EDITORIAL/DISCUSSION

The European Digital Identity Wallet: A Healthcare Perspective

Danny Van Roijen, MS Business Engineering

EU Policy Expert (independent), Brussels, Brussels Metropolitan Area, Belgium

Keywords: cross-border healthcare, data governance, digital identity, health data, interoperability

 

 

With the June 2024 elections, the first term of the European Commission under President Ursula von der Leyen came to an end. Within these last 5 years, major strides were made in Europe to write a future-proof rulebook on data and digital. In the shadow of headline-grabbing regulations such as the Digital Markets Act and the AI Act, the eIDAS regulation was revised to establish a European Digital Identity Wallet.

eIDAS 2.0 and the European Digital Identity Wallet

Published into law 10 years ago, Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market,¹ commonly referred to as the eIDAS (electronic identification and trust services) regulation, established a general legal framework for the (cross-border) recognition and use of electronic identification and trust services. Rules were specified for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.

On April 30, 2024, the revised eIDAS regulation was published in the EU’s Official Journal² (hereafter eIDAS 2.0), extending the covered trust services also to include electronic attestation of attributes, electronic archiving services and electronic ledgers. More importantly, eIDAS 2.0 establishes a harmonized framework supporting a European Digital Identity Wallet (EDIW). The eIDAS, Article 3 definition is presented in Table 1.

Table 1. eIDAS, Article 3, as defined in the EU’s Official Journal² (electronic IDs)

Article 3	Defined
(42) “European Digital Identity Wallet:”	An electronic identification means that allows the user to securely store, manage, and validate personal identification data and electronic attestations of attributes for the purpose of providing them to relying parties and other users of European Digital Identity Wallets, and to sign by means of qualified electronic signatures or to seal by means of qualified electronic seals.
eIDAS: electronic identification and trust services.

The eIDAS should enable users to identify themselves electronically and authenticate online and in offline mode across borders to access a wide range of public and private services. The use of the EDIW shall, however, be voluntary; access to public and private services by other existing identification and authentication means should remain possible.

The eIDAS should provide a high degree of transparency, privacy, and control by the users over their personal data. This includes the ability to generate pseudonyms, registration of access activity, and integration of privacy-preserving techniques. A list of reference standards and more detailed specifications in development are listed in Table 2. However, they still need to be developed and announced through secondary legislation. The first public consultations on eIDAS 2.0 implementing regulations launched in August 2024.³

Table 2. A list of reference standards and more detailed specifications in the development of eIDAS (electronic identification and trust services)³

European Digital Wallets	URL
Certification	https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14337-European-Digital-Identity-Wallets-certification_en
Integrity and core functionalities	https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14341-European-Digital-Identity-Wallets-integrity-and-core-functionalities_en
Person identification data and electronic attestations of attributes	https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14340-European-Digital-Identity-Wallets-person-identification-data-and-electronic-attestations-of-attributes_en
Protocols and interfaces to be supported	https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14339-European-Digital-Identity-Wallets-protocols-and-interfaces-to-be-supported_en
Trust framework	https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14338-European-Digital-Identity-Wallets-trust-framework_en
Source: Public consultation via the European Commission’s “Have Your Say” website. https://ec.europa.eu/info/law/better-regulation/have-your-say_en

The Current Role of eID Solutions in Access to Health Data

In the past, patient access to health data has been limited and fragmented. The digital transformation of health and care provides opportunities to grant patients direct access and control over their health data. Identification and authentication play a crucial role in enabling secure access and exchange of health data.

As part of Europe’s Digital Decade Policy Programme 2030, progress is being monitored towards the target of ensuring that 100% of EU citizens have access to their electronic health records (EHRs) by 2030⁴ (the “eHealth target”). This eHealth target is being monitored through 12 sub-indicators spread across four thematic layers.

According to the ‘2024 Digital Decade eHealth Indicator Study’⁵ reflecting the state of play as of 31 December 2023, the average composite eHealth score for the EU-27 countries has increased to 79%. Currently, 17 Member States enable citizens to use a secure eID to authenticate themselves when using the online access service (sub-indicator 5).

Table 3. The eHealth target is monitored through 12 sub-indicators spread across four thematic layers as part of Europe’s Digital Decade Policy Programme 2030⁴

Thematic layer	Sub-indicator
Implementation of electronic access services for citizens	1. Nationwide availability of electronic access service(s)
Categories of accessible health data	2. Electronic health records summary data
	3. ePrescription/eDispensation data
	4. Electronic results and reports
Access technology and coverage	5. Access to electronic health records with an eID
	6. Access via an online portal or mobile application
	7. Percentage of the national population able to access
	8. Healthcare providers connected and supplying relevant data
Access opportunities for certain categories of people	9. Access for legal guardians
	10. Access for authorised persons
	11. Assistance for disadvantaged groups
	12. WCAG v2.1 and Web Accessibility Directive compliance
eID: electronic identification; WCAG: Web Content Accessibility Guidelines.

