The digitisation of health data creates opportunities for more personalised healthcare and prevention. That is because doctors and other professionals can more easily access medical data, with the consent of the person in question. People can also collect their own health and lifestyle data and, for example, share it with their healthcare practitioner. When combined, different digital services make it possible to access, share and use electronic health data, including outside the healthcare domain.
In May 2018, the Rathenau Instituut published a report entitled Responsible digital health management. More data, more control? (Niezen & Verhoef, 2018) in which it concluded that giving people online access to their medical data does not automatically mean that everyone is willing and able to shoulder the associated responsibility. There must be a greater focus on such core values as autonomy and solidarity, and on developing frameworks and safety nets to protect people against being pressured by third parties to give them access their health data.
In our report Health at the centre. Responsible data sharing in the digital society, we observe that the public and political debate has moved beyond the digitisation of and access to medical records. People are being encouraged to use digital health data services because doing so gives them more control over their health data and subsequently allows them to take charge of their health. The Rathenau Instituut questions whether it is actually advisable for people to control their digital health data, whether they receive better health advice based on those data, and whether they really do manage their health better as a result.
The Health at the centre report examines the parallel emergence of digital services that allow individuals to access, share and use their health data. We analyse four different categories of services, both separately and in combination: online portals operated by healthcare institutions (that allow us to ‘view’ our medical records and give us access to supporting digital programmes), health apps (‘digital coaches’), personal health environments (PHEs, personal data vaults in which we can manage our own health data digitally from a single, comprehensive overview), and public platforms (collective online databases, in which we can share information and our own health data with others). Our investigation has given us a better understanding of how using digital health data services impacts healthcare, individuals and society as a whole.
Personal data management and data sharing were also possible in the past, for example when people obtained copies of their medical records. However, with the digitisation of health data the scale and scope of data sharing is increasing, with both positive and negative consequences for the relationship between people and patients.
We see best practice examples of shared decision-making between healthcare professionals, patients and, where necessary, loved ones and informal carers that support people in taking decisions about their treatment process and in sharing their health data. In blended care, digital and face-to-face healthcare are attuned to each other, so that patients who wish to do so can participate digitally in their healthcare. Howver, the integration of shared decision-making and blended care into healthcare practice must certainly not be taken for granted.
At the same time, we see health data circulating outside the familiar doctor-patient relationship on an ever-widening scale within a network of public and private partners. Digital health data services and data sharing have shifted the responsibilities of healthcare professionals, patients and developers, but these changes have not yet been surveyedor identified, causing worry among patients, healthcare practitioners and developers:
We are seeing a proliferation of digital tools designed to help policyholders, patients and consumers monitor their health and adjust their lifestyle behaviour. The apps differ considerably in terms of the quality of their tracking and e-coaching. How do patients know that they are using services and data of good quality? In addition, patients are more than just a data source, and they too want to benefit from sharing their data.
Healthcare professionals want more clarity about the confidentiality of data in medical records and the threat to that confidentiality when digital copies are removed from their ‘control’.
Developers and providers of digital services are conscious that they now bear more responsibility for interoperability, security and data protection, but they are not yet sure how to structure their services in a way that helps people to share their data responsibly.
The idea is that the different digital services help people to understand their health status. In particular, Personal Health Environments (PHEs) – to which people can add copies of their healthcare practitioner’s medical records and data that they track themselves with an app or wearable – will allow people to share data with research institutes or app publishers that provide personalised advice. Once individuals are in control of their health data, they may well become the point of contact not only for healthcare practitioners, but also for third parties.
Commercial parties as well as municipal authorities, the Employee Insurance Agency (UWV) and the Care Needs Assessment Centre (CIZ) may have an interest in the data accumulated in a PHE, a public platform or an app. Not everyone will be sufficiently capable of resisting ‘urgent’ requests for this information. A further risk is that people will not make informed decisions (or be unable to do so) about disclosing their data because they are afraid that a healthcare practitioner or authority will not be able to assist them properly otherwise.
