Telemedicine – Opportunities and Challenges in the Wake of the COVID-19 Pandemic

Telemedicine – the provision of long-distance clinical healthcare, harnessing readily accessible health-related information and telecommunications technologies,[1] has seen a rather dramatic change over the course of the COVID-19 pandemic. In fact, it is one of the most tangible areas where the pandemic, which typically carries negative connotations, has had a positive impact.

Telemedicine has been around for quite some time, enjoying varying levels of acceptance and implementation, before COVID-19 has been introduced into our lives (in the U.S., for instance, its use had been quite minimal prior to COVID-19).[2] The virus, has been a major catalyst for the adoption of this already existing, skeptically-treated technology (due to various concerns related to autonomy, privacy, and physician-patient relationship).

This novel uptake of Telemedicine, modifies and challenges traditional healthcare delivery and consumption; changing in particular (even if temporarily), the nature of patient-physician relationship or interaction. The now wider implementation of Telemedicine, also has a professional-culture impact on the medical profession as such, and on medical practitioners’ self-determination and perception of their mission. In terms of a social impact, routinely embracing remote medicine is in fact aligned with society accustoming itself to remote, virtual consumption of almost anything (from goods and services, to education, leisure activities, and personal connections). In terms of the technology itself, Telemedicine has been contributing to the minimization of social gaps and inequalities, to some extent. Finally, the health tech industry has been booming in the face of a pandemic of such proportions.

This time of pandemic has seen the evolvement of Telemedicine’s prevalence: moving from relative rarity, to routine care practice. Since the advent of the pandemic, health care providers have experienced a significant shift towards the use of telemedicine for remote patient diagnosis, monitoring and treatment, including telepsychology.[3] These have been conducted through virtual e-consultations, and routine follow-up using home testing, namely: various kits and applications for self-testing and self-monitoring, communicating data back to the physician. This shift, is expected to revolutionize the health care industry. According to some reports, telehealth visits increased 300-fold during the months of March and April 2020, in comparison to the previous year, with adoption of telemedicine being consistent across adult age groups.[4]

Enabling, or facilitating the embrace of such change, was the removal of various financial and legal obstacles, such as: the relaxation of privacy protection rules in the U.S, and similarly – across Europe; introduction of various reimbursement models (e.g., in the U.S. – the updated provision of insurance coverage for remote medicine, to include virtual visits as well as video-based virtual tests[5]), and increased government funding for novel telehealth initiatives.[6]

In an attempt to characterize the evolution that Telemedicine – as an alternative means for healthcare delivery – has both gone through and inspired under the unusual circumstances of the present pandemic, we have identified elements of transition within these following features:

Namely, acceptance: shifting from technological skepticism voiced by medical ethics traditionalists and others (some even dubbing it a ‘disruptive innovation’[7]), to enthusiastic embrace by keen adopters. In fact, this fresh positive attitude towards Telemedicine, may have even gone beyond that of enthusiasm, to perceiving the technology as an object of desert or entitlement for anyone seeking healthcare. This could seemingly go as far as invoking a right to ‘digital-first’ primary care.

Prompted by the aforesaid change in attitude, the once modestly-consumed healthcare technology, aimed mainly for treating and monitoring remote rural populations, has seen a considerable surge in demand during the COVID-19 pandemic.[8] The rising demand for Telemedicine services, due to the restrictive circumstances of the pandemic (e.g., high contagiousness, self-isolation, and quarantine), is complemented by a change in the optionality of digital services during such a time. In other words, we can similarly observe a shift from digital consumption (of Telemedicine services) by choice, to digital consumption by default.

As for the nature of individual privacy concerns in the context of Telemedicine, it seems that we have somewhat moved from medical confidentiality as a focal point of contention (typical to pre-COVID Telemedicine critique), to discussions about the personal privacy, in its more intimate sense, of hospitalized and quarantined patients being continuously monitored through Telemedicine technologies. (Invoking, in turn, a paternalistic argument holding that one’s right to health, coupled with public health interests, occasionally trump the right to personal privacy.)

