Journal:A legal framework to support development and assessment of digital health services

From LIMSWiki
Revision as of 21:56, 3 June 2016 by Shawndouglas (talk | contribs) (Added content. Saving and adding more.)
Jump to navigationJump to search
Full article title A legal framework to support development and assessment of digital health services
Journal JMIR Medical Informatics
Author(s) Garrell, Cecilia; Svedberg, Petra; Nygren, Jens M.
Author affiliation(s) School of Health and Welfare at Halmstad University
Primary contact Email: jens.nygren [at] hh.se; Phone: 46 35167863
Editors Eysenbach, G.
Year published 2016
Volume and issue 4 (2)
Page(s) e17
DOI 10.2196/medinform.5401
ISSN 2291-9694
Distribution license Creative Commons Attribution 2.0
Website http://medinform.jmir.org/2016/2/e17/
Download http://medinform.jmir.org/2016/2/e17/pdf (PDF)
This article should not be considered complete until this message box has been removed. This is a work in progress.

Abstract

Background: Digital health services empower people to track, manage, and improve their own health and quality of life while delivering a more personalized and precise health care, at a lower cost and with higher efficiency and availability. Essential for the use of digital health services is that the treatment of any personal data is compatible with the Patient Data Act, Personal Data Act, and other applicable privacy laws.

Objective: The aim of this study was to develop a framework for legal challenges to support designers in development and assessment of digital health services.

Methods: A purposive sampling, together with snowball recruitment, was used to identify stakeholders and information sources for organizing, extending, and prioritizing the different concepts, actors, and regulations in relation to digital health and health-promoting digital systems. The data were collected through structured interviewing and iteration, and three different cases were used for face validation of the framework.

Results: A framework for assessing the legal challenges in developing digital health services (Legal Challenges in Digital Health [LCDH] Framework) was created and consists of six key questions to be used to evaluate a digital health service according to current legislation.

Conclusions: Structured discussion about legal challenges in relation to health-promoting digital services can be enabled by a constructive framework to investigate, assess, and verify the digital service according to current legislation. The LCDH Framework developed in this study proposes such a framework and can be used in prospective evaluation of the relationship of a potential health-promoting digital service with the existing laws and regulations

Keywords: digital health; legal aspects; technological innovations

Introduction

Through the use of wireless devices, sensor technologies, the Internet, social networks, health information technology (IT), and personal health data, digital health services empower people to track, manage, and improve their own health and quality of life. At the same time, these services provide a more personalized and precise health care delivery, at a lower cost and with higher efficiency and availability.[1] An emerging area at the intersection of informatics, health care, and business is electronic health (eHealth)[2], which encompasses the mediation and interaction between health care and the individual via information and communication technology (ICT).[3] Although the extent of implementation and application of eHealth systems vary, the overall goal is the same: using ICT to provide better care more efficiently at a lower cost.[4] Mobile health (mHealth), as a component of eHealth, involves the use and capitalization on mobile devices[5] and encompasses any use of mobile technology to address health care challenges such as access, quality, affordability, matching of resources, and behavioral norms.[6] The use of mHealth offers great opportunities by allowing asynchronous and remote care[7] to an extensive number of potential users.[5] Applications for mHealth serve a variety of functions: providing easy access to medical information about the symptoms and treatment of various diseases or allowing patients to track clinical measurements that can be sent to the care provider.[6] These applications could change the nature of health care[8] by using technology to increase patient engagement, improve care quality, transform care processes[6], reduce health care costs, and minimize human error.[9]

Essential for the use of all digital health services is that the treatment of any personal data is compatible with the Patient Data Act, Personal Data Act, and other applicable privacy laws. The European Commission has declared its intention to drive greater legal certainty in the digital health domain, and through the Directive 2011/24/European Union (EU), for the first time, it has placed eHealth in a legal context, requiring member states to cooperate with interoperability standards to allow full use of eHealth services across EU borders.[10] Although some significant steps have been taken toward attaining this goal, the questions of liability for eHealth goods and services are still not fully addressed on EU level legislation. The lack of a fully worked out EU level framework illustrates the difficulties in pinpointing key concepts in relation to this rapidly evolving market. In response to this, the eHealth Authority was formed in Sweden in 2014 with responsibility for registries and the heterogeneity and variety of IT functions developed within Swedish health care.

While the authorities investigate and consider the technological capabilities of eHealth services in the intersection of health care quality, patient safety, ethics and legal matters, new IT services, and mobile applications are advancing dramatically. The focus for the regulatory authorities should be to streamline the regulatory processes and promote innovation[11], but because regulation and legislation are still behind, governmental authorities are forced to handle many issues in this domain case by case.[10] This implicates that designers of digital health services need to acquire knowledge about relevant regulation and legislation and how to relate to and act on such regulation.[12] A legal framework that could guide designers through these legal challenges, together with an understanding of the definitions of the concepts[13], would both simplify and speed up development of digital health solutions[14] and promote involvement of designers with experience from digital service design[15] in the development of new digital health services. The aim of this study was to develop such a framework to support designers in development and assessment of digital health services.

