EHDS Compliance: What Legacy Systems Must Fix

The European Health Data Space (EHDS) is a landmark legislative ecosystem in the European Union that aims to unify health data exchange between patients and all stakeholders across all EU members.

The regulation has just come into force in March 2025, and there is still some time before 2029 to adapt to the changes. EHDS technical requirements are not just for patients and healthcare providers - any company with a business adjustment to healthcare in any way can impact the EU market.

We created this EHDS vs legacy systems guide to keep you informed. Here, we outline what to expect, the challenges to EHDS compliance, how to do a phased rollout, and who needs to act first.

EHDS is coming – are you ready?

The European Health Data Space (EHDS) is a landmark EU regulation—no longer just a proposal—officially enacted on March 26, 2025. EHDS sets clear, mandatory rules for using and managing health data across Europe so everyone involved in healthcare can safely use and share health information through a single, unified system across the EU. The endgame of EDHS is the secure exchange of robust data to facilitate research and improve healthcare services. Requirements are phased:

• By 2029, key categories like patient summaries, e-prescriptions, and electronic dispensations must be available for cross-border access, and only EHDS-compliant EHR systems can be placed on the market for these data types. You need to upgrade legacy EHR data exchange to comply. EHR data migration is a must in this case.
• By 2031, requirements will expand to include additional data categories such as medical imaging, test results, and discharge reports, with all systems and infrastructure needing to be fully compliant.

While the first official rollout of the European Health Data Space regulations is expected in 2029, it is essential to act now. This is because EHDS technical requirements are complex and actually take years to prepare.

From 2029 onward, if you're an EHR vendor or health data holder and you're not EHDS-compliant, you can't legally offer services involving core patient data categories, so acting early to save your market access is the way. Finally, the closer you are to the deadline for EHDS for legacy healthcare systems, the more expensive it will be.

What is EHDS and why it's a game changer

EHDS aims to create a secure, unified digital environment where health data can move easily between stakeholders anywhere in the EU. The framework enables patient control and ensures secure data flows.

Here is how the European Health Data Space changes healthcare for different stakeholders:

For patients:

• Digital rights and infrastructure are needed to access and control your health data (think summaries, prescriptions, and test results), no matter where you are in the EU. The access will be free and immediate. Your complete medical history will be on display if needed, such as when you end up in the ER in another EU country.
• You will gain access to e-prescriptions that you can use in any EU country.
• With your consent, your data can be used for medical research all across the EU. You can opt out of sharing medical data if that is what you want.
• You'll still use your national health portal or ID, but these systems must connect to the EHDS infrastructure for EU-wide access and sharing (with your consent).
• Access to some data types (e.g., patient summaries, e-prescriptions) by 2029; broader categories (like imaging and lab results) by 2031.

For doctors and providers:

• Real-time, cross-border access to up-to-date health records and e-prescriptions. There is no need to duplicate information and re-run tests.
• You can exchange viable information on rare diseases with colleagues across borders.
• Providers must connect their systems to the national EHDS infrastructure and follow new technical standards.

For IT vendors and EHR manufacturers:

• Only EHDS-compliant EHR systems with certified connectivity and security can be placed on the EU market, starting with key data types by 2029.
• Ongoing surveillance and digital health EU compliance checks are led by national authorities.
• Easier to enter new markets, as long as your business complies with EHDS regulations for 2025.
• As a result, new business opportunities will present themselves.

For health data holders (hospitals, labs, insurers):

• Must register and describe their datasets and be ready to make data available to Health Data Access Bodies (HDABs) for approved secondary uses by 2029/2031.
• In return, they will access the data from broad datasets and improve their own data infrastructure.

For researchers & policymakers:

• Can apply for secure, governed access to anonymized or pseudonymized health data to drive research.
• Will receive access to rare diseases and small population data, as well as faster access across borders to standardized data in general.

