange format
|
(12) |
Member States should, in the context of Article 14 of Directive 2011/24/EU and in collaboration with the Commission, support the further elaboration of the recommended baseline of health information domains and specifications for a European electronic health record exchange format, through a joint coordination process. |
|
(13) |
Through this process, Member States, supported by the Commission, should engage in discussions and cooperation at Union level with relevant stakeholders, including healthcare professional organisations, national competence centres, industry actors and patient groups, as well as other Union and national authorities with competence in relevant areas to encourage, and contribute to, an iterative process of further elaborating and adopting a European electronic health record exchange format. In particular, clinical and technical experts should be involved in work concerning technical and semantic specifications for cross-border exchange of health data. The results of these discussions and consultations should be transmitted to the eHealth Network. |
|
(14) |
The joint coordination process should benefit from knowledge available in national competence centres targeting the identification of the meaningful medical concepts for each given context. |
|
(15) |
The joint coordination process should take forward approaches that all Member States can support, while Member States that so wish may progress towards electronic health record interoperability at a faster speed. |
|
(16) |
The joint coordination process should build on, and incorporate the results of, existing initiatives of the eHealth Network such as the Common Semantic Strategy task force. |
|
(17) |
Member States, in the context of the eHealth Network, should cooperate with the Commission and other relevant stakeholders in establishing practical implementation guidelines, sharing good practice and promoting awareness actions for citizens and healthcare providers on the benefits of access to, and exchange of electronic health record, across borders. Pilot projects including research, innovation or deployment actions, such as those supported under the Horizon 2020 (18) and Connecting Europe Facility Programmes, where relevant, should be used to advance interoperability and raise awareness. |
MONITORING AND FUTURE DEVELOPMENTS
Monitor progress towards interoperability
|
(18) |
Member States, in the context of the eHealth Network and in cooperation with the Commission, should monitor progress towards interoperability on the basis of a shared roadmap revised annually, identifying common priorities, tasks, deliverables and milestones.
For that purpose, Member States should, on a yearly basis:
|
|
(19) |
The elements referred to in points 18(a) and (b) should be taken into account when assessing the next steps for the exchange of electronic health records across the Union. |
Future work
|
(20) |
Member States should engage with the Commission and relevant stakeholders to identify and review emerging technological and methodological innovation and identify appropriate steps to achieve progress in the long-term exchange of electronic health records. |
Assessment of the effects of the Recommendation
|
(21) |
Member States should cooperate with the Commission to assess the effects of this Recommendation taking into account their experience and any relevant technological developments with a view to determine appropriate ways forward. |
Done at Brussels, 6 February 2019.
For the Commission
Mariya GABRIEL
Member of the Commission
(1) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
(2) Article 4(15) of the General Data Protection Regulation.
(3) Either using a European Health Insurance Card or under the Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients' rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45).
(4) ‘Health at a Glance: Europe 2018 — State of Health in the EU Cycle’ https://ec.europa.eu/health/sites/health/files/state/docs/2018_healthatglance_rep_en.pdf
(5) 2017/C 440/05.
(6) COM(2018) 233 final.
(7) COM(2015) 192 final.
(8) COM(2016) 179 final.
(9) COM(2017) 228 final.
(10) Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies (OJ L 327, 2.12.2016, p. 1) (Web Accessibility Directive).
(11) Commission Decision (EU) 2015/1302 of 28 July 2015 on the identification of ‘Integrating the Healthcare Enterprise’ profiles for referencing in public procurement (OJ L 199, 29.7.2015, p. 43).
(12) https://www.ihe.net/ and https://www.ihe-europe.net/
(13) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).
(14) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).
(15) See Joint Communication on Resilience, Deterrence and Defence: Building strong cybersecurity for the EU, point 2.2 (JOIN(2017) 450 final).