Methods

The study design was based on a stakeholder analysis approach for generating knowledge about actors to understand their intentions, interrelations, and interests and for assessing their influence on legal challenges in development of digital health services.[16] Data obtained from interviews with relevant authorities and organizations together with information about concepts and regulations in relation to digital health services were analyzed and structured to create a framework for legal challenges.

Case and framing

A framing of the questions about legal challenges and key concepts relevant to development of digital health services was discussed in the project group and with a consulting firm (Carmona AB) with expertise in the field of Web-based services and information solutions for handling of patient data and quality control. The consulting firm is in the forefront of developing such services in accordance with current legislation and in development of new practices and legislation. In this communication, we used data from our development of a digital service for play and interaction between children, aged 8-12 years, who have survived from childhood cancer treatment to frame legal challenges and key concepts.[17] The case was described by a concept description[18] and use experience descriptions through Persona characters and use scenarios.[19]

On the basis of this, a basic understanding of the domain was formed, and a major law firm, with experience of legal issues in health care and a jurisconsult responsible for privacy and patient safety issues at the county council, was consulted with the intention to extend knowledge and our preunderstanding of the legal challenges and key concepts in this domain. A first draft was conceived, of a legal framework with relevant concepts, laws, and agencies or organizations involved in the care of the target group, or with regulatory or supervisory responsibility.

Information sources

A purposive sampling[20] was used to identify stakeholders and information sources for organizing, extending, and prioritizing the different components of the framework guided by the case. The first contacted stakeholders referred to other stakeholders, that is, a snowball recruitment.[21] The information sources identified and used are listed in Table 1.

Table 1. Identified actors, organizations, and authorities, and their area of expertise, to be considered in the following investigation.
Actor Area of expertise
The project group Researchers focused on development of digital health services for children using a participatory design where researchers collaborate with children from the target group.
A local consulting firm Specialized in development of Web-based services and information solutions
Data Inspection Authority Works to secure the individual’s right to integrity in society
Inspection Authority for Health Care Supervises the activities in the social area and health care, as well as of health care professionals; the Authority is also responsible for certain permits.
The National Board Works for all citizens’ equal access to good health and health care
Ministry of Social Affairs The different disciplines within the overall responsibility: health care, health, social issues, social security features news about the government’s policy initiatives or decisions; they also contain current objectives and the government’s priorities in the field.
County Council Responsible for many aspects of development in the county; the County Council has the mission to promote development and growth and to provide good health care.
eHealth Authority Works with the development of national eHealth to contribute to better health care and health; the business is focused on creating participation for residents and providing support to practitioners and policy makers.
European Commission Represents interests of the European Union (EU); the commission proposes new legislation to Parliament and the Council of Ministers and ensures that EU countries apply EU law correctly.
Medical Products Agency Government agency under the Ministry of Social Affairs; it has the mandate to promote the Swedish public and animal health.

Data collection

Identified websites of organizations, authorities and different operators or actors, and functions were screened for information about concepts and regulations in relation to digital health services. Stakeholders were interviewed about their relationship to eHealth and digital health services (Table 1). Interviewees were representatives from the County Council Board on Coordination of Information Safety, The National Board, The Data Inspection Authority, eHealth Authority, and Inspection Authority for Health Care. Interviews were performed, with one person from each of the aforementioned organizations, over phone (approximately 30 minutes) and repeated if new questions appeared. The topics in the semi-structured interview guide were as follows: (1) Relationship to digital health services; (2) the authority’s function, assignment, and work for digital health services; (3) regulations that govern the work; and finally (4) other relevant information sources we should approach. In cases where we wanted to get the data confirmed in writing, follow-up questions were sent by email to the respective informant.

Data analysis

The meaning out of the data was made in a systematical way to discover the relevant concepts and relationships among the input.[22] All data inputs, such as questions, concept descriptions, laws and regulations, and functions, were put on post-it notes by the main author and structured on different levels and in relation to each other, and an affinity diagram was formed and discussed between all authors. The insights gained were used as a starting point for a framework for assessing the legal challenges in developing health-promoting digital services. The framework was iteratively verified against the project group and stakeholders (the Data Inspection Authority and eHealth Authority) and finally validated against three cases of digital health services.

Results

Identification of concepts and regulations

The identified concepts to consider in this domain are: medical device, eHealth, medical responsibility, care damage, personal data, and consent. The concepts, their definitions, and relevant regulations identified during data collection and the subsequent analysis are listed in Table 2. Concepts and regulations that were identified during data collection but were not found to be relevant for framing of legal challenges from the perspective of development of digital health services are not included in this compilation, such as: health care quality registries, the law on drug lists, and the regulations of The National Board of Health and Welfare.

