General Data Protection Regulation (GDPR) is upon us – the change in the law that applies to all companies processing data of EU citizens, across all sectors and industries.
As a citizen, I’ve welcomed the law with enthusiastic applause as it means I get more control over my own data and more transparency in the way it is processed. This regulation gives me, as an individual, ‘digital rights’ - very timely given recent data sharing concerns and scandals.
Whilst that is my personal view, as a professional working for a global health and care technology company like Cerner, my thoughts are more nuanced. Staying abreast of data protection regulations with evolving policy is a constant balance between our mission to improve health and care through interoperable and intelligent systems, and a commitment to protect patient data and a person’s right to privacy. The journey to data protection compliance has been challenging in many ways, often with a lack of clarity about how to interpret and apply the regulation’s direction.
Sharing information to drive change
Patients that want a connected care experience expect their full care team to have access to the right information at the right time. It is certain that effective sharing of data enables better care delivery, enhanced decision making, improved outcomes and a positive patient experience – all benefits that the majority of citizens would appreciate. We know that a single source of truth is essential to all of these things, and intelligently engaging the population can truly manage citizens’ health.
Organisations are now appreciating the shared need to deliver more proactive and preventative care using innovative technology and intelligence. However, no innovation is without its challenges, and data is a key component of this one. Patient, medical, health and care data must be shared and used safely, properly, and confidentially. With new and evolving technology, ever more sophisticated cyber threats, and widely variable public perception, GDPR, data sharing and consent are arguably the greatest challenges for organisations wishing to innovate, integrate health and care, and truly manage the wellbeing of their population in this digital age.
Further challenges arise when the data sharing plays a wider role than just direct patient care. With intelligence, it can improve service planning, predict outcomes and reduce risk, inform finances and support research. When applicable, there must be consideration given to de-identifying and anonymising data to protect the citizens’ right to privacy – and this needs clarity over what activities constitute ‘direct care’ and what doesn’t, and when explicit consent is required.
All about communication
An inherent fear remains over privacy, data protection and potentially misuse, a fear that risks stifling innovation, and hindering intelligent population health management.
Through GDPR, data controllers have an opportunity to re-engage with the public, and be open and transparent about their processes and purpose. We have found that transparency is key. Informing the public of the purpose, intentions and benefits can make the difference, while opting out when the data use purpose changes for secondary reasons other than direct care needs rapid clarification for both professionals and the public.
Using data, the right way
GDPR has far-reaching implications, and no one has all of the answers yet. However, all organisations must work in partnership with each other and their communities to enable data to be stored and transferred securely across the health and care system regardless of its location. Data should be visible to all approved persons aligned with an intended use. Data should be interpreted by the right professionals in the right moment and ultimately, patient data belongs to the citizen.
These are the principles that Cerner commits to while working with our clients on population health management. We work in partnerships driven by mutual trust, transparency and commitment to citizens’ best interest – and helping the health and social care system be the best it can be.