Training, European Health Data Space (EHDS)

Preparing for the European Health Data Space (EHDS), for EU and non-EU healthcare providers (tailored-made training).


The European Health Data Space is a health specific ecosystem comprised of rules, common standards and practices, infrastructures and a governance framework that aims at:

1. Empowering individuals through increased digital access to and control of their electronic personal health data, at national level and EU-wide.

2. Fostering a single market for electronic health record systems, relevant medical devices and high risk AI systems.

3. Providing a trustworthy and efficient set-up for the use of health data for research, innovation, policy-making and regulatory activities (secondary use of data).

The European Health Data Space is a key pillar of the European Health Union. It builds further on the General Data Protection Regulation (GDPR), and the NIS 2 Directive.

The European Union is building a strong European Health Union, in which all EU countries prepare and respond to health crises, have available, affordable, innovative and adequate medical supplies, and member countries work together to improve prevention, treatment and aftercare for diseases.

The COVID-19 pandemic shows the importance of coordination among European countries to protect health, both during a crisis and in normal times. The European Health Union improves EU-level protection, prevention, preparedness and response against human health hazards.

Understanding the European Health Data Space (EHDS).

1. Thanks to the EHDS, people will have immediate, and easy access to the data in electronic form, free of charge. They can easily share these data with other health professionals in and across Member States to improve health care delivery. Citizens will be in full control of their data and will be able to add information, rectify wrong data, restrict access to others and obtain information on how their data are used and for which purpose.

2. Member States will ensure that patient summaries, ePrescriptions, images and image reports, laboratory results, discharge reports are issued and accepted in a common European format.

3. Interoperability and security will become mandatory requirements. Manufacturers of electronic health record systems will need to certify compliance with these standards.

4. To ensure that citizens' rights are safeguarded, all Member States have to appoint digital health authorities. These authorities will participate in the cross-border digital infrastructure (MyHealth@EU) that will support patients to share their data across borders.

5. The EHDS creates a strong legal framework for the use of health data for research, innovation, public health, policy-making and regulatory purposes. Under strict conditions, researchers, innovators, public institutions or industry will have access to large amounts of high-quality health data, crucial to develop life-saving treatments, vaccines or medical devices and ensuring better access to healthcare and more resilient health systems.

6. The access to such data by researchers, companies or institutions will require a permit from a health data access body, to be set up in all Member States. Access will only be granted if the requested data is used for specific purposes, in closed, secure environments and without revealing the identity of the individual. It is also strictly prohibited to use the data for decisions, which are detrimental to citizens such as designing harmful products or services or increasing an insurance premium.

7. The health data access bodies will be connected to the new decentralised EU-infrastructure for secondary use (HealthData@EU) which will be set up to support cross-border projects.

More about the European Health Data Space (EHDS)

Digitalisation is essential for the future of healthcare. The digital transformation is crucial to provide better healthcare to citizens, to build stronger and more resilient health systems, to support long-term competitiveness and innovation in the EU’s medical industry, and to help the EU recover from the pandemic.

Data is an indispensable part of today’s world. When used responsibly and in full respect of fundamental rights, it can bring incredible benefits to every aspect of our everyday lives, including our health. Member States’ health systems already generate, process and store a vast amount of data. Yet it often remains difficult for citizens to access their health data electronically and for researchers to use it to improve diagnosis and treatments.

A vast amount of health data is generated every second, providing healthcare services and researchers with potential valuable insights. Health data reuse is estimated to be worth around EUR 25-30 billion annually. That figure is expected to reach around EUR 50 billion within 10 years.

However, the complexity and divergence of rules, structures and processes within and across Member States makes it difficult to easily access and share health data. This creates barriers to healthcare delivery and innovation, leaving patients unable to benefit from its potential.

Moreover, health systems are becoming the target of cyberattacks. Therefore, the healthcare sector and relevant cyber security authorities need to consider cybersecurity as a key factor for ensuring the resilience and availability of key healthcare services.

In essence, the EU health sector is rich in data, but poor in making it work for people and science. The EU needs to tap into this huge potential to turn the wealth of health data across Europe into knowledge at the service of citizens, and to better prevent, diagnose and treat diseases.

Health data can help achieve more efficient, higher-quality, safer and more personalised care, and help improve healthcare delivery. Health data3 and data science could dramatically transform public health and revolutionise healthcare systems, enabling lifesaving healthcare improvements. Health data can also play a crucial role in speeding up the development of new medical products and treatments for patients who need them most.

The COVID-19 pandemic has clearly demonstrated the importance of digital services in the health domain. It has shown that up-to-date, reliable and FAIR health data is key in providing an efficient public health response to crisis and in developing effective treatments and vaccines. It has also significantly accelerated the uptake of digital tools, such as electronic health records (personal medical records or similar documents in digital form), e-prescriptions and digital health applications, as well as the sharing of research data. Digital health products and services, including telehealth, are no longer novelties. They are becoming a part of everyday care delivery.

Harnessing the power of health data through the digital transformation is especially relevant when patients move within or to other EU countries; and when researchers, innovators, policy-makers or regulators need critical data that can enable the power of science to help patients. Similarly, sharing health data in border regions where individuals access healthcare services across the border much more frequently will be far easier.

Current challenges in using health data.

People cannot always easily access their health data electronically, and if they want to consult doctors in more than one hospital or medical centre, they often cannot share the data with other health professionals. Today, a patient’s health data is often still recorded on paper, untraceable and scattered across various places (hospitals, general practitioners’ venues, medical centres, etc.).

