Professor Dipak Kalra reflects on the challenges and opportunities associated with the growing use of health data and electronic health records.
Many European countries have invested in national e-health infrastructures, which are progressively communicating more and more electronic health records (EHR) data to support continuity of care and public health programmes. Countries are now launching a new wave of research infrastructure programmes to scale up the availability of this health data for clinical research. There is widespread recognition that better use can be made of health data to improve the quality and safety of healthcare and to accelerate research.
However, there are at the same time concerns that the reuse of health data must be undertaken in ways that safeguard the data protection rights of European citizens. It is also vital that health data are captured to a high quality and are interoperable so that the data can be analysed on a large (European) scale. This article examines these challenges.
Promoting the trustworthy reuse of EHRs for research across Europe
It is important to respect that almost all health data within electronic health record systems is collected as part of providing healthcare services to patients and is done so for the purpose of supporting safe and high-quality continuity of care to those individuals. That same health data can provide important benefits to improving the design and delivery of healthcare services, improving patient outcomes through better care pathways, well-targeted public health measures, and the discovery of new knowledge about diseases and effective treatments through research.
It is a fundamental right of European citizens that their privacy be protected whenever personal data are processed, and that data are processed only for permitted purposes.
Because European citizens are also entitled to receive healthcare, especially in emergency situations, across Europe, it is important that we have secure mechanisms to enable electronic health records to be accessible across Europe if a patient needs emergency healthcare in any country they are visiting, provided they agree to their records being accessed. There are important European initiatives striving to achieve that secure access to emergency medical information at a European level. To that extent, the concept of free movement is an important one, but it is in fulfilment of the wishes of each individual patient at the point of care.
When it comes to analysing the data in large populations of health records, to undertake research, we must remember that EHR repositories very rarely today hold data with explicit patient consent for research use. The most widely accepted approach when undertaking large-scale (big) data research in health is to first anonymise the data so it is no longer identifiable or capable of being linked back to individuals. Anonymous data can also be shared across Europe, under the terms of ethical approvals and data-sharing agreements between relevant parties, to enable European-scale research. This is vital for future healthcare and especially valuable for rare diseases and precision medicine where the patient numbers in any one country may not be enough to undertake the research.
However, the process of anonymisation can be state-of-the-art, but probably could never be perfect. This means that anonymous data can always carry at the very least a very small risk that certain individuals could be re-identified because they have unique or unusual characteristics. It is therefore still important that anonymous data are handled securely and that the sharing and use of anonymous datasets is carefully protected. The European Institute for Innovation through Health Data (i~HD) is working alongside other initiatives to develop codes of practice, technology assessments, and other methods of offering assurance to European citizens that their anonymised data can be used for research in a trustworthy way.
Impact of the GDPR on the reuse of electronic health records for research
Data protection legislation in member states across Europe, which is now in the process of being reinforced to comply with the new General Data Protection Regulation (GDPR), obliges all stakeholders who process personal health data to ensure that the privacy of those individuals is protected and the data only used for permitted purposes.
Many of its principles align with the 1995 European Data Protection Directive, now adding greater formality, detail, and clarity. So, it could be argued that privacy protection when processing personal health data and the appropriate use of anonymous data for the majority of large-scale research purposes is not new. Most organisations involved in undertaking research, and who have been conducting that following good practices, might not need to make significant changes.
There are some important new GDPR provisions around informed consent, placing greater obligation on making the collection of consent freely given and clearly informed. There are also more stringent rules about whether pseudonymous data is still classified as personal health data or can be considered anonymous data. Anonymous data needs to have been generated using state-of-the-art techniques.
Unfortunately, some GDPR stipulations regarding the ways in which routinely collected EHR data can be reused for research do create margin for national re-interpretation, and there is some concern among research communities that different member states might legislate for different detailed interpretations on topics like this.
i~HD will be tracking this emerging national legislation and will keep our members informed about the implications regarding research use of health data. We have also ensured that our codes of practice and other measures are ‘GDPR-ready’. We hope that promoting common high standards across Europe will enable research to thrive in ways that society fully supports.
