MyData Online 2020 gathered personal data professionals and people interested in the data economy. The online conference took place from 10th – 12th December and included a session organised by ECHAlliance on citizen-controlled health data sharing governance.
The route to find a common pathway that engages different stakeholders’ perspectives and approaches in the discussion about data sharing uncovered that technology itself is not perceived as the main challenge. Instead, the questions such as data anonymisation, informed consent, digital literacy, interoperability, people’s lack of control over data and governance are key concerns. Also, privacy and security should be strengthened. Citizens are increasingly aware of the value of their data, and want to know what, how and what it is used for. Regulations need to be clear about what data needs special protection.
These points were identified as “discussion starters” prior to the session, which was organised by the ECHAlliance, with the key goal of discussing and validating the preliminary conclusions on citizen-controlled health data sharing governance, mostly developed under the DigitalHealthEurope project and presented in the Consultation paper under this theme.
The following experts representing different sectors and professional experiences took part in the session:
- Carina Dantas, European Connected Health Alliance (ECHAlliance)
- Veli Stroetmann, Empirica Technology Research
- Zoi Kolitsi, Institute of Innovation Through Health Data (i~HD)
- Samuel Jacinto, Shared Services of Ministry of Health (SPMS)
- Tino Marti, European Health Telematics Association (EHTEL)
- Christiane Grünloh, Roessingh Research and Development (RRD)
- Isabelle de Zegher, B!loba, MyData4Pandemics Thematic Group
- Bogi Eliasen, Copenhagen Institute for Futures Studies
- Risto Kaikkonen, Solita
The session was moderated by Karolina Mackiewicz, ECHAlliance.
To set the scene and create grounds for discussion, Carina Dantas presented the summary of the challenges for citizen-controlled health data sharing governance and recommendations (suggested as the preliminary conclusions of the work developed under the DHE project).
In her presentation, Ms Dantas presented the steps and the methods used to reach the conclusions: these had followed a multi-step approach of four phases:
- Desk review
- Interviews with experts from around the Europe (14 interviews completed)
- Large survey for citizens (936 Europe-wide respondents)
- Events and webinars.
As a result of these investigations, a set of recommendations for citizen-controlled health data sharing governance was developed. The recommendations are published in the “Consultation paper: Citizen-controlled health data sharing” and are – in 2020 and 2021 – being submitted to a process of discussion and potential validation in several forums and events.
The consultation paper and its recommendations were the basis for a discussion at the Conference session, with the invited panellists and the wide audience, who could vote on the recommendations through use of the Mentimeter tool.
Those recommendations are:
On the general level:
- Make sure people know who uses their data and for what purpose – with transparency, accountability and clarity.
- Provide the citizens with the mechanisms to control the use of their data and exercise their rights.
- Provide digital education – namely to ensure the role of citizens and healthcare professionals as drivers for change.
- Explore and promote person-centric models and solutions for data-sharing – by implementing, developing large-scale field testing, and assessing results and impacts.
- Develop a new European-wide or global digital contract. The contract would set the foundation for the digital behaviour and transactions, which are currently unregulated.
On the practical level:
- Establish an independent regulatory and monitoring body on the European level, with national authorities, research, citizens, patient and civil society associations, private sector, etc.
- Introduce graduality of data-sharing in the consent mechanisms (e.g., from use of the data for research to the pure commercial exploitation of the data)
- Develop and introduce a system of incentives for people who share their data (avoiding the creation or enlargement of inequalities)
- Improve informed consent guidelines to make them readable, clear, and easy.
- Introduce conditions to protect data-sharers by establishing a clear and uniform update to the GDPR.
- Promote solutions which respect privacy, safety, and security.
The following questions remain to be tackled in order to proceed to the efficient implementations:
- How to incentivise researchers and citizens/patients to discuss concepts such as “common good” or the balance between research gains for medicine brought by data sharing?
- How to create transnational frameworks for addressing ethical challenges (e. g. refine consent mechanisms and provide clear and easily understandable models for client information connected to data sharing)?
- How to propose funding and operational conditions to experiment with various data sharing models (that can better assess difficulties, results and impacts for more informed decisions for the future)?
- How to take advantage of the differences of opinions and expectations in different age groups and education/social levels through the use of different communication messages (e.g., test models tailored to various age groups)?
The introductory presentation was followed by the short commentaries from the eight panellists:
- Zoi Kolitsi presented the “data sharing ladder of trust”, highlighting the way the trust can evolve. She argued for a systemic approach where trust would emerge as a result of integrating several key elements into a system, fuelled by citizen participation in the decision making and in designing holistic governance frameworks and capable mechanisms and safeguards. These will enable data sharing: under pre-agreed terms and conditions; efficiently monitored for compliance; and in full transparency for the data subjects. The higher we ascend the ladder of trust, the less the need for case-by-case citizen-controlled access. The legal role and technical capacity of data intermediaries on the top of the ladder are promising for operationalizing such a systemic approach, profiling access to citizen preferences and reporting back on compliance in practice.
- Veli Stroetmann reminded the audience that robust evidence on the benefits for an individual from the numerous, different uses of health data is not always available and, if available, not widely communicated to society. There is the need for a clear demonstration of added value (e. g., with the lighthouse examples of value cases), dedicated incentivisation strategies, and investment in both digital literacy and health literacy for the whole population of societies – especially disadvantaged groups.
