Government Europa Quarterly speaks to Miguel González-Sancho, head of unit for eHealth, Well-being and Ageing at DG CONNECT, about the role of health data and R&I in the Digital Single Market.
With the increasing popularity of self-diagnosis through device-based applications and online resources – labelled the “Google Doctor” – the privacy of patient and health data is becoming increasingly important. Meanwhile, the mobility of European citizens within and between member states creates a rising demand for health data to be moved across borders accordingly.
Government Europa Quarterly spoke to Miguel González-Sancho, head of unit for eHealth, Well-being and Ageing, about the role of health data, research and innovation in the Digital Single Market.
The World Health Organization reports that 55% of countries have legislation to protect electronic patient data. What can be done to increase this at an EU policy level?
There is EU legislation on protection of personal data of any kind, and in particular sensitive data, such as health data. This legislation has been reviewed recently, with the adoption of the General Data Protection Regulation (GDPR),1 which contains more provisions on health than the previous Directive on data protection. It is now for member states to put that legislation into place.
As part of the Digital Single Market, what can be done to increase health and care innovation in order to enable access to the use of health records across borders?
Its quite important to protect the data, but its also important not to stifle innovation through over-protection, and to promote innovation at the same time. There is already action at a European level already, in particular to support member states in exchanging data across borders, with European funding through the Connected Europe Facility (CEF) programme.
Cross-border exchange of information is due to start later this year amongst some countries for some services, such as patient summaries (a subset of full electronic records) and electronic prescriptions. This is enabled by the appropriate digital service infrastructure that the CEF program supports, so that exchanges can take place across borders in a safe and secure manner.
Beyond the infrastructure allowing the exchange of data physically, it is important from a legal perspective that there is solid protection of data put into place. It is essential that there are valid legal grounds for that data to be exchanged, for instance patient consent. For that matter, it is important that the patient know what they are committing to in terms of sharing data. In several countries, we see a trend towards enabling access for patients and citizens to their health data; this is an evolution from a situation where they often did not have that access, and in some cases still don’t have it.
Who is responsible for the security of patient records and data? Who is liable to ensure that security is upheld at all times?
Citizens should be owners of their data. Where data health is collected or transferred to some institution, for medical purposes or otherwise, that institution would have a responsibility as the data processor under the relevant legislation. It may be challenging to assign liability, for instance if there is a leakage, attack, or another failure, if the data has been shared or processed by different parties. There might be an assessment to be made in these complex cases about who is liable, but the data protection principles stay.
According to the current data protection directive and future regulation, several obligations are applicable to processing and storing health data. Typically, bigger institutions have stronger obligations and must comply with a number of procedures and declarations in order to ensure a proper framework for handling private data appropriately.
What policy developments are expected in 2018 for eHealth, and its relationship to the Digital Single Market?
An important policy development at the beginning of the year was the adoption of the Commission proposal on health technology assessments. Moreover, the Commission services are currently working on a Communication on Digital transformation of health and care in the context of the Digital Single Market,2 as announced in the review of the Digital Single Market Strategy that was adopted last year, pointing at three priorities on health and care.
The first priority concerns the interoperability and exchange of data – electronic records and so forth. The second priority is personalised medicine, supported by data infrastructure including cloud and high-performance computing, enabling the exchange of data to facilitate research, better diagnoses and treatments. The third priority is citizen and patient-centred care, focusing on self-management of health and prevention as well as integrated care, including the use of new devices such as apps and wearables.
Then of course, there are policy horizontal developments that are quite relevant to the health domain. The GDPR, which will soon come into effect, will apply also to health data, and includes some specific provisions in that area, with some leeway for EU Member States to interpret those provisions. The Directive on security of network and information systems (NIS) is also relevant; it needs to be implemented in some critical areas, including health.
A new regulatory framework for medical devices was also recently approved and needs to be put into place.
In general, we are witnessing rapid medical and market developments, where digital technologies and data are disrupting the health space. These developments call for flexible yet robust EU legislative frameworks capable of addressing new challenges, for instance, the assessment of a piece of medical equipment with artificial intelligence (AI) capacities. Rather than proposing new pieces of legislation – which takes a lot of time – it is important to properly implement the legislation that we already have available.
What are the priorities on your agenda for 2018 in eHealth, Well-being and Ageing?
There are various services in the European Commission that work on matters associated with health and technologies. I’m the head of the unit “eHealth, Well-being and Ageing” at DG CONNECT – a DG that focuses on the technology perspective. Other relevant DGs with whom we regularly collaborate include:
- DG for Health and Food Safety (SANTE), that addresses health generally;
- DG for Research and Innovation (RTD), tackling health research amongst other areas;
- DG for Justice and fundamental rights (JUSTICE), dealing with data protection; and
- DG for Internal Market, Industry, Entrepreneurship and SMEs (GROW), responsible for medical devices.
My unit is not responsible for any piece of legislation, unlike other units in DG CONNECT, but has three other main responsibilities:
Support to research and innovation
We manage a portfolio of research and innovation projects under the Horizon 2020 Work Programme, and also other previous programmes. The role of the Commission is to write the work programmes and call for proposals, as well as organising the selection process of proposals received from consortia of partners from different countries.
We are currently preparing the referred to Communication on Digital transformation of Health and Care in the Digital Single Market, together with DG SANTE and in very close collaboration with DG RTD. This comes further to the current eHealth Action Plan.3 There have been two eHealth action plans released by the Commission, which provide a sort of policy umbrella covering different EU instruments such as research and legislation, amongst others.
Relationships with stakeholders
We have an eHealth stakeholders group, co-chaired by DG SANTE and CONNECT, enabling us to get feedback from stakeholders and then conversely, to inform them of EU developments and test new ideas. Also relevant is the European Innovation Partnership on Active and Health Ageing (EIP on AHA), which is a platform for co-operation amongst mainly local and regional actors, focusing on the transformation of health and care and the role of technologies in our ageing society.
The EIP AHA Conference of Partners took place in Brussels, Belgium, at the end of February, focusing on uptake and exchange experiences of innovative solutions. I can also mention the stakeholder group on the privacy of health apps, which has been establishing a code of conduct.
The above are some of the examples of stakeholder efforts that are being facilitated by the European Commission.
Research and innovation funding, policy design and implementation, and stakeholder relations, are the three instruments that my unit mobilises to support digital health developments, while keeping in mind that legal competence on health matters is very much in the hands of member states, and in some cases regions, at the end of the day.
Head of Unit
eHealth, Well-being and Ageing