One of the industries that is being influenced by technology the greatest is the medical industry.
To better understand the legal issues surrounding healthcare data and IT and the legal challenges and complexities the industry as a whole faces, Healthcare Innovation spoke to Baker McKenzie’s team of experts in healthcare law. I found the article on enterpriseinnovation.net. I have replicated the interview below as it is a fascinating read.
Many in the tech industry say that regulation has not caught up with technology, What are your thoughts?
Ben McLaughlin, Chair of Global Healthcare Industry Group, Baker McKenzie: In healthcare it’s a massive issue because of the speed of technology. Regulators draft legislation to allow or to stop things; but then the technology changes and it’s no longer appropriate or relevant anymore. Regulators hence face the challenge of having to move fast enough to keep up with the changing technology.
Anne Petterd, Principal, Baker McKenzie Wong & Leow: In terms of data sovereignty – where a jurisdiction places restrictions on taking data beyond its borders – healthcare data is an issue which comes up frequently when parties are trying to negotiate free trade agreements. There’s a notion that if the data is within the country, it may be more accessible to those who need it, be it the patients or the healthcare providers. There’s also the notion among regulators that if the data is within the country, it may be more secure. However, if you speak to the cloud providers, particularly those who spend a lot of time investing in security for their products, this may be one of the main issues that they want to discuss with regulators as to whether that is really true. Companies may want to deliver services from one central location for efficiencies across borders, and with that comes savings in terms of time and storage of data, especially when it comes to big data analytics. This is an issue that healthcare companies may feel is constraining them with what they want to do in the region.
Isabella Liu, Head of Asia Pacific Healthcare, Baker McKenzie: Coming to the use of data – many medical devices now incorporate the use of electronic data. The China Food and Drug Administration has issued guidelines that cover the handling of this data, which state that measures must be in place to ensure the security of data, but there are no mandatory rules governing what measures have to be put in place. Hence, they are relying on the product owner to ensure the proper usage of the data. However, if the companies do not provide information as to how they go about resolving the cybersecurity issues, there be may delays in the product registration.
How do you resolve the tension between paranoia about data sovereignty from the part of regulators and the regulators need to be as safe as possible?
Anne: It’s a constant balancing that regulators need to do. Even if a law has been passed that strikes the perfect balance, something might change the next day which means the system is no longer in balance.
Putting this into the context of healthcare and cybersecurity issues, an example is the Wannacry ransomware attack in May this year which affected many businesses and governments. One of the parties affected was the NHS in the UK, where the healthcare operations system came to a halt for a few days. Following the incident, the UK government has conducted several audits and reviews. One of the recommendations on striking the right balance suggests giving patients more control and choice over who their electronic records can be shared with. The UK government is saying, look we have to take steps to increase public trust and confidence, by giving people more choice and maybe the option that their personal health records won’t be shared beyond their direct healthcare provider.
What is the state of healthcare law and regulation in Asia – especially in the developing world?
Ben: In one way, developing countries have a big advantage over developed countries in that they don’t have existing regulations in place. In India and China, they are implementing systems and setting up platforms where patients can own their own data.
In India, a company called LiveHealth that is based in Pune has an app that allows patients to assemble all their health records in the same platform. Similarly, in China, Ping An Good Doctor is the largest online healthcare platform in the country with 180 million users and it’s planning to raise $1 billion in an IPO in Hong Kong early next year.
Developed countries, on the other hand, have silos or have had silos for a long time. Everyone keeps their data separately and there is no ability to get the data together. The various parties are bound by accuracy, security and privacy concerns, and there are massive regulations to stop the data from coming together.
When it comes to cybersecurity, some countries including Singapore have released cybersecurity bills. Are they comprehensive enough to encompass healthcare issues?
Anne: One of the big challenges with the cybersecurity bills being rolled out is that there is no uniform approach taken by governments.
Regulations are drafted from the perspective of the different countries. Governments generally have concerns about placing obligations on the provider to look after the data. For Singapore, the approach in the draft cybersecurity bill is to identify certain critical information infrastructure (CII) owners, not the legal owner, but the party that effectively has control over the IT system, and where they are providing essential services, including healthcare, they have to comply with the cybersecurity legislation.
The government has stated that it has been consulting with the players it considers to be CII owners and liaising with them on what the requirements are going to be, so they know what is required of them.
We are seeing a more personalized approach to medicine and healthcare – how do you see cybersecurity problems impacting that and how will disruption look like in this space?
Isabella: Innovation comes in ways healthcare solutions are provided, be it healthcare, pharmaceutical or wearables.
For example, in the remote operation of devices involving the doctor and patient in different locations – if there’s a safety breach, then the procedure could be compromised. The fact that it impacts on personal safety and health elevates the risk exposure to a different level.
Compared to other industry sectors, regulators are in a bind because on one hand, they want to get on the innovation bandwagon, but the regulatory framework restricts the patient interaction framework. At the same time, governments are aware that they can’t do it on their own.
In terms of healthcare records, for example, they will need industry players to work together with them to ensure the security of public health records. We advise companies on partnering with the authorities to advance healthcare solutions as it takes all the stakeholders to come together to utilize the technologies that are coming to the market.
What are the main concerns clients are facing in the healthcare tech industry?
Ben: One of the biggest concerns for big pharma is the competition from technology companies. This is playing out in many different ways.
There’s a saying that goes ‘an ounce of prevention is better than a pound of cure’ and for big pharma this could mean a potential loss of revenue.
Tech companies are developing monitoring devices which will allow patients to regulate their behavior rather than taking drugs. This is good for the patient but that could mean potential loss of revenue for big pharma.