Webinar: 'The role of a European Health Data Space in a pandemic'

28 Apr 2020
14:00 - 15:30

 Report from the event

Opening remarks

  1. The COVID-19 crisis has shown us all the importance of having access to vital health data to track the disease, share learnings and treat and vaccinate against the disease. Speed is of the essence and we must take these learnings to ensure the EU can move fast now and be resilient in the near future for the next waves of the virus.
  1. COVID-19 is having a serious impact in the delivery of care to deal with other diseases, for example, by delaying surgeries. A key challenge for healthcare systems and organisations will be the “resuming” of the system. How could data help restart process in order to optimise the understanding of treatment needs and allocation/prioritisation in a more holistic way as opposed to doing it in silos?
  1. The EU has now committed to a European Health Data Space (EHDS) in the EC’s Data Strategy and the GDPR has provided a legal framework for the processing of health data including across borders. However, being a Member State competence there remain many different national rules that make health data sharing over EU borders difficult. In addition, interoperability is also seen as an obstacle.
  1. We have a (virtual) room full of experts to discuss and share with policymakers solutions, our own experiences on what is working and what we can do to ensure frontline care workers, secondary care workers, governments, research in academic and private sectors can use data to protect the spread, treat and create a vaccine against the virus. Hopefully setting us on a course for achieving a true EU-wide health data space.

Questions to explore:

  1. When can you see a European Health Data Space being a reality?
  2. What can the private sector do to help accelerate the process?
  3. How can we help the European Commission in its goals?
  4. What is the one thing EU governments should be focused on?
  5. Can the European Commission develop a COVID-specific guidance document on GDPR and personal health data? What is needed?
Read our recommendations on health data-processing

Speaker comments

  • Ioana-Maria Gligor
    Head of Unit, European Reference Networks and Digital Health, DG SANTE

    Key remarks 

    • Outline the work of the EC with its data strategy to create a health data space and advance recommendations made in February 2019 for cross EU border data flow.
    • The European Provide an overview of 3 workshops being held with Member States on processing primary and secondary health data to develop a study an recommend regulatory action (in particular CoC between Member States and Stakeholders).
  • Nigel Hughes
    Scientific Director Observational Health Data Analytics/Epidemiology, Janssen Research and Development AND Project Leader, European Health Data & Evidence Network (EHDEN)

    Key remarks 

    • Real world data is a challenge normally but is even more complicated during a pandemic. Health systems aren’t ready today to fully reap the benefits of data. There is unclarity on the interpretation of public and legitimate interest in the GDPR. Divergences exist on the legal basis for health data processing as well as the safeguards to apply. Cross-border research suffers from this fragmentation. A research initiative based on re-using health data for public/legitimate interest under the GDPR can be allowed in some countries but not in others, which require consent. This makes difficult for healthcare providers to share data with private entities, and for them to share precious clinical research data with partners in initiatives like IMI. We suffer from a lack of an adequate interpretation layer of GDPR, which impacts on the implementation layer, leaving ambiguity for all parties concerned, and we need a ‘plain language’ approach to respond to this
    • Most often we learn post hoc, but we need to have relevant and representative data to inform a whole cascade of decisions, from planning to clinical, today and not in many tomorrows. We also need to be prepared for the next wave of SARS-CoV-2/COVID-19 and inevitable epidemics/pandemics of other pathogens
    • International initiatives, such as South Korea’s COVID-19 Open Data Initiative, or the OHDSI COVID-19 study-a-thon need to be emulated across Europe asap, with a collective approach by Member States to at least aggregate relevant and representative data going forward vs. piecemeal initiatives and studies. We have not been in a position to utilise learning from the past, inclusive of e.g. understanding how best to repurpose drugs for COVID-19 therapy (and which became more politicised in the absence of and/or reliable data)
    • Trust is key for the success of research based on patient data. In the existing, fragmented data use context, a Code of Conduct would provide the necessary reassurances to patients on data use governance and safeguards. This would generate trust. It’s also crucial that patients are informed about the potential of health data re-use to drive health innovation, and that public-private partnerships advance much of today’s research. A good patient-awareness example is Data Saves Lives. It aims to create a multi-stakeholder dialogue on the responsible use of health data and good practices across Europe, which in turn will create a common basis for working appropriately with health data
    • Together with a Code of Conduct, we need federated data models to provide a new paradigm for the discovery and analysis of health data in Europe by building a large-scale, federated network of data sources standardized to a common data model. This is key to overcome health data access barriers in Europe. The European Health Data & Evidence Network (EHDEN) under an IMI aims to advance this paradigm. As health data is diversifying beyond EHR data per se, e.g. digital biomarkers, wearables, and the like, we need a wider framework to work with more holistic datasets within an appropriate code of conduct.
  • Nazar Rasul
    Head of Technology & Innovation Strategy, Siemens Healthineers