Health Data Access in A Cross-Border Context

Access to health data is not only important within a national context; with increasing mobility other relevant use cases are applicable within a cross-border context. This was already identified in the 2011 Patient Rights Directive⁶ (also known as the Cross-Border Healthcare Directive), where Member States through the eHealth Network were encouraged to develop common identification and authentication measures to facilitate the transferability of data in cross-border healthcare.

The exchange of EHRs is considered one of the essential building blocks in Europe’s digital transformation of health and care. Partially implemented across EU Member States today, the European Health Data Space⁷ legislative proposal will push for the EU-wide availability and cross-border accessibility of electronic patient summaries, ePrescriptions, images and image reports, lab results, and discharge reports.

At the moment, the European Commission is funding four large scale pilot projects to test drive the specifications of the EU Digital Identity Wallet. One of these, Potential for European Digital Identity (POTENTIAL)⁷ focuses on use cases in six digital identity sectors. Within healthcare, the pilot is exploring, in particular, the use case of electronic prescriptions or e-prescriptions.

The European Digital Identity Wallet: Use Cases

As mentioned above, several use cases can be facilitated through the EU Digital Identity Wallet. These include access to health, sharing health data, cross-border use cases, and integration of digital health technology into existing care pathways.

Access to Health Data

First, the EU Digital Identity Wallet can be a trusted and secure platform to collect and/or access a person’s health data. On the one hand, this can be clinical data that have been collected upon instruction of or interaction with health and care services—public or private. The Wallet can also be a repository of person-generated health data, for instance, self-reported or measured through the use of sensors and wearables.

Sharing Health Data

The EU Digital Identity Wallet will hand back control to the citizen in managing their health data. This will allow people to more actively share data with those involved in their direct, indirect, and informal care. Next to that, people will be able to share data more consciously with third parties while retaining control over the level of detail they wish to share or reveal.

Cross-border use cases

As mentioned, the use of the EU Digital Identity Wallet could be a facilitator for cross-border healthcare services. We can make a distinction between the following scenarios (Table 4).

Table 4. EU Digital Identity Wallet as a facilitator for cross-border healthcare services

Application	Examples
Physical use of cross-border healthcare services	Dispensation of medicines using an ePrescription while being abroad. Making imaging or lab results available when receiving care (whether planned or acute) in another country.
Digital or virtual use of cross-border healthcare services	Access to online pharmacies or cross-border telehealth services.

Integration of Digital Health Technology Into Existing Care Pathways

The uptake of digital health technologies has been, to a certain extent, limited due to the inability to integrate easily into existing care pathways. Several technical and organizational issues are at the root of this, such as a lack of interoperability, a proliferation of data silos, repetitious input of available information, or questions and doubts about data protection and cybersecurity. The EU Digital Identity Wallet will support the once-only principle and will enable straightforward and secure data access. In this way, it can help foster trust and stimulate the use of digital health technologies in daily practice and routine.

Conclusion

With the eIDAS 2.0 regulation, Europe is building the foundations for the EU Digital Identity Wallet. Defining a clear legal and technical framework will help create trust and credibility for the development and application of new use cases. Not only will the EU Digital Identity Wallet empower patients to access and manage their health data, but it will also facilitate their access to cross-border health services and enable better integration of digital health technology into existing care pathways. In the end, the patient will only stand to benefit from this.

Contributors

The author developed concepts, wrote the manuscript, reviewed comments, and made all revisions.

Data Availability Statement (Das), Data Sharing, Reproducibility, and Data Repositories

Not applicable.

Application of Ai-Generated Text or Related Technology

Not applicable

References

1. Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, EUR-Lex [Internet]. Europa.eu. 2014. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014R0910
2. Regulation EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework, EUR-Lex [Internet]. Europa.eu. 2024. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1183
3. Public consultation via the European Commission’s “Have Your Say” website. Available from: https://ec.europa.eu/info/law/better-regulation/have-your-say_en
4. European Commission. Europe’s Digital Decade: digital targets for 2030 [Internet]. commission.europa.eu. 2022. Available from: https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/europes-digital-decade-digital-targets-2030_en
5. European Commission, Directorate-General for Communications Networks, Content and Technology, Page M, Winkel R, Behrooz A, Bussink R. 2024 digital decade ehealth indicator study: final report. Publications Office of the European Union; 2024.
6. Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare [Internet]. 2011. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32011L0024
7. European Commission. European Health Data Space [Internet]. health.ec.europa.eu. Available from: https://health.ec.europa.eu/ehealth-digital-health-and-care/european-health-data-space_en

Copyright Ownership: This is an open-access article distributed in accordance with the Creative Commons Attribution Non-Commercial (CC BY-NC 4.0) license, which permits others to distribute, adapt, enhance this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited, and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0.