European parliament seeks harmonised approach to health data sharing

Finding a compromise on EU pharmaceuticals reform before June’s European elections may prove to be impossible, but there is still hope for another key piece of health legislation, the European Health Data Space (EHDS).

Trilogue negotiations have begun after the Parliament adopted its position on 13 December, with the next round of talks expected to take place at the end of January. These will need to iron out disagreements around patient consent and the timeline for implementation.

The plan is to set up a secure infrastructure and common standards for sharing health data across the bloc. This would facilitate the primary use of data, supporting data exchanges between healthcare providers within countries and across borders and the secondary use of data by researchers and policymakers.

Under the plans, researchers and companies will require a permit from a national health data access body, to be set up in each member state, granting access to non-identifiable data for approved research projects.

During debates in Parliament, both opt-in and opt-out possibilities were weighed up as a way to give patients more control over their health records. Shadow rapporteurs proposed requiring patients to give consent each time their data are used, but this “would destroy the whole system”, co-rapporteur Tomislav Sokol (EPP) said following the vote in December.

MEPs finally settled on an opt-out option, requiring explicit consent only for certain sensitive types of data, such as genetic and genomic information.

The Council also backs an opt-out system. The question of whether each member state can define how it implements that option will be a “major issue” during negotiations, Sokol said. He believes a harmonised approach is necessary to ensure the pool of data available for research is representative of the EU as a whole.

Rare diseases

However the issue of consent is handled there is still need for more discussion around security safeguards when it comes to de-identifying data, says Jelena Malinina, data director at the rare diseases patient group EURORDIS.

“These are just buzzwords. For the moment, there is no clear methodology on what is considered strong anonymisation or pseudonymisation,” she said.

Surveys by EURORDIS show rare disease patients are overwhelmingly in favour of data sharing, but they are less willing to share their data for commercial purposes.

A better balance is needed between innovation and patient rights, Malinina said. Rare disease patients or their parents are often willing to do anything to promote research. “When we are healthy, we are much more privacy oriented,” she said.

Despite these reservations, the proposal represents a “great advancement.” Common standards for data processing should increase data quality and make it more accessible for a variety of purposes.

This is particularly important in the case of rare diseases, where the small patient populations mean there is limited expertise and often people wait years for a diagnosis. It also means there could be enough patients to run properly powered clinical trials of drugs and devices.

The main issue currently is that the way data is encrypted and processed is not harmonised across the EU, making cross-border data sharing difficult. It is crucial that the new standards are mandatory, “otherwise, there is no point to this law,” Malinina said.

She warned that member states will continue to have significant freedom to decide how to organise research, particularly for genetic data. “This is at times linked with national security, which is 100% a competence of the member states.”

Increased data sharing could make drug development more efficient, by reducing the need to replicate failed clinical trials, said Alexander Natz, secretary general of the European Confederation of Pharmaceutical Entrepreneurs (EUCOPE). “A lot of those failures are also due to the fact that we were not able to learn from the mistakes of others,” he said.

Data protection rules need to provide more flexibility for research purposes, he added, while the EHDS should provide a solution to a lack of infrastructure and interoperability when it comes to sharing data.

MEPs inserted an amendment saying the use of real-world data gathered after a drug has been approved should be encouraged. Natz says this is also crucial.

A compromise will need to be found on the timeline. The Council wants to allow five to seven years for registering data after a two-year implementation period, meaning the EHDS would only be fully operational nine years after its adoption, which is too long in the Parliament’s view.

Malinina though argues nine years is not so long for such an “enormous change to the system”, which will require significant time and resources and changes to national laws as countries adapt to the new standards. She says practical details such as which third party will certify the electronic health record systems, and whether they have the resources to do so, will make or break the EHDS.

The Council text also includes a provision allowing member states to impose additional limitations on the primary use of data in cross-border situations, which Sokol claims is contrary to freedom of movement and which could stand in the way of a quick agreement.