The European Health Data Space (EHDS): From Regulation to Reality

The European healthcare landscape is undergoing its most significant digital transformation in decades. We are moving away from a fragmented era where health data was locked within the walls of individual hospitals and national borders. In its place, the European Health Data Space (EHDS) is emerging, a unified digital ecosystem designed to give patients control over their data and unleash its potential for research and innovation.

For healthcare providers, software vendors, and policymakers, this is not merely a technological upgrade; it is a fundamental shift in legal and operational reality. As of March 2025, the EHDS regulation entered into force, triggering a mandatory transition period that will reshape the market.

1. The regulatory force: A unified law

Unlike previous EU directives that allowed member states to interpret rules loosely, the EHDS is a regulation. This means it is directly applicable law in all member states immediately, without the need for separate national implementation legislation.
The implications are profound. Whether you are a hospital in Belgium or a clinic in Italy, the rules for how health data is recorded, shared, and protected are now harmonized at the EU level.

2. The implementation timeline: The clock is ticking

While the full operational deadline seems distant, the path to compliance involves several critical milestones that organizations must track immediately.

• March 2023: Belgium passed the law establishing the Belgian Health Data Agency (HDA), laying the national groundwork for EHDS governance.
• Early 2024: The HDA was officially launched to coordinate interoperability standards and secure data environments.
• March 2025: The EHDS Regulation officially came into force, making it directly applicable law across the EU.
• 2025 – 2027: The European Commission will adopt detailed implementation acts. These will specify the exact technical standards and specifications required for compliance.
• 2029: The deadline for operational readiness. By this date, first priority data exchanges, specifically Patient Summaries and ePrescriptions must be fully functional and exchangeable across borders.

3. The two pillars of EHDS: Primary and secondary use

To navigate this landscape, organizations must distinguish between the two distinct "pillars" of the regulation.

Primary use (EHDS1): Better care across borders

The first pillar focuses on the direct delivery of healthcare. It guarantees that a patient's essential health data follows them wherever they go in the EU.

• The Scenario: If a Belgian citizen falls ill while vacationing in Italy, the treating Italian doctor must be able to view the patient's history.
• The Requirement: This requires systems to be "interoperable by design." Clinicians must conform to specified data formats to provide access based on patient consent.
• The Priority Categories: To enable this, the EU has defined the European Electronic Health Record Exchange Format (EEHRxF). Systems must legally handle six core data types:
  • Patient Summaries: Allergies, vaccinations, and vital history.
  • ePrescriptions: Allowing medication prescribed in one country to be dispensed in another.
  • Laboratory Results: Structured lab reports using standard codes.
  • Discharge Reports: Summaries generated when a patient leaves a hospital.
  • Medical Images & Reports and eDispensations are also key categories.

Secondary use (EHDS2): Research and innovation

The second pillar unlocks the societal value of health data. It mandates that health data be made available for research, innovation, and policy-making under strictly controlled conditions.

• The Mechanism: Each Member State must designate a Health Data Access Body (HDAB) to manage this. In Belgium, the Health Data Agency (HDA) fulfills this role, governing access with strict privacy and transparency.
• The Goal: This allows researchers to access anonymized datasets to develop new medicines or train AI models without compromising individual privacy.

4. The fragmentation challenge: Overcoming data silos

While the legal mandate is clear, the technical landscape remains deeply fragmented. Healthcare data in Europe is currently trapped in disconnected silos, where incompatible systems and proprietary formats make direct communication impossible.

In Belgium alone, hospitals use a variety of Electronic Health Record (EHR) systems ranging from KWS to Cerner to Chipsoft. These systems often record the same clinical concept in completely different ways:

• Unit Mismatch: One hospital might record blood pressure in mmHg, while another uses kPa.
• Coding Mismatch: One system might use a local code for an allergy, while another uses an international standard.

Without a translation layer, a patient's summary from Ghent is unintelligible to a doctor in Rome. To fix this, the EHDS mandates the use of specific international standards:

• HL7 FHIR (Fast Healthcare Interoperability Resources): The standard for exchanging health data.
• SNOMED CT & LOINC: The standard "vocabularies" for clinical terms and lab results.

