health + tech in law = mixing chalk + cheese
Recently the World Health Organization (WHO) published a guideline entitled “Recommendations on Digital Interventions for Health System Strengthening.” The guideline responds to the World Health Assembly Resolution on Digital Health, approved by Member States in 2018, which tasked the WHO to provide normative guidance on digital health. In particular, the Member States indicated that they were interested in employing digital health technologies to advance universal health coverage and other health aims of the Sustainable Development Goals.
The main objective of this guideline is to provide evidence-based recommendations to Member States regarding the adoption of digital health interventions. Although the WHO intends to eventually look at a broader range of digital health interventions, this version of the guideline focuses on certain ones delivered through mobile devices (mHealth).
The guideline examines each of the reviewed digital health technologies using a standard framework. The presentation of the evidence is divided into five key areas: effectiveness, acceptability, feasibility, resource use, and gender, equality and rights. After this presentation of evidence, recommendations are provided. Finally, implementation considerations are discussed. Within this last part, legislation, policy and compliance is discussed, along with other topics such as standards and infrastructure.
While I find each assessment to be interesting, for the purposes of this post, below I am going to just review the themes relating to legislation, policy and compliance (this is a law blog, after all!). However, if you’re developing or procuring mHealth products, I would recommend taking a look at the whole guideline. It might be useful to see the kinds of factors that could make a particular intervention worth pursuing or implementing.
Overall, trust is one of the main considerations for digital health and thus data privacy plays an important role. Furthermore, keeping information confidential is only one aspect of privacy. However, privacy also implicates data ownership, access, integrity and consent.
An interesting example discussed in the guideline is the provision of birth or death notifications through mobile devices . The guideline notes, “[i]mplementers should understand, for example, the implications and necessary regulations if the database of notified births and deaths is also being held by mobile network operators, and the potential for commercial uses of the data.”
The guideline includes recommendations with respect to ensuring health care workers are adequately trained, supervised and supported. These recommendations are separate from, but overlay, the policy and legal implications. In particular, there is a need to ensure that those who deliver healthcare using digital health are qualified and license to do so, especially in telemedecine. As well as with the regulatory aspect for healthcare workers within the country, policies with respect to the possibility of international delivery of health care should be considered. Liability issues should also be clarified.
Although the guideline does not particularly focus on the limitations of digital health as a topic, it definitely is a recurring theme. For example, with respect to telemedicine, the guideline notes that what can and cannot be done during remote consultations should be determined.
In addition, current laws or practices may restrict the implementation of certain digital health technologies. For example, with respect to the mobile delivery of birth and death certificates mentioned above, changes to systems or processes incorporating signatures or approvals based on paper-based forms would likely be necessary.