Supporting health innovation with fair informationi practice principles – key issues emerging from oecd-israel workshop

OECD-Israel Workshop January 2021 Report, prepared by Limor Shmerling Magazanik, Israel Tech Policy Institute’s Managing Director

Event took place on January 19-20, 2021

In order to learn about ongoing efforts and to identify priorities for future actions to support evidence-based health data governance policies, the OECD, Israel Ministry of Health and ITPI convened a two-day workshop in January 2021. The workshop sought to highlight country level insights and provide a platform for shared learning across countries, as well as to discuss priorities for future collaborative efforts.

The workshop agenda included the following topics:

• Significant national health data governance reforms implemented recently in countries, which included legal and operational reforms to strengthen health data governance. These examples were viewed in the context of the WHO Global Strategy on Digital Health and an Industry Consortium project.
• Safeguards for health data sharingto promote innovation while protecting people’s privacy. These include: 1) ethical review board oversight; 2) de-identification; 3) administrative, technical and contractual safeguards; and 4) safeguards around cross border data flows.
• Privacy-by-Design and state-of-the-art solutions for safeguarding digital health data against unauthorized access and use.
• Individual & Community perspectives on the imperative to respect the individual’s interest alongside those of the community and society; and on consent and alternative legal basis for the secondary use of patient data for research.

One key takeaway raised at the workshop is the recent conceptual evolution of a perception of research participation as a solidarity-based moral imperative or a moral obligation. This perception applies particularly to non-interventional, minimum-risk health data research and sample donation to (bio)-repositories. Seemingly, where there lies a promise for medical benefits for individuals and society at large, then the low health risk and minimal inconvenience entailed for research subjects in a data analysis invoke a stronger social and moral rationale for participation. At the same time, the autonomy, privacy and the right to self-determination of health data research participants must still be protected by the regulation. 

Another key takeaway was that various countries are engaged in what may be dubbed the “3^rd generation” of data protection regulations. Following the OECD Privacy Guidelines of 1980, and the amended OECD Guidelines of 2013, along with the EU GDPR, the 3rd generation of privacy and data protection principles is underway in health data research as well as in finance (Open Banking) and smart mobility. These would support research and innovation for the public good, including local and global data sharing, while protecting people’s privacy rights and other liberties.

Key governance issues raised at the workshop were the need for clarity and harmonization of regulatory frameworks; challenges in cross-border data transfers; the importance of patient perspectives and public trust; genomic data challenges; views about the legal basis for the secondary use of health data for health research; and concerns about data quality and data linkages.

Focusing on the need for clarity and harmonization of regulatory frameworks, workshop participants discussed the legal basis for health data research. As seen in the ITPI/FPF report and the workshop presentations, countries usually decide on some equation where a compelling public interest replaces consent for data use — and that interest is coupled with de-identification mechanisms and other safeguards. Moving away from consent for the use of health data for research to a public interest model is not without challenges. An interesting perspective raised is that reliance on (opt-in/opt-out) consent in the context of sharing health data might inadvertently introduce bias into the data, since those who are willing to engage in research, and are consequently represented therein, may not be fully representative of the population and lead to under-representation in research and it’s benefits.

An additional key takeaway raised is that countries use varying definitions for personal data and de-identified data, and that more knowledge is required about privacy enhancing solutions. Particularly, further work is needed around data de-identification to better assess the levels of privacy risk in the use of data with various levels of identifiability, and how they can be mitigated with additional safeguards.

The 2019-20 OECD Survey indicated that only half of countries would approve the sharing of de-identified national health datasets across borders with a university, non-profit or governmental body (Annex E). It is evident that international and multistakeholder collaboration in health research is of importance and requires interoperable regulation frameworks.   

The following priority areas for future collaborative work emerged from the workshop discussions:

Read the OECD-Israel Workshop January 2021 Report: Supporting Health Innovation With Fair Information Practice Principles.

Resources

• For the Event Recap – Virtual OECD Workshop: Supporting Health Innovation with Fair Information Practice Principles
• Learn more about the OECD Recommendation on Health Data Governance