Harnessing the power of health data whilst preserving patients’ privacy and trust (Guest blog)
29.10.15
Real world evidence, i.e. patient healthcare data, collected routinely outside of controlled environments (such as clinical trials), has the potential to make healthcare systems more efficient and quality-driven; with such data, we would be able to assess what treatments are most effective for particular conditions, create new clinical hypotheses, or even compare healthcare services. Most of this data is pooled in patient registries and databases, which are the only way to achieve a sufficient sample size for research.
The power of Big Data to improve care is enormous, as long as that data can be analysed and shared, and the cost to collect the data is low. The General Data Protection Regulation, as it currently stands, may create significant uncertainty with regards to the potential use of real world patient data and patient registries.
The European Parliament’s report does not allow for broad consent, nor do the Council and Parliament provide for a harmonised exemption that would cover these information systems. The Regulation should recognise the value of broad consent as a means of making data available for re-use, so that the massive amount of data already collected in patient registries will not be lost for innovation.
Let’s remember that research is not a linear process and that it is rarely possible to foresee all potential future uses of patient data. Serendipitous research has driven many of the largest discoveries in healthcare, and this is the reason why the General Data Protection Regulation should allow individuals to give their consent for the purpose of scientific research, as opposed to being limited to giving consent for a specific research protocol.
More broadly, the Data Protection Regulation should recognise – as it is binding for all Member States – that the processing of health data serves a public interest when it is conducted to protect against public health emergencies, to better understand diseases, to develop new therapies, and to contribute to the effective and efficient management of health or social care systems.
Of course, there need to be safeguards to shield an individual patient from negative impacts of the processing of his or her data. Such safeguards can include informed broad consents, ethics committee reviews, pseudonymisation, or even stipulating that the data would not be processed with the aim of singling out certain patients. We need to start channelling our energy towards finding such solutions, to ensure that the wealth of current and future data may improve health for all. Otherwise, we may not seize the opportunity provided by the General Data Protection Regulation to create a harmonised European framework for improving health outcomes for all while protecting the privacy of empowered patients.
About the author
Knut Mager is responsible for the Novartis Legal Country Organizations and Global Data Privacy.
Knut is a German lawyer, and a member of the Berlin Attorneys Bar.
In 1990, he started his career at Schering AG in Berlin, Germany where he held various positions, including Head of Patents and Head of Corporate Strategy.
Knut joined Novartis in 2003 as General Counsel, Head of Legal of the Sandoz Division. From 2007 Knut was responsible for Compliance with Law, established the global Data Privacy Function and the cross-divisional Commercial Legal Practice Group within Novartis Group Legal. Since 2010 Knut is responsible for the Novartis Country Legal Organizations. In addition from November 2012 to September 2013 he was heading the Legal Function of Novartis Corporation (US). In 2013/2014 Knut was part of the team creating Novartis Business Services. In 2015 he assumed direct responsibility for Global Data Privacy.
