On 17th April 2019, WHO released a ‘new recommendations on 10 ways that countries can use digital health technology, accessible via mobile phones, tablets and computers, to improve people’s health and essential services’. Harnessing the power of digital technologies is essential for achieving universal health coverage, says WHO Director-General Dr. Tedros Adhanom Ghebreyesus. Ultimately, digital technologies are not ends in themselves; they are vital tools to promote health, keep the world safe, and serve the vulnerable.
Over the past two years, WHO systematically reviewed the evidence on digital technologies and consulted with experts from around the world. This guideline is a roadmap to research for global health so as to strengthen countries health systems. It is to be effective, sustainable and responsible.
“The use of digital technologies offers new opportunities to improve people’s health,” says Dr. Soumya Swaminathan, Chief Scientist at WHO. “But the evidence also highlights challenges in the impact of some interventions.” She adds: “If digital technologies are to be sustained and integrated into health systems, they must be able to demonstrate long-term improvements over the traditional ways of delivering health services.”
Dr. Oommen John, Senior Research Fellow, George Institute says, India is a hub for digital health innovations, however very few of these innovations have achieved the scale for impact within the health systems. It is important therefore to pause, reflect and use the WHO digital health guidelines as framework of the innovation ecosystem in India and help guide energy and enthusiasm of the start-ups to develop, evaluate and implement digital health innovations that can help achieve the universal health coverage.
The guideline encourages policy- makers and implementers to review and adapt to these conditions if they want digital tools to drive tangible changes and provides guidance on taking privacy considerations on access to patient data.
“Digital health is not a silver bullet,” says Bernardo Mariano, WHO’s Chief Information Officer. “WHO is working to make sure it is used as effectively as possible. This means ensuring that it adds value to the health workers and individuals using these technologies, takes into account the infrastructural limitations, and that there is proper coordination.”
Mr. Mariano also said: “Digital Health is the future of healthcare. As we take the big leap into digital health, we must ensure that it is people centric, delivers positive health outcomes, does no harm to people and it actually improves the healthcare system as a whole.”
It is a ‘Living Guideline’ i.e. it will be updated regularly as new evidence becomes available. This Guideline has been completed under the newly formed section at the WHO: Norms and Standards section in the WHO. This Guideline has been regarding: Reproductive Health & Research and has four outcomes:
- Health systems to have health data for accountability
- Helping health workers to work efficiently
- For tracking medical commodities to provide services
- Making sure health coverage for all
Since it is a developing guideline and is meant to be stringent based on evidence alone; it is a path finder for a whole gamut of health issues. For each recommendation, a summary of the evidence on the positive and the negative effects has been provided.
Dr. Garrett Mehl, Scientist, Digital Innovation and Research, WHO says: “Digital interventions depend heavily on the context and ensuring appropriate design. This includes structural issues in the settings where they are being used, available infrastructure, health needs they are trying to address, and the ease of use of the technology itself.” Importantly, it must be noted that: “Digital health interventions are not sufficient on their own.”
The guideline recommendations about telemedicine, which allows people living in the remote locations to obtain health services by using mobile phones, web portals, or other digital tools. WHO points out that this is a valuable complement to face-to-face- interactions, but it cannot replace them entirely. It is also important that consultations are conducted by qualified health workers and that the privacy of individuals’ health information is maintained. The guideline emphasizes the importance of reaching vulnerable populations, and ensuring that digital health does not endanger them in any way.
Trusted Exchange Framework and Common Agreement (TEFCA)
On 19th April 2019, US Department of Health and Human Resources (HHS’) announced the next steps in advancing operability of health information by opening up the second draft of the Trusted Exchange Framework and Common Agreement (TEFCA) for public comment. TEFCA, would support the full, network-to-network exchange of health information nationally. Specifically, the documents being released for comments are: (1) a second draft of the Trusted Exchange Framework (TEF), (2) a second draft of the Minimum Required Terms and Conditions (MRTCs) for trusted exchange, and (3) a first draft of a Qualified Health Information Network (QHIN) Technical Framework. These documents will form the basis of a single Common Agreement that QHIN’s and their participants may adopt. This Common Agreement will create baseline technical and legal requirements for sharing electronic health information on a nationwide scale, across disparate networks.
