Twenty-first century health systems should be built around information: the right information reaching the right place at the right time. This enables the provision of high-quality and integrated care to all people in need, as well as better public health practice, health system management, and research and innovation. While health systems will continue to be structured, funded and organised differently, success – in terms of better care, and improved public health, system management and research – will be characterised by a comprehensive, coherent, standardised and integrated approach to managing (electronic) health data. Success relies on data being harmonised and interoperable, and able to be exchanged between custodians and silos.

In this context, “health data” includes any data that contain information relevant to health policy objectives, either directly or when combined with other data. The most obvious example of health data are personal medical or health records. These data contain longitudinal information on medical interventions, medications and tests performed in health care settings as well as the results and outcomes. They may include patient-reported data on outcomes and experiences of care. Other common types of health data are administrative and insurance claims data, which typically capture medical activity and their costs/prices. Registries contain patient-level information about specific diseases or procedures (e.g. diabetes or joint replacement). Population surveys contain information for a representative sample of people and may have more detailed behavioural and environmental data, such as nutrition and physical activity, than administrative or clinical data sources. Population Census and Registry data contain detailed data that, when linked to health data, provide socio-demographic and socio‑economic characteristics that are relevant to understanding health care accessibility and equity.

Data on the provision and outcomes of long-term care are increasingly relevant and important. Social care data can also provide insights into health status and needs of individuals and populations. Data on population and public health such as risk factors and behaviours are typically generated through surveys but can now be derived from more primary sources such as electronic medical records or claims data. Social and economic data such as unemployment status or income as well as environmental data on pollution, for example, can provide very valuable insights for policy makers when combined with other types of data that capture health status and health care use of individuals and populations (Figure 2.1).

It is necessary to distinguish between data and information. Data are raw figures and facts and, in and of themselves, may not be very valuable. Information, on the other hand, is meaning and insights that are obtained from the analysis of data. Thus, this report focusses on obtaining value from health data within Korea by developing a system that yields information.

Any endeavour whose goal is social and economic advancement relies on effective infrastructure. Putting data to work successfully is no exception. Data infrastructure comprises data assets supported by people, processes, and technology (The Open Data Institute, n.d.[1]). Technology, including IT hardware and software, is important. But the critical aspects of a health data infrastructure in the modern era (and in technologically advanced countries like Korea) are the bodies and organisations that create, maintain and manage personal health data as well as the institutions, policies and rules (i.e. governance) that guide the use of these data. This creates an ecosystem of technology, processes and actors/organisations needed for the collection, storage, maintenance, distribution and (re)use of data by the different end users.

As an analogy, a rail infrastructure includes not only the tracks and trains but also the resources, people and equipment to maintain them, regulations and traffic control rules, as well as ticketing and other passenger services. A strong data infrastructure therefore enhances the efficiency and productivity of using data.

A data infrastructure is the foundation for a health information system, which not only collects, manages, compiles standardises and exchanges data but also derives meaning and information from health data through analysis and review. It is a system because the focus is on data exchange and integration of information across different stakeholders. This requires – in addition to the hardware, software, IT expertise and analytical models – the supporting laws, policies, governance, as well as public communication channels, strategic planning, implementation guidelines, and audit and evaluation mechanisms.

An integrated health information system means that electronic data are FAIR (findable, accessible, interoperable, reusable), and can be exchanged and securely used by other actors and institutions to serve the public interest. The result is that data can flow, safely and securely, to where information can be extracted to create the knowledge that advances human health and well-being.

An integrated health information system can not only directly help to improve care quality, outcomes and empowerment by enabling patients and their health care providers to access important information, but it can also raise the country’s capacity to use these data for other important purposes including:

• Managing health system performance from the national level to the clinical microsystem

• Public health monitoring and surveillance

• Opening new communications channels with patients to improve patient-centred care such as the active use of patient-reported metrics (PROMs and PREMs)

• Introduction of new digital services such as e‑prescriptions or telehealth

• Better targeting of reimbursement for services to reward value

• Biomedical research and development

• Innovation such as big data analytics and artificial intelligence that will enhance knowledge‑based decisions for patient care and health system governance.

Every data point should serve many uses, from informing a physician caring for a patient to helping patients manage their care, to health care quality monitoring indicators, value‑based payments, real-world evaluation of the effectiveness of therapies and contributing to clinical decision support tools (artificial intelligence). Recent advances have also demonstrated that individuals’ data are used to inform decisions about their care and the care of others. The distinction between using data for primary purposes (direct patient care) and secondary purposes (e.g. research, public health monitoring) is therefore increasingly blurred.

For this reason, health data today cannot be simply categorised as personal or non-personal when the data pertain to individuals. Simply removing personal identifying information like names, addresses, health insurance numbers and birth dates from a data set, does not render the data anonymous because it is increasingly easy to re‑match the data to other datasets and re‑identify individuals with some probability of success. More complex manipulations or aggregations of data to try to guarantee anonymity may reduce the quality, validity and usefulness of the data needed to produce valid information and research results.

Even the simple step of removing personal identifying information must be carefully considered, as the linkage of datasets may require this information, for example to link hospital inpatients to mortality data to find out how many patients died in the weeks following a procedure. Mechanisms that allow re‑identification for approved data uses, such as investing in pseudonymisation and secure storage of re‑identification keys, are recommended by the OECD (see Annex B).

The key elements of an integrated system that enables primary and secondary uses of data are: approaching health data as a public good; implementing standardised data terminologies and formats (a single “language”); a common data model and standardised analytics; and comprehensive data governance that uses a “privacy-by-design” approach. These elements are outlined below, followed by a section on the interoperability of electronic medical records.

Data are fundamental in any effort to improve and optimise health system performance. Performance can only be defined around the goals and objectives of a health system. While these vary, the metrics and indicators needed to assess how well the system achieves its goals (and where improvement is needed) require data. Because system objectives will typically cover various domains ranging from technical efficiency to equity and sustainability, a range of data from various sources will be needed to generate the necessary metrics and indices (outlined in Figure 2.1 above). Moreover, performance domains will include areas that benefit from the sharing of information (prevention and care co‑ordination, for example). The importance of an infrastructure that enables the exchange and sharing of relevant data can therefore not be understated as it not only informs on where improvement is needed but provides a key mechanism to improve performance.

As such, a ‘learning health system’ leverages its data in this manner to improve performance through continuous cycles of reflection, adjustment and evaluation. Learning health systems aim to deliver health services that are of high quality and value, that improve health and well-being and, at the same time, provide innovative and rewarding workplace environments for health professionals (AHRQ, 2019[2]). Such a system needs to go beyond answering the questions of “What went wrong (or right)?” to the more important questions of “Why did this happen?” and “What changes are needed to minimise risks and maximise value fairly across a domain or the system as a whole?” This relies on highly detailed and timely information.

As well as information to improve health service design and delivery, data informing a learning health system create new biomedical research opportunities. For example, recent studies conducted in Israel and Scotland have demonstrated the capacity to link clinical, administrative and social datasets to study the safety and effectiveness of COVID‑19 vaccines in different population sub-groups in real time. The results can alert providers and policy makers to the potential risks and opportunities, as well as contribute to global efforts to control the pandemic.

Those countries making strides in putting their data to work have recognised that data are a valuable resource that should be used to generate public benefits. Significant public investment in health and health care – including in health care provision, health data development and health care research – are a key reason why health data should be viewed as a public good.

But there is also an economic argument in the modern era of Big Data, high performance computing and modern analytical techniques including machine learning and artificial intelligence. Data represent immense value both because of the information they potentially contain and because they can be used and re‑used ad infinitum. Their use by one actor does not preclude their use by others. More importantly, like other public goods such as laws or language, data are instrumental in building social value through knowledge and information. Their exclusivity is not intrinsic, but is imposed by man-made laws, conventions, and institutions. In net terms, their commodification hampers human development.

Moreover, the social and economic value of data increases exponentially with their size. For example, a researcher looking for biomarkers that uncover a precision therapy will find a single dataset comprising 10 million records much more valuable than 100 separate datasets of 100 000 patients that cannot be linked or analysed as a whole (such as via the personal data train). In the private sector, forward-looking firms have realised that even a small slice of analytics on a huge data pool can generate far greater returns than hoarding much smaller puddles of data for proprietary use.

But to fulfil their potential in secondary uses as well as the primary objectives of improving patients’ care, experience and outcomes, data held in various places by different custodians must be coded in formats and languages that enable them to be exchanged and linked. This requires social license and trust, which can only be garnered through strong governance, political leadership, and excellent public communication.

The most common reason why health data are not put to work is a lack interoperability. This happens when the information systems of data holders have been developed without common standards, preventing data from being exchanged, or even when data are exchanged, making it very difficult for the data to be interpreted or integrated with other data. Without the ability to share and interpret data easily, every data exchange can become a costly and time‑consuming data integration project.

The most efficient solution to maximise the value of data held in silos is to agree on and adopt common standards for data terminology and exchange (see Box 2.1). Increasingly, such standards are becoming global, enabling multi-country collaboration in the development of IT systems and tools, cross-border access to clinical information for travellers who fall ill, as well as in undertaking multi-country medical and health research. They are a fundamental component of a learning health system.

An intermediary solution is mapping data from multiple organisations that use different data standards to a Common Data Model (CDM). A CDM organises data into a standard structure that makes it possible for data and the meaning of data to be shared for analytical applications, allowing for efficient data pooling and data integration for health statistics and research.

The CDM is not, however, a practical solution for all situations where interoperability is needed such as the exchange of data among health care providers for direct patient care or the development of a patient portal. This is partly because of the time lag between the data being generated and mapped (the patient may need the information before this can take place) and because the mapped data are held in a separate place on the local network (e.g. hospital) which may not be able exchange data with a portal or with the EMR system of another provider.

An integrated health information system does not require all data to be stored in a single location. It is quite possible to achieve the key objectives outlined earlier in this report without central storage or even aggregation. A unified and co‑ordinated approach to national data governance can enable smooth information exchange and use for a range of purposes without compromising privacy, security and ownership of data. In fact, in some ways data protection can be enhanced under a federated data structure.

Further, ensuring that data can be exchanged across national borders can amplify the benefits of data analytics and research in, for example, the context of public health, rare diseases, pharmacovigilance, and precision medicine. An information system that follows international data standards facilitates within-country and cross-border health care delivery and business opportunities for local research and technology sectors; and is better prepared to participate in and adapt to cross-border regulations and initiatives.

A key component of a well-functioning health information system is a data governance structure that avoids the over-use of consent to authorise data exchange in favour of legal authorisation, and adopts an approach that protects privacy and ensures data security, while still enabling data to be exchanged and used for legitimate purposes. The OECD Council Recommendation on Health Data Governance sets out the elements for a national health data governance framework and fosters a “privacy-by-design” approach that is consistent with emerging transnational requirements such as those set out in the EU General Data Protection Regulation (GDPR) (See Annex B).

Privacy-by-design involves designing IT systems in a way that pro‑actively anticipates and addresses risks to data privacy and security so they may be mitigated. In such approaches, the privacy of all individuals whose data is within the system is protected by default. The protection of individuals’ privacy and data security is embedded within the architecture and functionality of the IT system. At the same time, the IT system supports all uses and re‑uses of data that are in the public interest (Cavoukian, 2006[5]).

Privacy-by-design is important because health data are often personal and sensitive, particularly health micro-data where there is a data record for each individual. The EU Data Protection Regulation (GDPR) [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016] places personal health data in a special category with the highest standards of protection.

The OECD Recommendation on Health Data Governance responds to the growing need for a consensus about the framework conditions within which health data can be appropriately governed to enable health data processing to take place both domestically and transnationally. Such health data governance frameworks require a whole of government approach; given that the public interests served span the domains of health, justice, industry, science, innovation and finance. The OECD Council Recommendation on Health Data Governance is compliant with the EU GDPR and encourages “privacy-by-design”.