Primary use vs. secondary use under EHDS

Here are more factors making the European Health Data Space (EHDS) a real game-changer:

• Interoperability: EHDS mandates that all systems "speak the same language"—ending data silos and fragmented care with healthcare interoperability in the EU.

• Real-time access: No more faxes or delays—timely, digital access across borders.

• Security and patient control: All aspects of patient data are logged and governed, with patients in the driver's seat.

• Secondary use for innovation: EHDS creates legal and technical pathways for research and public health improvements through access to data for clinical trials and more.

• Clear scope & limits: Specific uses, like national security or law enforcement, remain outside EHDS; public health reporting obligations are preserved.

All in all, EHDS is Europe's new digital health rulebook. It's not optional:

• It gives patients unprecedented control over their health data.
• It enables stakeholders to collaborate securely across the EU.
• It requires healthcare providers and vendors to upgrade systems for real-time, interoperable, and secure data sharing.
• It unlocks the potential of health data for science.

Although EHDS is not "one account for all," it does ensure your health data can follow you securely and seamlessly wherever you go in the EU.

It is a horizontal framework that builds on existing EU laws like GDPR, the Data Governance Act, the Data Act, and the NIS Directive. There is a clear distinction between how health data is used in direct care (primary use) and research and innovation (secondary use). Health Data Access Bodies in each Member State will ensure compliance.

Are legacy systems ready for EHDS?

While this is a complicated and multi-faceted question, the short answer is no.

Many systems were built way before cross-border interoperability and patient sharing were a priority, so they were simply not built for this.

Here are the most common issues we encounter as an IT partner when working on EHDS for legacy systems:

• Siloed data: Information is trapped in separate databases with no easy way to share it.
• No FHIR support: EHDS requires modern data standards like FHIR (Fast Healthcare Interoperability Resources), which older systems often don't support.
• Outdated APIs: Many legacy APIs are too rigid and undocumented for successful integration.
• Lack of consent management: Legacy systems rarely have built-in tools to track or enforce data consent needed for patient control.
• Poor interoperability: Even basic data exchange between departments or systems is often unreliable or manual.

The official compliance deadline is March 2029, but aligning with EHDS is a significant transformation. This isn't a patch—it's a system overhaul. Waiting too long means risking being left behind in the competitive healthcare landscape.

Red flags that can block your EHDS compliance

• No access logging (you can't track who viewed or edited patient data)
• Data stored in unstructured or proprietary formats
• No or limited API support
• Weak healthcare data security EU protocols (no encryption, outdated firewalls)
• No support for FHIR or HL7 standards
• No system in place for managing patient consent
• Manual data exchange (e.g., printouts, USB drives)
• Hard-coded system architecture with no upgrade path
• Lack of integration capabilities with national or EU-level health systems
• No audit trail or monitoring of data access for compliance review
• No representation of vulnerable or underrepresented patient groups in datasets
• No internal rules for sharing sensitive or proprietary research data
• Inconsistent GDPR implementation across country operations
• No domain-level data ownership or federated governance model
• No ability to enforce access policies or permissions as code across data products

EHDS compliance without full rebuild: Is it possible?

While implementing the European Health Data Space for legacy systems is complicated, it is luckily flexible enough. In many cases, there is no need to overwrite the entire system. Phased rollouts are the best way to go as long as you don't have a deeply outdated platform that may need a ground-up overhaul. Here are some popular modular approaches to target the proper levels of EHR modernization:

1. Integrate FHIR into legacy systems

You don't always need to scrap what you have—FHIR (Fast Healthcare Interoperability Resources) can act as a "bridge" between old and new. It's a core part of most healthcare interoperability solutions we implement for EHDS alignment.

• Add an FHIR gateway or middleware to translate legacy data into EHDS-compatible formats.
• Use FHIR APIs to expose patient data securely and in real time for both primary and secondary use.

2. Integrate FHIR and open EHR standards

FHIR integration acts as the data exchange layer, while openEHR structures the clinical data itself. Used together, they create a foundation for EHDS-aligned interoperability without rebuilding your stack.

3. Build separate patient/provider portals

Rather than altering the core system, build external portals that interact with existing databases via APIs.

• Patient portals allow for EHDS-compliant access, consent management, and document downloads.
• Provider dashboards can offer real-time access and cross-border data visibility, even if the backend is legacy.

4. Transition to modular architecture

Break monolithic systems into interoperable modules over time.

• Start by isolating functions like EHR access, consent logging, and secondary use analytics.
• Introduce new layers—like consent management, patient access portals, or data access logging—without replacing the entire stack.
• Modular systems allow targeted upgrades aligned with EHDS milestones (e.g., primary use by 2026, secondary by 2029).
• This lets you go through healthcare data modernization incrementally, spreading cost and risk.

5. Upgrade data storage and formats gradually

Often, the biggest blocker is not the app itself but how and where the data is stored.

• Migrate to structured, queryable databases with standardized fields and tagging.
• Convert critical records (prescriptions, lab results, diagnoses) into EHDS-recognized formats (e.g., HL7/FHIR, CDA).
• Focus on registries and datasets used for research, AI modeling, and real-world evidence—these will be the most scrutinized under EHDS.

6. Add consent management layers

If your system lacks consent tracking, you can:

• Implement external consent management platforms that interface with your existing infrastructure.
• Use blockchain-backed logging or lightweight audit trail tools to fulfill EHDS logging and access transparency requirements.

7. Use EHDS-ready middleware or integration engines

Platforms like Mirth Connect, InterSystems HealthShare, or Orion Health offer middle-layer tools that:

• Normalize and route data.
• Handle format transformations
• Track consent and logging
• Allow system-to-system exchange, even with the old core software.

As a result, old systems speak EDHS without being replaced.

EHDS action plan: What to fix first

Gradual implementation of EHDS for legacy healthcare systems is best done step-by-step. Here is what to prioritize first.

1. System audit

Takes 4-8 weeks to complete

• Identify gaps in health data interoperability, consent management, access logging, and security.
• Map where health data resides, how it flows, and who controls it.
• Evaluate whether your systems support FHIR, openEHR, and modern API standards.
• Review whether your data is structured, accessible, and aligned with EHDS use categories.

For example, you may discover that your e-prescription tool isn't connected to national services or that consent is stored on paper.

Set a 4–8 week deadline for completing this audit. The goal isn't to find everything—it's to find enough to prioritize and act.

2. Prioritize EHDS-critical areas

Takes 2-4 weeks

• Focus first on high-priority data types: patient summaries, e-prescriptions, and test results.
• Ensure mechanisms for consent, access tracking, and cross-border availability are in place.
• Address national integration readiness and documentation for Health Data Access Bodies (HDABs).

You may realize that your lab system outputs PDFs instead of structured data, or your EHR doesn't support summary views.

Move from general system knowledge to a targeted list of quick wins and compliance blockers. This step defines your immediate roadmap.

3. Modular system upgrades

An ongoing task that starts within 4–6 weeks of prioritization

• Avoid complete rebuilds—add necessary capabilities: consent portals, logging modules, and secure API gateways.
• Replace legacy health IT hard-coded infrastructure with modular, upgradeable components.
• Use middleware to bridge legacy systems with new EHDS-compliant platforms.

You may find that your platform can be made compliant by integrating an FHIR gateway or third-party consent API.

Set upgrade timelines for each priority gap. Begin development or vendor selection as soon as needs are defined.

4. FHIR/API & interoperability enablement

8–16 weeks per system

• Enable real-time, standardized data exchange using FHIR and openEHR.
• Use gateways or adapters to layer interoperability onto existing platforms.
• Ensure APIs are secure, versioned, and compliant with EHDS infrastructure requirements.
• Prioritize systems that serve as entry/exit points for data exchange—EHRs, lab systems, and prescribing tools should go first.