In terms of scope: it has been expanded to include not only individual privacy concerns, but also concerns pertaining to population health data, as Telemedicine’s usage has been extended to treat larger portions of the population, thereby gathering masses of health data for primary (clinical) and secondary (mainly, research) uses.

Also, as mentioned above, the better enablement of Telemedicine consumption has required, among other things, the relaxation of privacy protection rules. In the U.S., penalties for using HIPAA-noncompliant private communications technologies, were suspended,[9] thus facilitating the provision of Telemedicine services, by allowing physicians to communicate with patients, while being unrestricted to private settings (such as clinic or office), and using ‘non-public facing’ remote communication product (e.g., Apple FaceTime, Google Hangouts video, WhatsApp video chat, Zoom, typically employing end-to-end encryption).

Originally designed for treating remote populations, the dire circumstances society and the healthcare system are facing due to the pandemic have brought on geographic indifference, essentially allowing the use of Telemedicine to treat patients anywhere.[10] This shift may be better described as moving from a goal of promoting social justice by bringing good quality medicine to rural inhabitants, to one seeking to promote public health and safety in general.

A novel function of Telemedicine, created by the circumstances of the pandemic and perhaps somewhat exceeding its original purpose, is that of a patient personal communication tool. Its instrumental value is not limited to enabling quarantined patients to communicate with family (in addition to communication with medical staff), but extends to allowing them, in tragic circumstances, to realize their right to say goodbye to their loved ones.

Another (originally unforeseen) departure from Telemedicine’s original design, brought on by the COVID pandemic, is that of enabling not only quarantined patients’ access to healthcare, but also for quarantined physicians to deliver it from their home settings. This allows them to participate in the decision-making process regarding their patients, and share some of the overload experienced by on-site physicians.[11]

In terms of the essentiality of the technology, Telemedicine has shifted from its elective status as a personal healthcare service, to being a sine qua non public health tool.

Telemedicine’s original, rather modest instrumental value, as one benefitting individual patients in distant communities, has turned into a tool of a societal benefit. Telemedicine’s COVID-19-specific advantages and benefits include the following (non-exhaustive) list:

The rising demand for Telemedicine, increased, in turn, professional overload. Once limitedly available to remote patients, the now unlimited availability of e-consultations – appears to increase medical workload for some healthcare providers.

Telemedicine, however, given its inherent limits, may serve as an imperfect substitute to traditional healthcare delivery, at least for some types of patients or areas of medicine, such as mental healthcare and physiotherapy. The personal interaction remains irreplaceable to a significant extent, in an intimate, delicately interwoven relationship between patient and therapist, such as in the former.[13] The physical touch is indispensable for evaluation, diagnosis and treatment, such as in the latter. Face-to-face consultation is defined by the WMA Statement on the Ethics of Telemedicine[14] as the gold standard of clinical care. The very idea of Telemedicine is, however, one that denies face-to-face healthcare, replacing it with a remote interaction via a virtual medical service. Consequently, the following sentiments, typically associated with a physician-patient relationship, may be lost in the transition to technology: trust, empathy, and intimacy, as well as the clinical goal of patient’s compliance.[15]

The nature of remote consultations is also inherently challenging for new physician-patient relationships, as it is not quite constructive for trust building. Additionally, it does not allow for a full, physical examination, or testing, to take place (irrespective of being well-acquainted with the patient, or not). Given the latter, Telemedicine is also an inappropriate instrument for close patient monitoring, where needed. It has also been argued that in terms of clinical efficiency, Telemedicine virtual visits are less focused and more time-consuming (lacking traditional on-site pre-work).[16]

Lastly, although originally intended to reduce socioeconomic gaps to a certain extent, Telemedicine’s reliance on technology (phones, computers, internet infrastructure, etc.), and its requirement of a fair level of digital literacy, may end up creating new barriers to healthcare access, thereby inadvertently enhancing social and racial inequality.[17]

Another seemingly trivial difficulty, but significant nonetheless, is one hinging on the personal circumstances of individuals seeking medical advice or treatment via Telemedicine, but lacking a ‘safe space’ from which they can privately and discreetly connect with their physician.

