Event Recap – Virtual OECD Workshop: Supporting Health Innovation with Fair Information Practice Principles

Event took place on January 19-20, 2021

The COVID-19 pandemic has brought to the fore the crucial role that data collection, analysis, sharing, and dissemination play for governments, academic institutions, and private sector businesses racing to advance scientific research to help contain, mitigate, and recover from the virus. The interactions between data protection and scientific research are complex, with privacy and data protection enhancing individuals’ trust and ensuring respect of fundamental rights and ethical standards, while at the same time, creating friction for data collection and sharing across organizations and borders.

Data-driven health innovation raises the need for further development of fair information processing practices as well as national health data governance frameworks. Stakeholders should convene to determine the scope of health data available to researchers and identify the uses of data that are in the public interest.

Health data are personal and sensitive. Their misuse could harm individuals by infringement of privacy; (individual and community) stigmatization; discrimination in areas such as insurance or employment; and individual and national security violations. Failure to provide policies and practices for secure and private data processing, access and sharing could undermine public trust not only in healthcare providers but also in the healthcare system itself.

At the same time, countries must advance the public interest in improving health outcomes and providing high-quality healthcare solutions. This requires them to provide modern, patient-centered healthcare services, including contributing digital health data for scientific research.

To learn about ongoing efforts and to identify priorities for future actions to support evidence-based health data governance policies, the OECD, Israel Ministry of Health, and Israel Tech Policy Institute convened a two-day workshop in January 2021.

The workshop provided an opportunity for delegates of both the OECD Health Care Quality and Outcomes Working Party (HCQO) and the OECD Data Governance and Privacy Working Party in the Digital Economy group (DGP), together with experts in these fields, to discuss progress toward and challenges faced in implementing the 2017 OECD Recommendation on Health Data Governance, and to contribute to the ongoing review of the 2013 OECD Privacy Guidelines.

The workshop sought to highlight country level insights and provide a platform for shared learning across countries, as well as to discuss priorities for future collaborative efforts.

Specific topics included:

Significant national health data governance reforms implemented recently in countries, which included legal and operational reforms to strengthen health data governance. These examples were viewed in the context of the WHO Global Strategy on Digital Health and an Industry Consortium project.
Safeguards for health data sharingto promote innovation while protecting people’s privacy. These include: 1) ethical review board oversight; 2) de-identification; 3) administrative, technical, and contractual safeguards; and 4) safeguards around cross border data flows.
Privacy-by-Design and state-of-the-art solutions for safeguarding digital health data against unauthorized access and use.
Individual & Community perspectives on the imperative to respect the individual’s interest alongside those of the community and society, and on consent and alternative legal basis for the secondary use of patient data for research.

As background for this workshop, delegates and participants were invited to review a survey prepared by the ITPI and the Future of Privacy Forum (FPF), examining the legal frameworks for secondary use of healthcare data for research purposes in eight countries, including Australia, Finland, France, India, Ireland, Israel, England, and the US (Annex D). The report demonstrates commonality across legal systems and regimes, essentially permitting secondary use of healthcare data for research purposes under certain conditions, including review by ethical boards, proper de-identification, and additional administrative, technical, and contractual safeguards. It also finds gaps in the implementation of legal frameworks that may create barriers for cross border or cross sectors data sharing for collaborative research.