GDPR: blessing in disguise?
Thank you for the invitation and the opportunity to share with you our approach to respecting privacy in the age of Digital health.
I would like to start with a short introduction from the late Niels Schuddeboom, an inspirational patient advocate whose drive to ‘dance with the system’ as he called it, helped us keep our focus on those who need our help.
Question: Who of the attendants here have their own full genome data, using a genome sequencing service like 23andme or Illumina?
With services like this, for about 150 euro you get full access to your own genetic source code. You can use that data to analyze your ancestry, to get insights into your genetic traits, to the genetic markers that define how you respond to certain medical treatments, and to see if you have a higher genetic risk for serious illnesses like Alzheimer’s and Parkinson’s disease.
And this is just the beginning. The Leiden University Hospital sends the genetic data of their patients to their pharmacies, ensuring that they get the medicine that is tailored to their specific genetic design. Precision medicine is an emerging field that has tremendous potential: both in targeted and tailored treatments, as in early warning and even prevention.
Last week, the governments of Cyprus, Luxembourg, Sweden, Finland and Bulgaria created a coalition that aims to bring together the genomes of one million European citizens. With this pool of genetic data, they aim to create the world’s leading hub for research into new cures and treatments. That way being able to bring them to the European market first, and attracting talent and business along the way. With this data, we might be able to find a cure for cancer, Alzheimer’s or ALS.
But I ask you to consider this: genomes are our own biological source code. The data itself is as personal as it gets. It describes exactly what is unique about you. But not only you: your parents, siblings and children share large amounts of that source code. That makes it very hard to anonymize. Only a few family members need to be identified, and you are as well. There is nowhere to hide, to keep this data private.
Ladies and gentlemen, this example is a good way to explain the dilemma we face with privacy in digital health. Health data is highly sensitive and personal and the potential impact of misuse is huge. At the same time, health data needs to be able to flow freely if the situation calls for it. This has to be done in a safe and secure manner, between people, organizations and networks you trust.
Health data becomes more and more consumerized, with personal data generated by sensor-rich wearables and low cost processing and analytics. Traditional healthcare systems are no longer in control of all the data, data is being democratized. This brings a fundamental shift in power. It moves away from the traditional healthcare professionals and the systems they work for and towards the patients, the consumers and the service providers that they choose to use.
The current public discussion about Facebook shows that we have been naïve in thinking that these data Tech service providers will not take advantage of the data we generate. Or that all health data is safely stored in secure locations. Health data is targeted specifically by hackers, because a single patient’s health record will get 350 to 500 dollars on the black market - more than any other type of data. Passwords and e-mail addresses one can change. Your health data, you often cannot.
This brings me to the central element of this talk: trust. In this hyper-connected world of digital networks, governments need to enable citizens to build and maintain trusted relationships. In healthcare, networks of relationships are vast and complex. Patients, citizens, doctors, nurses, hospital management, payers, researchers, government, service providers… And there are different local, regional, national and international relationships. To make it even more complex, it is also very dependent on the situation and context. Needing acute care in an emergency, you need trusted relationships instantly, while with big data analytics for research purposes, the trust relationship is less visible, but equally important.
Ladies and gentlemen, this is why I feel the GDPR is so important. It provides the legal framework that gives everyone the right to decide what third parties can do with their personal data. It’s a very necessary instrument to build trust.
Trust is essential. I need to be able to trust that everyone shares the same goal: improving my health. And that decisions about my health are made based on the right information that is available at the right time and only at the right place. Preferably together with me as an equal partner. I also need to trust that the data used to improve my health is actually about me, comes from my doctors and is not altered during transport. And I need to trust that the people and organizations that use my health data, treat that data as sensitive and personal data and actively protect my privacy.
Privacy is not about keeping personal data hidden from everyone and anyone. Privacy is about who controls access to personal data. Privacy is about building trusted relationships. Respecting privacy therefore, is about giving you and me the power and tools to control who can access my personal information. This starts with informed consent.
There is no trade-off between privacy and quality of healthcare. If there is no trust, there is no consent, you will have no data. We feel that the best way to do this, is to make everyone the CEO of their own health data.
Ladies and gentlemen, in The Netherlands, a patient-led coalition of healthcare stakeholders from primary care, hospitals, long term care, healthcare insurers and government is building the legal, technical and practical framework for a comprehensive set of digital and lifelong tools that enables our citizens to access, download, store, enrich and share their own personal and professional health data. We call this MedMij, or MedicalMe.
I would like to show you a short animation that gives you a clear understanding of what MedMij is.
MedMij essentially creates a trust-framework. It is a set of rules that all personal health data solution providers have to play by. It governs how we build trusted relationships based on our personal health data. MedMij doesn’t stop at patient access to professional data, that’s where it starts. What if you have all your health data with you, imagine the possibilities. What if you could add your smart-device data? What if you could interact with your doctors on a more equal basis? What if you could share parts of your data with family? You decide what happens. With MedMij we take a big step towards a healthcare system that has privacy built in by design, but it is not the answer to everything.
Ladies and gentlemen, in my example about genetic data, the potential for research is evident. This is the case with lots of other health data, personal and professional. The discussions about use of health data for research often focus on data-ownership. This is the wrong approach. When building trusted relationships, we should be talking about data stewardship. The trusted relationship between citizens and researchers is built upon transparency: do we share the same goal, is it interpreted correctly, is it safely stored and handled only by trusted people and networks, is all relevant and necessary data available.
For this transparency, working with international standards and open API’s is essential. Blockchain can be used to create an audit trail. And initiatives like the Personal Health Train enable researchers to get results without having to access the data itself: it brings the algorithm to the data, instead of the data to the algorithm.
Ladies and gentlemen, in conclusion, I say that the GDPR is a blessing in disguise. It is an essential tool to build trusted relationships for health data. It accelerates the democratization of health data and the shift in power from the traditional healthcare systems to our citizens. As such, it is a huge driver for innovation. These are exciting times to be in healthcare!