“The seamless, interoperable exchange of health information is the key piece of building a health system that empowers patients and providers and delivers better care at a lower cost,” said HHS Secretary Alex Azar. “The 21st Century Cures Act took an important step towards this goal by promoting a national framework and common agreement for the trusted exchange of health information. We appreciate the comments and input from stakeholders so far and look forward to continued engagement.”
In developing a TEFCA that meets industry’s needs, HHS’ Office of the National Coordinator (ONC) for Health Information Technology focused on three high-level goals:
- Provide a single “on-ramp” to nationwide connectivity
- Ensure electronic information securely follows you when and where it is needed; and
- Support nationwide scalability for network connectivity
ONC will maintain the TEF, while a non-profit, industry-based organization, known as the Recognized Coordinating Entity (RCE), will be awarded funds to develop, update, implement, and maintain the Common Agreement. Through this effort, ONC will define the minimum required terms and conditions needed to bridge the current differences among data sharing agreements that are preventing the flow of electronic health information. The industry-based RCE will be tasked with developing additional required terms and conditions necessary to operationalize the Common Agreement and meet the interoperability requirements of the 21st Century Cures Act.
“The updated Trusted Exchange Framework and Common Agreement we issued today considered more than 200 comments we received on our previous draft and reflects extensive work with our federal partners,” said Don Rucker, National Coordinator for Health Information Technology. “The future Common Agreement, made possible by the steps we take today, will provide the governance necessary to meet the interoperability demands of diverse stakeholders, including patients, healthcare providers, and health plans.”
The drafts released are responsive to stakeholder comments by making key changes to the draft requirements that health information networks who choose to participate would have to follow. These changes include updating the purposes for which information can be exchanged, adding a “push” method of data exchange, adding a technical framework for QHIN’s, and extending timelines for participating entities to implement changes that will be required by the Common Agreement.
These changes will help improve the flow of information between networks where needed and appropriate. In public health settings, for example, “reporting from providers is a foundational capability for effective public health action,” said Chesley Richards, Deputy Director for Public Health Scientific Services at the Centers for Disease Control and Prevention & that “The TEFCA will not only strengthen this capability, but will create the ability for timely and true bi-directional information sharing that is essential for responding to public health threats and epidemics.”
Designed to fill the gaps that currently impede the secure and appropriate flow of health information and to continue to enable the progress that has already been made in the private sector, the success of TEFCA depends on coordination with the private sector. “We expect that the implementation of the Trusted Exchange Framework and the Common Agreement, will bring us all that much closer to achieving the administration’s goals of nationwide interoperability,” said Dr. Rucker.
General Data Protection Regulation (GDPR), One Year On
It is a very recent piece of legislation in the European Union and the European Economic Area regions (continuation to the previous article on GDPR in InnoHEALTH volume 3 issue 1 Jan-Mar 2018). The GDPR was adopted on 14th April 2016, and became enforceable on 25th May 2018. As the GDPR is a regulation and not a directive, it is directly binding and applicable, but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states. the UK granted royal assent to the Data Protection Act 2018 on 23rd May 2018, which contains equivalent regulations and protections as the GDPR.
After the first year of implementation of the GDPR over 200,000 cases have been reported. European data protection agencies have issued fines in excess of 55 million Euros for GDPR breaches since it was enforced last May, but this seems to be just the tip of the iceberg, thus making a strong possibility that enormous number of GDPR breaches are occurring but probably are yet going unreported. An assessment from the European Data Protection Board (EDPB) which is made up of regulators across the region, found that, in the first nine months, there were 206,326 cases reported under the new law from the supervisor authorities in 31 countries in the European Economic Area. One thing that has changed since the implementation of the GDPR is the massive increase in the reported number of incidents and more importantly that the companies have been reporting themselves to the data commissioner over the past year. The main emphasis under the GDPR Regulation is that companies must notify the regulators very quickly once the company losses any personal data. Consequently, of the breaches huge fines can be levied on the companies if they are found to have not done what they should have done to protect the personal data or specifically be able to display that they did all they could to clean up after the breach occurred in the first place.
Considering the developments all around the world, in terms of guidelines and regulations, specifically relating to the digital health, it is only right & more essential to emphasize the pressing need for India to have specific laws too for this area as practice carries on while laws don’t exist, which will result in exponential damage in the coming times.
About the author
Sapna Singh is a lawyer with years of experience in Telehealth law research. She possesses Diploma in Hospital Administration from India; Masters of Law in Intellectual Property Rights from US; Masters of Science in Telemedicine & ehealth from UK.