We may also question whether everyone understands the real or potential implications of sharing their data with third parties. For example, what if an employer learns ‘prematurely’ that an employee is pregnant, or if someone is diagnosed (correctly or not) with an illness by a commercial screening service without being offered professional coaching? Another risk of data ending up outside the healthcare sector is that profiling will be used for unwanted advertising or to manipulate people’s behaviour.
The Rathenau Instituut has carried out many studies into the social, economic and ethical effects of digitalisation in recent years. Key findings of these studies that are consistent with the current findings on health data digitisation are:
Digitalisation leads to a looping effect in which the virtual environment steers the real world. Digitisation of patient data leads to changes in the healthcare process and alters the roles of healthcare professionals and patients.
The large-scale digitalisation of public services gets bogged down when attempts are made to standardise too many different services for the various users and members of the public at the same time. Experts who participated in the current study warn against designing a standardised record to document all the health data of the entire population.
It is wrong to assume that digitalisation gives users across the board more control over processes. Some users will actively use and manage their data, others will make passive use of their data, and still others will in fact lose control. This issue is even more sensitive in the complex field of healthcare because there is a risk of exclusion.
When digitalisation is aimed at linking as much data on as many people as possible, large-scale platforms emerge that weaken the position of individual users. That is also true in the healthcare domain.
Security risks are a growing threat in digitalisation. Not only is privacy under threat, but also system robustness, application continuity and public values. Cybersecurity is therefore an increasingly important criterion for responsible digitalisation, certainly in the healthcare sector.
The need to underpin sound professional care with research can all too easily lead to the unchecked transfer of patient data and biological material. The difference between diagnostic research, curiosity-driven research, clinical trials and other forms of health research is unclear to patients.
The report gives us several best practice examples of how best to share data and use digital health data services. But the case studies also teach us three lessons:
Lesson one: We need to clarify or redefine which party is responsible for what when it comes to data sharing, access to health data and quality of care. Only then will we be able to oversee the consequences of using digital data services in the healthcare sector.
The various health data services will be increasingly interlinked, causing health data to circulate outside the familiar doctor-patient relationship on an ever-widening scale within a network of public and private partners. Because non-medical data can also tell us something about our health, it would be advantageous for the rules that apply within and outside the medical domain to inform each other, for example with GDPR implementation informing medical-ethical reviews, and vice versa.
Lesson two: To inspire and maintain trust in responsible data sharing, we need to build on the safeguards within the health data chain, i.e. the processes of generating, accessing, sharing and using health data. There are not enough of these safeguards at the moment.
Further elaboration of the concept of patient confidentiality, whereby copies of data from a medical record stored in an online portal or a PHE would be protected automatically, reducing pressure on individuals to share their data.
Continuing to support technological citizenship, for example by investing in the digital skills of the public and by involving the public in digital innovations.
Establishing an authority or fund to which people can turn for help in deciding about data sharing matters (for example by means of a dashboard that provides an overview and helps them understand what they control) and where they can seek redress if data are shared or used unlawfully or result in an incorrect diagnosis or change of behaviour.
Establishing a transparent overview of existing and new quality marks that offer an indication of the quality and reliability of the services.
Close collaboration on oversight between the Dutch Data Protection Authority and the Health and Youth Care Inspectorate so that unwelcome services that put the quality and reliability of data and data transfer at risk can also expect to be penalised.
Lesson three: To continue guaranteeing access to healthcare and health, it is important to realise that there are limits to personal health management.
Our ideal is to manage, share and combine digital health data, but we want too much and we want it too soon. The existing services are only evidence-based for part of the population, i.e. for chronic patients, for people in good health and for a healthcare context that supports the integration and improvement of digital services in the work and healthcare process. It is not data sharing but rather good healthcare that should be at the centre of the digital society. That means, for example, that services are used purposefully and in accordance with best practices.
We must also consider the effects of sharing health data on society as a whole. It is in any case clear that sharing data with third parties changes the balance of power within and outside the healthcare sector. Not only do we and our doctors know more and more about our bodies, but other parties – including commercial parties and local authorities – also know more and more about our health. A governance system must be established that will strike the right balance between the individual and the collective interest and continue making it possible for people to receive good quality healthcare, also in a non-digital form.