Feature: Patient data
“Complete anonymisation is a chimera”
Andrea Martani is a legal scholar who studies data protection law in biomedical research. He believes that Switzerland’s data-sharing culture is inadequate and impedes practical solutions. But the patient’s condition is improving.
Andrea Martani, have you ever donated your health data for research?
I always offer this as an example of how health data protection is an everyday topic. When I first went to the university dental clinic in Basel and filled in the patient registration form, the last question was: “Will you allow us to use this data for research?”. I ticked the ‘yes’ box, of course.
Aren’t you afraid that your data might be misused?
I won’t write a blank cheque, but I do trust the university hospital system in Switzerland. You always have to strike a balance. There is no such thing as 100 percent security. And complete anonymisation is a chimera.
Why did you choose data protection as your research topic?
It is one of the youngest fields in law. The first piece of data protection legislation worldwide was only enacted in 1970 by the German state of Hessen. Other legal fields, such as criminal law, are literally thousands of years old. It is interesting to be able to work in a new field and to help shape its future.
Fifty years ago – was that when computers came on the scene?
Yes, digitalisation marked the beginning of our concerns with data protection. The law follows technological advances, but tends to lag behind. Lawmakers are caught between the hammer and the anvil: either they write law in general terms, thereby creating legal uncertainties, or they are specific, in which case the law might quickly become outdated.
On a scale from one to ten, how good are high-income countries in balancing data protection and health research?
First we have to consider the data infrastructure. Where are the data stored? How are they transferred? Are they standardised? Secondly, there is the cultural aspect. How are data accessed? What are the perceptions of the patients? What are the ethics of the researchers? I would say that the balance is quite positive overall in many countries. Denmark, for example, would get nine out of ten across the board. But the situation is evolving, and any balance that is achieved can change very quickly.
How would you rate Switzerland?
Here, unfortunately, the score is lower. I would maybe mark it with five or six out of ten. There is a huge cultural problem: stakeholders often see health data as an asset and are hesitant to share them. For them, data are associated with risks – e.g., data leaks – and have few advantages. But a few years ago, the score would have been much lower. The personalised health network in Switzerland is a huge improvement. Researchers now have easier access to certain routinely collected data, with a single query system and standardised forms for data transfer agreements.
What is it that keeps the score so low?
It is politically sensitive to talk about bad examples. One element of the Swiss health data landscape that has raised eyebrows is the current implementation of electronic patient records. This is a secondary system intended to collect health data on top of hospital care records. People still have to go in person to specific offices to open this kind of electronic record. It stores data in PDF form, making it difficult to analyse and to navigate, even for the physicians treating patients or the patients themselves. What’s more, it is unclear what procedures researchers need to follow if they want to use the data.
Should Switzerland stop this project altogether?
If we stopped it now, we would lose a lot of investment that has already been made. The project will still take many years to implement. The Swiss health system is great in many respects, so why should we give up trying to create really interoperable electronic health records? Massive improvements are possible, if we compare Switzerland with what’s happening internationally.
This project shows that it is very difficult to balance an individual’s right to privacy and the need for medical data in order to save lives. What ethical arguments are involved in this?
That question was solved at the end of the last century. Either researchers have to ask every individual for their consent, or they anonymise the data. But in the 2000s, this paradigm was called into question by the increasingly uncontrollable flow of data. Individual consent is not feasible any more, and anonymisation has ceased to exist.
Did Denmark solve this conundrum?
The debate is ongoing. For example, at the beginning of the coronavirus pandemic, there was uncertainty as to whether painkillers like Ibuprofen might cause complications. Danish researchers were able to run a retrospective analysis relatively quickly to provide policymakers and public health authorities with answers. This was made possible by using personal identifiers to link information on the same patient that happens to be scattered across different databases. They might have solved the conundrum, but some legal scholars still question whether this procedure really protects people’s privacy. While researchers do not directly access a patient’s identity, their data are still linked by means of personal identifiers.
Could researchers perform this kind of retrospective analysis in Switzerland?
At a technical level it would be difficult, since the health data infrastructure has historically developed in a very different way. At a legal level, the Swiss Human Research Act allows for the retrospective analysis of previously collected data without consent if you are granted approval by an ethics committee. But this is only allowed under exceptional circumstances. Analyses show that this consent is actually given regularly. It seems to be a clear case of miscommunication between data protection lawyers and researchers on the frontline of data usage about how often this exception clause should be used.
You say the practice is too lenient. But in other cases it seems overly strict. The new European General Data Protection Regulation (GDPR) recently prevented a German stem cell bank from continuing to work with a reputable US research clinic.
We must remember that the GDPR replaced a European directive on data protection that had a similar structure. It is true that there are many new rules now, but that is not the real problem. The main issue is that the new regulation has made people more anxious about handling data correctly. This law could also use data protection as an excuse to safeguard researchers’ own interests. There is a huge debate unfolding within the biomedical research community about sharing data. Who should get it? Who should pay to manage datasets? Lawyers often do not help. It has even been argued that law firms are relying on maintaining uncertainty about data processing rules.
How can we simplify the regulations?
Switzerland needs to define what it wants to use its health data for. Denmark focused on public health. Having a clear aim should create a narrative around which everyone involved in the health, legal and research sectors can coalesce. For example, Switzerland would be well placed to conduct healthcare-systems research. We could analyse whether there is overconsumption in Zurich and underconsumption in Appenzell, to ensure that the cantonal systems learn from each other.
What can research institutions do in the short term?
We need more proactive communication from lawyers to researchers. Discussions should be held on how to use data from university hospitals and health insurers. It should be scaled up so that it does not always take six months to set up an agreement when different datasets are to be combined. When can one assume consent, and when not? Is it enough to put up an information sign in a hospital to notify patients when their data are being collected, or do we need to send a letter to each and everyone involved?