This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR Formative Research, is properly cited. The complete bibliographic information, a link to the original publication on http://formative.jmir.org, as well as this copyright and license information must be included.
The health care sector can benefit considerably from developments in digital technology. Consequently, eHealth applications are rapidly increasing in number and sophistication. For successful development and implementation of eHealth, it is paramount to guarantee the privacy and safety of patients and their collected data. At the same time, anonymized data that are collected through eHealth could be used in the development of innovative and personalized diagnostic, prognostic, and treatment tools. To address the needs of researchers, health care providers, and eHealth developers for more information and practical tools to handle privacy and legal matters in eHealth, the Dutch national Digital Society Research Programme organized the “Mind Your Data: Privacy and Legal Matters in eHealth” conference. In this paper, we share the key take home messages from the conference based on the following five tradeoffs: (1) privacy versus independence, (2) informed consent versus convenience, (3) clinical research versus clinical routine data, (4) responsibility and standardization, and (5) privacy versus solidarity.
The Association of Universities in the Netherlands (VSNU) has brought together scientists from all 14 universities in the Netherlands to address the pressing questions raised by the emergence of a digital society. Exploring the responsible use of innovative digital technologies in the health care sector has high societal priority because of the potential to significantly improve health care and reduce health care costs. The Health & Well-Being program line of the VNSU Digital Society Research Programme aims to develop, evaluate, and implement integrated and personalized digital health care solutions, while addressing the societal challenges raised by the digitalization of health care.
Decelerating factors in the development and implementation of eHealth are a lack of knowledge, information, and practical tools with respect to handling privacy and legal matters. To discuss these factors, the Digital Society Health & Well-Being team organized a conference on September 26, 2019 titled “Mind Your Data: Privacy and Legal Matters in eHealth” with the aim to learn from each other’s approaches to tackle privacy and legal matters in the development of eHealth.
The conference hosted five speakers who were selected based on their unique backgrounds (law, eHealth, data science, philosophy, and mobile health [mHealth]), vision, and expertise on privacy and legal issues in eHealth. Marie-José Bonthuis is an external privacy lawyer who is connected to the Medical Biobank Lifelines and to the University Medical Center Groningen. Furthermore, she is an expert in the Health Research Infrastructure initiative (Health-RI) service desk for ethical, legal, and societal questions related to personalized medicine and next-generation sequencing. Dr. Bonthuis presented a talk titled “Overview of data protection principles in research: bringing practice and legislation together.” Niels Chavannes is a professor of Public Health and Primary Care at Leiden University Medical Centre, a general practitioner, and the founder of the National eHealth living lab (NeLL). Professor Chavannes presented a talk titled “Clinical implementation of successful eHealth initiatives: ethical and legal issues.” Andre Dekker is the professor of Clinical Data Science at Maastricht University, Maastricht University Medical Center+, and MAASTRO Clinic. Professor Dekker presented a talk titled “The personal health train: privacy preserving learning from health data.” Peter Paul Verbeek is the professor of Philosophy of Technology and scientific codirector of DesignLab of the University of Twente. In addition, he is an honorary professor of Techno-Anthropology at Aalborg University and chair of the UNESCO World Commission for the Ethics of Science and Technology. Professor Verbeek shared his perspective in a talk titled “Privacy and beyond: inclusive digitalisation and the dynamics of privacy.” Finally, Edward Watkins is the professor of Experimental and Applied Clinical Psychology at the University of Exeter. Professor Watkins presented a talk titled “ECoWeB – mental health app for young people data and governance issues.”
More than 100 participants from a wide range of organizations (universities, medical centers, knowledge institutes, private parties, citizens, and government) attended the conference. Three independent authors noted down specific points that were expressed during the presentations, panel discussion, and eHealth forum. These notes were compared, sorted in categories, and juxtaposed in a way that the ethical challenges clearly emerged. Solutions provided by speakers were described; otherwise, clarification was provided by the authors of the paper. This resulted in our summary of the most prominent ethical-, technical-, and research-related issues in eHealth and their potential solutions.
There is no straightforward answer for the best way to address privacy issues in eHealth. For each eHealth application, there should be a balance between individual privacy and potential individual or societal benefit. Data protection is all about contextual integrity; that is, using data responsibly within a specific context. Take for example the development of an mHealth approach to assess and enhance emotional competence for well-being in the young (ECoWeB project) [
To gain insight into this tradeoff, user preferences, and needs, it is essential to include the end user in the design of eHealth at an early stage of development. This should provide an understanding as to what extent the user is willing to share data and for what purpose. During the conference, this was exemplified by the ECoWeB project [
eHealth research generally includes an informed consent procedure for use and accessibility of data. This can potentially be done by digital authentication, including, for example, parental consent and age verification. However, during the conference’s panel discussion, the issue about how elaborate digital informed consent should be arose. The panelists concluded that there should be a balance between simple, convenient, and easy to understand versus fully complete. This tradeoff is similar to a paper-based consent procedure. Nevertheless, there seems to be a striking difference between the requirements for informed consent of eHealth in comparison to commercial applications. An editorial published in
In addition to informed consent, it is highly important to address the expectations of the eHealth app. This includes information on the procedure for incidental findings, such as whether or not the user wants to be actively informed or what can be expected with regard to automated messaging/triggering the health care provider for actions in the case of a monitoring app. Providing this additional information might limit possible overexpectations of users of the app.
