Access to data can boost innovation in healthcare. But how can we ensure patient rights are protected?

Covid-19 has offered the healthcare sector a great opportunity to educate both policy makers and the general public about the importance of data in developing innovative medical solutions. But there are still obstacles to making that data available to those who need it most.

The equation is simple: data increases the ability of the healthcare sector to predict and deal with epidemics, cure disease and improve the quality of life.

Data replaces guess work and allows researchers, clinicians and hospital staff to make informed decisions based on real-world cases, while aggregating data from different areas, different regions, different countries, and allows medical professionals to see the bigger picture.

“When it comes to innovative solutions in healthcare it is crucial that complete personal medical data is available, and not just CT scan results or a list of medicines that an individual patient takes,” says Ligia Kornowska, the managing director of the Polish Hospital Federation, and a leader of the AI Coalition in Healthcare, trying to change regulation and educate patients about the use and benefits of AI in healthcare. “Only then can you have a full picture of a patient’s medical history. Only then can you make sure that various aspects are taken into account when developing an innovative solution.”

Few global events in recent years have demonstrated this as well as the Covid-19 pandemic. In many countries, the health data research effort in response to the pandemic has been unprecedented in both its scale and scope. The amount of data available is one of the reasons that it has been possible to develop successful vaccines against the coronavirus in less than a year.

In the UK for example, the medical records of 56 million people, held by general practitioners, were made available – safely and securely – for essential Covid-19 research and response. More than 4.2 million users of a Covid symptom study app revealed new symptoms and regional hotspots, while some 80,000 patients were recruited into a ISARIC-4C study, finding out how Covid-19 is affecting people across the country.

A further 48,000 Covid-19 viral genomes were analysed by the Covid-19 Genomics UK (COG-UK) consortium, created specifically to deliver large-scale and rapid whole-genome virus sequencing to local National Health Service centres and the UK government.


For many ordinary people, Covid-19 has had the effect of making them aware – often for the first time – of the importance of data in improving outcomes. They quickly realised, even in the early days of the pandemic, that the collection, use, sharing and further processing of data can help limit the spread of the virus and aid in accelerating the recovery, especially through digital contact tracing.

Such data collection and processing, including for digital contact tracing and general health surveillance, may include the collection of vast amounts of personal and non-personal sensitive data.

However, as the World Health Organisation (WHO) warned in November, this could have significant effects beyond the initial crisis response phase, including, if such measures are applied for purposes not directly or specifically related to the Covid-19 response, potentially leading to the infringement of fundamental human rights and freedoms.

“This concern is especially pressing if some emergency measures introduced to address the pandemic, such as digital contact tracing, are turned into standard practice,” warns the WHO.

But who owns the data? And how can we find a balance between ensuring that innovators can access as much anonymous health data as they need while reassuring patients that their personal data is not being accessed by banks, insurance companies, or national social security systems?

Mikołaj Gurdała, innovation manager at EIT Health InnoStars says that educating patients can be extremely beneficial.

“Access to data which is regulated in a standardised and proper way by all EU member states is a key driver for innovation. Firstly, it’s about educating patients and citizens about the data they generate and managing and how this data can be used. Secondly, you try to standardise data between the different sources, then on top of that you add in technology such as artificial intelligence (AI) to create a full and highly transparent pathway to show how data from a single patient can serve to teach algorithms in diagnostics or therapies,” he tells Emerging Europe.

The need for EU-wide regulation

But he is keen to stress that this can’t happen without proper regulations being in place.

Gurdała says that EIT Health, a network of best-in-class health innovators backed by the EU, is a “lighthouse” warning healthcare regulators and payers that the projects they finance (or co-finance) include data security as an element.

In 2021, EIT Health will introduce a new data operability model which will include data related to all of the projects that it has financed.

“We have to look at the general complexity of healthcare,” he says, “and when data is added to this the complexity grows. What we try to do as EIT is simplifying regulation by implementing sandboxes in regards to security, pilots, and projects that demonstrate scalability and value for patients.”


Reiterating his point about education, he adds that while patients should always own their data, they should be made aware of how useful it can be if shared. At the same time, “they should be able to decide what their data can be used for, and by whom.”

But the framework of any policy should come from the EU, he adds.

“There should be a European standard because we as Europeans can be treated anywhere in the bloc.”

Augustin Jianu, a former minister of communication and digital society in Romania and the co-founder and CEO of, a tech start-up aiming to bring big data to small companies and set a new standard for ethical data collection by creating data royalties, says that we must understand that not all health data is equal, in that the associated risks differ significantly.

“As a result, regulators should strive to distinguish between all known types of health data,” he says.

“For instance, organisations that handle electronic health records or patient/disease registries should be required at a minimum to implement strong cyber security and data protection measures. The NIS Directive and General Data Protection Regulation adopted at EU level are good examples for what must be done by organisations that handle these types of health records.

