View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with Syrenis
  1. Sponsored
June 9, 2022

Digital health: thriving in the new data landscape with consent and compliance

Digital health technologies have the potential to transform how healthcare services are delivered, with data used to create treatment plans that are unique to the individual. However, healthcare companies must ensure they respect patients’ data privacy and preferences while meeting increasingly stringent data protection laws. We learn more about data consent and regulatory compliance within digital health, and the possibilities this creates for bespoke health services.

Digital health technologies are starting to play an increasingly important role in patient diagnosis and monitoring of long-term medical conditions. Medtech can increase efficiencies throughout healthcare and reduce hospital waiting lists with faster diagnoses.

Free Report
img

Data Regulations: Ensuring Compliance with HIPAA

Businesses dealing with data around the world need to comply with the necessary regulations in specific jurisdictions to avoid significant fines from regulators. In the US, HIPAA regulations apply nationwide to protect highly sensitive information about the health of individual patients. Any data shared must only be done so with the patient’s consent or agreement. These national standards are the Privacy Rule and the Security Rule. And while HIPAA became law in the pre-internet age, companies dealing with digital technologies must make efforts to comply with regulations. Complications may arise when multiple parties get involved with data gathering and management. These potentially grey areas must be understood and carefully navigated to ensure compliance throughout the data journey. To learn more about HIPAA regulations and the best ways to ensure compliance, download this document.
by Syrenis
Enter your details here to receive your free Report.

In particular, home diagnostics has the potential to radically improve healthcare services. Checks for diabetes, blood pressure, heart rate, and sleep patterns can all be done from home with a combination of wearables, mobile devices, and apps. This then frees up medical professionals to treat patients in greater need. And the global pandemic has rapidly accelerated the adoption of home diagnostics and digital health technologies.

Growing volumes of personalised data are already starting to allow healthcare companies to develop new drugs and bespoke treatments for individuals based on their specific needs. Yet data volumes need to be correctly managed with consent from patients, and preferences must be respected.

“Those diagnostics machines are collecting data, and that is being stored somewhere. That data might be being shared with different companies shared with different doctors, or shared with different organisations. All of those things need consent,” explains Marc Le Maistre, Head of Client Delivery at Cassie by Syrenis.

In parallel, healthcare providers, pharma companies and insurance providers need to comply with data protection and storage regulations. This is to avoid potential fines running into millions of euros for breaches of the Global Data Protection Regulation (GDPR) in Europe, or charges of up to $50,000 in the Health Insurance Portability and Accountability Act (HIPAA) in the US, as two examples.

Building trust for data sharing across healthcare

While data and healthcare are hardly a new combination, the last three or four years have seen the sheer volume of data surge dramatically. With the introduction of ever-greater technological innovations and swelling volumes of data, there are calls for a rethink of how healthcare services are delivered and results are measured.

“If we think of how healthcare is funded, either by governments or by insurance companies, it’s based on a treatment. You pay per prescription, operation, or treatment. Which isn’t very efficient, because you’re not actually paying for results,” explains Katherine Pomfret, Head of Communications at Cassie by Syrenis. “So, the greater availability of data enables payments to be made on a results basis.”

But to achieve this, greater efforts must be applied to build trust with patients and also increase the transparency of what their data is being used for. And mistakes can happen.

In 2021, the UK Government proposed a plan to share data from GPs with companies and researchers to develop services, known as the General Practice Data for Planning and Research (GPDPR) programme. However, these proposals were met with fierce resistance from patient groups. A campaign saw more than 1.5 million people opt out of having their data shared, forcing the government to make changes as it quickly became evident that more robust safeguards were needed. The scheme has been shelved indefinitely, with no indication of when it will be implemented. Concerns over health data privacy are replicated across the US and globally.

But this UK issue highlights exactly why patients must be involved in what data they share and what they decide to keep private. Furthermore, patients need to be made aware of the benefits.

“The public has been encouraged to think that this is an invasion of their privacy and that it’s been done because the government wants to profit by selling the data. But that isn’t the motivation,” adds Pomfret. “If we are going to extend the length and the quality of people’s lives – which now lies in our power, if we properly deploy the insight and analysis from data – we can only do that with consent and if there’s a change in the public’s attitude towards this issue.

“We work with companies fundamentally to help them build patient trust, by ensuring that patients’ declared preferences are implemented across all communication systems.”

Consent management in healthcare data

One way to encourage patients to provide consent for their health data is by putting them in control of what specific information they do share. Cassie by Syrenis is a specialist data consent and preference management software-as-a-service (SaaS) platform on the cloud. It is used by a wide range of industries, providing patients and consumers alike with the ability to regularly review and adjust what personal information they share with companies, or third parties based on their preferences.