The OECD Recommendation on Health Data Governance was adopted by the OECD Council on 13 December 2016 and was welcomed by OECD Health Ministers at their meeting in Paris on 17 January 2017. The Recommendation provides policy guidance to:

• Encourage the availability and use of personal health information, to the extent that this enables significant improvements in health, health care quality and performance and, thereby, the development of healthy societies while, at the same time, continuing to promote and protect the fundamental values of privacy and individual liberties;

• Promote the use of personal health data for public policy objectives, while maintaining public trust and confidence that any risks to privacy and security are minimised and appropriately managed; and

• Support greater harmonisation among the health data governance frameworks of Adherents so that more countries can benefit from statistical and research uses of data in which there is a public interest, and so that more countries can participate in multi-country statistical and research projects, while protecting privacy and data security.

Governments adhering to the Recommendation agree to establish and implement a national health data governance framework to encourage the availability and use of personal health data to serve health-related public interest purposes while promoting the protection of privacy, personal health data and data security.

The Recommendation sets out 12 key elements of the development and implementation of national health data governance frameworks. The elements encourage greater cross-country harmonisation of data governance frameworks so that more countries can use health data for research, statistics and health care quality improvement.

The 2019/20 Survey of Health Data and Governance measured implementation of national health data governance frameworks and related regulations and policies. The 23 respondents to the survey were officials of national health ministries or national health data authorities. A national health data governance framework can encourage the availability and use of personal health data to serve health-related public interest purposes while promoting the protection of privacy, personal health data and data security. Overall, 17 of 23 respondents reported that a national health data governance framework is established or is being established. Korea was one of these (Table 2.1).

Most respondents reported health data falling under a national health data privacy legislation; other data used in health studies falling under a national privacy legislation; and certain health datasets or health data programmes falling under other legislations governing ministries, data collections or registries. Some countries have legislations at different levels of government. Overall, 21 of 23 respondents reported that a national law or regulation exists that covers the protection of health information privacy and/or to the protection and use of electronic clinical records.

Six respondents reported that their health data governance framework is set out in law (Austria, the Czech Republic, Denmark, Finland, France, Germany). In Austria, there are elements of data governance within legislation governing health telematics, documentation and research organisation. In the Czech Republic, the National Health Information System and its governance are defined in the Act on Health Services. Finland’s health data governance framework is set out in legislation regarding digitisation and management of client and patient information as well as in regulations and guidelines of the health ministry (THL) (Box 2.2). Health data governance requirements, including GDPR requirements, are set out in federal and state laws in Germany.

In Korea, the Ministry of Health and Welfare set up the Health care Big Data Policy Deliberation Committee in 2018 to discuss decisions required for data related initiatives. As the importance of health care data utilisation grew, the Committee was expanded to become the Health care Data Policy Deliberation Committee in 2021 which oversees discussing policy and system improvement for data utilisation and personal information protection. The COVID‑19 pandemic has stimulated an expansion of health data under the Digital New Deal discussed later, which allows for the expansion and linkage of national health insurance data with other relevant data and for the accessibility of data for global research.

In France, principles of data governance are set out in an Act on the Modernisation of the Health Care System which unified the governance of administrative health data in the custody of three organisations and enabled dataset linkages and set out principles and procedures for data access. The 2019 Act on the Organisation and Transformation of the Health System broadened the definition of the national health data system to include additional datasets and their custodians and set out data sharing principles among these custodians. The Health Data Hub, which defines the elements of shared data governance with stakeholders was launched in 2019 to support France in becoming a leader in Artificial Intelligence in health and to overcome barriers to the re‑use of health data for research (Box 2.3).

In the Netherlands, the Information Council works on the development and sustainability of national health information and includes health care organisations and the Ministry of Health. The Council has four information system development goals: data to monitor the safety of prescription medicines; citizen access to their own medical data and the ability to link their own health and medical data; digitisation and exchange of data between health care professionals; and that data is recorded once and reused. A sub-group of the Council is the Community of Data Experts which advises the Council about the secondary use of health data for statistics, research and health and health care policy. Several laws include rules that make it mandatory to keep a medical record, to provide patients with digital access to their medical records and regarding system quality. A new framework law that passed the parliament in 2021 requires the electronic exchange of medical records among health care providers.

Latvia developed a Health System Performance Assessment Framework in 2019 (including health care quality, patient safety and efficiency indicators). Within this framework, principles and procedures for data provision, data linkage, health data protection and access to data for research are set out.

The United States Department of Health and Human Services proposed in 2020 a new rule within the 21st Century Cures Act to support seamless and secure access, exchange and use of electronic health records (Box 2.4). The rule aims to increase innovation and competition by giving patients and their health care providers secure access to health information; allowing more choice in care and treatment. A provision in the rule requires that patients can electronically access all their electronic health information (both structured and unstructured data) at no cost and deters blocking authorised access to and exchange of data. It calls on the health care industry to adopt standardised application programming interfaces (APIs) to allow individuals to securely and easily access structured electronic clinical data using smartphone applications.

The Department of Health and Human Services and the Office of the National Co‑ordinator have also released a Trusted Exchange and Common Agreement (TEFCA) which sets out principles, terms and conditions for a common agreement to enable nationwide exchange of electronic health information across disparate health information networks. It aims to ensure that health information networks, health care providers, health plans, individuals and other stakeholders can have secure access to their electronic health information when and where it is needed.

In Australia, governmental responsibility for national health datasets is shared between Federal and State/Territorial jurisdictions. At each level of government, there are a range of agencies with responsibility for specific datasets with no overarching health data governance framework. However, all jurisdictions signed the 2020‑25 National Health Reform Agreement which includes an action to scale up a national approach to data governance arrangements, structures and processes, to facilitate clear and efficient mechanisms for sharing and developing data in a sustainable, purpose‑based and safe way. There is an Australian data governance framework for electronic clinical data exchanged as part of the My Health Record System. A Data Availability and Transparency Bill was introduced in 2020 to implement a scheme to authorise and regulate access to Australian Government data (Box 2.5).

