Imagine breaking your leg on holiday in Portugal. The ER doctor pulls up your full medical history (allergies, medications, past surgeries) even though your GP is in Berlin. No phone calls. No faxed records. No “I think I’m allergic to something but I can’t remember the name.”
That’s the promise of the European Health Data Space (EHDS), which quietly became EU law in March 2025. It’s the most ambitious health data regulation in history, and it’s about to change how 450 million Europeans interact with their own medical records.
The headline you’ll see elsewhere: “the EU wants your health data.” The reality is more interesting, and more useful, than that.
The EHDS does two things. The first is genuinely exciting, especially if you’ve ever lived in more than one EU country.
Primary use means your health records become portable across all 27 member states (plus Iceland, Liechtenstein, and Norway). Patient summaries, prescriptions, lab results, discharge reports, medical imaging - all standardized, all interoperable, all accessible through a system called MyHealth@EU.
Fifteen countries already support cross-border ePrescriptions and patient summaries today. Austria, Denmark, Italy, Sweden and others are joining in 2025. Germany’s ePrescription service goes live in 2026. By March 2029, all EU member states must support the first wave of cross-border data exchange. By 2031, that expands to lab results, imaging, and discharge reports.
If you’re an expat - and there are roughly 14 million EU citizens living in a member state other than their own - this is a big deal. No more carrying paper records between countries. No more starting from scratch with a new doctor. No more “we’ll need to redo those blood tests because we can’t access your old ones.”
For anyone who travels frequently, the emergency access provisions alone are worth paying attention to: healthcare providers can access your records even across borders if it’s necessary to protect your health.
The second thing the EHDS does is more complex. Secondary use means your pseudonymized health data - stripped of your name and ID - can be made available for research, drug development, AI training, and public health analytics.
The data categories are broad: electronic health records, prescriptions, hospital data, reimbursement records, public health registries, and, critically, data from medical devices, wearables, and wellness apps, once that data enters a clinical workflow.
That Oura ring synced to your doctor’s system? That glucose monitor feeding into your clinic’s records? Once it’s in the medical system, it’s EHDS-eligible for secondary use.
The access list includes pharmaceutical companies, research institutions, AI developers, contract research organizations, and public health bodies. The regulation explicitly bans using it for insurance decisions, credit scoring, or advertising. But it’s worth knowing who’s in the room.
Here’s the key: secondary use is opt-out, not opt-in. Article 71 gives you the right to opt out at any time, no justification needed, fully reversible. That’s reasonable in principle.
In practice, it’s messy. Each member state implements opt-out differently. There’s no single EU-wide button. Finland - the country that literally inspired the EHDS through their Findata system - has been running secondary health data access for five years and still doesn’t have a centralized, binding opt-out that covers all data controllers. When Finnish media covered the EHDS in 2024, citizens flooded the system with objection requests.
Finland and Denmark actually voted against the final regulation. Estonia publicly worried that widespread opt-outs would compromise research data quality. The European Parliament vote passed 445 to 142 - comfortable, but 142 dissenting votes on a health regulation says something.
The Netherlands is preparing opt-out legislation for public consultation in the first half of 2026. Germany is still figuring out which parts of their Social Code need adjustment. No member state has fully built the secondary use infrastructure yet.
The EHDS is net positive. Genuinely.
Cross-border medical records should have existed a decade ago. The fact that you can seamlessly use your phone to pay for coffee in Lisbon but can’t access your blood test results from Munich is absurd. The EHDS fixes that, and the primary use provisions alone justify the regulation.
The secondary use framework could accelerate European health research dramatically. Running studies across hundreds of millions of standardized patient records, with legal certainty, is the kind of infrastructure that produces breakthroughs.
But the gap between the regulation’s ambition and consumer awareness is real. You can’t have a meaningful opt-out right if people don’t know there’s something to opt out of. And your data rights shouldn’t depend on which side of a border you live on.
So here’s our recommendation: look up your country’s Digital Health Authority. Find out what the opt-out process looks like. Understand what’s being built. Not because you should necessarily opt out - but because knowing what’s happening with your health data is, in itself, a form of preventive care.
What else is going on?
Mississippi just mandated biomarker testing coverage, unanimously. Both chambers passed it 117-0 and 52-0, making Mississippi the latest US state requiring insurers to cover biomarker testing for diagnosis and treatment decisions. This is bipartisan healthcare policy actually working. The trend is clear: biomarker testing is moving from luxury wellness to standard of care.
Semaglutide in Alzheimer’s: the GLP-1 trial that just disappointed. Novo Nordisk’s EVOKE and EVOKE+ trials (9,996 patients across 40 countries) tested oral semaglutide for early Alzheimer’s. Results landed in early 2025: semaglutide did not slow cognitive decline versus placebo. The GLP-1 neurodegeneration thesis isn’t dead, but the most direct test of it just failed. Worth watching what comes next.
The EU AI Act’s healthcare provisions kick in August 2026. Most healthtech companies in Europe aren’t ready. Clinical decision support tools, diagnostic AI, and triage systems will face conformity assessments, bias audits, and transparency requirements. If you’re building in health AI, the compliance clock is ticking.
For the entrepreneurial amongst us.
Hims & Hers just acquired YourBio Health - the company behind pain-free blood sampling technology. This is the DTC health consolidation play in action: own the test, own the data, own the customer relationship. For traditional lab companies, the moat is eroding. For consumers, the friction of getting blood drawn is about to drop significantly. Watch this space - whoever solves at-home blood collection at scale wins the next decade of preventive health.
Stafford Beer’s “Brain of the Firm” (1972) described how organizations could function like biological nervous systems - decades before anyone used the word “AI.” The full PDF is free online. Read Chapter 3 and tell us it doesn’t describe your company.
