September 23rd through 27th marks "National Health IT Week" in the United States, which focuses on "catalyzing change within the U.S. health system through the application of information and technology." As health stakeholders in Washington, D.C. and beyond contemplate how data-driven technologies can transform America's system, they might be wise to learn from the innovative approaches being deployed in other advanced markets, particularly in Asia.
Due to economic, population, and demographic trends, many Asian governments are looking to data and technology to help revolutionize their public health systems. By 2030, Asia will be home to 4.9 billion people, representing 66% of the global middle-class population and 59% of middle-class consumption. By 2050, more than a quarter – or 1.3 billion – of the population in the Asia-Pacific will be considered elderly, at 60 years or older. This increasingly geriatric population coupled with rapid urbanization – resulting in more sedentary lifestyles – has yielded a rising prevalence of lifestyle disorders such as diabetes, obesity, and hypertension, among other chronic conditions.
Fortunately, digital health technologies and data-driven innovation have the potential to unleash scalable solutions to address the region’s most vexing healthcare challenges. And if we want to seek inspiration for our own health IT modernization efforts, we can find a few trend-setting regulators in the Asia-Pacific that are progressively setting the stage for digital innovation.
Japan, the third largest economy in the world, has recently led the charge for an integrated, global model for data governance, including for medical and health data. And the vision and leadership comes from the very top. In his 2018 speech to the World Economic Forum in Davos, Japanese Prime Minister Shinzo Abe made a call to action for a model of “data free flow with trust,” his vision for enabling the safe, cross-border flow of data among reliable allies and partners, with trust improved through the protection of personal information, intellectual property, and reinforced cybersecurity. In his remarks, Prime Minister Abe specifically referenced medical data, stating that “we must enable the free flow of medical, industrial, traffic and other most useful, non-personal anonymous data to see no borders, repeat, no borders.”
In 2017, Japanese legislators in the National Diet passed the “Medical Care Big Data Act,” a compelling example of a regulatory approach that seeks to responsibly leverage the power of massive datasets to inform medical research and clinical trials. The Act seeks to enhance medical research by setting policies for the use of anonymized medical data. A key provision is the creation of "Certified Anonymized Medical Data Agents," which are third-party intermediaries that would be entrusted to hold anonymized medical data based upon their technical proficiency and security measures. The Act also creates an "opt-out" default environment, whereby medical institutions are authorized to provide data to the Certified Agents unless a patient, after being notified of their rights and the potential use of their medical information, specifically opts out of the sharing arrangement.
This opt-out model is distinguished from the EU's Global Data Protection Regulation (GDPR), as it allows business operators to transfer personal data to third parties without requiring consent from the data subjects. Individuals would “agree” to these opt-out arrangements when first offered services or products, giving companies the ability to subsequently transfer their data without further notice or consent. This approach to sharing and access can lead to improvements in research and advancements in public health.
On the regulatory front, Japan’s Personal Information Protection Commission, or PPC, is an engaged, progressive thought leader on data protection issues in the region. The PPC oversees specific personal information protection assessments, accrediting of personal information protection organizations, international cooperation, formulation and promotion of basic policies, and mediation of complaints. But it has also weighed in with innovative policy statements in the healthcare arena, including guidance on the use of anonymized medical information held by medical institutions for drug development and clinical research.
As it has been across many industries and for many emerging technologies, Singapore is a leader in Southeast Asia for crafting innovative regulatory approaches and supporting new data-driven technologies.
Within the healthcare space, Singapore has developed and is implementing its “Health IT Master Plan” (HITMAP), which sets forth seven "transformation programmes" to guide national healthcare IT efforts and investments strategy. Of particular note, many of these pillars seek to leverage data and analytics capacity to discover actionable insights that will drive public health outcomes. As a starting point, they seek to "develop common data analytic capabilities to link data across our healthcare and other non-healthcare data sources," thus providing a foundational, robust dataset on Singapore's population. To implement this goal, the country has developed a centralized platform to analyze relevant data and facilitate collaboration among researchers and other stakeholders. Another example is in the "Prevention and Continuity of Care" pillar, which leverages the National Electronic Health Record (NEHR) system to provide clinicians with secure, near real-time access to patient health records. This effort will also help integrate various IT providers' systems across the national healthcare system in order to ensure continuity of care for Singaporean citizens.
Singapore’s privacy regulator, the Personal Data Protection Commission (PDPC), is another forward-looking data authority in the region. The PDPC promotes and enforces personal data protection to foster trust among businesses and consumers through the administration and enforcement of the Personal Data Protection Act of 2012. In the healthcare sector, the PDPC and the Ministry of Health are joint regulators over the National Electronic Health Records system. The PDPC also has released guidelines on "Basic Data Anonymization Techniques" and "Preventing Accidental Disclosure When Processing and Sending Personal Data," among other advisory guidelines. The joint oversight of the NEHR and the implementation of this master plan illustrate a smart approach for needed collaboration between the traditional healthcare regulators and ministries, and the data protection authorities.
Different countries and their populations yield different challenges, of course; and thus, a “one size fits all” regulatory approach is rarely the answer. But information sharing, developing interoperable models, and identifying best practices advanced by other policy thought-leaders helps reduce regulatory fragmentation and, ultimately, leads to positive public health outcomes. As we consider data-driven innovation here at home during “National Health IT Week,” U.S. policy makers and stakeholders should consider the experiences gained and best practices of our Asian allies. Leveraging that data — their experience — might help advance our own transformation.