Ireland’s Department of Health is currently working on a national health information strategy. In this strategy, Ireland is planning a National Health Observatory which would be authorised by law and include the development of a national health data governance framework.

In Israel, responsibilities for national health data governance are shared between the Ministry of Health and the Israel Innovation Authority. Israel’s government has been working on designing a policy framework for secondary use of health data for research to enable collaborative data research initiatives. This framework is not yet finalised. As a result of the COVID‑19 pandemic, the government has been accelerating work toward data sharing and access (Box 2.6).

The Government of Canada, together with provinces and territories, is leading the development of a Pan-Canadian Health Data Strategy to improve Canada’s collection, sharing and use of health data while protecting privacy. An Expert Advisory Group (EAG) was established in December 2020 to provide advice and guidance as work on the Pan-Canadian Health Data Strategy evolves.

Slovenia began developing a national health data governance framework in 2019. Luxembourg is planning a National Health Observatory which will be authorised by law and will support the development of a national health data governance framework. Belgium reported an intention to increase co‑operation among several federal health administrations (Federal Public Service Health (FPS Health), RIZIV-INAMI, FAGG) regarding data policy.

The United Kingdom (Scotland) has an information governance framework for personal data, within which is a Public Benefit and Privacy Panel (PBPP) for health and social care data. The PBPP is a patient advocacy panel which scrutinises applications for access to NHS Scotland health data for secondary purposes with respect to the public benefit and privacy implications of proposed projects.

OECD countries are fostering public trust of individuals, communities and societies in the collection, use and sharing of health data for uses within the public interest through inclusion and transparency. This includes public consultation from a wide range of stakeholders with a view to ensuring that the processing of personal health data is consistent with societal values and the reasonable expectations of individuals. This also includes transparency with the public regarding health data processing and access to data and the safeguards protecting data privacy and security.

Through open and public dialogue about potential benefits, risks and risk mitigations it is possible to promote a balanced approach to the governance of personal health data within society. In response to the 2019/20 survey, 14 of 23 respondents reported that a public consultation had taken place or was planned around the elements of a national health data governance framework (Table 1.1).

Australia reported undertaking a stakeholder and public consultation as part of the steps toward developing a Framework for the Secondary Use of My Health Record system data. The My Health Record system is a nation-wide electronic health record system that contains a summary of patients’ health information.

The Netherlands includes client and patient federations as members of the National Health Information Council. Further, an open public consultation takes place in the Netherlands to review documents presenting data governance concepts. The health data governance development process includes participation of civil society organisations and patients’ organisations in order to reflect diverse public opinions.

Israel reported an on-going public consultation process of the Ministry of Health and the Innovation Authority using social media, public conventions and public feedback through a website.

Slovenia gathers public input to its health data governance framework through an e‑Democracy portal. Latvia has undertaken in 2018 and continued in 2019 presentations and discussions with health care professionals and researchers.

Canada reported an intention to consult the public and an effort that is underway to develop the best method to do so and to determine the areas upon which the consultation should focus. France reported that a mission of the Health Data Hub is to elaborate a Citizens and Patients Charter in collaboration with patients’ associations. Ireland reported that a public consultation will take place on the draft health information strategy.

The Czech Republic reported that a new law on e‑health is being prepared that will include a revision of the law governing the National Health Information System (NHIS). As part of the development of this legislation, the public will be consulted. Similarly, Austria, Finland, Luxembourg and Singapore reported that public consultations take place whenever a legal reform is planned.

The United States Department of Health and Human Services provided a long open public comment period on the proposed rule within the 21st Century Cures Act to support seamless and secure access, exchange and use of electronic health records.

Fair and transparent project review processes are important to meet public expectations regarding appropriate uses of their personal health data. Review and approval procedures should involve an assessment of whether the processing is within the public interest; be robust, objective and fair; be timely; promote consistency in outcomes; be transparent while protecting legitimate interests; and be supported by an independent multi-disciplinary review.

Seventeen respondents reported in 2019/20 that a central authority for the approval of requests to process personal health data is established or planned.

In Korea, the Health care Data Policy Deliberation Committee set up a specialised sub-committee to discuss appropriate use of data.

Australia’s data governance framework for the My Health Record system, as well as the legislation authorising the system, provide for a central Data Governance Board to manage requests for data from the My Health Record system. The Governance Board is not involved in requests for other national health data; and most of these requests are approved by the Australian Institute of Health and Welfare.

Finland is currently establishing a Health and Social Data Permit Authority (Findata) to approve data processing requests. Denmark has established the Danish Health Data Authority.

In Belgium, the Information Security Committee is responsible for approving requests to process personal health data; in Luxembourg, the National Commission for Data Protection grants approvals; and in France the data protection authority (CNIL) approves the creation of datasets and the processing of data. Similarly, in Estonia, the Data Protection Inspectorate approves requests to process personal health data. There are research ethics committees in Estonia that are also involved in project approvals. In Israel, the Ministry of Health’s Data Delivery Committee approves requests in co‑ordination with the Privacy Protection Authority of the Ministry of Justice.

In the Netherlands, organisations can create datasets and can undertake dataset linkages under the precondition that their activities meet the requirements of the GDPR and the Medical Treatment Act. The Data Protection Authority evaluates whether datasets meet GDPR requirements. Further guidelines regarding necessary elements of quality registries are also provided by the national body overseeing the electronic health record system (NICTIZ).

In Slovenia, new datasets must be authorised by law and all other cases of data processing are approved by the Information Commissioner. Likewise, the Swedish Ethical Review Authority approves requests for data processing for research projects; however, multi-purpose datasets require legal authorisation before they can be created. In Sweden, data custodians also independently approve data requests.

In Norway there are regional research ethics committees and a national centre for research data (REK) that assesses requests for health data processing in terms of research methods, an assessment of benefits/risks and data privacy safeguards.

