Towards a European Ecosystem for Healthcare Data
Summary of Workshop 25 Oct. 2017, Brussels

Personal health data promises to revolutionise healthcare, opening the way to personalised medical treatments and new approaches to drug development and health research. Proper use of this data will be key to re-orienting the health sector towards value-based, outcome-based and patient-centred care. But with more and more of this data being collected and stored, citizens and policy-makers are increasingly concerned about data access and control, and generally about trust and privacy while at the same time aiming at the efficient extraction of real value from these data for the benefit of the citizen

In a recent consultation undertaken by the European Commission, more than 80% of respondents said that sharing health data could help improve treatment, diagnosis and prevention of diseases, but most do not have access to digital health services at present. More than 80% thought it essential for citizens to provide feedback to healthcare providers and professionals in order to improve services that are slowly coming available now. Lack of relevant standards and interoperability were identified as the key barriers to accessing and sharing data. The message is clear: citizens take a keen interest in their personal health data and wish to be able to control how it is accessed and used for their and society’s benefit. In response Europe identified three priorities:

1.       enable citizens to access health data securely across borders

2.       build a world-class data infrastructure for research and personalised medicine

3.       empower citizens through new digital health tools

Specific actions by the EC are expected before the end of 2017. Given that health is a competence of the Member States and in many cases of regional organisations, the emphasis will be on increasing the benefits of what is done at national level and below.

The General Data Protection Regulation (GDPR), which enters into force in May 2018, represents a major shift in the EU’s approach to the regulation of personal data and has major implications for the health sector. Patients have had right of access to their data for many years under EU and national laws. But the GDPR may stimulate new approaches to accessing and controlling personal data. The harmonizing effect of GDPR might also be a driver for cross border services. The GDPR clarifies and redefines health data categories, e.g. ‘biometric data’ and ‘genetic data’. Its wide-ranging new measures in relation to security will certainly affect the health sector as well. The re-use of health data for research purposes may require further clarification through the courts and in the cross-border exchange of health data in the EU, the provisions of the GDPR appear to contradict moves toward easier and wider access. So, not all is clear yet, and surely overcoming any hurdles in the implementation of the new laws emanating from GDPR will be a spur to innovation in Europe. Clarify and valorise GDPR impact on health data management.

The paramount concern is how best to process personal health data so as to maximise the benefits while at the same time protecting the privacy of the individuals concerned. New technologies, such as verifiable credentials, may give users better control over the disclosure of their health data. In general, technologies allowing a privacy-by-design approach, where privacy is configured by and around the user need to be further developed. However, quite some effort will be needed to get an accepted definition of privacy-by-design, where labelling and certification might help. Data and services are emerging as separate elements of the health data ecosystem. Data will increasingly be held in various repositories – ‘personal data stores’ – forming a cloud-based utility infrastructure. The business value will be in the end-to-end trust assured apps and services (e.g. data-analytics-as-a-service, DAaaS) running within this utility data infrastructure. These are provided by corporates, start-ups and SMEs. Both aspects represent significant business opportunities for Europe. Users should be able to choose how to store and transact their health and other personal data as they do at the moment in the financial sector.

When it comes to infrastructure, Europe has growing experience with citizen-driven health data initiatives. Many of these are set up as data cooperatives. For example, Switzerland’s citizen-owned, non-profit is based on the banking model. It assumes that each user has a constitutional right to a digital copy of all their personal data, whether medical or non-medical. This is deposited in a safe and secure ‘data bank account’ for managing and sharing aggregate data by the cooperation to the benefit of individuals. The Data for Good (DFG) Foundation in Denmark and in Spain also follow a citizen-driven approach. There is a need to network and share experiences between such initiatives, as well as to better define their relationship to other actors (e.g. companies and publicly-held databases) in building health data ecosystems.

Standards can unlock the transformative power of data and are key to the EU’s three policy priorities given above. Efforts around health-related (cyber)security standards and interoperability are ongoing in various standards organisations. Use cases, such as the International Patient Summary, will help ensure that these efforts reflect the requirements on the ground. It is essential that users (clinicians, patients, insurers, etc.) play an active role in their development.

The Workshop called for health data ecosystems depending on five principles: collaboration and coordination; public acceptability; data protection regulations; data quality and interoperability; and workforce capacity. Any approach must put ethics at the centre of the debate. A well-informed ethics approach is essential within a health data landscape that is evolving rapidly and becoming ever more complex.     

Public policy has a key role to play in creating the right conditions across each of these areas. GDPR provides the framework. But workforce capacity is essential to equip medical workers with the skills to interpret, communicate and act on health data. This needs continuous professional upskilling and reskilling complemented with making available to all citizens the skills that can empower them to both contribute to and reap benefits from the good management of health data.      

We should now move to consider reaping the benefits accruing from an ecosystem approach.

The full report is in the library of this Health Data Space