Annexes to COM(2022)197 - European Health Data Space - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2022)197 - European Health Data Space.
document	COM(2022)197
date	February 11, 2025

ANNEX I

Main characteristics of priority categories of personal electronic health data for primary use

Electronic health data category

Main characteristics of electronic health data included under the category

1.	Patient summaries

Electronic health data that include significant clinical facts related to an identified natural person and that are essential for the provision of safe and efficient healthcare to that person. The following information is part of a patient summary:

1.	Personal details.

2.	Contact information.

3.	Information on insurance.

4.	Allergies.

5.	Medical alerts.

6.	Vaccination/prophylaxis information, possibly in the form of a vaccination card.

7.	Current, resolved, closed or inactive problems, including in an international classification coding.

8.	Textual information related to medical history.

9.	Medical devices and implants.

10.	Medical or care procedures.

11.	Functional status.

12.	Current and relevant past medicines.

13.	Social history observations related to health.

14.	Pregnancy history.

15.	Patient-provided data.

16.	Observation results pertaining to the health condition.

17.	Plan of care.

18.	Information on a rare disease, such as details about the impact or characteristics of the disease.

2.	Electronic prescriptions

Electronic health data constituting a prescription for a medicinal product as defined in Article 3, point (k), of Directive 2011/24/EU.

3.	Electronic dispensations

Information on the supply of a medicinal product to a natural person by a pharmacy based on an electronic prescription.

4.	Medical imaging studies and related imaging reports

Electronic health data related to the use of or produced by technologies that are used to view the human body in order to prevent, diagnose, monitor or treat medical conditions.

5.	Medical test results, including laboratory and other diagnostic results and related reports

Electronic health data representing results of studies performed in particular through in vitro diagnostics such as clinical biochemistry, haematology, transfusion medicine, microbiology, immunology and others, and including, where relevant, reports supporting the interpretation of the results.

6.	Discharge reports

Electronic health data related to a healthcare encounter or episode of care and including essential information about admission, treatment and discharge of a natural person.

ANNEX II

Essential requirements for the harmonised software components of EHR systems and for products for which interoperability with EHR systems has been claimed

The essential requirements laid down in this Annex shall apply mutatis mutandis to medical devices, in vitro diagnostic medical devices, AI systems and wellness applications claiming interoperability with EHR systems.

1. General requirements

1.1.

The harmonised software components of an EHR system shall achieve the performance intended by its manufacturer and shall be designed and manufactured in such a way that, during normal conditions of use, they are suitable for their intended purpose and their use does not put at risk patient safety.

1.2.

The harmonised software components of the EHR system shall be designed and developed in such a way that the EHR system can be supplied and installed, taking into account the instructions and information provided by the manufacturer, without adversely affecting its characteristics and performance during its intended use.

1.3.

An EHR system shall be designed and developed in such a way that its interoperability, safety and security features uphold the rights of natural persons, in line with the intended purpose of the EHR system, as set out in Chapter II.

1.4.

The harmonised software components of an EHR system that is intended to be operated together with other products, including medical devices, shall be designed and manufactured in such a way that interoperability and compatibility are reliable and secure, and personal electronic health data can be shared between the device and the EHR system in relation to those harmonised software components of an EHR system.

2. Requirements for interoperability

2.1.

Where an EHR system is designed to store or intermediate personal electronic health data, it shall provide an interface enabling access to the personal electronic health data processed by it in the European electronic health record exchange format, by means of the European interoperability software component for EHR systems.

2.2.

Where an EHR system is designed to store or intermediate personal electronic health data, it shall be able to receive personal electronic health data in the European electronic health record exchange format, by means of the European interoperability software component for EHR systems.

2.3.

Where an EHR system is designed to provide access to personal electronic health data, it shall be able to receive personal electronic health data in the European electronic health record exchange format, by means of the European interoperability software component for EHR systems.

2.4.

An EHR system that includes a functionality for entering structured personal electronic health data shall enable the entry of data with sufficient granularity to enable the provision of the entered personal electronic health data in the European electronic health record exchange format.

