Health data are essential to modern health care delivery, health system management and research and innovation, and must be well governed to foster their use while protecting privacy and data security. The 2016 OECD Recommendation on Health Data Governance provides a roadmap towards more harmonised approaches to health data governance across countries. It recommends implementing national health data governance frameworks and sets out the key principles to follow when doing so, while promoting trans-border co-operation in data governance and interoperability. This report provides an overview of the implementation of the Recommendation from 2016-2021 and finds that while there are examples of good progress, overall many Adherents are still working towards implementation in areas including data sharing, accessibility, quality, interoperability and security and privacy protections. Efforts to support the implementation and dissemination of the Recommendation will continue for the next reporting cycle (2022-27) with a focus on cybersecurity, harmonising health data governance to allow for multi-country projects and improving global health data interoperability.
Health Data Governance for the Digital Age
Abstract
Executive Summary
The Recommendation on Health Data Governance was adopted by the OECD Council on 13 December 2016 on a proposal of the Health Committee (HC) and Committee on Digital Economy Policy (CDEP), and was welcomed by OECD Health Ministers at their meeting in Paris on 17 January 2017.
The Recommendation aims to guide countries adhering to it to set the framework conditions for enabling the availability and use of personal health data to unlock its potential. In so doing, it also provides a roadmap toward more harmonised approaches to health data governance across Adherents. The health sector remains significantly behind other economic sectors such as transportation, travel, banking and finance, in the interoperability of data. It was designed to be technology neutral and robust to the evolution of health data and health data technologies.
The Recommendation has provided important guidance to governments during the global COVID‑19 pandemic. The pandemic shone a spotlight on the capacity of each countries’ health information systems to provide critical information for the public welfare; as well as on aspects of data governance that created obstacles to responding to the pandemic in a timely way. Further, the Recommendation is a tool for the evaluation of countries’ progress toward modern integrated health information systems that meet the information needs of the digital age and can support governments in times of crisis.
The need for an international standard on health data governance
Health data are necessary to improve the quality, safety and patient-centredness of health care services, to support scientific innovation, the discovery and evaluation of new treatments and to redesign and evaluate new models of health service delivery. The volume of personal health data in electronic form is already very large and is growing with technological progress including electronic health and administrative records; behavioural and environmental monitoring devices and apps; and bio-banking and genomic technologies. The scale, capabilities and methodologies of health data gathering, aggregation and analysis are also radically evolving.
When personal health data are linked and analysed, an exponential gain in information value can be attained to serve the health related public interest, such as improving diagnosis, particularly for rare diseases; identifying optimal responders to treatment and personalising care for better patient outcomes; detecting unsafe health care practices and treatments; rewarding high quality and efficient health care practices; detecting fraud and waste in the health care system; assessing the long-term effects of medical treatments; and discovering and evaluating new health care treatments and practices. Emerging technologies including Big Data analytics, for example, can utilise enhanced computing power to process broad ranges of data in real time, that, when applied to health can, improve patient-care and further the discovery of disease markers and disease‑specific solutions.
However, often the data are held in silos by the organisations collecting them and there are uncertainties on how the potential benefits of the new analytic techniques can be achieved while ensuring the implementation of existing data protection standards and procedures. A 2013 OECD study showed that many OECD Members lack a co‑ordinated public policy framework to guide health data use and sharing practices, so as to protect privacy, enable efficiencies, promote quality and foster innovative research.
There are benefits and risks from health data processing at both the individual and societal levels. The maintenance of a confidential health care system is fundamental to effective individual care and treatment, and to public health. Appropriate reconciliation of these risks and benefits is necessary to best serve the interests of both individuals and societies. In addition, international collaboration is essential to enable countries to safely benefit from health data and to support the production of multi-country statistics, research and other health-related uses of those data that serve the public interest.
It is against this backdrop that in 2014, the OECD Health Committee and the Committee on Digital Economy Policy agreed to jointly develop an OECD standard to tackle those issues – the Council Recommendation on Health Data Governance.
Scope of the Recommendation
The Recommendation applies to the access to, and the processing of, personal health data for health-related public interest purposes, such as improving health care quality, safety and responsiveness; reducing public health risks; discovering and evaluating new diagnostic tools and treatments to improve health outcomes; managing health care resources efficiently; contributing to the progress of science and medicine; improving public policy planning and evaluation; and improving patients’ participation in and experiences of health care.
The Recommendation recommends that Adherents establish and implement a national health data governance framework to encourage the availability and use of personal health data to serve health-related public interest purposes while promoting the protection of privacy, personal health data and data security. Twelve principles set the parameters to encourage greater cross-country harmonisation among the health data governance frameworks of Adherents so that more countries can use health data for research, statistics and health care quality improvement.
The Recommendation also recommends that Adherents support trans-border co‑operation in the processing of health data for purposes that serve the public interest. It further recommends that Adherents engage with relevant experts and organisations to develop mechanisms that enable the efficient exchange and interoperability of health data.
Finally, it encourages non-governmental organisations to follow the Recommendation when processing personal health data for health-related purposes that serve the public interest and invites non-Adherents to take account and to adhere to the Recommendation
Countries are still in the process of implementing the Recommendation
This report presents progress made by countries adhering to the Recommendation in implementing it and reports on its dissemination and continued relevance. It was prepared using three surveys (the 2019/20 Survey of Health Data Use and Governance, the 2021 Survey of Electronic Health Record Systems Development, Use and Governance, and the 2021 Survey of Health data and Governance Changes during the COVID‑19 pandemic) as well as the results of several workshops including one on Health Innovation through Fair Information Processing Practices in 2021.
The 2022 Report confirms the continued relevance of the Recommendation, which has proven to be particularly important to address the COVID‑19 pandemic. Overall, results indicate that there are many Adherents that are still working toward implementation of the Recommendation.
Among Adherents with lower scores for dataset availability, maturity and use, the challenge lies in making data available for research and statistical purposes. In these countries, there is work to be done to develop collaborative policies and practices among government authorities in custody of key health data. Considerable work and investments are required in such Adherents to improve data quality, linkability and sharing with researchers, so that data can serve health-related public interests. Among Adherents with lower scores for data governance, there are gaps to address in data privacy and security protections for key health datasets such as having a data protection officer and providing staff training, access controls, managing re‑identification risks, and protecting data when they are linked and accessed.
The 2022 Report also concludes that the Recommendation has been widely disseminated to various stakeholders through various avenues, in particular through policy workshops, reports, scientific articles, newsletters and blogs and presentations to meetings and conferences. More work can be done and Adherents are encouraged to disseminate the Recommendation further at all level of governments and to non-governmental organisations.
Next steps
Over the next five years, the Health Committee and the Committee on Digital Economy Policy will continue developing tools to support the implementation and dissemination of the Recommendation.
Findings from this report are contributing to a new OECD Going Digital III horizontal project to support countries in strengthening data governance to support the development of digital societies.
Future work could focus on three areas that pose challenges for Adherents in implementing the Recommendation: 1) increasing the interoperability of health data and data analytics; 2) achieving greater harmonisation of health data governance frameworks for cross-country collaboration involving the sharing and use of health data; and 3) enhancing the sharing of experiences and best practices in health data security in response to the increasing occurrence of malicious attacks on health data.