(16) https://ec.europa.eu/cefdigital/wiki/display/EHOPERATIONS/eHealth+DSI+Operations+Home
(17) https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20151123_co03_en.pdf
(18) https://ec.europa.eu/programmes/horizon2020/en/
ANNEX
1. Principles
(a) Citizen-centric by design
Citizens should be central to the way in which systems are designed. Such systems are to be designed to implement the principles of data protection by design and by default to meet the requirements of the General Data Protection Regulation.
(b) Comprehensiveness and machine-readability
Electronic health records should be as comprehensive as possible in order to support health and care services throughout the Union.
Health data introduced in electronic health records should be machine-readable to the extent required by reasonable intended reuse of those data. Information should be structured and codified in the most practical way possible, with a view to making health data interoperable, including across borders.
(c) Data protection and confidentiality
Electronic Health Record systems and interoperability solutions have to guarantee the confidentiality of personal health data and conform with all aspects of data protection legislation, from their design stage onward.
The fundamental right to the protection of personal data should be fully and effectively implemented, in conformity with Regulation (EU) 2016/679, including the right to transparent information, the right of access and other relevant rights listed in Chapter III. In particular, citizens should be able to exercise their right to access their health data by having access to their electronic health records, including across borders.
(d) Consent or other lawful basis
Any processing (1) of health data must be based on the explicit consent of the citizen concerned or on any other lawful basis, pursuant to Articles 6 and 9 of Regulation (EU) 2016/679.
(e) Auditability
Any processing of health data should be registered and verified for auditing purposes, using appropriate techniques, such as logging and audit trailing, to keep an accurate record of the access to electronic records, their exchange or any other processing operation.
(f) Security
Pursuant to Regulation (EU) 2016/679 and Directive (EU) 2016/1148 appropriate technical and organisational measures must be implemented to ensure that electronic health record systems are secure. Those measures should include protection against unauthorised or unlawful processing of health data and against accidental loss, destruction or damage. Entities exchanging electronic health records should ensure that personnel dealing with electronic health records systems is properly aware of cybersecurity risks and adequately trained.
(g) Identification and authentication
Strong and reliable identification and authentication of all involved parties is a key element to guarantee trust in exchanges of data between electronic health record systems.
The use of notified national electronic identifications (‘eID's) supports citizens’ cross-border identification and authentication to access their health data in full security and convenience, as well as the principle of ‘non-repudiation’ assuring the origin and integrity of such data. Through the mutual recognition of national electronic identification schemes, as foreseen in Regulation (EU) No 910/2014, citizens of one Member State may use their national electronic identifications to securely access online services provided to them in another Member State. Pursuant to Article 6 of that Regulation, online public services requiring electronic identification assurance corresponding to a certain level (‘substantial’ or ‘high’) must accept the notified electronic identification schemes of other Member States.
(h) Continuity of service
Continuity and availability of the electronic health record exchange service is essential to guarantee continuity of care. Any incidents or interruptions that may arise in the course of the use of the service should be promptly addressed in accordance with defined business continuity plans.
2. Baseline for the European electronic health record exchange format: health information domains and specifications for cross-border exchange of electronic health records
The baseline for the European electronic health record exchange format should include the health information domains and interoperability specifications (including standards, and profiles (2)) mentioned below for representing and exchanging (structured and unstructured) health data.
This baseline should be further refined and extended through a joint coordination process. Additional international standards, specifications and profiles, currently being developed, under revision or in trial implementation phase should be considered in further developing a European electronic health record exchange format.
2.1. Health information domains for cross-border exchange
The initial set of health information domains for cross-border exchange should include the following:
|
(i) |
Patient Summaries (3) |
|
(ii) |
ePrescriptions/eDispensations (4) |
|
(iii) |
Laboratory reports |
|
(iv) |
Medical images and reports |
|
(v) |
Hospital discharge reports. |
These health information domains have been prioritised in alignment with the eHealth Network established priorities, on the basis of current work under the eHealth Digital Services Infrastructure and clinical relevance for cross-border healthcare.