Table 2. The Legal Challenges in Digital Health (LCDH) Framework for exploring a prospective health promoting digital service’s relationship to valid regulations.
# Concept Definition Question The following is valid for "yes" The following is valid for "no" Regulation
1 Medical device A product is a medical device if it has a medical purpose as to:
  • prove, prevent, monitor, treat, or mitigate a disease.
  • prove, monitor, treat, mitigate, or compensate an injury or disability.
  • examine, change, or replace anatomy or a physiological process.
  • control fertilization.
 Is the product a medical device? The manufacturer must handle security aspects. Medical Products Agency is responsible for supervision of products and manufacturers. Inspection Authority for Health Care audits healthcare usage.
 
Proceed to No. 2. 		The manufacturer cannot claim anything, which is covered by the definition of a medical device, for example, that the product may mitigate a disease.
 
Proceed to No. 2. 		The law of medical devices SFS 1993:584 (Swedish Code of Statutes) and Council Directive 93/42/EEC (European Economic Community) concerning medical devices.
2 eHealth An eHealth service has a purpose to:
  • mediate health service or information and interaction between health care and an individual.
  • mediate information exchange between patients and health care professionals, hospitals, and other professionals within health care and networks for health information and telemedicine.
  • use information and communications technology (ICT) to improve the preventive work, diagnoses, health care, monitoring, or administration.
 Is the product an eHealth service? Proceed to No. 4. Proceed to No. 3. The Health Care Act (SFS 1982:763)
3 Medical responsibility Usually referred to health professionals' medical professional liability in the care and treatment of a patient and the medical responsibility in a comprehensive organizational plan. Is the service recommended/supplied by the health care provider? (The health care provider recommends a service if they encourage or call for usage. It is not enough to only inform that the service is available.) The health care provider vouches for the safety and security of the technology and that the risk of care damage is low. The service is examined and evaluated by a number of criteria. The health care provider has no responsibility.
 
Proceed to No. 5. 		The Health Care Act (SFS 1982:763)
4 Care damage Damage that could have been avoided if adequate arrangements were taken while in contact with the health care provider. If medical device or eHealth service, the risk of care damage is determined by the level of care, the vulnerability of the target group, and how the usage is being monitored or followed up by the health care provider. Is there any risk of care damage? If the service includes monitoring/data logs that register threshold values or personal controls to prevent care damage, the responsibility of the health care provider is restricted. If no monitoring is performed, the health care provider is responsible for preventing care damage.
 
Proceed to No. 5. 		The health care provider has no responsibility.
 
Proceed to No. 5. 		Patient Safety Act (SFS 2010:659)
5 Personal data Personal data includes all information that can directly or indirectly be assigned to a physical person who is alive. The handling of personal data includes every action or series of actions taken regarding personal data (automatically or not). For example, collection, registration, usage, storage, organization, processing, and distribution. Is personal data handled? Proceed to No. 6. To completely stay out of Privacy Act, the outcome measures of the patients must be anonymized. The health care provider has no responsibility. Privacy Act (SFS 1998:204) and the Patient Data Act (SFS 2008:355)
6 Consent Consent is defined as any freely given specific and unambiguous expression by which the registered person, after receiving information, accepts handling of personal data relating to him or her. Does the service lack user agreement? (An agreement in which the purpose of the service, privacy, terms of use, responsibilities, and similar are regulated.) The responsibility of the health care provider should be investigated/examined. A responsibility agreement signed by adult or parent/advocate may free the health care provider from responsibility. Privacy Act (SFS 1998:204)

