The ability to access our personal medical data and identify the healthcare providers with which we wish to share information during treatment should allow us to take charge of our own health. The Dutch Ministry of Health, Welfare and Sport and the healthcare sector are encouraging and facilitating such ‘digital health management’. They have made substantial progress in developing and implementing a new system that gives the public digital access to and supports the sharing of health data. In this study, the Rathenau Instituut has examined the opportunities and challenges of digital health management, in particular the implications for public values and individual management of health. Current technical and organisational trends tend to focus on privacy issues and the position of chronic patients, with less thought being given to the changes needed in healthcare practice, the different categories of patients, values such as individual autonomy, the role of the healthcare provider, and the use of data by third parties. The Rathenau Instituut would like to broaden the discussion and address these concerns so that the Netherlands can genuinely deliver on the promise of digital health management while also protecting the public and patients.
From electronic health record to digital health management
From 1 July 2020 onwards, individuals must be able to access their own medical data digitally (online) and to indicate what kind of data may be exchanged with which healthcare providers in the event of treatment (specified consent). The MedMij Programme, headed by the Dutch Patient Federation, Nictiz and the Dutch Ministry of Health, Welfare and Sport, is also working to develop a set of rules that will enable patients to view, manage and safely share their own health data (regardless of where these are stored) digitally with healthcare providers from a central point (a personal digital healthcare environment or, more simply, personal health environment, PHE), whenever and wherever they want. The PHEs offer patients the opportunity to combine and share data from their own personal health records (PHRs), the healthcare practitioners’ electronic medical records and self-collected data via wearables, sensors et cetera. These advances will help ensure the secure exchange of information between healthcare providers, and between healthcare providers and patients. Specified consent is a further interpretation of specific consent. Specific consent is laid down in the Dutch General Data Protection Regulation implementation act and entails that it must be clear for patients for which processing, of which data, for what purpose the healthcare provider requests permission. With specified consent, as laid down in the Processing of Personal Data in Healthcare (Additional Provisions) Act the patient must also be given the opportunity to specify or distinguish which data can be provided to which healthcare provider or categories of healthcare providers.
Such digital support will help individuals ‘manage’ their own health. It is expected to provide not only doctors but also patients with a better indication of their health status. A better understanding of their personal health data also means that people can in fact assume more responsibility for (and take charge of) their own health.
Aim and research questions
This study explores the opportunities and challenges of digital health management as pursued by government and other stakeholders. We examine the implications of the current structure of technical, organisational and legal agreements – the digital health management ‘system’ – for the public and for healthcare practice and how that system could influence the way in which individuals manage their health.
The three main questions addressed in the study are:
- How is the system designed to store, share and use health data so that people can take charge of their health (‘digital health management’)?
- What implications does the digital health management system have for broader public values (such as autonomy and equity and equality) within the context of preventing and treating diseases over a person’s lifetime?
- What policy options are available to take these implications into account?
In our study, we make use of various qualitative research methods: case studies regarding ‘Online Access to health records’, ‘Specified consent in data exchanges within the healthcare sector’ and the ‘MedMij Programme’; semi-structured interviews with twelve stakeholders and experts; previous research by the Rathenau Instituut; and desk research.
Practical aspects of designing digital health management
Building a digital health management system is turning out to be (technically) more complex than was expected by those involved. There is a need for building several types of healthcare infrastructures, both central and decentralised. Moreover, developing standards takes time and requires consultation with many different parties. Digital health management also necessitates new forms of cooperation, for example in order to integrate data from the PHEs into routine healthcare processes. It is by no means certain that all the necessary underlying arrangements can be recorded centrally.
Implications for public values
New discussions are emerging in the healthcare sector about control over the data in professional medical records (privacy), equal access to healthcare (equity and equality) and individual management of the healthcare process (autonomy). Giving people more control over their health data is no guarantee that they actually understand the information or will be able to manage their health more effectively. Digital health management gives people more responsibility, in times of sickness and health. It is unclear whether the public in all its variety – including chronic patients – is willing or able to shoulder this responsibility, and if so, how.
The responsibility borne by healthcare providers and their relationship with patients may also change. Because the objectives of various parties are intertwined in digital health management, however, we no longer know precisely who is earning money from our health data and from sharing it, who is benefiting from our data, and who is responsible for what. This uncertainty raises serious questions about the real degree of control that people exercise in digital health management. If our ability to act in response to feedback increasingly depends on analyses (big data, machine learning, predictive medicine) of linked data, it may be that our choices are being manipulated, whether or not deliberately. It is therefore debatable whether people in fact make ‘their own’ choices and thus take charge of their own health. To sum up, our study shows that the current structure of online access and PHEs may have implications for broader public values, and that it can therefore be difficult to assess the consequences for people’s ability to take charge of their health.
Policy options that take the implications into account
According to our analysis, the digital health management system faces three main challenges, giving rise to various policy options:
- The challenge of broadening the focus on privacy and security to include other public values. In addition to privacy and security, other public and ethical values may be compromised by digital health management. These values must be safeguarded at the earliest possible stage of design.
- The challenge of ensuring that the system works for different categories of patients and other groups of people. The digital health management system is geared primarily towards meeting the wishes of chronic patients who are capable of self-management; it gives little consideration to the wide variety of other patients and (vulnerable) individuals. Digital health management will also change existing healthcare processes, although we do not yet know how.
- The challenge of pointing out and regulating the expanding options that data exchange within and without healthcare provides for data analysis and data profiling. More data sharing within and outside the healthcare sector also makes data analysis and data profiling possible. Due consideration must be given to the risks and consequences of increased data sharing and of applying (self-learning) algorithms to large amounts of health data.
Our main conclusion and recommendations
To deliver on the promise of health data management in everyday practice and to protect the public and patients, the Rathenau Instituut proposes to broaden the discussion and address these concerns. To this end, we make three recommendations for how policymakers, patient representatives, healthcare providers, IT suppliers and individuals can continue working together towards socially responsible digital health management:
- In addition to ‘privacy by design’ and ‘data protection by design’, focus on including broader public values (such as autonomy) in the design of digital health data management systems (‘ethics by design’).
- Ensure that the MedMij Programme and PHEs are responsive to the needs of different categories of patients and other groups of people.
- Set additional requirements for all government and commercial parties that use data from the PHE, even if patients or other individuals have given their consent. Secure the role of the healthcare professional in interpreting data. Ensure that people are capable of making deliberate, informed choices.
Responsible digital health management – More data, more control? The Hague: Rathenau Instituut.
Three recommendations for responsible digital health management
It is important to reflect on the vulnerable position of patients and less resilient members of the public, and on the way that digital health management is changing the responsibilities of physicians and patients and the relationship between them. We make three recommendations for how policymakers, patient representatives, healthcare providers, IT suppliers and individuals can continue working together towards socially responsible digital health management:
- In addition to ‘privacy by design’ and ‘data protection by design’, focus on including broader public values (such as autonomy) in the design of digital health data management systems (‘ethics by design’); this would be a task for the National Health Information Council (Informatieberaad Zorg).
- Ensure that the MedMij Programme and PHEs are responsive to the needs of different categories of patients and other groups of people. Learn from the pilot projects that are currently under way and examine how digital health data management can be organised in the best possible way for everyone.
- Set additional requirements for all government and commercial parties that use data from the PHE, even if patients or other individuals have given their consent. Secure the role of the healthcare practitioners in interpreting data. Ensure that people are capable of making deliberate, informed choices.