Digital Health Apps & SaMD – Incorporating Privacy In Design & Development
John Giantsidis, president, CyberActa, Inc. wrote in the current issue of “meddeviceonline”: Technologies like artificial intelligence (AI) and digital health have made a positive impact in expanding access to healthcare and there are software applications, whether downloadable, native, or web-based, that can do just that. Some of those apps may be considered medical devices (SaMD) and some may be considered clinical decision support (CDS) software, which provides clinicians, staff, patients, or other individuals with knowledge and person-specific information, intelligently filtered or presented at appropriate times, to enhance health and healthcare. The International Medical Device Regulators Forum (IMDRF) has defined SaMD as “software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device,” and the FDA is taking a risk-based policy stance on regulation of CDS software. CDS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include computerized alerts and reminders to care providers and patients; clinical guidelines; condition-specific order sets; focused patient data reports and summaries; documentation templates; diagnostic support, and contextually relevant reference information, among other tools.
Irrespective of the categorization, digital health apps gather data, analyze and process such data, and provide some type of information for the user of the app; it could take an immediate or near-term action to drive or to inform clinical management. Some of the apps are regulated by the FDA and other regulatory bodies, and some are not. But all have a common expectation: privacy.
In Europe, under the General Data Protection Regulation (GDPR), the following principles are to be adhered to, at a minimum, when health data is analyzed and processed:
- Principle of purpose: Before any health data is collected or used, the app must inform the individuals concerned precisely what the data will be used for.
- Principle of data relevance: Only data that is strictly necessary for achieving the objective may be collected. This is the principle of minimizing collection. Digital health apps must not collect more data than they need.
- Principle of limited-duration data storage, also known as the right to be forgotten: Once the objective behind collecting the data is achieved, there is no longer any reason to store them, and they must be deleted. The duration of storage must be defined in advance, taking into account any obligations to keep certain data.
- Principle of data security and confidentiality: Data controllers and processors must take all measures necessary to guarantee that data they collect is secure and confidential; in other words, they must ensure that only authorized people access them.
- Principle of respecting people’s rights: Data about people may only be collected on the essential condition that they have been informed of this operation. People also have certain rights that can be exercised with the organization that holds their data: the right to access these data; the right to correct them; the right to oppose their use; the right to be forgotten (have personal data deleted); the right to data portability, allowing individuals to easily send their data to another data controller; and the right to be informed if their data is breached, inappropriately disclosed or accessed.
In the U.S., the Privacy Rule created under The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was developed to increase consumer confidence in privacy by requiring that the entities involved in healthcare guard against misuse of information and limit the sharing of such information. HIPAA applicability rests on a single question: Does the app store or transmit protected health information? If it is individually identifiable and consists of data regarding an individual’s health, then the answer is yes, it must be HIPAA compliant.
So, how do we go about designing, building, and commercializing SaMDs that incorporate the principles of privacy? The concept is not new; it was developed by the Commissioner of Ontario Data Protection, Ann Cavoukian, in the ‘90s, and it is very much current today. Since most SaMDs perform computation on data input and provide data output to a user to inform clinical management, drive clinical management, or in the diagnosis or treatment of the patient, we concentrate on the data to launch SaMD Privacy by Design, which involves establishing strategies that incorporate privacy protection throughout the life cycle of a SaMD. Designing in privacy within a SaMD creates essential privacy safeguards that would prevent the retrospective and costly privacy features being added on and saves money on managing, controlling, and storing data.
Integrating privacy requirements in the design of a SaMD is not a simple task. Privacy is generally not the primary requirement of a SaMD, and it may even come into conflict with other (functional or non-functional) requirements. It is therefore of paramount importance to define precisely the goals of a Privacy by Design process. These goals should form the starting point of the process itself and the basis of its evaluation.
The seven original principles of Privacy by Design – developed for software engineers by the Information and Privacy Commissioner of Ontario, Canada – suggest the path forward:
- Proactive, not reactive: Anticipate and ascertain root causes of issues and remediate at the source.
- Privacy as the default setting: Ensure privacy remains intact even if a user does nothing.
- Privacy embedded into design: Embed privacy into all systems and business practices.
- Full functionality: Positive-sum, not zero-sum, allows for balancing conflicting needs without sacrificing privacy.
- End-to-end security: Consider privacy throughout the entire application life cycle.
- Visibility and transparency: Ensure clarity for both providers and users.
- Respect for user privacy: Keep it user-centric by putting the interests of those who need their privacy protected first.”
Please find the complete article here.
For further information please get in touch with us: