eIDAS Regulation

Regulation (EU) no. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

eIDAS Regulation stands for ‘electronic identification and trust services’. The purpose of the eIDAS Regulation is to enhance the trust in electronic transactions in the internal market, strengthen the legal certainty for the users and providers of trust services and remove the judicial and technical barriers for the internal market regarding cross-border administrative formalities. It provides consistency to regulations in the European Union regarding electronic signatures, which will improve the overall trust in these services. It provides a predictable regulatory environment to enable secure and discrete electronic interactions between companies, citizens and public authorities. It ensures that people and companies can use their own national electronic identification schemes (‘eIDs’) to access public services in other EU Member States.

Access to cross-border healthcare

Before the eIDAS Regulation came into effect, if an EU Member State made the online access to healthcare facilities dependent on national electronic identity means, this impeded the access to that online service for citizens or companies from other countries. The eIDAS Regulation changes this by imposing a mandatory recognition of electronic identity means from healthcare facilities from other Member States whose system is signed up with the European Commission.

This regulation replaced the eSignatures Directive 1999/93/EG and entered into force on the first of July 2016. The eIDAS Regulation applies to any person or company operating in the EU who uses electronic signatures for identity verification and electronic transactions.

Trust services

The eIDAS Regulation created an internal market for trust services, namely electronic signatures and seals, time stamps, electronic registered delivery services and website authentication by ensuring that they will work cross-border and have the same legal status as a handwritten signature.

A trust service is an electronic service providing three types of services. First, it is responsible for the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services. Secondly, it can provide the creation, verification and validation of certificates for website authentication. Thirdly, it preserves the electronic signatures, seals or certificates related to those services.

There are two types of trust services, namely the normal trust services and qualified trust services. In the latter case it is up to the party who contests its legality to prove that the signature is invalid, not sent, etc. Qualified electronic signatures carry the equivalent legal effect as a paper signature. According to Article 22 of the eIDAS Regulation, Member States need to publish trusted lists of qualified trust service providers.

Regarding healthcare, trust services could be used for patient summary (a summary of a patient’s most important health data in case of unplanned care) and ePrescription (electronic prescription) (DG Connect, 2014; eHealth Network, 2018). A secure e-signature verified by a qualified certificate can be required when the records need to be shared or to sign requests to access the data that fits the download from the SIM of electronic medical records. The same type of trust services can also be required to request the data from electronic medical records necessary to perform diagnostics, to secure treatment continuity and to provide service providers with medicinal products, foodstuffs for nutritional uses and medical products (Romaszewski, Trabka, Kielar & Gajda, 2016).

SOURCES

EHealth Network. (2018). Recommendation paper on Policies Regarding eIDAS, eID and Health Professional Registries. Retrieved from https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20180515_co11b_en.pdf.

DG Connect. (2014). Cross-border health project epSOS: What has it achieved? Retrieved from https://ec.europa.eu/digital-single-market/en/news/cross-border-health-project-epsos-what-has-it-achieved.

Romaszewski, A., Trąbka, W., Kielar, M., Gajda, K. (2016). Introduction of trust services pursuant to EU eIDAS Regulation with regard to information systems in healthcare (part I). Retrieved from file:///C:/Users/Gebruiker/Downloads/Rom_2%20(1).pdf.

FURTHER READING

Jasehn. (2016). Discussion paper on eHealth-specific eID framework across-borders. Retrieved from https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20161121_co20_en.pdf.

Jasehn. (2017). Guideline on the Interoperability of Electronic Professional Registries. Retrieved from https://ec.europa.eu/health/sites/health/files/ehealth/docs/ev_20170509_co05_en.pdf.

Seven, M., Obermann-Gasseling, M. & Minnecré, P.H. (2017). Het nieuwe eID-stelsel: een introductie voor de zorgsector. Retrieved from https://www.nictiz.nl/wp-content/uploads/2018/03/Het-nieuwe-eID-stelsel-een-introductie-voor-de-zorgsector.pdf.