- Samuel Jacinto spoke about “the privacy paradox”, i.e., the situation when citizens share data in an uncontrolled way e.g., on social networks, but are nevertheless fearful of sharing data with governments and healthcare systems (possibly due to a lack of knowledge of what these institutions are doing with their data). At the same time, citizens are seeking an active role in controlling their data, which must be seen as an opportunity.
- Isabelle de Zegher voiced the need for the Citizens Data Trusts, as data intermediaries, drawing the parallels between the services of the banks for cash and the services of data trust for personal data. She reminded the audience that people in general want simple and secure solutions and the freedom to choose what they want to do with their own data. They should be able to choose a data trust (as they choose a bank), switch between trusts (as they switch banks), and increase the value of their data by “investing”, i. e. agree to share their data at population level for which data consumers would be prepared to pay. The way the payback is conducted (e.g., via money or through some form of reward) should depend on the health system to which people belong and their preferences.
- Tino Marti advocated to equip citizens with data sharing tools. He reminded the audience that while the progress on access to data was made, control over the data remains unsolved. What we need now are practical tools for data sharing that reinforce trust and provide control and value. He also pointed out that giving people control over their data does not mean that they will share their data more often. On the contrary, if we look at the two alternatives of “opt-in” and “opt-out” systems for organ donation, when people are asked to opt in their engagement is much lower than in “opt-out” countries.
- Christiane Grünloh spoke about sharing medical records with patients which is often accompanied by concerns that patients might not be able to understand them and therefore should not have access to all of their medical data. She advocated the need to change this “protective” approach which excludes patients from accessing all of their medical data to a “supportive” approach. In a supportive approach, patients are trusted that they can handle their medical data and those who might lack certain skills are supported to understand and utilize the information. She reminded the audience that informed consent is not a blank sheet. Instead, ongoing engagement and communication is needed so that people can trust that they still maintain control over their data even after they have given their consent.
- Risto Kaikkonen spoke about his experience with the development of a trustworthy health data-sharing solution. He concluded that, when the culture of trust is established, technological solutions will become available easily. Trust varies between both the countries in Europe and around the world, but also within the countries and societies. Changing the future will be difficult without changing the culture of trust.
- Bogi Eliasen highlighted the need to change the paradigm in thinking about health data-sharing. His key point was that, only by merging individual, organisational and business interests, is it possible to reach ‘true value’. Data gets its value only when it is reused – which means that value is not obtained from having more data, but only from the increased and better designed functions of the data.
In addition to these eight presentations, two polls were launched through use of the Mentimeter tool. The first poll related to a proposed set of recommendations; the second poll was associated with key priorities for action and their results are displayed in the images below, respectively.
Out of the 51 participants at the session, 26 took part in the first poll, where the participants were asked to assess each of the recommendations on a general level, in a scale 1-5 (where 1 is less relevant and 5 is most relevant and vote for the top priority on the practical level.
The second poll was answered by 20 participants. These 20 audience members were asked to vote for their preferred top priority for action out of the five practical recommendations.
In this second poll, the option judged as most relevant was “Promote solutions which respect privacy, safety and security” with the “Improve informed consent guidelines” coming in second place.
Of the five recommendations, the “Make sure citizens know who uses their data and for what purpose” was voted as the most relevant, with the “Provide citizens with the mechanisms to control their data and exercise their rights” coming in second place.
CONCLUSIONS FROM THE DISCUSSION AND RECOMMENDATIONS FOR FURTHER WORK
Based on the presentations, discussions and the results of the poll, the following conclusions can be drawn:
THERE IS A NEED TO DEMONSTRATE AND COMMUNICATE BETTER THE ADDED VALUE OF DATA-SHARING
The evidence about the benefits of data-sharing for individuals and society as a whole is not always available, visible, or communicated to society. It is broadly recognised that showing explicitly what health data is used for gives confidence to citizens to share the data. Citizens generally accept developing and protecting the common good with or through their data, but they are nevertheless concerned about privacy and the use of data.
To make the added value of data-sharing more visible, we need to evaluate its benefits and costs and better communicate how “the added value” of data-sharing might differ from person to person. Thus, dedicated incentivisation strategies are needed. These strategies would involve: systematic use of appropriate incentive mechanisms such as financial rewards; non-financial rewards; extrinsic and intrinsic motivations; social recognition; access to better services; and feedback
THERE IS A NEED TO INVEST IN TOOLS AND METHODS THAT ENABLE CITIZENS TO ACCESS AND CONTROL THEIR DATA
As people want to access, share and control their data at the same time, certain mechanisms such as dynamic consent should be improved. There is a need for solutions that make seamless, but ethical and safe, data-sharing possible. The parallels to commonly used services like e.g., bank services can be drawn. People should be able to share and control their data in a simple way, without giving it too much thought and effort. This requires that the appropriate legislation, mechanisms, systems and technological solutions are in place, and that there is trust among the people that the services care about their privacy and other interests anytime, by providing them with ways to change their preferences for data-sharing if needed. This is a long and complex process, but some of the actionable recommendations should already set this in motion
THERE IS A NEED TO INVEST IN A CULTURE OF TRUST
Evolving trust is key for making progress on health data-sharing in Europe. However, the levels of trust in governments, health systems, and data-sharing in general, vary between countries, societies, and service providers. This variety in levels of trust means that trust can be gained, it can evolve, and people can invest in building trust. This trust-building can be done through appropriate legislation, and both policy and technology development as further supporting mechanisms. Ongoing engagement and communication with citizens are needed, so that people can trust that their data autonomy is preserved even after consent has been given.