FAQ Laws and legislation

Nr

CR

Question

Answer

1

V1

What will be the influence/role of European Health Data Space (EHDS)?

The EHDS prescribes that data holders of defined data categories (art 33) are obliged to make this data available in an application by the HDAB and to submit its metadata to the national metadata catalogue. Requests for dates can be national or can come from other EU countries. Conversely, data users can also request data from other EU countries via the HDAB.

The EHDS thus becomes a legal framework for the sharing of electronic health data for secondary purposes.

2

V1

How does the future Health Data Access Body (HDAB) fit into this?

The EHDS is about sharing and reusing health data. If these are used for research, innovation and policy development, they can be shared with the EHDS as a basis and can therefore be applied for through the HDAB.

The EHDS distinguishes between primary and secondary use of health data. A Digital Health Authority will be set up for primary use (use of data for which the data has been recorded). For secondary uses (research, innovation, quality, policy development, etc.), one or more Health Data Access Bodies will be set up per Member State. Health-RI is involved in the consortium to design and implement the HDAB in the Netherlands. The HDAB is responsible for finding data, receiving data requests, issuing permits and making requested data available in Secure Processing Environments. In addition, e.g. supervision of processes and public reporting are part of the tasks of the HDAB. The consortium is currently looking into the question of what the ideal structure would be: an HDAB or several, as much as possible decentralized or preferably more centralized, to what extent it is better to separate actual implementation and service provision from administrative decision-making (or not) and the question of which authority should ideally be the subject of objection and/or appeal.

3

V1

Who is the data governance committee? Is the DGC quality registrations meant? Health-RI is broader, isn't it? 

This will have to be determined.

This could possibly. the Data Governance Committee Quality Registers may be; However, the scope of the Health-RI architecture is broader than just the application of quality registers

4

V1

I'm a bit worried about who's going to do all this. I already see too few hands everywhere with regard to data management, among other things. How much can be automated? How much do we save on other activities as a result?

Health-RI recognizes and acknowledges this concern. However, there is no ready-made answer to this yet. Using use cases and implementation examples, Health-RI hopes to identify best practices on many aspects of the infrastructure. In this way, best practices in data management and FAIR are also identified. This will disseminate Health-RI widely so that people can also learn from each other in these areas and adopt good practices.

It will also be examined whether and how parts can be automated.

5

V1

What infrastructure already exists to support these processes? Do individual use cases have to develop everything they need themselves or are there specific platforms/methodologies that Health-RI would like to see as part of all use cases?

We are at the beginning. A number of components are already available but not yet connected to each other. We are evaluating whether the available components within the Health-RI ecosystem are generically usable. Furthermore, the Ministry of Health, Welfare and Sport takes control of this by making choices and setting frameworks

6

V1

What is Health-RI's vision on data ownership?

According to the system of the law, one can only own a material object that is subject to human control. Therefore, one cannot be the "owner" of data.

8

V1

Who pays for the preparation and availability of the data?

Health-RI is striving for a utility, but at the moment it is still a task for the data holders.

9

V1

Can you indicate who will make and pay for what within the outlined architecture?

The design of a nationally integrated health data infrastructure will be a co-creation of several parties. The (regional) nodes are responsible for setting up their own architecture, which can be supported by practice-driven projects supported by Health-RI (implementation examples). Health-RI is also working on use cases at the national level where the components developed in this way can be reused by other nodes and users. Generic functions are set up centrally by users.

Within the so-called cluster 1 (Principles, support and communication), national agreements are drawn up with all system parties. This includes tasks and responsibilities within the entire healthcare information landscape.

10

V1

Does Health-RI also coordinate with other European countries?

Yes, there are indeed short lines of communication with, for example, Denmark, Finland, Belgium, France, Ireland, Luxembourg and so on. We work together to learn each other's solution strategies around obstacles and implementation of the EHDS.

For example, at the end of June 2023, there was a conference with Swiss and German delegations to exchange knowledge and experiences.

11

V2

What is the status of the central review committee for data provision in the health-RI ecosystem? Has that role already been fulfilled and fulfilled?

The EHDS program looks at the different roles in the process of data requests and data issuances. This also includes further defining and fleshing out the role of such a committee.

12

V2

The Bravis hospital sends raw data from their tenant to Erasmus MC. Erasmus MC loads the data into their lakehouse drawers, models it to a common data model and standard vocabularies. Erasmus MC publishes the metadata and provides access to data if a user has a permit to do so. In this scenario, Bravis gives control over the data to Erasmus MC. Is this allowed by law?

This is a question for the ELSI Service Desk. See How does the ELSI Servicedesk? | Elsi Servicedesk work

13

V3

To what extent is contact with and information of the patients involved included in the architecture? Think of informing about the use of personal data for a study, reporting results (publications) and the possibility to exercise legal rights, such as the right to delete data?

This is being considered, including where certain responsibilities will lie.

We want to set up a transparent process. It must be possible to see who has used the data and for what purpose. No choice has yet been made as to who will arrange this information provision.

We are thinking of a register for applications, where applications are given a persistent identifier. The applications can then also be made transparent for the data subjects.