2.2. Interoperability specifications
Tables A and B contain a set of recommended interoperability specifications for content structuring and representation.
2.2.1.
|
Health information domains |
Clinical information for cross-border exchange |
Content representation for cross-border exchange |
|
Patient Summary |
Structured according to the provisions in the ‘GUIDELINE on the electronic exchange of health data under Cross-Border Directive 2011/24/EU Release 2 — Patient Summary for unscheduled care’ adopted by the eHealth Network on 21 November 2016 (5) |
Health Level Seven (HL7) Clinical Document Architecture (CDA) Release 2 (6) Level 3 and Level 1 (PDF (7)/A) |
|
ePrescription/eDispensation |
Structured according to the provisions in the ‘GUIDELINE on the electronic exchange of health data under Cross-Border Directive 2011/24/EU Release 2 — ePrescriptions and eDispensations’ adopted by the eHealth Network on 21 November 2016 (8) |
Health Level Seven (HL7) Clinical Document Architecture (CDA) Release 2 Level 3 and Level 1 (PDF (7)/A) |
2.2.2.
|
Health information domain |
Clinical information for cross-border exchange |
Content representation for cross-border exchange |
|
Laboratory results |
Enable cross-border exchange according to the clinical information structure currently used by the sender electronic health record system, while common clinical information structures for cross-border exchange are developed and agreed. |
For laboratory results, medical imaging reports and hospital discharge reports Health Level Seven (HL7) Clinical Document Architecture (CDA) Release 2 Level 3 or Level 1 (PDF (9)/A) For medical imaging Digital Imaging and Communications in Medicine (DICOM) |
|
Medical imaging and reports |
||
|
Hospital discharge reports |
2.2.3.
The use of relevant ‘Integrating the Healthcare Enterprise’ profiles listed in the Annex to Decision (EU) 2015/1302 should be duly considered to facilitate the exchange of healthcare information domains across borders.
Those ‘Integrating the Healthcare Entreprise’ profiles could be used, inter alia, for patient identification, document exchange, audit trails and identity claims.
The joint coordination process should also consider other ‘Integrating the Healthcare Entreprise’ profiles currently at trial stage, or any other standards or specifications needed to address the requirements for secure health data exchange, as well as other types of message exchange patterns.
3. Future work
The aim is to deliver the right data, at the right time — for citizens and healthcare providers — and allow for the secure access, sharing and exchange of electronic health records.
As such, working towards comprehensive cross-border exchange of electronic health records in a fast changing, connected environment requires regular review of the latest technological and methodological innovations to managing data, including those related to accessing and leveraging of advanced technological infrastructures.
The refinement of the exchange format should consider the possibility offered by resource driven information models (such as Health Level Seven Fast Healthcare Interoperability Resources (HL7 FHIR©) (10)).
In order to make further progress, a review of new approaches to interoperability specifications, such as relevant Application Programming Interfaces (‘API's) and developments in digital technologies such as artificial intelligence, cloud computing, interaction technologies, high performance computing and cyber security solutions should be carried out. Evolution in other technologies such as distributed ledger technologies may have the potential to build trust amongst citizens and health care organisations provided that they comply with personal data protection rules.
The above technologies should be considered with a view to supporting innovation in health care service provision, offering new possibilities to address issues such as health data provenance, and automated integrity assurance.
(1) As defined in Article 4(2) of the General Data Protection Regulation.
(2) The way in which standards can be implemented to meet specific clinical needs.
(3) https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20161121_co10_en.pdf
(4) https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20161121_co091_en.pdf
(5) https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20161121_co10_en.pdf
(6) http://www.hl7.org/implement/standards/product_brief.cfm?product_id=7
(7) Portable Document Format.
(8) https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20161121_co091_en.pdf
(9) Portable Document Format
(10) http://hl7.org/fhir/