Aller au contenu principal

EHDS Compliance

TietAI provides built-in support for the European Health Data Space (EHDS Regulation 2025/327), covering both primary use (patient care) and secondary use (research, public health, policy-making) of health data across EU member states.

What is EHDS?

The European Health Data Space regulation mandates that health data be accessible across EU member states in standardized formats. It defines:

  • Primary use (Art. 48) — Patients and healthcare providers can access and share electronic health records across borders using standardized formats
  • Secondary use (Art. 49) — Researchers, public health authorities, and policymakers can request access to pseudonymized health data for approved purposes through Health Data Access Bodies (HDABs)

TietAI implements the technical infrastructure required for both use cases.

HealthDCAT-AP catalogue

TietAI's EHDS service implements the HealthDCAT-AP Release 5 metadata standard for health data cataloguing. This provides:

  • Dataset registration — Register health datasets with standardized metadata including title, description, keywords, spatial and temporal coverage, and medical coding systems
  • Three-tier access model — Classify datasets as Public, Restricted, or Non-Public to control discoverability and access
  • Medical coding validation — Validates coding systems referenced in datasets: ICD-10, SNOMED CT, LOINC, ATC, ICPC-2, HPO, and OMOP CDM
  • SHACL compliance validation — All catalogue entries are validated against SHACL (Shapes Constraint Language) rules to ensure HealthDCAT-AP conformance
  • Federation — Catalogue metadata can be federated to the HealthData@EU infrastructure for cross-border discoverability

Art. 51 health category classification

Datasets must be classified under Art. 51 health data categories. TietAI enforces this classification at registration time:

CategoryExamples
Electronic health recordsPatient demographics, conditions, medications, procedures
Claims and reimbursement dataInsurance coverage, claims, explanations of benefit
Disease registriesCancer registries, rare disease registries
Genomic dataGenetic test results, whole genome sequences
Public health dataCommunicable disease surveillance, vaccination records
Clinical trial dataTrial protocols, outcomes, adverse events
Medical device dataWearable readings, IoT vitals, CGM data
Health survey dataPopulation health surveys, lifestyle questionnaires

For datasets containing personal health data, TietAI requires documented GDPR legal basis before the dataset can be shared for secondary use. Supported legal bases:

  • Consent (Art. 6(1)(a) / Art. 9(2)(a))
  • Public interest (Art. 6(1)(e) / Art. 9(2)(i))
  • Scientific research (Art. 9(2)(j))
  • Health system management (Art. 9(2)(h))

The legal basis is recorded as part of the dataset metadata and is visible to data requestors.

Health Data Access Body (HDAB) integration

For Non-Public datasets, access requests are governed by Health Data Access Bodies. TietAI supports the HDAB workflow:

  1. Researcher submits data permit application — Specifies purpose, legal basis, data minimization approach, and processing environment
  2. HDAB reviews — Evaluates the application against Art. 49 criteria
  3. Permit granted or denied — Decision recorded with audit trail
  4. Data provisioning — If approved, pseudonymized data is made available in a secure processing environment

Citizen opt-out

Under EHDS, citizens have the right to opt out of secondary use of their health data. TietAI provides:

  • Opt-out portal — Patients can register their opt-out preference through the DAAMS citizen portal
  • Enforcement — Opt-out preferences are checked at data extraction time; opted-out records are excluded from secondary use datasets
  • Audit trail — All opt-out registrations and enforcement actions are logged

Cross-border data sharing

TietAI supports cross-border health data exchange through:

  • International Patient Summary (IPS) — Generate IPS bundles from any patient record, which is the cross-border format required by EHDS for primary use
  • FHIR R4 compliance — All patient data stored in FHIR R4 format, the standard mandated by EHDS
  • National Contact Point (NCP) messaging — Support for NCP cross-border message exchange for primary use scenarios
  • Audit logging — All cross-border data access is logged in FHIR AuditEvent format with SHA-256 integrity verification

Audit and compliance verification

TietAI maintains an immutable audit chain for all EHDS-related operations:

  • SHA-256 hash chain — Every audit entry is cryptographically linked to the previous entry, preventing tampering
  • FHIR AuditEvent format — Audit logs follow the FHIR AuditEvent resource specification
  • Exportable — Audit logs can be exported for regulatory review
  • SLA compliance dashboard — Monitor compliance metrics, data access response times, and permit processing status

Configuration

EHDS features are enabled per organization by a Platform Manager or Admin.

  1. Go to Settings → Compliance → EHDS
  2. Enable EHDS Mode for your organization
  3. Configure:
    • Default access tier — Public, Restricted, or Non-Public
    • HDAB endpoint — URL of your national Health Data Access Body
    • NCP endpoint — URL for cross-border National Contact Point messaging
    • Citizen opt-out — Enable or disable the opt-out portal
  4. Click Save
remarque

EHDS compliance is a shared responsibility. TietAI provides the technical infrastructure, but your organization must configure appropriate consent workflows, data governance policies, and HDAB integration. Consult your Data Protection Officer (DPO) and national HDAB for guidance.