Europe’s e-health status: balancing innovation and data protection
Julia Pieza // 26 May 2021
The Covid-19 pandemic accelerated the rate of digitisation in European healthcare systems. Europe’s ageing population projections estimate that by 2070 people aged 65 or older will make up 30% of the population, which will increase health expenditure. To cope with this increase in demand for healthcare services, the EU needs to create better conditions for innovation in healthcare with more efficient digital technologies. However, there is a delicate balance between fostering medical innovation and providing data protection. To ensure both, the EU needs to address the fragmentation of data governance across its member states as well as citizens’ digital skills.
Digital innovations that lower the costs of healthcare delivery by using more efficient information and communication technologies (ICT) have already been trialled in the EU. In 2019, Finland and Estonia facilitated the cross-border sharing of healthcare data through an ePrescription project which allowed patients to access their prescriptions across the border. This data sharing project incorporated a common digital framework between the two countries saving time and reducing the costs involved in the previous written prescription model.
There is evidence of support for data-sharing innovations on a wider scale with the European Health Data Space (EHDS) which would facilitate the exchange of healthcare data between healthcare professionals and researchers across borders. A 2017 Eurobarometer study reported that 52% of respondents would like to have online access to their medical health records, while 65% are willing to share this data with doctors and healthcare professionals.
However, encouraging cross-border data sharing within the European single market depends on a standardisation of GDPR rules. A February 2021 report from the DG for Health and Food Safety highlights that the use of GDPR in relation to health data is fragmented across member states. For example, thirteen member states do not have legislation defining the lawful basis for non-public sector researchers using health data, while the other fourteen use varying legal bases for the use of health data for research purposes across public and non-public bodies. For this reason, 71% of stakeholders answered that the time and interaction costs of gaining access to health data for research are high in their countries. Current GDPR regulation involving citizen’s consent to sharing their healthcare data is a significant safeguard that should remain in place, and 86% of stakeholders support the creation of EU-level guidance on obtaining consent from patients for sharing data.
A one-stop-shop for authorisation related to data use such as a common compulsory framework accredited by an independent European body could be the answer to easier data use by researchers. As an EU-wide measure, this would be best implemented under the principle of subsidiarity which would achieve consistency in GDPR regulations faster than current national approaches can. Although such high-intensity regulation is usually synonymous with more bureaucracy, the benefits of an EU-wide intervention in data exchange would ultimately simplify the process for researchers and level the playing field in the single market. A 2019 impact assessment evaluating various types of regulation to enhance data sharing in the EU estimated that any initial costs incurred by member states to standardise data sharing practices would be far outweighed by the benefits of higher efficiency across the healthcare sector, saving around €120 billion a year.
Creating strong institutional safeguards on the use and exchange of data also depends on citizens’ digital skills and the improvement of cybersecurity across the member states. For example, the creation of a Cybersecurity Competence Centre in Romania will seek to address gaps in digital infrastructure and the interoperability (the ability of European computer systems to exchange and make use of information) of data across borders by pooling funding and expertise.
Citizens’ digital skills have arguably been addressed to a lesser extent. A Eurobarometer study from 2020 has shown that between 2017-2020 European citizens’ confidence to protect themselves online fell by 12%, demonstrating the impact of widespread online misinformation and increased sophistication of cybercrime. The EU can help to mitigate costs of digital training by collecting best practices from member states leading in digitisation such as Estonia, and creating more avenues for citizens’ digital education at all ages, especially as citizens’ consent is the foundational basis of GDPR.
Ultimately, Europe’s economic and physical health depends on the more sophisticated use of digital technologies to efficiently deliver services such as healthcare. The EU has a significant opportunity to strike the balance between ensuring data protection whilst making medical research cost-effective. The EU needs to speed up the pace at which data innovation can take place in healthcare by ensuring more consistent regulations on data exchanges and stronger cybersecurity infrastructure.
EPICENTER publications and contributions from our member think tanks are designed to promote the discussion of economic issues and the role of markets in solving economic and social problems. As with all EPICENTER publications, the views expressed here are those of the author and not EPICENTER or its member think tanks (which have no corporate view).