Free AI-powered Legal Search - Explore European Union Legislation

Scroll to: Top Results

Explore European Union Legislation by Asking a Legal Question

assisted-checkbox

filter-instruction-1

positive-filters

negative-filters

act-filter tabs-all

parameters-title

query

assisted-checkbox: ✅

result-title

total 5

Regulation (EU) 2025/327 of the European Parliament and of the Council of 11 February 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847 (Text with EEA relevance)

article annex_II

CELEX: 32025R0327

Essential requirements for the harmonised software components of EHR systems and for products for which interoperability with EHR systems has been claimed The essential requirements laid down in this Annex shall apply mutatis mutandis to medical devices, in vitro diagnostic medical devices, AI systems and wellness applications claiming interoperability with EHR systems.

1. General requirements 1.1. The harmonised software components of an EHR system shall achieve the performance intended by its manufacturer and shall be designed and manufactured in such a way that, during normal conditions of use, they are suitable for their intended purpose and their use does not put at risk patient safety.

1.2. The harmonised software components of the EHR system shall be designed and developed in such a way that the EHR system can be supplied and installed, taking into account the instructions and information provided by the manufacturer, without adversely affecting its characteristics and performance during its intended use.

article annex_II

CELEX: 32025R0327

1.3. An EHR system shall be designed and developed in such a way that its interoperability, safety and security features uphold the rights of natural persons, in line with the intended purpose of the EHR system, as set out in Chapter II.

1.4. The harmonised software components of an EHR system that is intended to be operated together with other products, including medical devices, shall be designed and manufactured in such a way that interoperability and compatibility are reliable and secure, and personal electronic health data can be shared between the device and the EHR system in relation to those harmonised software components of an EHR system.

2. Requirements for interoperability 2.1. Where an EHR system is designed to store or intermediate personal electronic health data, it shall provide an interface enabling access to the personal electronic health data processed by it in the European electronic health record exchange format, by means of the European interoperability software component for EHR systems.

article annex_II

CELEX: 32025R0327

2.2. Where an EHR system is designed to store or intermediate personal electronic health data, it shall be able to receive personal electronic health data in the European electronic health record exchange format, by means of the European interoperability software component for EHR systems.

2.3. Where an EHR system is designed to provide access to personal electronic health data, it shall be able to receive personal electronic health data in the European electronic health record exchange format, by means of the European interoperability software component for EHR systems.

2.4. An EHR system that includes a functionality for entering structured personal electronic health data shall enable the entry of data with sufficient granularity to enable the provision of the entered personal electronic health data in the European electronic health record exchange format.

2.5. The harmonised software components of an EHR system shall not include features that prohibit, restrict or place an undue burden on authorised access, personal electronic health data sharing or use of personal electronic health data for permitted purposes.

article annex_II

CELEX: 32025R0327

2.6. The harmonised software components of an EHR system shall not include features that prohibit, restrict or place an undue burden on authorised exporting of personal electronic health data for the reasons of replacing the EHR system by another product.

3. Requirements for security and logging.

3.1. An EHR system designed to be used by health professionals shall provide reliable mechanisms for the identification and authentication of health professionals.

3.2. The European logging software component of an EHR system designed to enable access by healthcare providers or other individuals to personal electronic health data shall provide sufficient logging mechanisms that record at least the following information on every access event or group of events:

(a) identification of the healthcare provider or other individuals having accessed the personal electronic health data;

(b) identification of the specific natural person or persons having accessed the personal electronic health data;

(d) the time and date of access;

(e) the origin or origins of data.

article annex_II

CELEX: 32025R0327

3.3. The harmonised software components of an EHR system shall include tools or mechanisms to review and analyse the log data, or it shall support the connection and use of external software for the same purposes.

3.4. The harmonised software components of an EHR system that store personal electronic health data shall support different retention periods and access rights that take into account the origins and categories of electronic health data.