While admittedly, most of these cited shortcomings are not unique to Telemedicine in the narrow context of the COVID-19 pandemic, some of them may certainly be exacerbated by its associated circumstances, namely, quarantine and infection risk, consequently resigning patients to this presently irreplaceable healthcare route.

To sum, despite COVID-19’s wide-reaching implications for Telemedicine, extending to the point of the latter potentially becoming the new standard of care in some areas, it is difficult to accurately predict whether this medical trend will hold. While some current reports indicate that demand for virtual visits are plunging,[18] other estimates forecast the dramatic rise in the demand for telehealth technology, to persist over the next several years.[19] One can only assume that convenience through innovation will triumph to a certain extent, alongside the seemingly irreplaceable preference for (complementary) face-to-face physician-patient relationship/connection.


[2] G. Weigel, A. Ramaswamy, L. Sobel, A. Salganicoff, J. Cubanski, and M. Freed, “Opportunities and Barriers for Telemedicine in the U.S. During the COVID-19 Emergency and Beyond”, Kff;


[4] Epic Health Research Network, “Expansion of Telehealth During COVID-19 Pandemic”, (5 May 2020);

[5] Medicare Telemedicine Health Care Provider Fact Sheet, Cms.Gov;

[6] N. Turner Lee, J. Karsten, and J. Roberts, “Removing regulatory barriers to telehealth before and after COVID-19”, (May 6, 2020);; Vital Signs: Digital Health Law Update, “Digital Health Dealmaking: Challenges and Opportunities”, Jdsupra (July 21, 2020);

[7] P. Yellowlees et al., “Disruptive Innovation: The Future of Healthcare?” 17(3) Telemedicine and e-Health, 231 (2011);

[8] Leah Rosenbaum, “The Coronavirus Has Created A Surge of Telemedicine Demand. GoodRx Now Lets Consumers Compare Services”, Forbes (March 26, 2020);

[9] FAQs on Telehealth and HIPAA during the COVID-19 nationwide public health emergency, Hhs.Gov

[10] See, in the U.S. – the Coronavirus Preparedness and Response Supplemental Appropriations Act: (Sec. 102) “This section allow HHS to temporarily waive certain Medicare restrictions and requirements regarding telehealth services during the coronavirus public health emergency”;

[11] J. E. Hollander, and B. G. Carr, “Virtually Perfect? Telemedicine for Covid-19”, n. engl. j. med 382;18, 1679 (April 30, 2020).

[12] In Israel, an extensive such pilot was recently initiated by Magen David Adom – the Israeli Red Cross organization, with the cooperation of most of Israel’s HMO’s (health maintenance organizations).

[13] Arguably, while Telemedicine serves as a useful tool for sustaining therapist-patient interactions during a time of pandemic, it is not a panacea for people with mental health issues, requiring a personal, non-virtual connection with a professional therapist.


[15]; “telemedicine cannot yet, and most probably never will, entirely replace the benefits of being physically in the same room as your healthcare professional.” [Genetic Alliance UK]

[16] A suggested solution to this shortcoming of Telemedicine, has been the soliciting of additional pre-visit information from patients through pre-visit surveys. See, G. Kriegel, S.  Bell, T. Delbanco, and J. Walker, “Covid-19 as Innovation Accelerator: Cogenerating Telemedicine Visit Notes with Patients”, Nejm Catalyst (May 12, 2020);

[17] See WMA Statement on The Ethics of Telemedicine;;

[18] C. Ross,”Telehealth grew wildly popular amid Covid-19. Now visits are plunging, forcing providers to recalibrate”, Stat (September 1, 2020);

[19] “Explosion in telehealth market due to COVID-19”, Health Europa (20th May 2020);

Israel National Repository for Covid-19 Research

Health systems in Israel and around the world have been dealing recently with the outbreak of the new Coronavirus (COVID-19). Since Covid-19 is a new disease, research into it is of great importance to developing new ways of management and treatment. Since the outbreak, healthcare organizations collected a lot of data about their patients. This information can be used to save lives, to find new drugs and procedures, and to develop policy tools that will enable optimal operation of the health care systems as well as consider the application of government responses like lockdowns and social distancing, which have detrimental effects to the economy and society.