Promoting high-quality electronic health record systems in Europe
EHR systems have evolved significantly over the past two decades, from their origin as a tool to support the administration and resource management of healthcare provider organisations such as hospitals and general practices. They increasingly support clinicians in the capture of patient data during clinical encounters, as well as laboratory and radiology investigation results. They usually incorporate some form of clinical workflow or care pathway support, and can offer simple or sophisticated forms of decision support, trend analyses, dashboards, and other patient care management tools. However, the maturity of the clinician-facing features of many electronic health record systems still has some way to go.
According to clinicians I interact with they find the user interfaces and the speed of data entry to be a hindrance to smooth and timely clinical documentation. The design of data structures, templates, and forms is not always conducive to collecting data in a structured and coded way, and so the balance of readily computable data versus free text data is not ideal. Many hospitals we interact with tell us that they see data quality improvement as an urgent priority, but that sometimes the systems they have are not advanced enough to enable their staff to capture the data they need to improve outcomes and to optimise their care pathways. There are essential features of security that users do not see, such as robustly ensuring the data are always entered in the correct patient’s record, tracking the activity of users in an audit trail that cannot be modified, ensuring that drug dictionaries are always up to date, etc.
It would not be fair to criticise EHR system vendors as being unable to deliver high-quality, smoothly usable, and clinician-friendly EHR systems and applications. There are perverse incentives in most health systems that mean the drivers behind EHR procurements seek to maximise the value of the system purchased for organisational efficiency and cost containment, rather than prioritising clinical outcomes.
We see this landscape slowly changing through the promotion of outcomes-based models and payments (such as reimbursements linked to outcomes, KPIs for senior management reflecting quality of care and patient experience, etc.). However, procurement decisions are still vulnerable to marketing persuasion, and we feel it is important that EHR systems carry an independent quality label that assures purchasers of the fitness for purpose of the EHR systems they are considering and allows them to profile the quality of those candidate systems against their needs.
At the European Institute for Health Records (EuroRec) we have developed the largest body of EHR system quality criteria and formalised testing processes that allow such a quality label to be issued and provided by vendors to hospitals when making procurement decisions and to ministries when providing any form of ICT reimbursement or subsidy.
EuroRec testing includes both the visible and unseen (non-functional) features of a system, including its security features and the ways in which it captures and protects the provenance of all data in it. EuroRec has been involved in many European Commission research projects to help advance our understanding of what is needed in a good EHR system, and to co-develop with other partners many innovations in EHR system design and use, including benefits realisation.
The challenge of interoperability
We have the major obstacle that it is still extremely difficult in almost every EHR system and country to have an holistic view of the conditions, allergies, treatments, care plans, and recent clinical encounters for a patient across multiple healthcare providers.
International standards bodies have been active in developing interoperability standards that can support the communication of many kinds of clinical data. Success stories in this area include for laboratory and radiology data, where the standards are mature and well adopted in products.
For clinical (EHR) data we have the first challenge that the interoperability standards that do exist are not yet well adopted in products, and for this we probably have to blame the lack of health system business drivers – until recently – which do not prioritise the exchange of electronic clinical information over other procurement priorities.
The second challenge is that our interoperability standards today are quite technical, and do not yet well reflect the clinical content (semantic) priorities of shared clinical care and patient empowerment. Too few health professionals and patients are involved in standards setting, and we need to encourage more active engagement of these communities, plus the research community, in asserting their interoperability needs. Both of the institutes I have mentioned are working together to promote this engagement.
There are many opportunities to make better use of health data, to bring health service quality improvements and faster treatment innovations to society.
Challenges such as ensuring robust protection of privacy, that electronic health record systems are of good quality and used well, and that health data are of a good quality and interoperable, can be addressed through European initiatives that develop and promote good practices, and assess the quality of digital products and data.
It is also essential to assure that health data are used in ways that deliver healthcare benefits to all citizens. These assurances are vital if we are to win greater societal endorsement of public health and research uses of health data.
This article has had valuable input from Nathan Lea and Karl Wouters from the European Institute for Innovation through Health Data, and Pascal Coorevits from the European Institute for Health Records.
This article will appear in issue 5 of Health Europa Quarterly, which will be published in May.