E-health requires adapted legislation and regulatory management

The number of digital health services has exploded over the last decade, while Swedish legislation has a hard time keeping up. Existing and future regulations need to be adapted to IT systems and solutions, according to law Professor Cecilia Magnusson Sjöberg in a new SNS report. At the same time, however, we need to avoid overly technology-specific solutions, which tend to become obsolete quite rapidly. Instead, Magnusson Sjöberg recommends building test environments where a legal perspective plays a proactive role in creating legitimate IT solutions.

E-health as apps – data protection and data sharing. English Summary 37.1 KB PDF

In this report, Cecilia Magnusson Sjöberg shows that Swedish law is not in step with health apps already used in the field of e-health. By health apps, she refers to everything from notification apps used for upcoming visits to health apps where the patient’s health data are collected and communicated to the healthcare provider. The report is broad in scope and covers quite a few perspectives on personal health accounts.

Magnusson Sjöberg highlights a number of problems, including the lack of governance and coordination by public authorities. One example is the project carried out by the Swedish eHealth Agency to develop personal health accounts, which was ended by the Swedish Data Protection Authority after six years of work as the two agencies interpreted the legislation differently. After the matter was tried in court, the project was ended.

“If privacy protection is allowed to entirely dominate legal developments, there is a risk that the development of digital health services is unnecessarily slowed down. The politicians in charge must decide which approach to adopt. This issue needs to be addressed even if it involves a number of difficult decisions regarding the balance between personal privacy and the ability of healthcare providers to collect and share patient data”, says Cecilia Magnusson Sjöberg, Professor of law and Subject Director of Law & Informatics at Stockholm University.

The ambition of Swedish legislators to consistently develop technology-neutral regulations is another obstacle for the digitalisation of healthcare services. According to Cecilia Magnusson Sjöberg, these regulations tend to become so general that they do not offer sufficient support in terms of determining what is permitted and what is not.

An additional problem is that according to GDPR, administrative fines differ greatly between the public and private sectors, which means that private suppliers face significantly greater financial risks. As a result, they may require special legal support.

Finally, Magnusson Sjöberg points out that no clear responsibility exists regarding legacy systems (i.e., older, complex IT systems still in operation). Updating and upgrading these systems is important from a data protection perspective, but also as a basic prerequisite for research based on public records.

“In order to achieve the government’s goal that Sweden should be number one in e-health by 2025, we need to include a legal perspective already at the development stage of health apps. Better legal foresight may benefit many actors and groups. Suppliers can more easily get an understanding of the rules at hand, patients get better control over their personal data and consumers of health data can more easily exercise their rights”, says Cecilia Magnusson Sjöberg.

This report is published within the framework of the SNS research project Health care in the 21st century.