Informed consent to the use of personal health data: A new standardized approach
For the first time, international initiatives such as the European Health Data Space recognize the value of citizen-generated health data. An EU-wide digital platform will allow the exchange of traditional as well as citizen-generated health data across member states for the use in patient care and research. Germany is currently preparing the corresponding national legislations such as the German Health Data Act (Gesundheitsdatennutzungsgesetz, GDNG). However, the role of citizens in consenting to health data sharing is the subject of a controversial debate.
"The sharing of health data and implementation of data exchange platforms is a topic that comes with great expectations for patient care and medical innovation—but also with concerns about a lack of citizen involvement and data capitalism. Our publication proposes a universal and standardized consent approach in which citizens have the full control about the sharing of their health data," explains Stefanie Brückner, research associate in the research group Medical Device Regulatory Science led by Prof. Stephen Gilbert at the Else Kröner Fresenius Center for Digital Health at TU Dresden.
In their recently published paper "The Social Contract for Health and Wellness Data Sharing Needs a Trusted Standardized Consent" in Mayo Clinic Proceedings: Digital Health, the researchers propose a new, simple approach to managing consent options for health data sharing.
The standard health consent (SHC) is intended to unify and standardize the currently fragmented consent practices of apps and digital health services. It's core is a digital, personal profile with a consent cockpit, which allows citizens to review with whom they share their health data and change consent at any time. Further, the process for gathering consent for data sharing will be standardized and simplified to enable citizens to make informed decision.
For physicians and secondary data users such as researchers, this approach ensures that the patient-generated health data is shared on the correct legal basis and is safe to use. The technical implementation of the SHC uses existing technologies for identity and authentication management. These systems are well-known and standard practice in other industries with highly sensitive data—for example, in banking apps like PayPal or Stripe.
Stefanie Brückner states, "Health care stakeholders and policymakers face the major challenge of building public trust in the use of health. We see the active involvement of citizens via a standardized consent approach as well as a clear data governance and communication strategy as key elements for sustainable trust building."
More information: Stefanie Brückner et al, The Social Contract for Health and Wellness Data Sharing Needs a Trusted Standardized Consent, Mayo Clinic Proceedings: Digital Health (2023). DOI: 10.1016/j.mcpdig.2023.07.008