TEHDAS2 details how to manage access to health data under the EHDS
A new TEHDAS2 guideline provides operational guidance for health data access bodies (HDABs) on processing data access applications and requests for the secondary use of electronic health data under the European Health Data Space (EHDS).
The document outlines how HDABs can manage both requests for anonymised statistical data and applications for access to individual-level data through secure processing environments (SPEs), covering the full application lifecycle from receipt and pre-screening to decision-making and follow-up.
A clear workflow for EHDS data access
The guideline translates regulatory requirements into concrete steps to support consistent implementation of the EHDS Regulation.
It distinguishes clearly between the pre‑screening phase, where the HDAB verifies that all mandatory information has been submitted in the required format, and the substantive assessment phase, where the application is evaluated against the legal criteria for granting access. This separation helps ensure legal clarity, avoids premature judgements on project quality and supports efficient handling of applications.
In addition, the guideline describes the operational steps that follow a decision, such as data extraction, secure and transparent data sharing, continuous compliance monitoring and administrative follow‑up.
Across these stages, the guideline also supports coordination between HDABs, health data holders and users, while helping HDABs manage procedural time frames set out in the EHDS Regulation.
“The goal was to give HDABs clear, practical guidance they can apply in day-to-day decision-making under the EHDS, making sure all the mandatory aspects are properly considered,” said Rosa Juuti, Senior Specialist at Findata and lead author of the guideline. “By clarifying workflows and responsibilities, the guideline supports consistent and transparent practices across Member States, helping to ensure a fair process for all applicants.”
Guidance for different data access scenarios
The guideline addresses a range of data access situations that HDABs may encounter in practice. It includes guidance for multi-country applications submitted through the HealthData@EU central platform, simplified procedures when data comes from a single trusted data holder and projects that combine EHDS data with other datasets.
Safeguards for secure and lawful secondary use
In line with the EHDS Regulation and the General Data Protection Regulation (GDPR), the guideline outlines safeguards to protect personal data, trade secrets and intellectual property. For example, it explains how identified risks must be addressed through specific safeguards, such as restricting access to individual‑level data to approved SPEs and limiting permits to the data needed for the stated purpose.
This non-binding guideline reflects expert input from TEHDAS2 partners as well as feedback received through a public consultation. It combines EHDS‑mandated actions with recommended operational practices to support consistent early-stage implementation and complements other TEHDAS2 outputs on topics such as data minimisation, SPEs, permitted purposes and international access.
Download document: Guideline for health data access bodies on the procedures and formats for data access
A summary of the comments received during the public consultation and how they were addressed is available in the annex.
Key recommendations stemming from the work
For Member States
- Ensure all steps and actions mandated by the EHDS are properly addressed in the national processes.
- Decide on elements and processes left to national discretion.
For the European Commission
- Utilise the guideline and its annexes on application form as well as decision templates in the regulatory committee’s work on the implementing act under Article 70 of the EHDS.
- Provide further guidance and specifications by the EHDS Board on permit amendments and issues encountered during application processing (e.g. prolonged applicant inactivity).
- Provide non-binding standard contractual templates needed between health data holders and health data users in cases where the granted permit/approval concerns data protected by IPR, trade secrets or covered by the regulatory data protection rights.
Share away!