    Key remarks  

    • Expanding precision medicineWe believe that medicine will become more precise. However, medicine today is generally based on a “one-size-fits-all” practice, and where targeted therapies are possible, it is impractical to scale. The goal of expanding precision medicine is to provide the right treatment at the right time for every patient. Tailoring treatment starts with a highly-specific diagnosis without unwarranted variation. Based on data integrated from existing sources, adding genomics and radiomics enables a holistic understanding of the individual. These unique characteristics steer the personalization of treatment. A precise understanding of a patient’s condition is the most effective approach to deliver outcomes favorable to all stakeholders.
    • Improve diagnostic accuracyGenerating and integrating highly-specific and quantitative data lays the groundwork for accurate diagnosis. Amending the diagnostic process with new types of biomarkers, such as genomics and radiomics, and lifestyle components, creates a holistic understanding of the individual and the disease. Providing this information that has been curated for relevance, at the point of clinical decision-making, improves diagnostic accuracy.
    • Reduce unwarranted variationsBuilding best-practice standards along the continuum of care is a prerequisite for consistent, evidence-based care. The key levers for reducing variations are adapting to patients’ individual needs and reducing the subjectivity of operators and physicians. Correspondingly, automation and assisted decision-making based on reproducible technology activate these levers to create consistent diagnostic results. Steady, iterative improvements using this approach effectively reduce unwarranted variations.
    • Personalize when it mattersWhen personalizing treatment strategies, a precise understanding of a patient’s condition at the point of decision is essential. Information from imaging technologies, lab testing, and genomics delivers specifics of both the patient and the disease that are necessary for tailoring therapy. Further, monitoring treatment efficacy ensures continuous delivery of appropriate care. Personalizing treatment when it matters delivers safer, more effective therapy while saving costs.
    • Advance therapy outcomesMany opportunities to enhance therapy precision lie in the integration of imaging and treatment delivery. Therapeutic procedures from surgery to radiation oncology rely on integrated real-time or multimodal image guidance and robotic assistance. This facilitates minimally and non-invasive interventions that support faster recovery and create fewer complications. This enables healthcare providers to advance therapy outcomes and make treatment safer, faster and less costly.
    • Data ownership – patients apps, owned and controlled by each individual citizen
    • New forms of collaboration between various stakeholders (research between HC providers and industry (MedTech, digital, biotech, etc.)
    • Decentralized data handling and storing with clear rules and guidance
    • Federated learning for use of AI in health and clinical decision making
  • Bert Verdonck
    Business Leader, Population Health Management International, Philips

