GDPR

I believe that data has the power to transform patient care. But do the legal and regulatory landscapes in Europe and around the world pose some sort of obstacle to digital health innovation in the medical technology sector? This is a hot topic right now as patients – indeed, all citizens – become increasingly aware of data security issues. Privacy and data protection have caught a tailwind in the United States in light of several large data breaches and the revelation of the mismanagement of citizens’ personal information. This has manifested in the passage of the CCPA in California, as well as the proposal of multiple other state and federal levels privacy bills. Conversely, a data protection regulatory framework has been in place in the EU for decades (the Data Protection Directive came into effect in 1995). However, with the passage of time and the incredible technological leaps we have seen over the past decade, the old framework was poised for a facelift. That came in the form of the GDPR. In my opinion, there is no question that the use of data has the potential and ability to provide better healthcare options to patients, ranging from monitoring to diagnosis, to patient counseling and treatment management. However, I think rather than view the GDPR and other regulatory instruments as barriers to entry or insurmountable hurdles, companies should instead shift their perspective. Perhaps data protection rules present an opportunity to rethink approaches and to find the correct balance between safeguarding individuals’ health data without creating significant practical and logistical hurdles. I addressed this issue at AdvaMed’s third annual Digital MedTech Conference in May. The event was a chance to discuss differences and similarities between regulatory approaches, and to put to bed some “fake news” surrounding digital health and data protection in...