Piret Hirv: Do you know who uses your health data and to what end?

Using health data allows us to improve healthcare services and creates added value when providing said services. But how can we make sure that information as essential as our health data is used without raising privacy concerns? How can we ensure that people have allowed their health data to be used?

If we want to overcome the challenges imposed by the healthcare system, we have to be able to use health data in prevention and decision-making processes in a secure and easy manner. This requires people to have the opportunity and right to use and, if they wish, transfer any data collected on them. At the same time, the protection of privacy and personal data must be ensured, especially in the case of the cross-use of personal, health and genetic data. An individual’s right to use and transfer their data to third persons is still considered a novel approach that places greater obligations and responsibilities on the data owner.

Nowadays, many people collect and store their health data through technological devices and services offered by start-ups, the use of which is generally limited to the application collecting the data. Meanwhile, the state also collects its residents’ health and genetic data that could be used in a number of ways, in addition to those initially planned. However, any new use of such data first and foremost requires the consent of the individual concerned.

One unique database currently used in Estonia is administered by the Estonian Genome Centre. The Centre has a great responsibility towards gene donors to protect their privacy and interests. On the other hand, the Estonian Genome Centre supports the government’s development activities in the field of personalised medicine. Genetic data are of great value to scientists in driving innovation, and the secure use of genetic data is in the interests of both gene donors and the Genome Centre.

Everything depends on whom data are shared with

In 2018, the Connected Health Cluster, led by Tehnopol, conducted a survey to get an overview of the use of digital health solutions and the related expectations among Estonian residents, including people’s willingness to share their health data. It turns out that people are in fact both willing and eager to share their health data, but it is with whom they share them that matters.

By asking individuals for their informed consent, the service can be expected to create and increase third persons’ demand for health data. The new solution opens up the possibility for service providers to obtain additional (health) data and to cross-use different types of data, which may lead to a reduction in individual privacy. Asking for consent can lead to the misuse and sale of data. For example, intermediaries/brokers (or other business models) may emerge that buy data in order to resell them. To the individual, they offer a fee for each resale of data. This can lead to a situation where the individual lacks an overview of the actual content of the intermediary’s activities and their health data end up in the wrong hands.

In creating conditions for sharing stored datasets with the private sector and healthcare providers, the state needs to carefully consider the risks and costs involved and how to mitigate potential risks and prepare people for such a change. Positive aspects should also be considered in order to increase the sharing of health data and to help create innovative solutions in health care.

Piret Hirv in the manager of Connected Health Cluster which is led by Science and Business Park Tehnopol. This article was published in the personalised medicine edition of Sinuga magazine of the Estonian Chamber of Disabled People. Other articles published in the magazine can be read here (in Estonian only).