The situation becomes even more difficult when crossing national borders. If a patient visits a doctor in another country, their medical information (including diagnostic images) is often not accessible, which can lead to delays and errors in diagnosis or treatment. In most cases, doctors cannot see the patient’s health data if they have undergone health interventions in another country. Continuity of care and rapid access to personal electronic health data is even more important for residents in border regions, crossing the border frequently to receive healthcare.

The open public consultation23 for the European Health Data Space proposal showed that 88% of respondents think it should promote citizens’ control over their own health data, including access to health data and transmission of their health data in electronic format. 84% of respondents say that citizens should have the right to transmit one’s health data in electronic format to another professional or entity of their choice and 82% feel that they should have the right to request public healthcare providers to share their health data electronically with other healthcare providers/entities of their choice. 83% of respondents say that the European Health Data Space should facilitate delivery of healthcare for citizens across borders.

Researchers and industry, along with policy-makers and innovators, face important obstacles in accessing the data they need to develop new products, to take informed decisions or to monitor the side effects of medicinal products over the long term, based on real-world evidence, with impact on patient safety. In many cases, consent is the only way to access data for research, policy-making and regulatory purposes. It is very costly and cumbersome for researchers to get consent from every patient to use the patient’s data in their research.

Even when the patient consents, data holders are sometimes reluctant to provide data for reasons other than data protection and prefer to keep the health data for their activities. The current regulatory fragmentation between Member States hampers research and innovation by small players, as well as cross-border research.

Possible modules of the tailor-made training program.

- The objectives of the European Health Data Space (EHDS).

- The problems with the uneven implementation and interpretation of the GDPR Regulation, and the considerable legal uncertainties, resulting in barriers to secondary use of electronic health data.

- The EHDS as a domain-specific common European data space.

- Health-specific challenges to electronic health data access and sharing.

- The EHDS as part of the European Health Union.

- How the EHDS complements the Data Governance Act (that lays down conditions for secondary use of public sector data), and the Data Act (that enhances portability of certain user-generated data, that include health data), and provides more specific rules for the health sector.

- How the EHDS interacts with the NIS 2 Directive, that improves cybersecurity risk management and introduces reporting obligations across sectors such as energy, transport, health and digital infrastructure.

- Subject matter, scope and definitions of the EHDS regulation.

- The additional rights and mechanisms designed to complement the natural person’s rights provided under the GDPR in relation to their electronic health data.

- The obligations of health professionals in relation to electronic health data.

- The need for each Member State to have a digital health authority, responsible for monitoring the EHDS rights and mechanisms.

- The new common infrastructure "MyHealth@EU", that facilitates cross-border exchange of electronic health data.

- The mandatory self-certification scheme for EHR systems, and compliance with interoperability and security requirements.

- Compatibility of electronic health records for easy transmission of electronic health data between systems.

- The obligations of each economic operator of EHR systems.

- The labelling of wellness applications, interoperable with EHR systems.

- The EU database where certified EHR systems and labelled wellness applications will be registered.

- The secondary use of electronic health data, for research, innovation, policy making, patient safety or regulatory activities.

- Data types that can be used for defined purposes. Prohibited purposes.

- The implementation of "data altruism" in health.

- Duties and obligations of the health data access body, the data holders and the data users.

- Responsibilities for the health data access bodies and data users as joint controllers of the processed electronic health data.

- The secondary use of electronic health data, the costs, and the transparency of fees calculation.

- The secure processing environment, required to access and process electronic health data.

- The conditions and the information needed in the data request form for obtaining access to electronic health data.

- Conditions attached to the issuance of the data permit.

- Setting up and fostering cross-border access to electronic health data, so that a data user in one Member State can have access to electronic health data for secondary use from other Member States, without having to request a data permit from all these Member States.

- The cross-border infrastructure.

- The international access to non-personal data in the EHDS.

- The ‘European Health Data Space Board’ (EHDS Board) that facilitates the cooperation between digital health authorities and health data access bodies.

- The composition of the EHDS Board, and how it is organised and functioning.

- Joint controllership groups, tasked with taking decisions related to the cross-border digital infrastructure necessary, both for primary and secondary use of electronic health data.

- The European Health Data Space (EHDS) for non-EU healthcare providers.

- The other EU directives and regulations that affect healthcare providers.

- Closing remarks.

Target Audience, duration.

We offer a 60-minute overview for the board of directors and senior management of EU and non-EU healthcare providers, tailored to their needs. We also offer 4 hours to one day training for risk and compliance teams, responsible for the European Health Data Space (EHDS) and the other EU directives and regulations that affect the healthcare industry.

Delivery format of the training program

a. In-House Instructor-Led Training program - designed and tailored for persons working for a specific company or organization (Board members, executive management, risk managers and employees etc.). In all In-House Instructor-Led Training programs an instructor from Cyber Risk GmbH that is approved by the Client travels to the location chosen by the Client and leads the class according to the needs of the Client and the Contract.

b. Online Live Training program - synchronous (real time, not pre-recorded) training program that takes place in a live virtual meeting room using platforms like Zoom, Webex, Microsoft Teams etc. In all Online Live Training programs, instructors from Cyber Risk GmbH that are approved by the Client tailor the method of delivery (interactive, non-interactive, etc.) to the needs of the Client, lead the virtual class, and answer questions according to the needs of the Client and the Contract.

c. Video-Recorded Training program - professional, pre-recorded training program. Instructors from Cyber Risk GmbH that are approved by the Client tailor the training content according to the needs of the Client and the Contract, and they record the training content in a professional studio. The training material (including any subsequent updates) is licensed by Cyber Risk GmbH to the Client for training purposes. Clients can incorporate the recorded videos to their internal learning system. Video-Recorded Training programs include Orientation Video Training and Compliance Video Training programs.


Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials:

Cyber Risk GmbH, some of our clients