In Canada, provinces and territories have individual processes for approval of requests to process personal health data. To support knowledge creation and help researchers, policy makers and decision-makers make more effective use of pan-Canadian data, the Heath Data Research Network’s Data Access Support Hub (DASH) allows Canadian researchers requiring multi-jurisdictional data to request data from a single source.

In Germany, there are plans to open national electronic health record data for research, but it is not yet clear whether a single authority for data access management would be created or whether the organisation that is currently responsible for e‑HR infrastructure would assume this task.

Current regulations in Ireland provide for a Consent Declaration Committee to adjudicate health research requests involving consent exemptions. As Ireland develops an information strategy, a national health information office may be set up that would provide the necessary approvals for persons or organisations seeking dataset linkages and access to linked data for valid purposes.

In Latvia, the Centre for Disease Prevention and Control evaluates researchers’ and research institutions’ applications for the use of identifiable patient data recorded in the medical documents in specific research under Cabinet Regulation No. 446 which covers cases where it is not possible to obtain informed consent from the patient. If approved, data for research from different sources is provided/available on a person level with a direct identifier (personal ID, etc.). Requests for a data extraction from the public monitoring system for health care quality and efficiency are approved by a special project council consisting of representatives from the Centre for Disease Prevention and Control, National Health Service, State Emergency Medical Service and Health Inspectorate. In this case, approved applicants access pseudonymised data.

Information Services Scotland (ISS) sets out criteria for approval to access data within a safe haven environment. Applicants must be employed by an approved organisation and meet other requirements, such as undertaking training in information governance requirements. Applicants seeking a dataset linkage may be required to apply for approval by the NHS Scotland Public Benefit and Privacy Panel.

In the United States, most health care providers must follow the HIPAA Privacy Rule which sets a baseline protection for certain individually identifiable health information. The Rule permits, but does not require, covered health care providers to give patients a choice regarding whether their health information is disclosed or exchanged electronically with others for key purposes including treatment, payment and health care operations.

Public information mechanisms are essential to build public trust. Public information should include the purpose of the processing, the health-related public interest served, the legal basis for the processing, the procedure and criteria used to approve the processing, a summary of approval decisions taken, and information about the implementation of a national health data governance framework and how effective it has been.

Clarity and transparency supports protecting individual’s privacy and autonomy while also ensuring that data processors and data users are aware of the authority under which data may be used and can plan the development of research programmes accordingly.

Twenty-one respondents reported in 2019‑20 that for all or most key health care datasets there is a publicly available description of the dataset purpose and content and most provided a web-link to this public information. Singapore reported that a public description was available for two datasets; and Ireland reported this for one dataset.

Seventeen respondents reported that the description of all or most health care datasets includes the health-related public interests served by the data. Seventeen respondents reported that the description for all or most datasets includes the legal basis for the processing: Austria, Belgium, Canada, the Czech Republic, Denmark, Finland, France, Germany, Israel, Korea, Latvia, Luxembourg, the Netherlands, Norway, Slovenia, Sweden and the United Kingdom (Scotland).

The procedure to request access to the data and the criteria used to approve access to the data are publicly available for all or most health care datasets in 17 respondents: Australia, Belgium, Canada, the Czech Republic, Denmark, France, Germany, Israel, Japan, Korea, Latvia, the Netherlands, Norway, Slovenia, Sweden, United Kingdom (Scotland) and the United States.

Fourteen respondents reported that the procedure to request a record linkage or other further processing of all or most health care datasets and the criteria used to approve these requests are publicly available: Australia, Belgium, Canada, Denmark, Finland, France, Israel, Japan, Korea, Latvia, the Netherlands, Sweden and the United Kingdom (Scotland).

When asked if there is a summary of approval decisions for the record linkage or further processing of the datasets that is publicly available, 10 respondents answered yes for all or most key health care datasets: Australia, Denmark, Finland, France, Israel, Japan, Korea, Latvia, Sweden and the United Kingdom (Scotland). When asked whether the summary describes or identifies the data recipient of an approved record linkage or further processing of the datasets, only Denmark, France, Israel, Japan, Korea, Latvia, Sweden and the United Kingdom (Scotland) said yes for all or most health care datasets.

Clinical data are a key component of any health information system looking to improve care quality as well as enabling research and innovation. This section outlines the current situation in OECD countries regarding the exchange and interoperability of electronic health records data, and the key elements of successful integration.

Most of the OECD countries (21 of 27) surveyed in 2021, are exchanging electronic clinical records among physicians, medical specialists and hospitals for the direct care of patients. Sixteen countries report that a single country-wide EHR system is in place. Thirteen countries reported that a nationally standardised patient summary is exchanged among health care providers at a national level, with a broader array of patient data exchanged among health care providers at the sub-national (state, regional) level. In three countries, Belgium, Canada and the Czech Republic, patient data is exchanged among health care providers only at the sub-national (regional, state) level.

Central co‑ordination enhances the readiness of EMR systems to contribute to national performance monitoring and research. Twenty-three of the 27 countries reported a national organisation with the primary responsibility for national EHR infrastructure development (Table 2.2). Twenty countries reported that their national organisation is also responsible for setting national standards for both clinical terminology within EHRs and standards for data exchange (electronic messaging).

Fourteen countries reported that the national organisation responsible for EHR infrastructure development had a multidisciplinary governing body with representation from various stakeholder groups (Table 2.3). Multi-disciplinary governance supports the development of standards that meet the needs of different stakeholders in the health information system. The absence of an interdisciplinary body in Korea as well as the approach of establishing the KHIS to advance certification and interoperability and a separate body to address the secondary use of EMR data is discussed in Chapters 3 and 4.

Global consensus regarding terminology standards for key clinical terms has not been reached yet. There are, however, a few international terminology standards that are used by a significant share of countries.

In 2021, 18 respondents reported using the International Statistical Classification of Diseases and Related Health Problems, 10th Revision (ICD‑10) for diagnostic terms; 16 respondents reported the Anatomical Therapeutic Chemical (ATC) Classification System for medication terms; 13 respondents reported the Logical Observation Identifiers Names and Codes (LOINC) for laboratory test terms; and 10 respondents reported DICOM standards for medical image terms. These results for 2021 are a small improvement from 2016, as the number of respondents adopting the ICD‑10 diagnostic terms and ATC medication terms has grown by a few countries.

