As the first pilot of the NHS’s Covid-19 app demonstrated, data privacy; its management and the legalities around this are increasingly key to healthcare technology. Data-sharing powers many health tech businesses and yet the sector is rife with innovations and initiatives which apparently did not consider this from the outset. The NHS care.data debacle is just one example. Mistakes can be extremely costly and damaging: GDPR gives the regulator (the Information Commissioner’s Office) the power to issue fines of up to £18m ($20m) or 4% of annual global turnover, whichever is greater. Rather than a cost or a hurdle to overcome, companies should consider GDPR as an innovation which protects and enshrines patients’ rights.
The General Data Protection Regulation (GDPR)
Noreen Doyle explains, “To me, the best thing that came into force was the general data protection regulation, because it gives individuals more freedom over their information and more protection over their information. And in the digital age that cannot be a bad thing.”
On the other hand, companies who are agile and informed from the start on data sharing and compliance can reap dividends. 8foldGovernance works with social enterprise and technology platform Patients Know Best who are leading the way in the UK personal health record market. Patients Know Best have designed a Personal Health Record (PHR) with a full consent layer that allows patients to dial up and down their consents around who has access to their data, what it can be used for, as well as registries to support their governance, strategy and implementation. Patients can login to access everything from appointment letters and test results, to their multi-disciplinary care plans. To empower patients to play an active role in their health and wellbeing, they can also use specially designed tools to monitor and track their health condition. Patients Know Best currently provides “joined-up care” via digitised patient records for more than 5.2 million people in the UK alone and is a recognised B Corporation.
Noreen Doyle believes that staff awareness of data protection and its implementation – as well as the opportunities therein – is crucial; “if you haven’t trained [your staff], then you are setting them up to fail … It’s an exposure.”
This Blog is an excerpt from the 8folGovernance White Paper written by Sussex Innovation LINK