EU bodies have agreed in principle to the creation of a pan-European personal information database system. (EPA-EFE/Mourad Balti Touati)


EU plans creation of pan-European health database network


European Union bodies have agreed in principle to the creation of a Europe-wide personal-health information database network.

The deal, struck on March 15, is the first step in the creation of what the Council of Ministers described as a “European Health Data Space” (EHDS). It aims to allow medical staff to access EU citizens’ health records from anywhere in the bloc, provided there is justifiable reason to do so.

To achieve the goal, EU Member States will be compelled to create a series of interoperable health databases based on the MyHealth@EU platform. The systems will be mandated to use a single type of file-format for data exchange that is designed to ensure an individual’s medical records can be accessed by relevant bodies from anywhere in the EU.

“Currently, cross-border access to health data varies across the EU,” the Council said on March 15.

“The new rules aim to make it possible for a Spanish tourist to pick up a prescription in a German pharmacy [for example], or for doctors to access the health information of a Belgian patient undergoing treatment in Italy.”

As part of the deal struck between the Council and European Parliament, an individual’s data stored on the system will only be made available to someone treating that person and only the parts of the record relevant to their current treatment would be disclosed.

Researchers will also be granted permission to see further data, although the Council insisted such information would first be “anonymised” before being disclosed.

The Parliament insisted no data would be made available for advertising or assessing health-insurance requests. Its use for processing job applications or loan-eligibility, for instance, will also be prohibited.

Member States will also be allowed to give individuals the option of opting out of the use of the database.

Tomislav Sokol, a European People’s Party MEP acting as co-rapporteur for the proposal, said: “The European Health Data Space will put citizens in control of their health data by providing a safe framework for storing and accessing their personal health records that will be accessible anywhere in the EU – enhancing healthcare at a national and cross-border level.

“The EHDS will also facilitate the responsible sharing of health data to researchers – boosting research and innovation in the EU and ensuring the development of new treatments.”

While politicians appear insistent that EU citizens will remain in control of their health data while on this new system, the past record seems to cast doubt on such claims.

EU health databases have a long history of being breached, either as a result of hacking or negligence, frequently exposing the data of millions of Europeans to hostile actors.

In February this year, it was found that the private information of 33 million people in France was compromised in cyberattacks against two of the country’s largest health-insurance providers.

Such data included dates of birth, marriage status and social-security numbers.

Another major incident was uncovered just days ago; Ireland’s national healthcare provider, the HSE, experienced a technical issue with its database that exposed the personal information of a further 1 million people.

The error was the result of a Covid-19-related database that was “misconfigured” in 2021, allowing open access to the personal details of citizens.

Irish authorities insisted there was no evidence that any individual’s private information was compromised as a result of the screw-up.