Addressing legal risks can allow health providers to realise benefits of digital health initiatives, say experts

Out-Law News | 09 Sep 2014 | 10:16 am | 2 min. read

Addressing the legal risks inherent in involving third party technology service providers in delivering health care services can help health care bodies to realise the benefits of digital health initiatives, two experts have said.

IT contracts expert and specialist in digital health Matthew Godfrey-Faussett of Pinsent Masons, the law firm behind Out-Law.com, said that health care providers can make significant cost savings and deliver improved health outcomes for patients by using new technology to deliver health services remotely.

However, he said that the benefits of the projects may not be realised if the providers do not address legal risks, in particular those relating to data protection compliance, information security and the need to ensure the accuracy of data submitted remotely by patients.

Godfrey-Faussett was commenting after a hospital in Singapore announced that it had launched a pilot digital health programme for heart failure patients.

Heart failure patients that undergo treatment at Changi General Hospital will be issued with a personal health tablet, a weighing machine and a blood pressure monitor upon their release from hospital and will be expected to use the devices to measure their weight, pulse and blood pressure daily. The results of the tests will be automatically uploaded to the hospital's central system for monitoring by doctors.

Singapore-based technology law expert Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, said the "need to lower costs and to free beds/resources for more pressing needs" were the two main drivers of digital health initiatives in Singapore. Changi General Hospital said that 40% of its heart failure patients are re-admitted to hospital within a year of being released after treatment, citing patients' failure to adhere to "prescribed treatment plans" as a "key reason" behind the re-admittance figures.

Tan said that the quality of health care offered and the quality of life of the patients should not be compromised or suffer adversely but instead improve as a result of the Changi General Hospital's initiative. He said, though, that "legal issues especially on the data protection front need to be carefully considered".

Matthew Godfrey-Faussett agreed with Tan's assessment.

"You can see this pilot programme in Singapore is a relatively affordable way of improving the chances that patients will comply with their patient plans post-treatment by making it easy for them to do so using the latest technology," Godfrey-Faussett said. "There are clear financial benefits to be gained by monitoring the health of patients remotely, creating the ability to reduce reliance on expensive, centralised outpatient facilities whilst making the monitoring of chronic conditions more straightforward and convenient for patients."

"Health care providers considering similar digital health initiatives need to ensure that data security and data protection compliance are central to their projects and to arrangements put in place with the suppliers of any associated technology solution. Where health data is being processed this information is clearly highly sensitive and valuable, requiring extra care to be taken in the way it is collected, processed and disclosed. In particular, health care bodies would need to be confident that the data generated from digital health devices cannot be accessed by anyone other than authorised, trained health care staff," he said.

"Health care bodies must consider how to transfer data securely, in an encrypted form, across networks linking patient devices and the health care provider’s systems. The question as to whom is responsible for the security of the data on the device and for the data while it is in transit must be clearly addressed," Godfrey-Faussett said.

"Other legal risks arise in relation to the accuracy of data generated by digital health devices. Home data recording and remote monitoring is only useful if the data can be trusted as accurate otherwise trust in the data and any resulting treatment plan will be undermined," he said.

"If faulty connections or equipment causes the readings from devices to be flawed or capable of being falsified by the patient, then the provider of relevant health care services could be open to medical negligence liabilities which may not have existed had more standard monitoring systems been deployed. Procedural and contractual mechanisms must be used to deliver effective governance addressing these issues and incentivise suppliers to deliver robust systems," the expert said.