    Key remarks

    • Scalability: There have been many challenges in the past to exchange data at scale between Members States, across regions and between healthcare providers. There have been many attempts and initiatives (many were EU funded) that achieved success in a pilot stage but were unable to scale up to create significant societal impact. A public data space should create the possibility to scale to national and international levels. The COVID crisis demonstrates the blatant need for such scalable data sharing infrastructures. For example: in The Netherlands Philips worked on a data sharing initiative between intensive care units for patients who had to relocate to other hospitals. But it remains difficult to share information between care centres for recovering patients (university, speciality, first line, home care).
    • Standardisation: AI becomes much more powerful if we have a common, structured language. For example: there was a lack of coordination to rapidly standardise relevant vital signs and symptoms for the COVID pandemic. If these ontologies would have been available, then vital information could have been collected, analysed and shared in a much earlier phase. Philips has proposed a governance or data trust structure to enable the setup of data exchanges. There are many national standardisation initiatives in the healthcare domain, but it remains hard to select and setup an effective governing organisation. The COVID crisis demonstrated that sharing infection data across borders was very difficult and everyone fell back on national systems. We need a pan-European data trust authority, a kind of Interpol for health data. Such EU level data trust could then facilitate the different national systems to ensure data can be shared quickly and effectively.
  • Frank Baitman
    Global Head, Compliance and Strategy, Digital Health Technologies, Roche

    Key remarks

    • Provide an international perspective and experiences of data sharing and processing challenges. Provide a perspective from Roche in its activities during the COVID-19 crisis.
    • Provide a perspective on the clarity needed for standards used in data sharing. The focus should be on openness to encourage data to be shared and are technologically neutral.
    • There have been several regimes for data protection. In the US HIPPA (Health Insurance Portability and Accountability Act) predates technology of today but was valuable to communicate to health workers and citizens the need for privacy, protecting data and the penalties for any breaches or infringements. GDPR also plays a valuable role but both regimes are not future proof and there is a need to see where it falls short and where it needs to adapt.
    • Data standards need to be updated to ensure data can cross not only borders in the EU but internationally as the virus sees no borders.
  • Cornelia Kutterer
    Senior Director European Government Affairs, AI, Privacy, Digital Policies, Microsoft

    Key remarks

    • Brief overview of the digital tools that customers on the frontlines of the COVID-19 response are deploying in Europe.
    • Perspectives on the technical and regulatory obstacles that limited the establishment of health data ecosystems in Europe: silos, lack of legal certainty and trust.
    • Perspectives on the technical solutions as well as the policy and regulatory initiatives that can help establishing a thriving health data culture and ecosystems in view of the European Health Data Space: establishing data interoperability standards, open data initiatives, trust and harmonization of GDPR’s interpretation vis-à-vis the processing of personal health data for secondary use.
    • Lessons learnt from the Covid-19 crisis in view of the establishment of the European Health Data Space
  • Mario Romao
    Global Director for Health IT Policy, Intel

    Key remarks

    • Outline early findings from a study Intel has sponsored with the Israel Tech Policy Institute to compare regulatory regimes for accessing health data for research. Phase 1 is completed and recommends:
      • Move beyond consent as grounds for non–interventional secondary use of health data (e.g. public interest, research).
      • Protect health data with a mix of de-identification (pseudonymisation, anonymisation, aggregation), processing controls (e.g. data use agreements, reference methodologies) and safeguard procedures as an internal ethical review board.
      • Foster technical solutions to safeguard patient’s data for secondary use.
Speakers BIOs

Notes from Q&A session

  • Question: What actions do you believe are necessary at EU level to support access to data for research purposes across EU borders? Should this be addressed through hard law or soft law measures such as a Code of Conduct?
    • Response: It is important that we ensure consistent harmonization and implementation of law that is already in application, we do not need new laws. Organisations need to be clearly informed, in simple language what they can and cannot do, avoiding ambiguity. The GDPR is robust enough and is a solid framework for Authorities to build upon, we just need consistency amongst Member States.

In addition, what is also equally important to a consistent interpretation of the rules, is the need for a social consensus, what are we looking to achieve and what are the means to reach this goal. This consensus in some respects is more significant than any law.


  • Question: In the context of COVID, what is your experience with special systems/rules that have been put in place to facilitate patient access to care (eg through telemedicine, telemonitoring), but also to data concerning them and data portability? Did you see any problems in cross-border context in these areas? What action do you believe is needed at EU level in this area?
    • Response: Having a ‘codex of rules’ is very much needed for industry to be able to comfortably operate across borders, the fragmentation in the EU creates difficulties for cross-border operations. In addition, clarity on governance structures need to be made more widely available, as it must be reminded that the COVID-19 is not a static issue but one that has highlighted the difficulties for cross-border solutions.