To this end, the Israeli Ministry of Health is establishing a national Repository infrastructure for research about the Covid-19 disease. The Corona Research Repository will gather data collected in the Israeli healthcare system about the disease and allow using de-identified data for research under privacy and security policy measures.

The Israel Tech Policy Institute is presenting this project based on the information published by the Ministry of Health on May 7th, 2020.

Data available in the Corona Research Repository

The Repository will be based on various sources from the health system and other sources, including government agencies, and will include data on people infected with the new Coronavirus (‘confirmed patients’), in particular: data from the Ministry of Health’s Repositories; hospital Repositories: inpatients; inpatient diagnoses; clinical indices; inpatient examinations and procedures; HMOs Repositories; background diseases, clinical index, BMI and recent laboratory testing and drugs information. The data will be de-identified in order to exclude individual identification of the people included in it.

Furthermore, the Repository will provide data from anonymous questionnaires collected from the general population on related symptoms for the new Coronavirus. The Repository will also include the following public Repositories: population data by locality; population data by statistical area; mapping and other public repositories will be added later.

Information Security and Privacy Policy

The studies in the Corona Research Repository will be conducted under the law and the Ministry of Health’s guidelines for conducting research. The studies will be carried out in virtual “research rooms” that comply with information security and privacy protection standards. The data will be used under the supervision and control of the Ministry of Health. The researcher will conduct the study only after obtaining all the required ethical and legal approvals. Data for research shall be de-identified following processes that reduce the ability to re-identify the data subjects. Access to data in the designated “research rooms” will only be authorized for a person who has been granted permission for that study. Any party who gets access to data in the study rooms will sign a confidentiality agreement and will commit not to try to re-identify the people from the data.

Corona Repository Opt-Out Mechanism – A person who was diagnosed with the Coronavirus and does not want his or her data to be used for research purposes may choose to opt-out. The Ministry of Health will establish a dedicated website and call center for the opt-out mechanism.

The technological infrastructure  

The Repository will be cloud-based and hosted in the Ministry of Health cloud. It will allow the use of SQL, R, Python, Scala languages ​​on Azure Databricks infrastructure and will include different open source directories. The “research rooms” will not have access to the internet nor to GitHub. The “research room” will be accessed through Notebooks.

Any request to export data outside the “research room” environment will undergo information security and de-identification processes by the Ministry of Health and may take up to 48 hours. The data exported must be aggregate and adhere to the principle of K anonymity = 15. The Ministry of Health will allow the export of code written during the research (algorithm). The management of the “research rooms”, including the preparation and de-identification of the research data will be performed by the Ministry of Health and will be supported by external technical service providers.

How much does it cost?

Currently, the use of the research platform will be free.

How to get access to the Corona Data Repository for research?

Researchers interested in researching the Corona Repository will apply through a new research portal. The research portal will allow the researcher to apply through a personal area. The researcher will authenticate by username and password. Access to the study room is dependent, among other things, on the existence of an ethical review board (Helsinki Committee) approval. The researcher can obtain such approval by submitting a request to the Ministry of Health ethics committee (currently in formation), or through an institutional review board.

Generally, the process for gaining access to the Corona Repository for research includes:

The Ministry of Health will give access preference to healthcare organizations and hospitals that provide data to the Repository – any health organization will be allocated several “research rooms” to prioritize researchers’ applications from contributing organizations.

Public Bodies requiring information from the Corona Repository for policy-making purposes can apply without Helsinki committee approval. The Ministry of Health will determine the degree of suitability of the Corona Repository application for such use and the process required to gain access.

