Navigating Europe’s New Health Data Regulations: What Investors and Startups Need to Know
The past five years have transformed industries through digitization, driven by COVID-19, remote work, and AI adoption. Healthcare has embraced this change, with digital medicine gaining widespread acceptance. While economic uncertainties have led to more cautious investment - with U.S. deals projected to dip in 2024 - companies are adapting through strategic collaborations and mergers.
This evolution aligns with new European frameworks like the AI Act and the European Health Data Space. This article explores opportunities for healthcare startups navigating these changes, focusing on strategies that balance innovation with privacy and patient care.
Key European health data regulations to consider
Healthcare is a critical concern affecting multiple stakeholders, with data protection being a key priority for the European Union. While the EU has introduced various regulations to protect patient data exchange, these measures have had unintended consequences on innovation and development in medicine and telemedicine.
The complex regulatory environment, combined with recent inflation, has deterred many investors from entering what they perceive as a risky market. Europe's fragmented approach to healthcare standards has created significant barriers for startups. The Belgian startup Andaman7 illustrates this challenge - despite developing an innovative health records management app, they've achieved compatibility with only one hospital and one laboratory in their home market. In contrast, their system works with 85% of US hospitals through the FHIR standard.
Beyond standardization, successful implementation requires broader cooperation. Healthcare facilities across the EU need to agree on sharing patient data through a common platform system. This would facilitate valuable medical information exchange and advance research opportunities.
Recognizing these challenges, in the spring of 2024, the European Parliament and Council reached an agreement on the EHDS proposal. The EU views this regulation as a crucial step toward connecting member states' health systems, potentially creating more favorable conditions for innovation and business development.
What is the European Health Data Space (EHDS)?
The European Health Data Space (EHDS), developed by the European Union, aims to create a single framework (HealthData@EU) for managing and sharing health data between its member states. With its help, the EU wants to improve the provision of health care, encourage innovation, and support scientific research.
The main elements of the EHDS document are:
- Grant people access to their health data
- Improving healthcare across borders
- Encouragement of innovation and research
- Increasing privacy and data protection
- Allowing the creation of a global ecosystem of digital health
- Pursuing economic expansion
This new EU regulation has a distinct impact from the General Data Protection Regulation (GDPR) and Medical Devices Regulation (MDR), which might be very time-consuming and costly for startups to comply with. The EHDS seems to be more hopeful and outlines a future picture of the connectivity of health systems in all member countries.
Opportunities for startups and investors
The EHDS empowers patients with direct control over their health data across the EU. This means patients can actively manage their digital health records - adding new documents, correcting outdated information, and accessing their complete medical history. The system transforms patients from passive recipients to active participants in their healthcare journey.
This seamless flow of data is a big green flag for investors looking to tap into cross-country markets. Startup businesses will have the prospect of development and rapid rise as they will be able to provide their services without worrying about the regulations of each country. According to the European Commission, researchers and innovators in digital health, medical devices, and medicinal products could benefit from approximately €3.4 billion over a decade.
However, due to the complexity of the requirements of EU regulatory laws, many companies and businesses do not fully understand all the specifics they must comply with. Although the European Commission and the Court of Justice can be expected to produce a more detailed synopsis in the form of guidelines, examples, and preliminary rulings, this will take time.
However, the regulations will most likely come into force before these instructions are implemented, and businesses will need to comply with them. This is where the good part comes in. Danish and Finnish public and private parties unite around a common project to support business. Their joint action aims to create a catalog of electronic tools to clarify and educate the industry about the Artificial Intelligence (AI) Act and the European Health Data Space (EHDS) regulation.
In this joint action and the Entries regtech we see the opportunity to democratize regulations: Bring the capability of large corporations to the SMEs (small and medium size organizations). The market won’t wait for everyone to learn the hard way.
the Chief Economist of the Finnish Startup Community
The Finnish innovation fund Sitra, which leads and finances the project, aims to enable informed decisions by innovators and implementers of digital solutions regarding the new acts. Sintra also wants to show evidence of the effect of these electronic tools through surveys from participating organizations.
The innovators say these tools support them in understanding the options for their regulatory journey and force them to have a critical view of their innovation from the regulatory perspective. We want to stay in the front line to help our innovators reach the market and are excited to join the action with the Finns.
Project Manager from Research to Commercialization at Danish Life Science Cluster
Lean Entries provides electronic tools in English through their regtech platform Entries, and it is scheduled to launch by the end of 2024. The e-tools can be used free of charge by students and researchers to start-ups and corporations from all Finnish industrial sectors and the Danish health technology sector throughout 2025.
