By Maria Grazia Medici, Partner and Head of Life Sciences and Healthcare and Marialaura Boni, Counsel at Osborne Clarke in Italy.
The Health Data Ecosystem (HDE) is a key project under Mission 6 of the NRRP, aimed at ensuring the IT coordination and delivery of homogeneous health services throughout Italy by providing timely access to accurate and up-to-date health data.
On 5 March 2025, the decree on the Health Data Ecosystem – prepared in agreement between the Ministry of Health, the Ministry of Economy and Finance and the Undersecretary of State to the Presidency of the Council of Ministers with responsibility for Technological Innovation – was published in the Official Gazette and entered into force.
This is a significant breakthrough in the management of health data in Italy.
The HDE – together with the Gateway network device, which is intended to verify the consistent application of standards, both for data and documents – is a key component of the new Electronic Health Record (Fascicolo Sanitario Elettronico – EHR) architecture, as envisaged in the guidelines of the Agency for Digital Italy (Agenzia per l’Italia Digitale – AgID) published in July 2022.
The purpose of EHR architecture is, in fact, to transmit clinical data acquired by healthcare facilities (including those outside the Italian NHS) to regional databases, guaranteeing interoperability and unambiguous interpretation of the data, according to standard models
Clearly, this is a key project for the relaunch of Italian healthcare, not only domestically but also within the EU.
Aims and objectives of the HDE
The HDE is a system designed to ensure IT coordination and the provision of homogeneous health services throughout Italy, offering timely access to accurate and up-to-date health data for the purposes of treatment, prevention, international prophylaxis, study and scientific research and governance (governance meaning health planning, verification of the quality of care and evaluation of health care, pursuant to article 12, paragraph 2, letter c) of Decree-Law no. 179 of 18 October 2012, converted, with amendments, by Law no. 221 of 17 December 2012, as amended).
Architecture and content of the HDE
The HDE guarantees the complete separation of data, providing for three separate storage units depending on the type of data (unencrypted, pseudonymised and anonymised) and ensures full alignment between the health documents published in the EHR and the data made available in the HDE, and the non-duplication of data and their full interoperability.
Regions and autonomous provinces will be able to manage the unencrypted data storage unit themselves.
The HDE will be fed with health data, both structured and unstructured, from the EHR with the exception of obscured data , from health and social care facilities and NHS bodies, as well as those made available through the health insurance card (Sistema Tessera Sanitaria – TS system).
The data will be processed by the HDE in order to ensure, upon request, specific services through the search, consultation, extraction and analysis of the available data.
Among the services offered by the HDE, the pharmaceutical dossier is extremely important; it will allow the extraction of data on pharmaceutical prescriptions and the dispensing of medicines from the EHR documents and from the data made available by the TS System and the National Register of Patients (Anagrafica Nazionale Assistiti – ANA), thus favouring quality, monitoring, appropriateness in the dispensing of medicines and adherence to therapy for the purposes of patient safety.
HDE and GDPR
The entire system has been designed in compliance with European data protection regulations, guaranteeing security and transparency at every stage of information processing.
Consent
Only authorised persons, with the consent of the patient, will be able to access the HDE for the purposes of treatment, prevention and prophylaxis, with the exception of emergency access for treatment purposes.
Consent must be expressed in a free, specific, informed, unequivocal and explicit manner for each purpose: treatment, prevention or prophylaxis, and may also be expressed electronically, after accessing the EHR.
Other ways of expressing consent may be provided for by the regions or autonomous provinces. Consent may also be expressed by a delegate.
For the purposes of study and scientific research, as well as governmental purposes, access to data will be restricted and specific technical measures are foreseen to protect users.
For the purposes of study and scientific research, only anonymised data may be extracted, and for government purposes only aggregated data deprived of direct identification and pseudonymised data can be extracted.
Privacy notice
The data subject must be provided with the privacy notice pursuant to articles 13 and 14 of EU Regulation 2016/679.
The Ministry of Health, in collaboration with the autonomous regions and provinces, will integrate the model of information relating to the EHR with the data processing carried out through the HDE.
The health personnel involved will have to be adequately trained on data protection issues.
The rights of the data subject and the data retention period
Data subjects will be able to access, rectify and obscure their personal data directly on the EHR and to view the operations performed on their data via the regional EHR portals.
Patients will be able to monitor who accesses their data at any time, thanks to a system of notifications and searchable logs. In addition, it will be possible to revoke consents or restrict access to specific information, ensuring full control over their privacy.
Disabling the possibility of data processing through the HDE by third parties for the specific purposes for which consents have been withdrawn, as well as failure to give consent, does not affect the right to healthcare provision.
HDE data will be deleted thirty years after the death of the patient. The Ministry of Health will carry out this deletion annually.
Roles and responsibilities
The Ministry of Health will be the data controller, while the National Agency for Regional health services (Agenzia Nazionale per i Servizi Sanitari Regionali – AGENAS), which will be entrusted with the operational management of the data, will play the role of data processor.
The regions and autonomous provinces will be the data controllers for the extraction of EHR data and their transmission to the HDE.
Security Measures
The decree guarantees the security and protection of the personal data of patients. In fact, a series of security measures, identified in Annex B) to the decree, is provided for, including a security infrastructure that includes authentication services, authorisation, access registration, and protection against cyber attacks.
There is also a business continuity and disaster recovery system , and encrypted communication protocols and traceability systems that monitor every operation performed within the system.
What services does the HDE provide?
The HDE provides a range of services listed in Annex A) to the decree, which will be accessible for different purposes, such as treatment, prevention, international prophylaxis, government necessities, study and scientific research, and emergency situations.
Access rules will vary depending on the relevant purposes.
Conclusion
The HDE represents a significant step towards the digitisation and harmonisation of health services in Italy and should be operational by 2026, marking the beginning of a new phase for digital healthcare in Italy.
Find out more about Osborne Clarke at osborneclarke.com