The Ministry of Health will allow conducting studies under regulations applicable to research use of health information, including the relevant circular of the Director-General of the Ministry of Health, and operating procedure for the Corona Research Repository, that will be published in the coming days.

Disclosure of the studies carried out in the Corona Research Repository

The Ministry of Health will publish the list of the studies that have been granted access to the Corona Repository for Research. The publication will include the study title, the date of commencement of the study, the name of the principal researcher, and the name of the organization.

Data Sets related to Covid-19 that have already been made public by the government can be found here.

Brief on Digital Means Employed by the Government of Israel RE: Covid-19

The Government of Israel has activated two parallel and separate digital programs against the spread of the Covid-19 virus. Both programs interact with a central data base of diagnosed patients and their full movements in the 14 days prior to their diagnosis.

1/ Meta-Data collected by law by the Israeli Security Agency for counter terrorism efforts, from cellular service providers

 The Health Ministry sends requests to the Security Agency including the following data of diagnosed patients: name, government i.d number or passport number, cell phone number, date of diagnosis and date of 14 days prior to diagnosis.

 The citizens receive a text message informing them that their data has been shared.

 The Security Agency then extracts meta data about the people these patients were in proximity to, including name, I.D number, phone number, data of birth, last date of exposure to the diagnosed patient, location of exposure. The data is sent automatically to the Health Ministry.

 The Ministry then generates text messages to the people who crossed paths with patients, ordering them to self quarantine. The identity of the diagnosed patients is not disclosed in the message.

 The reported criteria for triggering an alert is proximity of less than 2 meters for c. 15 minutes.

 Privacy Concerns:
o No opt-out mechanism
o Large scale mandatory data collection triggering quarantine orders
o Non-compliance with the orders is a criminal offence punishable by fine
o Suspected slippery slope of civic rights violations when a security agency is involved with a civic crisis
o Insufficient transparency and oversight
o Lack of appeal process on quarantine orders and citizen redress
o Based on new emergency regulations enacted in a speedy process

 Privacy and Security measures:
o The data extracted by the Security Agency will be kept separate from any other data the service has
o It will not be uploaded to a cloud service
o The data extracted will be deleted 7 days after the transfer to the Health Ministry, and unnecessary data will be deleted immediately
o No human will be exposed to the data, which is sent automatically, unless there is a claim or error that needs investigating
o The use of this data for a purpose other than the authorized one will be a criminal offence
o The arrangement is temporary and in force only until 30.4.2020 when the necessity to continue will be re-examined by a team of ministers who will consult with the head of the Security Agency and the Head of the National Security Council
o The examination will be based on measures of effectiveness of the solution in light of it being privacy intrusive
o The conclusion will be brought to the Prime Minister whose decision on continuing the program requires approval by a parliamentary committee and further legislation

 This program was petitioned against at the Supreme Court by civil society groups. The discussions have generated changes in the program and strengthening of oversight mechanisms but didn’t bring its cancellation. Proceedings are still undergoing.

 The government reported that between 18.3.2020 when this activity begun, and 6.4.2020, 1,800 of the people who received proximity alerts and were quarantined were found to be infected.

2/ Israel Proximity application “Hamagen” (the “Shield”)

 “Hamagen” is an opt-in, voluntary program where the application requires the user to download and install it from the app store and give it permissions to collect location data.

 It processes GPS data, Wi-Fi data, Google Timeline history upon separate consent.

 Bluetooth data feature in development.

 The app collects data from the moment of download and retains it on the user’s device.

 Every hour it checks the database provided by the Health Ministry with the current data and detailed itineraries of officially diagnosed patients.

 If there is a positive result the user gets an alert of being in proximity to a patient, and the time and location, without the patient’s identity.

 This alert is shown only to the user and is not reported to the government.

 The user is recommended to self quarantine but may use discretion if he/she thinks there is no need.

 If a user is diagnosed with the virus, the location history paths are already retained on the device and can be shared with the government database in order to accurately support the epidemiological research that is very laborious and challenging.

 As of 11 April, the App was downloaded by c. 1,480,000 people.