Twelve respondents reported adopting the Systematised Nomenclature of Medicine‑Clinical Terms (SNOMED CT) for at least one key term within their EHR. SNOMED CT is a comprehensive set of terminology standards covering key terms within EHR records. The cost of deployment; however, is a barrier to widespread adoption and the number of respondents is unchanged from 2016.

However, there remain key terms within clinical records where there is no consensus among countries about which international standard could apply. These include surgical procedures, vital signs, healthy behaviours, socio‑economic status, clinically relevant cultural and psychosocial characteristics, and patient reported outcomes and experiences. Further, there are often local standards that have been adopted or, in some cases, these elements are not coded to a terminology standard but recorded as free text.

The legacy of fragmented deployment of EHRs has resulted in 11 respondents reporting clinical terminology standards are inconsistent among different networks or regions within their country. While this remains a significant problem, it has improved from 2016 when 20 respondents reported this issue.

Twenty-one respondents in 2021 reported implementing policies or projects to improve the interoperability of data within electronic health record systems (EHRs). Seventeen respondents are adopting the HL7 Fast Health care Interoperability (Resource) standard and a further two respondents are considering adoption. The HL7 FHIR standard supports web-based applications in health care as they exist for other sectors such as for e‑commerce, banking, and travel booking; and utilises commonly used web development tools which allow for a larger pool of developers and faster development. The KHIS is promoting FHIR as part of implementing the My Health Way initiative.

Twelve respondents are also adopting SMART on FHIR standards (or similar) and a further 4 respondents are considering adopting SMART on FHIR. Substitutable Medical Applications and Reusable Technologies (SMART) is a standard used on top of FHIR to develop web-browser and mobile/smartphone apps that can be connected to/interact with any EHR system. For example, an app to assist patients with managing their medications or an app for secure communication with a health care provider.

Fourteen respondents reported developing public application programming interfaces (APIs) and an additional respondent is considering adopting this standard. Application programming interfaces (APIs) allow data sharing among different EHR software and Health Information Technologies, overcoming blockages to data interoperability (Table 2.4).

Encouragingly, respondents reported participation in global collaborative work toward agreed international standards for clinical terminology and data exchange (electronic messaging). In 2021, 15 respondents reported participating in the Integrating the Healthcare Enterprise International collaboration and 10 respondents reported participating in the Global Digital Health Partnership (Table 2.5).

There is extensive work underway within the European Union (EU) toward improving the accessibility, sharing and use of health data that, if successful, would have an influence on the evolution of global collaboration in the sharing, use and protection of health data. A key EU project is the eHealth Digital Service Infrastructure (eHDSI) for cross-border health data exchange under the Connecting Europe Facility (CEF) that is supporting EHR data exchange at the country level and the provision of core services at the EU level. Another the Joint Action Towards the European Health Data Space (TEHDAS). TEHDAS is developing European principles for the secondary use of health data, building upon successful development of health data hubs in a few countries and aiming to develop health data governance and rules for cross-border data exchange, improve data quality and provide strong technical infrastructure and interoperability (EC, 2021[8]).

The 2021 survey also asked respondents about the coding of health data to CDMs which facilitate within country statistical and research projects. In 2021, five respondents reported coding data within their EHR systems to a CDM. When the common data model is international in scope, such as the OMOP (Observational Medical Outcomes Partnership) CDM, such coding efforts support internationally comparable data for a wide array of research and statistical uses. There were some applications of the OMOP CDM reported by Australia and Israel in 2021.

France is coding data within the Health Data Hub to the OMOP CDM as part of the EU EHDEN project which is affiliated with OHDSI. Notably HIRA has coded linked health data to the OMOP CDM, including national insurance claims data, for the purposes of encouraging secure access to timely data for global COVID‑19 research as part of the OHDSI project. This project has produced a range of impressive outputs.

Surprisingly, given the mounting volume of data created, only 8 of 26 respondents in 2021 reported that EHR data are stored or processed using Cloud Computing services (Australia, Israel, Japan, Korea, Luxembourg, the Netherlands, Portugal and the United States). The majority of respondents are still managing EHR data on dedicated servers.

Essential to data security, integration and patient safety are unique identifiers. In 2021, 24 of 27 countries reported that they have a unique national number that identifies patients to build and electronic health record. Further, 23 countries reported having a unique national number that identifies health care providers or other authorised persons who are entering data into an electronic health record.

Fourteen respondents reported that clinical data are encrypted when they are exchanged to protect privacy and data security. Nine respondents reported that clinical data are exchanged using a dedicated, secure network. Security measures for these networks included a digital signature for ID (Denmark), digital signature with smartcard (Luxembourg, the Netherlands), multi-factor authentication (Canada, Italy, the Netherlands, Switzerland), digital certificates for ID verification (Japan, Lithuania), virtual safeboxes for data exchange (Israel), channel encryption (Italy), and IP security and Internet key exchange (Japan). A few respondents also noted data de‑identification and pseudonymisation (Italy) and even data anonymisation (Costa Rica).

Respondents reported methods they are using to secure EHR data from unauthorised access, hacking and malware. These include virus scanning, firewalls, controlled access, access logs, audit logs, automated log-out, timely software updates, network separation, auditing hardware and databases, physical security for networked hardware, staff training in data security including how to identify phishing schemes, malware and other malicious programs, penetration tests (ethical hacking), vulnerability scanning, national authorities supervising cybersecurity among data processors, and business continuity and disaster recovery planning.

In the 2021 survey, 17 respondents reported that there are laws or regulations requiring health care providers to meet standards for national electronic health record interoperability. Sixteen respondents reported that laws or regulations require electronic messaging standards and 16 also respondents reported that laws or regulations require terminology standards (Table 2.6).