5. Introduce data mesh principles

An ongoing parallel track

For large or multi-site organizations, EHDS readiness may require a new architecture model:

• Domain ownership – Let hospital units, labs, or research teams manage their own data independently.
• Data as a product – Standardize datasets to be discoverable, reusable, and governed.
• Federated governance – Enforce access policies and consent rules at the source.
• Self-serve infrastructure – Allow teams to publish or consume data without central bottlenecks.

Prioritize domains with fragmented data or frequent requests—these benefit most from decentralized control and better governance.

6. Testing and certification

Start 3 to 6 months before the final deadline.

• Validate your systems through real-world EHDS use cases: patient access, secondary data usage, and cross-border sharing.
• If you're a vendor, prepare for EHR certification and market surveillance.
• Run internal compliance simulations, security audits, and documentation reviews.
• Prioritize workflows tied to 2029 deadlines (patient summaries, e-prescriptions, dispensations) and systems facing external certification first.

Who needs to act now?

EHDS compliance isn't just for hospitals or government agencies. If your organization handles health-related data in any form, you are likely impacted, and you should be planning now to:

• Be able to exchange data with your EU healthcare partners.
• Continue participating in the EU healthcare market.
• Have access to EHDS datasets for research and clinical trials.
• Save costs without rushing last-minute upgrades.
• Protect your company from legal and financial risks associated with non-compliance.

Here is the list of companies that should implement the EHDS technical requirements ASAP, as they are among the first affected by the new regulations:

• Companies using custom or partially customized EHR/EMR systems

These systems lack built-in interoperability or FHIR support as they were not designed for EU-wide data exchange.

• Healthtech vendors and wellness/medical apps

European Health Data Space (EHDS) regulations will require secure access, consent management, and data-sharing features if your app collects or stores patient data. Even if the app is consumer-facing and deals with wellness without diving into healthcare, it is nevertheless directly affected by EHDS for health tech companies.

• Insurance companies

This is especially true for those involved in digital health platforms or needing access to structured medical records, like life and health insurance.

• Pharmaceutical companies

EHDS enables anonymized or pseudonymized health data for research, but only if you comply with the rules.

• Diagnostic labs and imaging providers

If you store patient data digitally, you must ensure that APIs and access logs meet EHDS requirements.

• Telemedicine platforms

You'll need to support real-time data exchange and cross-border compatibility to meet EHDS requirements. Patients expect digital services to integrate with the broader EU health data network.

Aside from EHDS compliance, healthcare-adjustment businesses should also plan for AI regulations in healthcare .

How Binariks can help

For a phased rollout of EHDS for legacy systems, working with a dedicated IT partner is one of the best strategies you can go for because they know what to upgrade, what to leave as is, and when to do it, all without disrupting day-to-day operations. Here is what we can do at Binariks:

• Add FHIR or openEHR support to existing EHR/EMR systems
• Build or integrate patient consent modules with full audit trails
• Wrap legacy systems with secure, EHDS-compliant APIs
• Deliver EHR API integrations that securely expose required EHDS-compliant data to stakeholders
• Execute healthcare data migrations
• Develop middleware to enable structured data exchange with HDABs
• Implement logging infrastructure to track access to patient data
• Redesign data models to align with EHDS categories (e.g., patient summaries, e-prescriptions)
• Establish data product ownership and access policies across departments
• Provide custom EMR/EHR development to modernize outdated platforms
• Prepare systems and documentation for EHR certification and market surveillance
• Run conformance tests for real-time exchange and cross-border scenarios
• Align data storage and processing workflows with GDPR and secondary-use rules under EHDS

Final thoughts

The European Health Data Space is reshaping the rules of healthcare data management across the EU. While 2029 sounds distant, the complexity of EHDS requirements means preparation must start now.

The earlier you begin modernizing your systems, the fewer risks, costs, and disruptions you'll face as deadlines approach. Acting today means protecting your market access and building a stronger, future-ready organization.

If this sounds like what you need, schedule a consultation on EHDS with Binariks.