 The app was deleted by c. 452,000 people.

 The desired number for effectiveness of the program is 4 million installed devices.

 Currently c. 25% of the desired population is using the app.

 HaMagen was developed on open source code with the intention to share the code with all. The Health Ministry planned to publish the code on GitHub.

 Information in English from the Health Ministry can be found here:

ITPI Brief- Israel Health Data Research Regulations

In addition to our filing on Patient Rights Regulation, which can be found here, attached is the ITPI Presentation of the Israeli Draft Policy.

ITPI Brief – Israel Draft Health Data Research Regulations

Patient Rights Regulations Memorandum

On January 6, 2020, ITPI released a letter to the Digital Health Division of the Israeli Ministry of Health regarding the “Patient Rights Regulations Memorandum.”

In the past few years, the State of Israel has been striving to conduct research on digital health information in various ways and seeks to apply a universal and updated government policy to balance the right to research and information, while simultaneously respecting the patients’ rights to health and privacy. The Israeli Ministry of Health’s “Patient Rights Regulations Memorandum,” as part of the National Digital Health Plan, attempts to reach such a balance.

Using the “Privacy by Design” methodology (PbD), the Israel Tech Policy Institute’s position regarding this proposal is that it represents an achievable balance between two basic human rights, privacy, and health, and is also constitutional under Israel’s Basic Law of Human Dignity and Liberty. The “Patient Rights Regulations Memorandum” is proportionate and reasonable, and constitutes a series of compromises that embodies a necessary response to the constant technological changes of our era.

The “Privacy by Design” methodology is a set of privacy policy principals, creating a process that puts privacy in the forefront from the start of the project. They also offer an evaluation procedure, used ultimately to find a compromise between two competing human rights principles. In the case of “Patient Rights Regulations Memorandum,” the government strives to choose the necessary measures and processes to improve the quality of health-care and the advancement of medical research, while at the same time, formulating rules for maintaining confidentiality and privacy of information and protecting people’s rights. Between these two poles is a policy that will be placed at some point on balance, which represents the price we are willing to risk for the benefit we expect to gain.

The Privacy by Design analysis of the “Patients Rights Regulation Memorandum” concluded that the Government took into consideration the right to privacy, examined the risks, and devised solutions to mitigate the potential risks and vulnerabilities. Multiple suggestions and recommendations were also given to better comply with privacy guidelines. Some suggestions are:

The arrangement is based on a distributed group of Internal boards in the health organizations (Sick Funds, Hospitals, Army and Prison system) that will include experts and public representatives. They will evaluate the risk analysis and mitigating measures to be applied and will decide whether to approve the access request.

A risk assessment analysis should be performed on every application for access to patient health data for research and use approved if the expected benefit from the study outweighs the risk

Appropriate measures should be taken to reduce the risk of re-identifying people using different types of anonymization and encryption

Health organizations must make binding contractual arrangements with researchers, enforce them, and sanction those who violate procedures

An obligation to examine the purpose of the research in the requested information, and to conclude whether the use of the data is beneficial to the health of the individual or the public, will contribute to improving the quality of health care or medical research, or the promotion of human knowledge in the health field

Data approved should be minimized to research applicant actual need

The default will be giving access to the data in a virtual research platform controlled by the health organization. Releasing data to a researcher outside the health organization should be under the proof of significant circumstances not allowing for the use of the virtual platform and considerable gains to health by the research

The arrangement is a product of a 3-year process that included a multi-stakeholder National Health Council research, consultation and recommendations process

A full listing of the recommendations ITPI has made to the memorandum can be found in our full report.

On December 25, 2019, ITPI, with the Zvi Meitar Institute at IDC Herzliya, conducted a multi-stakeholder roundtable discussion on the suggested policy, and the implementation of the arrangement on hypothetical cases of health information requests. All sides of the debate, academia and industry researchers, health organizations, security experts and policymakers, came together to discuss their respective thoughts on the issue. 