Data obtained after informed consent are only available from a small population of people that are registered for clinical research or use a specific eHealth app. By contrast, general registries collect data from a large number of patients, but the information is limited to demographics and a small selection of clinical variables. Another data source is clinical routine data, which contains the largest amount of clinically relevant information. One could think of a “patients like me” approach, where we can learn from existing data worldwide to find a similar patient. Unfortunately, clinical routine data are very hard to collect centrally because they are stored in individual local databases. One of the potential solutions is the use of distributed learning. The Personal Health Train is an example of this, where the data remain at the source (eg, the hospital) in Findable, Accessible, Interoperable, Reusable (FAIR) data stations, and the analysis method (eg, the algorithm) is transferred to the data. This method has been successfully implemented such as for predicting the 2-year survival of lung cancer patients using clinical data of 20,000 patients [
To allow for the secondary use of clinical personal data, data should be made nonidentifiable or anonymous [
There are no straightforward answers to the questions of who is responsible for digital health apps, and how to guarantee maximal privacy and compliance with legislation. Together with multiple partners, the VSNU developed a Code of Conduct for research integrity in the Netherlands in 2018. The responsibilities have been defined at multiple levels, from the individual researcher to the boards of research institutions and the institutions as a whole [
Moreover, it is hard for a user to determine which app is qualitatively good. The availability of health apps is increasing rapidly. Pereira-Azevedo and Venderbos [
Finally, when moving from research toward the clinical implementation of eHealth, Dutch professional communities (medical specialists, medical physics, and clinical informatics) have expressed in their vision statements that they will take their responsibilities in the stimulation of the development and use of eHealth, and to assure its quality and safety.
Technological innovations change our society rapidly and the interaction of humans with these digital innovations may also influence our perception of societal values such as privacy. The complex interactions of how innovations influence the ethical frameworks with which they are valued can be exemplified with a Google Glass study. In this study, a technological mediation approach was used to focus on the dynamics of the interaction between technologies and human values. Online discussions about Google Glass technology were investigated to evaluate how people articulate new meanings of the value of privacy [
Additionally, there are cultural differences in the way we value privacy, especially on a global scale. To account for this dynamism of values, value-sensitive and responsible design approaches should be adopted. There is also a movement toward solidarity and data donorship. Toward this end, a culturally sensitive balance should be sought between sharing (“give data and save lives“) and protection (eg, potential threat of commercial exploitation) of data.
The information presented and discussed at the conference highlighted the many tradeoffs in eHealth with regard to privacy and legal questions. To prevent potential decelerating factors in the development and implementation of eHealth, we need to be aware of these tradeoffs between (i) privacy and independence, (ii) informed consent and convenience, (iii) clinical research and clinical routine data, (iv) responsibility and standardization, and (v) privacy and solidarity. Furthermore, we need to make use of the available knowledge and tools on a national and international level, think carefully about the design of the application, and include end users at an early stage of development to reach the full potential of the eHealth technology. Clearly, there are risks associated with developments in eHealth, but rather than avoiding risks and stalling innovation, we should attempt to minimize risks while providing the greatest possible benefits to society.
emotional competence for well-being in the young
Findable, Accessible, Interoperable, Reusable
General Data Protection Regulation
Health Research Infrastructure Initiative
mobile health
Association of Universities in the Netherlands
We would like to thank the VSNU, the Digital Society program coordinators (Prof I Lagendijk, Prof M de Rijke, and Prof S Wyatt), our colleagues of the Health & Well-Being team and co-organizers of the conference (Prof A Brombacher, Prof A Evers, Prof E Feskens, Prof H Hermens, Prof L van Gemert-Pijnen, Prof N Maurits, Prof H Riper, Prof M Sitskoorn, Dr I Kalinauskaite, Dr J van Soest, Dr R Fijten, Dr R van der Vaart, Dr S van Dijk, Dr M Simons, Dr M Tabak, and Dr K Gehring), the speakers, including external privacy lawyer Marie-José Bonthuis, Professor of Public Health and Primary Care at Leiden University Medical Centre; general practitioner and the founder of the National eHealth living lab (NeLL) Niels Chavannes; Professor of Clinical Data Science in Maastricht Andre Dekker; Professor of Philosophy of Technology at the University of Twente and chairman of UNESCO’s World Commission on the Ethics of Scientific Knowledge and Technology Peter Paul Verbeek; and Professor of Experimental and Applied Clinical Psychology at the University of Exeter Edward Watkins. We also thank all (forum) participants at the event.
None declared.