“On the other hand, anonymous health surveys, statistical data or anonymous clinical research datasets could very well be public information, unless some type of intellectual property or commercial secrets are involved. Consequently, there should be no regulation for these types of anonymous health data and organisations should be encouraged to use and share such data without limitations in order to promote and foster medical innovation.”

Is blockchain technology a solution?

Ligia Kornowska says that in a recent survey carried out in Poland by the We Patients Foundation, 77 per cent of respondents said they would agree to their anonymised medical data being used for research and epidemiological updates, while 83 per cent would like to manage their medical data and be able to give access to it to selected individuals and institutions. Up to 91 per cent would like an easy way of checking who reviewed their medical data, and when.

Despite this overwhelming public support for sharing data, she says that there is currently “very limited access” to anonymised medical data in Poland.

“For example, there is an act on patients’ rights, and several clauses are inconsistent with the definition of anonymisation stipulated in GDPR, and a lot of hospitals do not know whether they can share anonymised data or not,” she tells Emerging Europe. Another example, it could be argued, of the need for EU-wide legislation.

“As far as personal medical data is concerned, I believe every patient should be able to donate their personal data just like they can donate blood or marrow,” adds Kornowska. “They would donate their data to trusted third-parties — that discussion should take place on the European level — who should collect the patients’ consent.”

She suggests that blockchain technology could be a solution.

“This would mean the patient’s consent for use of their data is noted, but so is every occasion on which the data is accessed. That cannot be removed, modified or hidden. The patient should have access to that. This is our idea about how to make data secure, and understandable for patients so that they can decide what is done with their data.”

Accelerating digitalisation

At the beginning of 2019, Croatia introduced a new law that defines how health information and medical data is used.

Called the Health Data and Information Act, it improves the scope of personal data protection in healthcare by amending regulations and laying down rules on the use and protection of data from patient medical records in Croatia’s Central Health Care Information System (CEZIH).

The Act regulates prescribing, managing, storing, collecting and disposing of patient medical records in CEZIH and lays down principles for managing the professional documentation of healthcare workers and healthcare associates.

“One of the challenges was how to find a balance between various regulatory frameworks, standards and recommendations that will fit operators of essential services in the health sector, not overloading but enabling them to use the existence of the EU Network and Information Security directive as a driving force to enhance cybersecurity in their institutions and organisations,” says Hrvoje Belani, who acts as head of e-Health and cybersecurity within the independent sector for IT and e-Health at the Croatian Ministry of Health.

“The other challenges include available resources (both human and financial) at the operators of essential services to systematically implement defined security requirements and manage their information security and cybersecurity systems, as well as allowing us as a sectorial authority to efficiently audit and supervise the operators of essential services during these processes.”

He adds that Covid-19 has helped to accelerate the digitalisation process, as it pushed citizens to move online, perhaps realising for the first time that this was a good way to access services.

“As terrifying as the pandemic is, it was also an opportunity to take an extra step in the digital transformation process,” he tells Emerging Europe.

Balázs Gasz is an associate professor at the University of Pecs in Hungary, head of the clinical division at PTE 3D Center and CEO of ME3D Graft, a start-up offering data-driven remote surgical training. He is in full agreement about the impact that Covid-19 has had on sharpening attitudes about the importance of data in creating innovative medical solutions.

“We have been constantly thinking about how to get hold of more medical data, data of better quality, and which devices and technologies to use in order to collect and process it, so that it can be applied to clinical decisions,” he tells Emerging Europe.

“As a clinician, a researcher and a start-up founder, I can say that the pandemic has helped us collect more data, faster.”

Moving forward

It is clear that the amount of data that the healthcare sector has both gathered and been allowed to access as a result of the Covid-19 emergency will be useful for medical start-ups long after the pandemic is just a bad memory.

Forging a future in which this access is facilitated at all times, but in a safe and secure way, with complete public trust, will be one of the biggest challenges for Europe’s policy makers as attention moves towards creating better outcomes across the healthcare spectrum, not just Covid-19.

Educating patients will be crucial.

“We should build as many user cases as possible to show us, as citizens, what the benefits of collecting, securing and sharing our data are,” concludes EIT Health InnoStars’ Mikołaj Gurdała

“There are already many examples, like in the Netherlands where patient data is used to restructure urban areas to build more recreational spaces where they are needed. In Hungary, the government was able to manage the flow of people spending their holidays on Lake Balaton. They were able to show them the consequences of accumulating a large number of people in one area during the pandemic. When we show people specific cases, we start to believe that data – and the way we collect and share it – can save people’s lives.”

Unlike many news and information platforms, Emerging Europe is free to read, and always will be. There is no paywall here. We are independent, not affiliated with nor representing any political party or business organisation. We want the very best for emerging Europe, nothing more, nothing less. Your support will help us continue to spread the word about this amazing region.

You can contribute here. Thank you.

emerging europe support independent journalism

Add Comment

Click here to post a comment