Data Ethics in the Era of Digital Health

Healthcare systems have been undergoing digital transformation both globally and locally. Digital transformation in healthcare enables the delivery of not only better patient experiences and care but also improved health outcomes. The digitalisation in healthcare has resulted in the generation of a vast and growing amount of readily available patients' clinical and health data. The use of those clinical and health data needs to be ethical and legal.

On 1 July 2023, the SMA Centre for Medical Ethics and Professionalism organised a webinar titled "Data Ethics in the Era of Digital Health", in which I discussed the ethics surrounding data in healthcare. In this article, I share some general information on digital health and data ethics which I presented at the webinar.

Digital health

According to the Health Sciences Authority, digital health solutions can be presented in the form of screening and diagnosis software, tele-monitoring devices, tele-treatment systems and digital therapeutics software.¹

For screening and diagnosis purposes, digital software can be used to screen and grade the diseases. In tele-monitoring, wearable devices can be used to conduct remote monitoring of a patient's physiological parameters for chronic disease management. In tele-health, surgeons can use remote surgical systems to operate on a patient who is not in the same physical location. The remote surgical systems can also be used by expert surgeons to telementor and tele-proctor junior or less experienced surgeons. In the field of digital therapeutics, software or mobile apps can be used to treat or manage conditions such as substance use disorder, insomnia, diabetes, etc.¹

Big biomedical data

Biomedical data is considered big and complex, and can be grouped as either structured or non-structured data. Healthcare data such as electronic health and medical records, registry of clinical trial data, pharmacy and medications data, claims data and even the health-related data found on social media are all considered biomedical data.²

The links between the various forms of biomedical data are complex and hence means the management of biomedical data is a challenging endeavour.

NEHR

The National Electronic Health Record (NEHR) is the national digital health portal that shares between hospitals and clinics the patients' essential health information, such as registration, diagnoses, discharged summaries, medications, procedure notes, laboratory and radiology results, and allergies.³ With the help of NEHR, healthcare professionals can gather important details of patients' health information from different institutions and clinics easily, efficiently and effectively to provide timely and appropriate care, and thus improve the quality of patients' care and outcomes. Patients and caregivers can also view selected parts of their own health information such as their medical appointments, discharge summaries and laboratory reports. These can be viewed through the patient's portal on the HealthHub app.

Data in healthcare

Healthcare data from different data sources can be used in clinical data analytics, population health analytics, patient experience analytics, financial performance analytics and operational efficiency analytics. These can be helpful in achieving business goals such as cost reduction, revenue creation, quality and safety improvement, patient satisfaction enhancement, care standardisation, etc.⁴

There are four stages in the health data life cycle, namely, collection, storage, utilisation and disposal. Data is collected and stored for routine healthcare, research-specific, operational and administrative purposes. It is followed by the archiving and destruction of data after a defined period of time as determined by healthcare organisations and/or the law.⁵

Beyond Healthcare 2020

The former Integrated Health Information System (now known as Synapxe) laid out seven transformation programmes with three objectives, seven strategies, 19 healthcare shift and 59 business capabilities as the national Healthcare IT Master Plan for going beyond the Healthcare 2020 Masterplan.⁶ The seven transformation programmes are (1) population profiling, (2) population enablement, (3) prevention and continuity of care, (4) provider care and operations excellence, (5) healthcare financial excellence, (6) policy and public health workbench and (7) IT foundation and resiliency. With the help of these seven transformation programmes, Singapore plans to achieve its "three beyonds": beyond hospital to community, beyond quality to value and beyond healthcare to health.