References

  1. Topol, E.J. (2012). The Creative Destruction of Medicine: How the Digital Revolution Will Create Better Health Care. New York: Basic Books. pp. 320. ISBN 9780465025503. 
  2. Eysenbach, G. (2001). "What is e-health?". Journal of Medical Internet Research 3 (2): e20. doi:10.2196/jmir.3.2.e20. PMC PMC1761894. PMID 11720962. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1761894. 
  3. "eHealth". European Commission. http://ec.europa.eu/health/ehealth/policy/index_en.htm. Retrieved 27 April 2016. 
  4. Editor Connect (6 June 2012). "High tech for health". European Commission. https://ec.europa.eu/digital-single-market/en/news/high-tech-health. Retrieved 27 April 2016. 
  5. 5.0 5.1 WHO Global Observatory for eHealth (2011). "mHealth: New horizons for health through mobile technologies: Second global survey on eHealth". World Health Organization. pp. 102. http://apps.who.int/iris/handle/10665/44607. 
  6. 6.0 6.1 6.2 Schulke, D.F. (2013). "The regulatory arms race: Mobile health applications and agency posturing". Boston University Law Review 93: 1699–1752. 
  7. Kramer, G.M.; Kinn, J.T.; Mishkind, M.C. (2015). "Legal, Regulatory, and Risk Management Issues in the Use of Technology to Deliver Mental Health Care". Cognitive and Behavioral Practice 22 (3): 258–268. doi:10.1016/j.cbpra.2014.04.008. 
  8. Ferguson, B. (2012). "The Emergence of Games for Health". Games for Health Journal 1 (1): 1–2. doi:10.1089/g4h.2012.1010. PMID 26196423. 
  9. Fellay, S. (4 August 2014). "Changing the rules of health care: Mobile health and challenges for regulation". American Enterprise Institute. 
  10. 10.0 10.1 Andoulsi, I.; Wilson, P. (2013). "Understanding liability in eHealth: Towards greater clarity at European Union level". In George, C.; Whitehouse, D.; Duquenoy, P.. eHealth: Legal, ethical and governance challenges. Springer Berlin Heidelberg. pp. 165–180. doi:10.1007/978-3-642-22474-4_7. ISBN 9783642224744. 
  11. Vedder, A.; Cuijpers, C.; Vantsiouri, P.; Ferrari, M.Z. (2014). "The Law as a ‘Catalyst and Facilitator’ for Trust in E-Health: Challenges and Opportunities". Law, Innovation and Technology 6 (2): 305–325. doi:10.5235/17579961.6.2.305. 
  12. Kolitsi, Z.; Thonnet, M. (2014). "New Directions in eHealth Governance in Europe". In Rosenmöller, M.; Whitehouse, D.; Wilson, P.. Managing eHealth: From vision to reality. Palgrave Macmillan UK. pp. 50–60. doi:10.1057/9781137379443_5. ISBN 9781137379443. 
  13. Stroetmann, K.A. (2014). "Scoping global good eHealth platforms: Implications for sub-Saharan Africa". IST-Africa Conference Proceedings: 1–10. doi:10.1109/ISTAFRICA.2014.6880601. ISBN 9781905824434. 
  14. Nilsson, C. (16 December 2013). "Gamification förnyar vården". IT i Vården. http://itivarden.idg.se/2.2898/1.539129/gamification-fornyar-varden. Retrieved 27 April 2016. 
  15. Brown-Johnson, C.G.; Berrean, B.; Cataldo, J.K. (2015). "Development and usability evaluation of the mHealth Tool for Lung Cancer (mHealth TLC): A virtual world health game for lung cancer patients". Patient Education and Counseling 98 (4): 506–511. doi:10.1016/j.pec.2014.12.006. PMC PMC4451946. PMID 25620075. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4451946. 
  16. Varvasovszky, Z.; Brugha, R. (2000). "How to do (or not to do)… A stakeholder analysis". Health Policy and Planning 15 (3): 338–45. doi:10.1093/heapol/15.3.338. PMID 11012410. 
  17. Lindberg, S.; Wärnestål, P.; Nygren, J.; Svedberg, P. (2014). "Designing digital peer support for children: Design patterns for social interaction". IDC '13: Proceedings of the 12th International Conference on Interaction Design and Children: 47–56. doi:10.1145/2593968.2593972. 
  18. Wärnestål, P.; Nygren, J. (2013). "Building an experience framework for a digital peer support service for children surviving from cancer". IDC '14: Proceedings of the 2014 Conference on Interaction Design and Children: 269-272. doi:10.1145/2485760.2485794. 
  19. Wärnestål, P.; Svedberg, P.; Nygren, J. (2014). "Co-constructing child personas for health-promoting services with vulnerable children". CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: 3767-3776. doi:10.1145/2556288.2557115. 
  20. Silverman, D. (2013). Doing Qualitative Research: A Practical Handbook. Sage Publications, Ltd. pp. 488. ISBN 9781446260159. 
  21. Waters, J. (2015). "Snowball sampling: A cautionary tale involving a study of older drug users". International Journal of Social Research Methodology 18 (4): 367–380. doi:10.1080/13645579.2014.953316. 
  22. Kolko, J. (2011). Exposing the Magic of Design: A Practitioner's Guide to the Methods and Theory of Synthesis. Oxford University Press. pp. 208. ISBN 9780199744336. 

Notes

This presentation is faithful to the original, with only a few minor changes to presentation. In several cases the PubMed ID was missing and was added to make the reference more useful. Several grammar errors were corrected, particularly in Table 2.

Per the distribution agreement, the following copyright information is also being added:

©Cecilia Garell, Petra Svedberg, Jens M Nygren. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 25.05.2016.

Retrieved from "https://www.limswiki.org/index.php?title=Journal:A_legal_framework_to_support_development_and_assessment_of_digital_health_services&oldid=25569"