In addition, it must be emphasised, focusing on tracing solutions, that we need to be extremely vigilant on the risks to citizens’ rights, especially in terms of surveillance.


  • Question: Digital Twin AI project seems to be great, but Member States are taking too much time to get an agreement re a very simple pan-European tracing COVID app based on Bluetooth. Public opinion and policy makers in several MS are probably not yet ready to move faster. Data Protection Authorities still do have strong reserves (e.g. French CNIL re the tracing COVID app). Data ownership is key. How to educate people and get them onboard?
    • Response: We all need to support and advocate for a wider ‘public health campaign’ that will be able to showcase the immense benefit any digital solution has on society and in particular with the current-19 crisis.

 Additional Background

  1. Common European Health Data Space (EHDS):

The current regulatory and research models rely on access to health data, including individual level data from patients. Strengthening and extending the use and re-use of health data is critical for innovation in the healthcare sector. It also helps healthcare authorities to take evidence-based decisions to improve the accessibility, effectiveness, and sustainability of the healthcare systems. It also contributes to the competitiveness of the EU’s industry. Better access to health data can significantly support the work of regulatory bodies in the healthcare system, the assessment of medical products and the demonstration of their safety and efficacy.

The Commission will:

  • Develop sector-specific legislative or non-legislative measures for the European health data space, complementing the horizontal framework of the common data space. Take measures to strengthen citizens’ access to health data and portability of these data and tackle barriers to cross-border provision of digital health services and products
  • Facilitate the establishment, in accordance with Article 40 of the GDPR, of a Code of Conduct for processing of personal data in health sector. These actions will build upon an ongoing mapping of the use of personal health data in Member States and the results of the Joint Action in the context of the Health programme (2020-2023)
  • Deploy the data infrastructures, tools and computing capacity for the European health data space, more specifically support the development of national electronic health records (EHRs) and interoperability of health data through the application of the Electronic Health Record Exchange Format. Scale up cross-border exchange of health data; link and use, through secure, federated repositories, specific kinds of health information, such as EHRs, genomic information (for at least 10 million people by 2025), and digital health images, in compliance with the GDPR. Enable the exchange of electronic patient summaries and ePrescriptions between 22 Member States participating in the eHealth Digital Service Infrastructure (eHDSI) by 2022; start cross-border electronic exchanges through eHDSI of medical images, laboratory results and discharge reports and enhance the virtual consultation model and registries of European Reference Networks; support big data projects promoted by the network of regulators. These actions will support prevention, diagnosis and treatment (in particular for cancer, rare diseases and common and complex diseases), research and innovation, policy-making and regulatory activities of Member States in the area of public health.
  1. Data processing:

80% of health data remains unstructured and untapped after it is created.1 In addition there remains for the EU as a whole issues in understanding the use of consent in processing secondary data for research. We need decisive EU action to harmonise conditions for health-data processing across Member States and provide clarity where needed. This is fundamental to creating a Common European Health Data Space. COVID-19, for example, has reminded us that access to health data for scientific research is still subject to various rules and interpretations in the EU. The European Union is best placed to show global leadership with its strong data protection rules such as the GDPR and experience in driving a single market of 27 connected health ministries in the Member States. It needs to accelerate data sharing across borders and to address fragmentation to boost health innovation.

DIGITALEUROPE recommends to:

  • Create an EU Code of Conduct on the primary and secondary use of health data
  • Harmonise different Member State rules governing health data to include:
    • Establishing a one-stop-shop in each Member State to facilitate the secondary use of health data while preserving patient trust
    • Issuing EDPB guidance on GDPR interpretation by national Data Protection Authorities (DPAs)
    • Aligning local and national healthcare regulations with the GDPR to remove inconsistencies, fragmentation and accelerate
  1. Other:

For more information please contact:
Ray Pinto
Senior Director for Digital Transformation Policy
Our similar past events
Presidency Summit in Budapest
European Parliament
Technology and Ukraine: Lessons from the Front Line
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.