5. The solution: A unified platform strategy with WSO2

Replacing every hospital system to meet these new standards is financially and operationally impossible. Instead, forward-thinking organizations are adopting a Unified Platform strategy. Comprehensive technology platforms like WSO2 provide the necessary infrastructure to bridge the gap between legacy systems and the new EHDS requirements without a full "rip and replace".

The integration layer: Making data speak one language

WSO2's technology acts as a translation engine sitting on top of existing hospital records.

• Data Transformation: It ingests data from legacy systems (using older standards like HL7 v2 or CDA) and automatically transforms it into the mandatory FHIR format.
• Terminology Resolution: It maps diverse local codes into the required European standards (SNOMED CT, LOINC), ensuring that "blood pressure" means the same thing to every machine.
• Belgium Profile Alignment: Specifically for Belgium, WSO2 helps map national datasets to the "Belgium Profiles" of FHIR, aligning with the HDA's metadata frameworks.

The API management layer: Secure "gates" for data

Once data is standardized, it must be shared securely. WSO2 provides an API Management layer that acts as the "gatekeeper".

• Secure Access: It exposes data via secure FHIR APIs, allowing authorized doctors and patient apps to access records.
• Consent and Governance: It strictly enforces patient consent and access control rules. If a patient opts out of sharing certain data, the API layer blocks it.
• SMART on FHIR: It supports the "SMART on FHIR" standard, enabling a new generation of patient-facing apps to plug securely into hospital systems.

The secondary use pipeline: Automated research data

For the "Secondary Use" pillar, WSO2 automates the complex process of preparing data for research.

• Bulk Export: Using "FHIR Bulk APIs," the system can efficiently extract large volumes of data from hospital records.
• Anonymization: Crucially, it filters and transforms this data to remove patient identities before it leaves the secure environment, ensuring compliance with GDPR and EHDS privacy rules.
• Data Lakes: This clean, anonymous data is then pushed to government data lakes or the HealthData@EU infrastructure for population health analysis.

6. Action plan for healthcare organizations

Waiting for the 2029 deadline is a strategy for failure. To reach compliance without disrupting clinical operations, hospitals and health IT vendors should follow a phased action plan today:

1. Conduct a "Data Gap" Analysis: Audit your current systems against the six "Priority Data Categories" defined by the EHDS. Identify where your current data is unstructured (free text) versus structured.
2. Adopt the "Lingua Franca" of Health: Stop building new interfaces in proprietary formats. Mandate that all new internal developments require HL7 FHIR for data exchange and map clinical dictionaries to SNOMED CT and LOINC.
3. Deploy an Integration Layer: Do not attempt to rewrite your core EHR. Implement an integration layer (like WSO2) that acts as a "digital wrapper" around your legacy systems to handle the heavy lifting of transformation.
4. Align with National Governance: Ensure your technical roadmap aligns with national bodies like the Health Data Agency (HDA) and projects like HeDERA to ensure your APIs are compatible with the broader European network.
5. Prepare for "Data Liberation": Build the capabilities for Secondary Use now by establishing a secure processing environment where data can be anonymized automatically for research.

7. Strategic outlook: From vendor to medical device provider

The EHDS changes the definition of what it means to be a Health IT company. Since the regulation applies to software placed on the market, vendors are effectively providers of Medical Device Class systems.

• Focus on Compliance: Systems must now self-certify against the EEHRxF standards. A "Compliance Module" that auto-validates data before storage is becoming a critical feature.
• Patient Empowerment: Patients now have the legal right to download their data and view "Access Logs" to see exactly who looked at their record. Building "Patient Portals" that offer this transparency is no longer optional but a legal requirement.

Conclusion

The European Health Data Space is an ambitious leap toward a healthier Europe. While the timeline to 2029 may seem distant, the architectural changes required are massive and must begin today. By leveraging interoperability platforms like WSO2, healthcare organizations can automate the heavy lifting of translation, security, and anonymization. This allows them to focus on what matters most: providing better care for patients, wherever they are in Europe.