Blogs & News

Home Blogs & News

EHDS, Patient Consent, and the Expectations on Secure Processing Environment Providers

The European Health Data Space (EHDS) is a landmark regulation adopted in 2025 (Regulation (EU) 2025/327) that aims to revolutionise how health data is accessed, shared, and used across the EU. Data owners, data contributors and platform owners will need to be acutely aware of the requirements and expectations on them as EHDS is fully implemented over the next six years.

It establishes a common framework for both:

  • Primary use: Direct care and treatment of patients.
  • Secondary use: Research, innovation, policy-making, and public health planning.

    • At Aridhia, we are particularly interested in Secondary Use, where anonymised or pseudonymised Real World Data is used for research purposes, often involving the combination of multiple datasets in a single secure environment. At Aridhia, we call these secure collaborative research environments ‘Workspaces’. The EHDS documents refer to these as Secure Processing Environments, or SPEs. They are also otherwise known as Trusted Research Environments (TRE).

    Patient Consent in the EHDS

    A particularly important aspect of the EHDS is how it handles patient consent for the secondary use of health data. However, member states could not agree on whether there were sufficient safeguards in place and therefore, an article to provide ‘right to opt-out’ and withdraw consent has been implemented.

    Under EHDS, explicit consent from patients is not required for the secondary use of their pseudonymised or anonymised personal electronic health data, provided that the use is authorised by a Health Data Access Body (HDAB).

    EHDS Recital (52) states, “Member States should no longer be able to maintain or introduce under Article 9(4) of Regulation (EU) 2016/679 further conditions, including limitations and specific provisions requesting the consent of natural persons, with regard to the processing for secondary use of personal electronic health data under this Regulation…”

    What this means is that once EHDS is in effect, national laws cannot require additional consent for secondary use, except where stricter safeguards are introduced for particularly sensitive data (e.g. genetic or biometric data).

    However, individuals have the ‘Right to opt out’ as defined in Article 71.

    Article 71(1): “Natural persons shall have the right to opt out at any time, and without providing any reason, from the processing of personal electronic health data relating to them for secondary use under this Regulation.”

    As a result of this, any framework or platform must provide sufficient support and audit to ensure that these opt-outs can be implemented securely, thoroughly and in accordance with what is set out in the EHDS. Given that individuals can choose at any time to exercise the right to opt-out, this can be described as ‘dynamic consent’. Where consent may change during the lifetime of research projects require dataset versioning, user notification, secure workspaces and data access controls – all backed by a consistent and thorough audit trail.

    The Role of FAIR in Supporting Dynamic Consent

    Aridhia’s FAIR environment supports this flexibility, ensuring compliance with evolving participant decisions, particularly the dynamic withdrawal of consent, without compromising data governance or auditability. FAIR’s architecture inherently supports dynamic consent management, enabling efficient and auditable responses to consent withdrawal. It accommodates changes rapidly and transparently, ensuring participant rights and regulatory compliance remain central.

    FAIR provides a streamlined, auditable workflow allowing rapid identification, isolation, and removal of records subject to withdrawn consent. This ensures datasets within FAIR remain continually aligned with current consent statuses.

    Every action taken, from disabling Data Access Requests (DARs) through to re-publication of revised datasets, is fully tracked, providing transparency and audit compliance.

    1. Patient withdraws their consent for data usage
    2. Impacted datasets are identified
    3. Impacted datasets are transferred to a workspace
    4. Data Access Requests (DAR) workflows for the dataset are disabled in FAIR
    5. The relevant records are removed from the data in the workspace
    6. A new copy of the dataset is saved and airlocked out of the workspace
    7. The new data is ingested back into FAIR as part of a new version of the dataset
    8. The new version is made available for request
    9. Subscribers are notified of the new version using FAIR’s built in dataset subscription feature



    FAIR also provides the option for externally hosted data. This data can reside entirely within the platform host’s environment with a secure connection allowing for approved access and transfer. In this configuration, the data owner simply needs to disable DARs in FAIR and the data can then be changed directly using their established internal processes, without the need to first transfer it to a workspace. When the data update is complete, DARs can be re-enabled in FAIR.

    For in-flight research, administrators can access detailed Tenant Administrator Metrics, providing insight into the workspaces that the affected dataset(s) have been transferred to. Users can also subscribe to notifications on a per dataset basis in FAIR. Using this feature, data owners can notify all users who have approved access to that dataset of any changes and actions that need to take place.

    The Workspace Restrictions feature can then be used to notify users of that workspace that they have an affected dataset and must take steps to remove data from their project if required. Users would be recommended to request the new dataset and remove all traces of the affected dataset from their workspace.

    The Airlock and review process ensures that administrators can be sure that any resulting data, applications or research outcomes have been generated using the new version of the dataset.

    All activities in the workspace such as agreement to remove data, the removal of files, and airlock review requests are fully audited.

    Aridhia’s FAIR environment excels at managing dynamic consent withdrawal, offering robust, compliant, and fully auditable processes that reinforce participant trust and regulatory alignment. All consent withdrawal actions are logged comprehensively, supporting transparency, compliance audits, and trust among stakeholders. Workspaces provide the means to work with data in a secure environment, to modify existing data, and audit change. These capabilities ensure that the Aridhia DRE is perfectly positioned to address the complexities of dynamic patient consent as a result of the EHDS ‘Right to opt’ out requirement and provides a future-proof platform for working with secure healthcare data across the European Union.

    July 15, 2025

     

    Scott Russell

    Scott joined Aridhia in March 2022 with over 25 years’ experience in software development within small start-ups and large global enterprises. Prior to Aridhia, Scott was Head of Product at Sumerian, a data analytics organisation acquired by ITRS in 2018. As CPO, he is responsible for product capabilities and roadmap, ensuring alignment with customer needs and expectations.