GDPR

It’s hard to think of information that feels more personal than data about our own health. Yet we’re generating and monitoring more health data now than ever before. From specific technology designed to help manage certain medical conditions to home monitoring tools, there are more and more digital options to help manage patient health. The benefits are increasingly clear. Remote patient monitoring and teleconsultations have already helped to maintain a high standard of patient care during the COVID-19 pandemic. Hospitals and general practitioners regularly share electronic health records to help healthcare professionals get comprehensive insight into a patient’s overall health condition and thus ensure more efficient treatment between disciplines. Patients are increasingly taking advantage of the opportunity to keep a closer eye on their own health. Statistics show that the number of wearable devices and digital health tools has increased in Europe over the last years. So, how do we know this data is safe? I believe innovation and data protection can mutually reinforce each other – and digital innovation need not come at the expense of data protection and privacy. As a lawyer specialising in IT law and working in medtech, data protection laws are a key focus. Working with my team at a global medical device manufacturer, I have a bird’s eye view of the various regulations that apply in virtually every part of the world. We also work on ways we can better use data to create value for healthcare professionals and empower patients in managing their health in an increasingly connected world. Data security is one of the top priorities in the development of healthcare innovations within my company and requirements are constantly evolving with advancing technology and digitalization, particularly when we consider cloud services and connected health applications. This results in a continuous need for...
I believe that data has the power to transform patient care. But do the legal and regulatory landscapes in Europe and around the world pose some sort of obstacle to digital health innovation in the medical technology sector? This is a hot topic right now as patients – indeed, all citizens – become increasingly aware of data security issues. Privacy and data protection have caught a tailwind in the United States in light of several large data breaches and the revelation of the mismanagement of citizens’ personal information. This has manifested in the passage of the CCPA in California, as well as the proposal of multiple other state and federal levels privacy bills. Conversely, a data protection regulatory framework has been in place in the EU for decades (the Data Protection Directive came into effect in 1995). However, with the passage of time and the incredible technological leaps we have seen over the past decade, the old framework was poised for a facelift. That came in the form of the GDPR. In my opinion, there is no question that the use of data has the potential and ability to provide better healthcare options to patients, ranging from monitoring to diagnosis, to patient counseling and treatment management. However, I think rather than view the GDPR and other regulatory instruments as barriers to entry or insurmountable hurdles, companies should instead shift their perspective. Perhaps data protection rules present an opportunity to rethink approaches and to find the correct balance between safeguarding individuals’ health data without creating significant practical and logistical hurdles. I addressed this issue at AdvaMed’s third annual Digital MedTech Conference in May. The event was a chance to discuss differences and similarities between regulatory approaches, and to put to bed some “fake news” surrounding digital health and data protection in...