Data privacy the big challenge in healthcare

PROTECTION is key in medical IT, says Matthew Godfrey-Faussett
Medical data security is a key issue. Picture: Jayne WrightMedical data security is a key issue. Picture: Jayne Wright
Medical data security is a key issue. Picture: Jayne Wright

An ounce of protection is better than a pound of cure, soit is said. In today’s digital world, that protection should perhaps be measured in petabytes* rather than ounces, because in a healthcare context, the ability to use volume data to identify the conditions that are likely to strike any given individual will be a key tool in the future design of preventative treatments.

Healthcare professionals, and to some extent the man or woman in the street, now have access to the range of tools needed to gather and analyse the vast blocks of “big data” that can be created through day-to-day monitoring. The exponential growth in availability of digital health data presents many commercial opportunities, but brings with it some real legal challenges, not least in the area of data privacy.

Hide Ad
Hide Ad

In addition to the benefits that patients will gain through the detailed analysis of their data, pharma companies, private sector R&D departments, academic research institutions, insurance and pension providers and private healthcare companies are all looking for ways of gaining access to volume health-related data.

It is the data generated from the monitoring of illness that is of greatest commercial interest, because it is generally of high quality and can be combined with a detailed medical case history, treatment plan and patient outcome.

Data of this type allows early diagnosis which can create a more extensive range of treatment options which is better for the patient and often cheaper for the care provider. Access to volume data also permits more detailed analysis of insurance risk, increasingly accurate valuation of possible policy claims and the design of tailored products, all of which are invaluable in a business context.

Healthcare providers are increasing the level of monitoring and treatment carried out at a patient’s home, creating savings by reducing some of the fixed costs that are inherent in a system designed to provide healthcare face-to-face in a surgery or hospital environment. The ability to monitor blood pressure, lung function and blood sugar levels remotely is generally welcomed by patients and clinicians alike, however, it removes the human sanity-check that exists when a healthcare professional is involved and that lost step creates material risk. A faulty device, misinterpretation or inaccuracies of data and inefficiencies in the handover of that data between those responsible for diagnosis and treatment, are pitfalls that can have very serious consequences.

Whilst liability management must be at the top of any digital health business agenda, careful consideration must also be given to the management of intellectual property rights existing in the tools used and data generated by that business.

The biggest regulatory concern is compliance with relevant data protection legislation. With the planned overhaul of EU data protection regime delayed, but still on the table, businesses are faced with the double challenge of having to comply with an existing framework and to future-proof their business models against a new EU regulation, the terms of which remain subject to change.

Whatever the path, it is clear from a digital health perspective that the general direction of travel will be towards the individual having greater control of his or her medical data. That control should be expected to lead to a three-way split in the market, distinguishing those who are trusted through express customer consent to hold and use our most sensitive and valuable personal data, from those who specialise in the use of anonymised or pseudonymised data (which if correctly structured, should fall outside the scope of the data protection legislative framework), and finally those who will seek to achieve data protection compliance through a patchwork of arrangements, some of which may be no better than smoke and mirrors.

Digital health businesses enjoy an enviable range of opportunities, but it will not be possible to create sustainable profits from those opportunities without a thorough working knowledge of relevant regulatory frameworks and a business plan that is flexible enough to accommodate the rapid pace of change.

Hide Ad
Hide Ad

* petabyte – One petabyte = 1,000 terabytes. The experiments in CERN’s Large Hadron Collider produces about 15 petabytes of data per year.

• Matthew Godfrey-Faussett is a specialist in information technology law and partner, Pinsent Masons