Digitalization of Healthcare
By: Valiant Jacob, The City Law School, City, University of London
In the era of COVID-19 and the difficult years that the world has endured, the need to develop healthcare policies alongside growing technology has become apparent. When a wide-spread pandemic prevents people from accessing diagnostics or if said pandemic grows too rampant, a digital database becomes invaluable in the fight against infection and disease. The digitalization of healthcare, therefore, becomes a growing piece of healthcare policy in a globalised world. This new terrain is fraught with difficulties such as privacy, data safety and codifying digital healthcare standards across all Member States.
The core aspects of digital healthcare include diagnostics, treatment, and wellbeing. Digital health encompasses several elements within healthcare. It involves healthcare processes which include clinician support software and patient management. It also involves clinical trial management, drug discovery analytics and patient-centric tools. That is to say, digital health does a lot of things and those services can be vital in patient care and preventative medicine.
The official journal of the EU in 2019 outlined the EU’s dedication to improving and developing healthcare digitalization alongside growing technology and maintaining efficiency and sustainability. The EU also recognizes the need for better digital tools in the fields of disease prevention and to address accessibility and health literacy of the general public. In recognition of these needs, the European Union implements policies and legal instruments to strengthen the European Union’s approach to the digitalization of healthcare.
The European Union has several major considerations when creating comprehensive digitalization of healthcare across all Member States. The main legal considerations include the separation of competencies between the EU and the Member States themselves. Due to this separation of competencies, there are challenges in streamlining policies across all Member States as Member States have their own digital healthcare policies and approaches that they wish to enact.
Other considerations for the EU include increasing the role for online distribution of medical products. In light of the need for people to access medical products virtually especially during COVID-19, this consideration is sound and would streamline healthcare access to more people. Furthermore, there is a growing trend of influence of marketing and social media on the local legal landscape. This undoubtedly brings concerns regarding codes of conduct and professional regulations amongst healthcare professionals. While some are of the view that some social media medical information helps increase access, there are concerns about potential scammers and unreliability of information.
Additionally, the EU has made it a high priority to safeguard and monitor the technology used for reporting and to maintain transparency. Concerns about privacy and protection of personal data come with the territory of healthcare digitalization. Throughout the report, the EU consistently highlights concerns for data protection and its commitment to maintaining ethical standards of data privacy and usage. In the same report, the EU also highlights the need for cooperation between Member States to develop the digitalization of healthcare.
This is the aim: all laudable. But, what are the concrete legal protections and policies put in place by the European Union to facilitate the improvement of digitalized healthcare?
The EU legal environment regarding digital health comprises several aspects of digital health. Under Regulations 2017/745 and 2017/746, the EU requires the classification of medical technology which includes software and medical devices. Technical specifications of medical technology are listed under Directive 2006/42. Directives 2019/770 and 2019/771 concern the contracts for the sale and supply of digital goods and services. Regulations 2017/745 and 2017/746 cover medical devices and diagnostic machinery. The list is not exhaustive but highlights the level of detail in which the EU exercises regulation, manufacture and quality-assurance of medical software and devices. These are imperative in the expansion of such technology amongst Member States.
Specifically setting stricter regulations on the quality and standards of medical devices, manufacturers are expected to fulfil all general safety protocols in the manufacturing of medical devices. The Medical Device Coordination Group (MDCG) manages key issues surrounding medical devices including software. The MDCG have set out the criteria and quality of standard provisions for software.
However, the key concern of streamlining these regulations may be cut short due to the division of competencies between the EU and the Member States. Member States may have their own national provisions and laws on regulation of software. As software is an amorphous entity, there is a need for streamlined standards. Without it, the software license or coverage may not be universal and will ultimately impact healthcare service providers.
Regarding data protection and patient privacy, Directive 2005/36 protects patients’ rights to cross-border healthcare and access to telemedicine.Regulation 2016/679 covers the patients’ right to privacy. It provides protection of personal data and the free movement of said data to allow efficiency and cohesion in cross-border care. Beyond the Directives and Regulations, the EU has the toughest privacy and security law in the world known as the General Data Protection Regulation (GDPR). The GDPR imposes obligations on organisations worldwide that collect data from the EU. It is a firm stance by the EU to ensure that the collection of that data is under strict conditions and under legitimate purposes.
To do so, one of the main authorities responsible for data protection and privacy is the European Data Protection Board, which functions on an EU level for oversight. The board acknowledges the growing reliance on personal data especially within digitalized healthcare. The EU places high priority on applying GDPR meticulously when it comes to the protection of patient data. It highlights that not only should the data be layperson friendly but also readily accessible.
The EU is under no illusion regarding the value of personal data and the significant monetary value in the exploitation of that data. Therefore, the need for high cybersecurity and cooperation amongst Member States is paramount. Through cooperation, the Member States may exchange codes of best practice to simultaneously improve and develop the digitalization of healthcare. Additionally, there is a great need for comprehensive ethical training and development in privacy protections amongst Member States.
What of healthcare providers regarding data protection and privacy? The EU asserts that Public Health Systems are best placed authorities to manage the collection of health data. The EU is very supportive with setting up public health organizations and healthcare providers with the tools necessary to operate with transparency. The basic requirements the EU places upon healthcare providers are mainly principles enshrined in the GDPR: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
The EU institutions have a strong sense as to what is needed in order to safeguard patient data and ensure privacy and legitimacy when handling such data. However, the concern still remains on the separation of competencies between the EU and its Member States in streamlining these standards across borders, . But this much is true, healthcare development and technological development grow hand in hand. In a post-pandemic future, digitalization of healthcare is imperative for disease control and prevention.