2.5.

The harmonised software components of an EHR system shall not include features that prohibit, restrict or place an undue burden on authorised access, personal electronic health data sharing or use of personal electronic health data for permitted purposes.

2.6.

The harmonised software components of an EHR system shall not include features that prohibit, restrict or place an undue burden on authorised exporting of personal electronic health data for the reasons of replacing the EHR system by another product.

3. Requirements for security and logging.

3.1.

An EHR system designed to be used by health professionals shall provide reliable mechanisms for the identification and authentication of health professionals.

3.2.

The European logging software component of an EHR system designed to enable access by healthcare providers or other individuals to personal electronic health data shall provide sufficient logging mechanisms that record at least the following information on every access event or group of events:

(a)	identification of the healthcare provider or other individuals having accessed the personal electronic health data;

(b)	identification of the specific natural person or persons having accessed the personal electronic health data;

(c)	the categories of data accessed;

(d)	the time and date of access;

(e)	the origin or origins of data.

3.3.

The harmonised software components of an EHR system shall include tools or mechanisms to review and analyse the log data, or it shall support the connection and use of external software for the same purposes.

3.4.

The harmonised software components of an EHR system that store personal electronic health data shall support different retention periods and access rights that take into account the origins and categories of electronic health data.

ANNEX III

Technical documentation

The technical documentation referred to in Article 37 shall contain at least the following information, as applicable to the harmonised software components of an EHR system in the relevant EHR system:

A detailed description of the EHR system including:

(a)	its intended purpose, and the date and version of the EHR system;

(b)	the categories of personal electronic health data that the EHR system has been designed to process;

(c)	how the EHR system interacts or can be used to interact with hardware or software that is not part of the EHR system itself;

(d)	the versions of relevant software or firmware and any requirement related to version update;

(e)	the description of all forms in which the EHR system is placed on the market or put into service;

(f)	the description of hardware on which the EHR system is intended to run;

(g)

a description of the system architecture explaining how software components build on or feed into each other and integrate into the overall processing, including, where appropriate, labelled pictorial representations (e.g. diagrams and drawings), clearly indicating key parts or software components and including sufficient explanation to understand the drawings and diagrams;

(h)

the technical specifications, such as features, dimensions and performance attributes, of the EHR system and any variants or configurations and accessories that would typically appear in the product specification made available to the user, for example in brochures, catalogues and similar publications, including a detailed description of the data structures, storage and input/output of data;

(i)	a description of any change made to the system throughout its lifecycle;

(j)	the instructions for use for the user and, where applicable, installation instructions.

2.	A detailed description of the system in place to evaluate the EHR system performance, where applicable.

3.	The references to any common specification used in accordance with Article 36 and in relation to which conformity is declared.

4.	The results and critical analyses of all verifications and validation tests undertaken to demonstrate conformity of the EHR system with the requirements laid down in Chapter III, in particular the applicable essential requirements.

5.	A copy of the information sheet referred to in Article 38.

6.	A copy of the EU declaration of conformity.

ANNEX IV

EU declaration of conformity

The EU declaration of conformity for the harmonised software components of an EHR system shall contain all of the following information:

1.	The name of the EHR system, version and any additional unambiguous reference allowing identification of the EHR system.

2.	Name and address of the manufacturer or, where applicable, its authorised representative.

3.	A statement that the EU declaration of conformity is issued under the sole responsibility of the manufacturer.

A statement that the EHR system in question is in conformity with the provisions laid down in Chapter III and, if applicable, with any other relevant Union law that provides for the issuing of an EU declaration of conformity, complemented by the result from the testing environment mentioned in Article 40.

5.	References to any relevant harmonised standards used and in relation to which conformity is declared.

6.	References to any common specifications used and in relation to which conformity is declared.

7.	Place and date of issue of the declaration, signature plus name and function of the person who signed and, if applicable, an indication of the person on whose behalf it was signed.

8.	Where applicable, additional information.

ELI: http://data.europa.eu/eli/reg/2025/327/oj

ISSN 1977-0677 (electronic edition)