The researchers commented that the anonymization and encryption of information present difficulties in cross-referencing data on patients. That the study of big data and artificial intelligence inherently requires for large data bodies in scope and cannot be limited in scope, and that Israeli bureaucracy and regulation demands that the researcher’s identity be Israeli and the research conducted in Israel, which limits the scope of research and international collaboration.

Health professionals contributed their concerns, mostly the difficulties of navigating the policies and regulations and recommend for the establishment of a central state infrastructure in which all the information of the health organizations can be concentrated. Policymakers added their concern regarding their requirement of strict due diligence, a lack of ranking for sensitive information, and the need for an appeal mechanism.

The entire ITPI report, in Hebrew, can be downloaded here.

New Israeli comprehensive draft regulations for health data secondary use.

Secondary health data use in research has the potential to improve the lives of individuals, as well as transform health care systems and health-related science and innovation.

However, sharing sensitive health data can raise significant risks to individuals without clear restrictions and protections. To advance research while seeking to minimize risks, the Israeli Ministry of Health just published a framework draft for public consultation.

During the 1980s and 1990s, Israel’s public health care was a global pioneer in implementing information systems. The use of those systems created extraordinary capabilities and opportunities on a global scale to improve patient care and promote innovation.

In March 2018, the Israeli Government passed Resolution 3079, calling for a national program for the promotion of Digital Health as a means of improving health as a growth engine and removing barriers by responding to these challenges comprehensively. Among the draft regulations objectives is to balance the desire to encourage and promote research collaboration in health data with the requirement to protect the privacy and confidentiality of medical data.

The resolution outlines specific legislation drafting principals for health data secondary use, including the proper use purpose, the respect for the right to privacy and medical confidentiality, the requirement for transparency and ongoing public disclosure, a prohibition to discriminate a community or group, and calls to provide access to health data for social solidarity.

The draft regulations offer an approval mechanism for conducting health data research. This mechanism involves examination by a professional and internal ethical committee and setting standards for approvals. The regulations propose a privacy protection model based on three complementary circles – normative, technological, and procedural. The regulations apply to health organizations, most of which are subject to the regulatory authority of the Ministry of Health, but also apply to IDF and the Prison Service.

The regulations define health data very broadly as information that directly or indirectly relates to a person’s overall health or physical health, including information on behavior that may affect health statuses such as fitness and habits. Anonymized data is defined as health data that has undergone a process approved by the internal committee for particular research use, and under the circumstances of that research use, it is not possible, with reasonable effort, to re-identify the data subject.

The regulation prohibits anyone from researching health data unless it is anonymized, and only with the minimal extent of data to achieve the desired research purpose. Any application will require to obtain the internal committee’s approval. The internal committee will approve it only if the expected research benefits outweigh the risk that this anonymized data will infringe the privacy of the patients. The patient will have a right to object at any time to the use of health data concerning him or her.

The health organization will require to comply with strict information security obligations and public disclosure duties. The organization will have to establish an internal committee that will comprise health, privacy, security, law, and bio-ethics professionals as well as public representatives. The committee will perform a risk assessment and consider various aspects of the research and researcher.

The regulation calls to implement the best professional de-identification methods available at that time, a technique that is relevant to the type of data and the purposes of the research, subject to the estimated risk to privacy. The de-identification process intends to reduce the identification risk but should retain the essential data for conducting the research.

The regulations aim to provide anonymized data to researchers in a secure research environment controlled by the health organization – as opposed to it being transferred out of the organization premises. However, the National Committee can allow the transfer of health data outside the health organization premises but only for exceptional, justified circumstances and some strict conditions. Among them is the requirement of the researcher to be an Israeli resident or a company registered in Israel.

The research should significantly contribute to the advancement and improvement of medical research, and the researcher should possess unique technological or research capabilities. However, such transfer can only be allowed to a datacenter inside Israel’s geographic borders.

The Israeli Ministry of Health will also release a guideline for health organizations that will elaborate on the criteria for conducting the risk analysis and evaluating the various de-identification techniques.

ITPI will be convening stakeholders to discuss the regulations and will plan on filing comments.