|Focus on: Cybersecurity in Health
There is a moral and economic imperative for European health leaders and policy makers to extract value from the ever-growing amount of health data, as it holds the potential to empower a healthier, more sustainable future for all. As health authorities and leaders gather in Malta for the eHealth Week, Microsoft and the Cloud in Health Advisory Council release a Call to Action on Health Data to ensure that Europe’s new privacy framework best serves Europe’s citizens – starting with its patients. With the digitization of everything in our lives, the idea that data and intelligence empowers better health is our new technology normal. Massive amounts of data can be stored and processed cost-effectively thanks to secure and privacy enhanced cloud services. With artificial intelligence applied to health, more data can be analyzed faster than ever and turned into insights that care teams can use to enable better health outcomes for individuals and populations. And with today’s cybersecurity technologies, all of this can be done in a way that upholds timeless values around protecting patient security and privacy. So, what is holding us back? Reality shows that many health systems aren’t yet realizing the full potential of secondary use of health data – i.e data used in research to improve health care and services of the population or cohorts of patients. There is the lack of clarity around how secondary data can bring positive impact on people’s health. More generally, evidence shows that there is low awareness of how this goes hand in hand with patient privacy and security. The discussion of how data for better health can go hand in hand with data protection, is especially important at a time when the EU and European Economic Area (EEA) Member States progress towards implementation of the new General Data Protection Regulation (GDPR) by May 2018. To help health organizations prepare for GDPR and take a patient-centric approach to usage of health data, on May 10th we published a Call to Action on “Health Data: Saving Lives and Protecting Patients’ Rights,” leading with the following recommendations:
- Regulators and policy makers should be sensitive to differences between “primary” and “secondary” uses of health data.
- “Cloud-first” policies should be promoted to improve primary care across Europe.
- All stakeholders should engage in dialogue and awareness raising that drive a better understanding of the value, safeguards and ethics of “secondary use” of data.
- Member States should ensure that their GDPR implementation enables privacy and security and improves health outcomes.
- Stakeholders should support research on a new ethical framework for health data and “data donation”.
As we think about how to delineate between primary and secondary uses of data and the kinds of storage, security, and privacy controls that may be appropriate in the different use cases, my colleague Andreas Ebert (Regional Technology Officer EU) introduced the idea of a “data re-use maturity model”. Promoting policies that advance secondary use of data could help shift the focus of health systems to preventing illness, rather than just treating it. As your health organization digitally transforms to innovate with health data, please let us know if you have any questions or need any help via email, Facebook, or Twitter. And stay tuned for detailed guidance in the upcoming whitepaper. In the meantime, we encourage you as health leader and stakeholder, to raise awareness and join forces to promote secondary use of health data for better health. You can read previous blogs by me and Neil Jordan to find out how health organizations are already using AI to promote better health. And you can learn about key privacy, security, and compliance considerations for health organizations and their use of the cloud. Learn more:
- Building Rigor into Cybersecurity: A Blueprint for Healthcare Organizations
- Saving Lives and Protecting Patients Whitepaper
- Call to action: Health Data whitepaper