In healthcare, this empowers the patient and ultimately leads to services and treatments tailored to meet their specific needs according to their data profile built-up across multiple platforms. Because Cassie is working in the background on apps and websites over the user journey, it allows data to build up over time instead of trying to acquire everything at once. The platform also enables compliance with data regulations around the world.

“If you ask somebody 20 questions, they’re going to get really bored. But if you ask people every time they interact with you a different piece of information, or you allow them to modify their profile in a journey, then bit by bit, you get to understand that consumer or patient more,” says Glenn Jackson, CEO of Syrenis.

Cassie also operates in different languages and varying regulatory languages – in one case, seamlessly ensuring compliance with more than 70 different legal jurisdictions for an international healthcare company.

“You’ve got both those complexities, but you can do that centrally. Clients can give that responsibility per region, but also have the control of managing it across the globe from one place. One privacy team can have access to everything, but they can also outsource country by country,” adds Jackson.

Flexibility in data privacy management across multiple digital health platforms

Multiple touchpoints by the patient require strong data management capabilities to build a unified data profile of an individual across numerous interactions via websites, apps, and smart devices.

In healthcare, uses of Cassie include international pharmaceutical companies and a major hospital network on the US East Coast. And with large healthcare organisations, it is common for them to use different data management systems that do not interact effectively. There can be a lack of cohesion and interoperability between systems.

“Rather than these systems having to talk to each other, we work to have Cassie in the middle talking both of those languages and doing some sort of translation, so that it makes sense to both systems. It’s just a continuous process,” explains Sean Donnellan, Enterprise Solutions Consultant at Cassie by Syrenis. “It’s targeted, real-time sharing of data between systems that haven’t been built to talk to each other.”

“There are going to be many more data points. There are going to be many more unique use cases. And our platform will be able to adapt to those changes.”

Cassie is regularly used in digital transformation projects when healthcare providers digitise systems and records, which can be a complex and lengthily process. Digital transformation requires flexibility while maintaining the protection of sensitive data when it may be more vulnerable to cyberattack, with usability of data also vital during a systems upgrade.

“Because of how flexible our data model, and how flexible we are when gathering and processing consent on behalf of these healthcare organisations, we can actually maintain the data usability,” adds Donnellan.

“Alongside that, we can continue managing complex use cases. And they will only continue to get more and more complex as hospitals and pharmaceutical companies continue transforming digitally and digitising all the data they have moving forward.

“There are going to be many more data points. There are going to be many more unique use cases. And our platform will be able to adapt to those changes.

“The consent and preference management solution, when implemented correctly, will control that flow of data and all the data that organisation is gathering.”

Cassie enables far greater detail for the consent from data collected while preventing that information from entering areas it shouldn’t. Configurations can be arranged in consent hierarchies across four tiers chosen by the client based on their requirements. These tiers may include country, clinical trial, brands, or affiliates.

Cassie enables regulatory messages to be set up by region. This is important because in Europe under GDPR, people are not automatically opted in to have their data shared. Whereas they are automatically opted in across much of North America. Depending on where the data subject is based, Cassie can define separate sets of rules and ask different questions based on their location and manage all of this centrally.

“The first thing they have is country as the top tier of their hierarchy. This allows them to collect consents in different countries, put them all in Cassie, but keep them siloed and effectively separated between the countries because they don’t want cross-contamination of consent from country to country,” says Le Maistre.

The next three tiers allow for the breaking down of exactly what the client wants to be able to categorise within that consent.

“The way we’ve always built Cassie is for flexibility with every client to define the hierarchy of what you’re collecting consent about, and how it relates to other consents,” adds Le Maistre. “Then, the very final level is what we call extended ‘preference information’, which basically allows people to store any additional metadata against those consents.”

Patients can provide permission for sharing their data with certain affiliates but not others, which works very similarly to defining marketing preferences on consumer platforms.

“You’re getting down to that granular level where, not only you collecting consent about doing something, you’re able to collect that layer of who you can give it to, or share it with,” says Le Maistre.

“We’re here to collect consents and preferences in an auditable manner, so we can give them back to the client and say when the subject provided it, why they provided it, any additional data we stored at the time against that consent, and what the consent was for.”

Free Report
img

Data Regulations: Ensuring Compliance with HIPAA

Businesses dealing with data around the world need to comply with the necessary regulations in specific jurisdictions to avoid significant fines from regulators. In the US, HIPAA regulations apply nationwide to protect highly sensitive information about the health of individual patients. Any data shared must only be done so with the patient’s consent or agreement. These national standards are the Privacy Rule and the Security Rule. And while HIPAA became law in the pre-internet age, companies dealing with digital technologies must make efforts to comply with regulations. Complications may arise when multiple parties get involved with data gathering and management. These potentially grey areas must be understood and carefully navigated to ensure compliance throughout the data journey. To learn more about HIPAA regulations and the best ways to ensure compliance, download this document.
by Syrenis
Enter your details here to receive your free Report.

Topics in this article:
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Medical Device Network