Four pillars of medical and data ethics

There are four pillars of medical ethics: beneficence, autonomy, non-maleficence and justice.⁷ Data ethics is a new branch of ethics that studies and evaluates moral problems related to:

• Data, including its generation, recording, curation, processing, dissemination, sharing and use;
• Algorithms, including artificial intelligence (AI), artificial agents, machine learning and robots; and
• Corresponding practices, including responsible innovation, programming, hacking and professional codes, in order to formulate and support morally good solutions (eg, right conducts or right values).⁸

Data ethics principles and good practice

According to the International Federation of Pharmaceutical Manufacturers and Associations, the principles of ethical data use are autonomy, transparency, data quality, fairness and non-discrimination, ethics by design, responsible data sharing, and responsibility and accountability.⁹ The Organisation for Economic Co-operation and Development has also published the following good practice principles for data ethics in the public sector:¹⁰

1. Manage data with integrity.
2. Be aware of and observe relevant government-wide arrangements for trustworthy data access, sharing and use.
3. Incorporate data ethical considerations into governmental, organisational and public sector decision-making processes.
4. Monitor and retain control over data inputs, in particular those used to inform the development and training of AI systems, and adopt a risk-based approach to the automation of decisions.
5. Be specific about the purpose of data use, especially in the case of personal data.
6. Define boundaries for data access, sharing and use.
7. Be clear, inclusive and open.
8. Publish open data and source code.
9. Broaden individuals' and collectives' control over their data.
10. Be accountable and proactive in managing risks.

Data protection obligations

Under the Personal Data Protection Act (PDPA), organisations are responsible for personal data in their possession or under their control and are required to comply with data protection obligations when undertaking activities relating to the collection, use or disclosure of personal data. As per the Personal Data Protection Commission's overview of data protection obligations, organisations need to demonstrate their responsibility through proper management and protection of personal data. For the collection of personal data, organisations need to notify individuals of the data collection's purpose, obtain the individual's consent and limit the data collected to that which is relevant for its stated purpose. For the care of personal data, accuracy, security and protection, retention limitations and transfer limitations need to be observed. To ensure that individuals retain autonomy over their personal data, individuals should be able to obtain access and provide correction to the data. The organisation also has the obligation to provide notification in the event of a data breach, and data portability must be provided when requested.¹¹

Summary

Healthcare data is considered big data. It is complex in data structure and flow. With the continuing digital transformation in healthcare and the digitalisation of healthcare data, understanding of data ethics – especially healthcare data ethics – is paramount in the era of digital health. An ethics framework for big data in health and research can help with the balancing approach to decision-making. Understanding of data protection obligations under the PDPA and accountability within an organisation is also very important.

1. Health Sciences Authority. Digital Health: Understanding Digital Health Products and the Regulations. In: Medical Devices. Available at: https://bit.ly/3qDUmKt. Accessed 25 August 2023.
2. Weber GM, Mandl KD, Kohane IS. Finding the missing link for big biomedical data. JAMA 2014; 311(24):2479-80.
3. Ministry of Health. Guidelines on Appropriate Use and Access to National Electronic Health Records (NEHR). In: Regulations, Guidelines and Circulars. Available at: https://bit.ly/3OTs8Dy. Accessed 25 August 2023.
4. Mastagni E. Build a data-driven health organization with these three considerations. In: Health IT. Available at: https://bit.ly/3YZ5MVH. Accessed 31 August 2023.
5. National Ethics Advisory Committee - Kahui Matatika o te Motu. 12. Health data. In: National Ethical Standards. Available at: https://bit.ly/3QWhajm. Accessed 25 August 2023.
6. Smart Nation Singapore. Strategic Technology Master Plan Unveiled to Improve Population's Health and Health Administration. In: Press Room. Available at: https://bit.ly/3L4Bhb5. Accessed 31 August 2023.
7. BMJCareers. Ethical Guidance for Doctors. In: Doctors. Available at: https://bit.ly/3QXACMr. Accessed 25 August 2023.
8. Floridi L, Taddeo M. What is data ethics? Phil Trans R Soc A 2016; 374(2083).
9. International Federation of Pharmaceutical Manufacturers & Associations. IFPMA Data Ethics Principles. In: Publications. Available at: https://bit.ly/3KUbUJ7. Accessed 25 August 2023.
10. Organisation for Economic Co-operation and Development. Good Practice Principles for Data Ethics in the Public Sector. In: Digital government. Available at: https://bit.ly/3PaUd9F. Accessed 25 August 2023.
11. Personal Data Protection Commission Singapore. Data Protection Obligations. In: PDPA Overview. Available at: https://bit.ly/3KXHiGu. Accessed 25 August 2023.

• Medico-Legal