Half of EU has no rules for s…

Half of EU has no rules for security of ehealth records

Published on: 18/12/2014

Half of the European Member States have no rules for institutions hosting and managing electronic health records (EHRs), according to a study published by the European Commission on 3 December. These Member States instead rely on common data security requirements.

Electronic Health Records are part of an interoperable infrastructure that allows different healthcare providers to access and update patient health data records. Sharing this information facilitates patient care.


Member States could do more to shore up security of electronic health records, the report concludes. “The authorisation procedure to host and process EHRs is, in the vast majority of countries, the same as to host and process other data. Only a minority of the countries has set specific auditing requirements for institutions hosting and managing EHRs.”

Formats and protocols

The report makes 20 recommendations to Member States and the EU, concentrating on laws and policies that should make EHRs possible, and to support cross-border exchange of health data. The first recommendation is that EHR systems used by health care providers should have a minimum level of interoperability, to allow sharing of information. A second recommendation is for a European-wide agreement on technical aspects, including for example, exchange formats, protocols and end-to-end security.

The European Commission’s Directorate General for Health and Consumers on 3 December also published country studies, which constitute a second part of the research project. These studies provide an overview of the legal requirements for EHRs and report on the current state of affairs.


More information:

Final report and recommendations (pdf)
Overview of the national laws on electronic health records in the EU Member States
Announcement by DG Connect
DG Connect’s eHealth studies