In the 2021 EHR survey, 16 respondents reported that they have a certification process for the vendors of electronic health record system software that requires vendors to conform to particular health information exchange (electronic messaging) standards. Thirteen respondents reported a certification process that requires adherence to national standards for clinical terminology and 13 reported certifying vendors for adherence to requirements or standards for national EHR interoperability (Table 2.7).

While not a national certification of software vendors, reimbursement for medical expenditures requires that providers follow certain terminology and exchange requirements in Israel. In Luxembourg, there is a national labelling process for software vendors to access the national EHR system. In Italy, there are no national requirements for certification, but individual regions may impose requirements. In Slovenia, certification has been legally authorised, but it is not yet implemented due to resource constraints. However, to connect to the national EHR system in Slovenia, vendors must use nationally standardised APIs (Application Programming Interfaces). The Korean approach to certification implemented by KHIS is discussed later.

Another mechanism to verify if health data meet national expectations for data quality is to conduct audits of clinical records. In the 2021 EHR survey, 13 respondents reported that the electronic records of physicians, medical specialists and hospitals are audited to verify quality (Table 2.8). An additional three respondents indicated that at least one of these three groups are audited to verify quality. In most cases, it is a national authority that is responsible for undertaking quality audits. In Canada and Sweden, regional authorities conduct audits. In Switzerland, private sector organisations can be certified to then conduct audits as part of certifying the compliance of communities to national requirements including auditing clinical records for quality. Under law in the United States, health care providers are responsible for generating auditing reports on the quality of their clinical records and ensuring data quality. This is an area where Korea can improve.

In 2021, OECD countries reported several different policy levers supporting EHR interoperability and the increased use of data from within EHR systems for direct care, patient centred services, research, statistics, applications development and other uses within the public interest. This section reviews countries use of laws or regulations requiring data standards; certification of software vendors; and incentive payments.

In 2021, 13 countries reported implementing laws or regulations that require health care providers to adopt electronic health record systems that meet national standards for both clinical terminology and electronic messaging (data exchange).

Sixteen countries, including Korea (through the KHIS), reported laws or regulations requiring health care providers to meet standards for national EHR interoperability (Table 2.9). In Iceland, regulations require that health care providers can connect to the Icelandic HealthNet (national EHR network). In Italy, the law defines a national federated system with a mandatory, nationwide, interoperability. In Lithuania, data is structured and standardised by law and must be suitable to be forwarded smoothly to the ESPBI IS (central EHR system). In Luxembourg, connecting to the DSP (central EHR system) requires meeting legal requirements for data standardisation. In Slovenia, IHE XDS and OpenEHR standards are required with proprietary modifications that are set out in law. In Switzerland, certifying communities and software vendors are required to meet national standards including HL7 FHIR and IHE. In Portugal, by law, health care providers IT systems must conform to a catalogue of standards to exchange data.

Another policy lever is requiring vendors of electronic health records systems to be certified to be in conformance with national data standards. Overall, 13 countries including Korea have a software vendor certification that requires vendors to meet national standards for both clinical terminology and electronic messaging (Table 2.10).

Finally, 8 countries have incentive payments or penalties for health care providers to install EHR systems from a certified software vendor, 9 have these payments to health care providers to keep EHR systems up-to-date regarding changes to national standards over time and 11 have incentives or penalties to meet national requirements for EHR interoperability (Table 2.11). Korea is not one of these, and KHIS reports that incentives or penalties are being currently considered (see Chapter 4).

In most countries, patients have access to and can interact with their own medical records within a secure Internet portal. “Access” means patients can view information contained in their own record and “interact” means that patients can amend information, upload data or interact with their health care provider. Thirteen countries reported that 100% of patients have access to their own medical records through an Internet portal and 12 reported that 100% of patients can interact with their portal. Eighteen countries reported that patients can view their own records from all of their current health care providers and containing their current medications, lab tests, and imaging results (Table 2.12). The My Health Way initiative currently under development in Korea will enable patients to access their medical information in one place (Chapter 3).

Most countries are regularly extracting data from the EMR systems for public health monitoring (16 countries). Such uses have been accelerating in response to the COVID‑19 pandemic (Table 2.13). Further, countries have been increasingly depending upon data with EHR systems for their superior timeliness, enabling analysis of the pandemic situation and response in near real time. Ten countries reported regularly extracting EHR data to monitor the performance of the health system including, treatments, costs and health outcomes. Twelve countries regularly rely upon EHR data to monitor patient safety, including post-market surveillance of medications. Ten countries report that EHR data are extracted for health and medical research to improve patient care, health system efficiency or population health, such as long-term follow-up studies of patients experiencing different risk factors, health conditions and treatments. Five countries are regularly relying upon EHR data to facilitate and contribute to clinical trials, such as following clinical cohorts to measure health outcomes and health care encounters over time. Five countries also enable physicians to query the data to inform themselves about previous treatments and treatment outcomes when caring for patients. Korea reports that EMR data are currently not used for any of the listed purposes.

While many countries are extracting data from electronic clinical records to develop their key national datasets and for research (as will be discussed in the next section), 10 survey respondents in a 2019‑20 survey on health data governance reported barriers to doing so.

In Korea, it is legally possible to extract data from electronic health records for secondary uses but the interpretation of the law is strict so doing so is difficult in practice (see Chapter 3).

In Luxembourg, data extraction from electronic clinical records for secondary uses is only lawful with the prior written consent of patients. Similarly, in Canada, electronic medical records in primary health care are in the custody and control of care providers who have no obligation and sometimes, depending on the jurisdiction, no legal authority to share data with public authorities, without express consent. As in Canada, the federal structure of Germany leads to different legal frameworks at the state level (state data protection laws, state hospital laws) that govern whether data may be extracted for secondary purposes. In Australia, data extraction is restricted by a number of legislative, privacy, secrecy and confidentiality requirements and medical records can be disclosed with consent, or in specified circumstances where authorised by law.

In France, extracting data from the electronic health record or DMP (dossier médical partagé) for the purposes of sharing and linking data is legally prohibited. France reports the legal prohibition came about because the national health insurance fund (CNAM) provides operational management of the linked health care administrative database and patients’ associations sought a guarantee that clinical data within the DMP would not be accessible to the insurer. It is, however, legally possible to create a dataset of anonymised data from DMP records.