Challenges and considerations of the EHDS
EHDS must operate within the GDPR and MDR frameworks, which protect patient data and medical device safety. For startups, compliance demands significant resources and often delays innovation [9]. National health data authorities add bureaucratic complexity, while data centralization raises privacy and security concerns across varied healthcare systems.
Technical integration challenges and resource constraints, especially for smaller EU countries, require careful balancing of growth, compatibility, and data protection. Building public trust in data sharing remains a key challenge.
What about the AI Act?
The European Union's proposed legislation, called the EU Artificial Intelligence Act (AI Act), is one of the first global attempts to put AI into clearly defined frameworks for use. It mentions instructions for safely and ethically handling AI people's data. There are also restrictions for organizations implementing AI in their businesses and offering it as a service.
Main goals of the AI Act
The AI Act aims to create a fair, reliable, and innovative environment for AI in the EU by setting a global standard for the responsible use of AI. It uses a risk-based approach that groups AI systems into categories according to their impact.
High-risk areas such as healthcare and law enforcement are subject to strict regulations, while chatbots require transparency, and low-risk applications such as gaming remain unregulated. This approach strikes a balance between safety and encouraging innovation. The law aims to build trust and safety by ensuring that AI is developed responsibly, respects EU values , and avoids harm to society.
It encourages innovation through "sandbox zones," an approach that allows startups to experiment and refine their solutions without immediately having to comply. It is easy to assume that diligent documentation is key. It is especially important to have transparency and accountability for devices or companies developing in high-risk AI fields.
The law also covers regulations related to the ethical use of AI, including discrimination, bias, and privacy issues. Harmonizing regulations across the EU, simplifies market entry for businesses and prevents legal confusion. Ultimately, the AI Act paves the way for responsible, human-centered innovation.
Potential red flags and concerns for the business
While the AI Act aims to create a trustworthy AI ecosystem in the EU, it presents significant challenges for healthcare startups and investors. Compliance costs can be substantial, potentially diverting crucial resources from innovation to managing legal requirements and regulations.
Small teams particularly struggle with risk management, data processing, and documentation demands, often leading to delayed product launches. The complex and evolving regulatory landscape also concerns investors, who worry about increased risks and extended return periods.
Success in this environment requires carefully balancing innovation with regulatory compliance as the AI healthcare sector continues to evolve.
Beneficial strategies of the AI Act for the business
The EU's AI Act sets up a clear framework for AI, focusing on transparency, accountability, and managing risks. To comply, businesses should start by auditing their AI systems to spot anything high-risk and figure out its purpose and impact.
They need solid risk management plans, with constant monitoring and updates, to stay on top of issues. AI systems should be transparent and easy to explain, which helps build trust and meet the rules. Human oversight is a must to ensure decisions align with ethics and laws. Keeping detailed records of how AI systems are built and run is crucial, toо.
Teams should get ongoing training to stay sharp on AI tech and compliance. Companies also need to work closely with regulators to stay updated and help shape future policies. By tackling these steps, businesses can stay compliant, foster innovation, and build trust in their AI practices.
Conclusion
The new health data regulations reflect what we all want - better, safer healthcare for our communities. While adapting to EHDS and the AI Act may feel challenging for some startups right now, these rules help ensure that our health data is protected while enabling innovations that can genuinely improve patient care. For founders and investors willing to put people first, this is a chance to build something truly meaningful - solutions that not only work well but also honor the trust patients place in our healthcare system.
Sources:
European Health Data Space: Council agrees its position - https://www.consilium.europa.eu/en/press/press-releases/2023/12/06/european-health-data-space-council-agrees-its-position/
The European Health Data Space (EHDS) - https://www.european-health-data-space.com/
HealthData@EU Pilot - https://ehds2pilot.eu/
The European health data space: Too big to succeed? - https://pmc.ncbi.nlm.nih.gov/articles/PMC10448378/
Navigating the EU AI Act: implications for regulated digital medical products - https://www.nature.com/articles/s41746-024-01232-3
The EU Artificial Intelligence Act (2024): Implications for healthcare - https://www.sciencedirect.com/science/article/pii/S0168851024001623
The EU AI Act: Implications for the health sector - https://accesspartnership.com/the-eu-ai-act-implications-for-the-health-sector/
The EU’s AI Act and How Companies Can Achieve Compliance - https://hbr.org/2024/02/the-eus-ai-act-and-how-companies-can-achieve-compliance
European Health Data Space - https://health.ec.europa.eu/ehealth-digital-health-and-care/european-health-data-space_en
EU Health Data Space: more efficient treatments and life-saving research - https://www.europarl.europa.eu/news/en/press-room/20240419IPR20573/eu-health-data-space-more-efficient-treatments-and-life-saving-research
The EU passes the AI Act and its implications for digital medicine are unclear - https://www.nature.com/articles/s41746-024-01116-6