In Japan, there is no national electronic health record system within which data might be contributed by each medical institution. Further, medical institutions require patient consent for each research or statistical project where data would be extracted and shared from their electronic records.

In Belgium there is no real policy about the extraction of data from electronic records for secondary uses. In Latvia, there is no experience yet with data extraction as the implementation of the national e‑health system has only started recently. In Ireland, most health records remain paper-based in acute care hospitals.

Concerns were further echoed by respondents to the 2021 EHR survey. In 2021, 15 respondents reported that problems with the quality of data within electronic clinical record system created a barrier to developing national health datasets from this data source. The most common concern was with unstructured (free text) data within EHRs that need to be structured following common terminology standards to be readily useable for statistics and research. Thirteen respondents also reported legal or policy barriers to public authorities extracting data from within EHRs to develop national health datasets.

Perhaps the most difficult barrier is in Switzerland, where the law which authorises the creation of electronic clinical records did not foresee the use of data from within this information system for national statistics or research and, as a result there is a total ban on utilising this information resource for any purpose within the public interest other than directly caring for an individual patient. Similarly, in Korea, the law authorising the Information Exchange Program only authorised the exchange of EHR records for direct patient care and there is no legal basis for the secondary use of EHR data.

In Sweden, whether data can be extracted from EHRs for a statistical purpose is limited to the legal authorisation of the specific use. Statistics and research uses that have not been already foreseen and legally authorised are restricted. Similarly, Finland’s law authorising the EHR system did not specify that health care quality monitoring could be undertaken with data from within the EHR system and are facing restrictions to this activity which is within the public interest. In Iceland, health data registries (datasets) are each authorised by a separate legislation. If a new registry (dataset) is needed, then it is necessary to pass a new legislation to authorise it. Similarly, Portugal reports a lack of legal authorisation to extract data for statistical purposes.

Japan and Turkey report concerns that the national data privacy law restricts their ability to extract data from within their EHR systems to build national datasets that are within the public interest. Canada reports the challenge of having different data protection laws within its 13 provinces and territories.

The Netherlands, Denmark and Israel are the three countries with the most applications of machine learning, artificial intelligence algorithm development and other more advanced analytics based on EMR data that were measured in the 2021 survey. Overall, 8 countries reported data mining to find or extract data from the EMR; 8 countries are using EHRs to develop messages and alerts for patient care or managerial decision-making; and 7 countries are using EHRs to develop predictive analytics trained on EMR data for patient care or managerial decision-making. Six countries report national projects to integrate or link EMR data with genomic, environmental, behavioural, economic or other data. Three countries are also using natural language processing to convert free text to standardised (coded) data (Table 2.14). Again, Korea reports that EMR data are currently not used for any of the listed purposes.

In 2021, most OECD countries surveyed had: 1. established a national organisation that was responsible for setting national clinical terminology and electronic messaging (exchange) standards; 2. Created a multidisciplinary governing body for the national organisation that represents key stakeholders; 3. use unique identification of patients and health care providers; 4. adopted international terminology standards for diagnoses, medications, laboratory tests and medical images; 5 adopted the HL7 FHIR standard for data exchange (electronic messaging); and participate in global collaborative projects to improve international data standards.

Most countries have one country-wide electronic health record system and are exchanging EHRs at the national level including data sharing among physician offices and hospitals about patients’ treatment, medication use, laboratory tests and images.

Most countries have a Patient Internet Portal where patients can access their own medical records from all of their current health care providers. Most are extracting data from their EHR system for public health monitoring. Many countries are also utilising EHRs for other secondary purposes including health system performance monitoring, patient safety surveillance and health and medical research. Some are also developing big data analytics including machine learning, artificial intelligence algorithms with EHRs.

Countries reported several levers to improve the spread and interoperability of their electronic clinical data.

• Sixteen had a legal requirement for health care providers to meet national standards for EHR interoperability and 13 had a legal requirement for health care providers to adopt an electronic health record system (software) that conformed with national standards for both clinical terminology and electronic messaging (exchange).

• Thirteen countries had a certification of EMT system (software) vendors that required them to adopt national standards for both clinical terminology and electronic messaging and 13 had a certification that required software vendors to meet requirements for national EMR interoperability.

• Eleven countries had financial incentives (or penalties) for health care providers to install an EHR system that meets national standards and requirements for national EMR interoperability. Nine countries report incentives for health care providers to keep their EMR system up-to-date as clinical terminology and electronic messaging standards change over time; and 8 reported incentives for health care providers to install and EMR system from a certified software vendor.

[2] AHRQ (2019), About Learning Health Systems, https://www.ahrq.gov/learning-health-systems/about.html.

[3] Aspden, P. (ed.) (2004), Health Care Data Standards, National Academies Press, https://www.ncbi.nlm.nih.gov/books/NBK216088/.

[5] Cavoukian, A. (2006), Privacy By Design: The Seven Foundational Principles, IAPP Resource Centre, https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf.

[8] EC (2021), European Health Data Space, https://ec.europa.eu/health/ehealth/dataspace_en.

[4] Kubben, P. (ed.) (2019), Standards in Healthcare Data, Springer, Cham., https://doi.org/10.1007/978-3-319-99713-1_3.

[7] Magazanik, L. (2022), “Supporting Health Innovation With Fair Information Practice Principles: Key issues emerging from the OECD-Israel Workshop of 19-20 January 2021”, OECD, Paris, https://www.oecd.org/health/OECD-Israel-Health-Data-Governance-Workshop-Report.pdf.

[6] Oderkirk, J. (2021), “Survey results: National health data infrastructure and governance”, OECD Social, Employment and Migration Working Papers, OECD Publishing, Paris, https://doi.org/10.1787/55d24b5d-en.

[1] The Open Data Institute (n.d.), Data Infrastructure, https://theodi.org/topic/data-infrastructure/ (accessed on 17 March 2022).