Could GDPR aid interoperability in healthcare?

Interoperability remains a major challenge for healthcare IT. In March the General Data Protection Regulation, (GDPR), comes into force to update data protection laws, encouraging greater transparency and putting more control in the hands of citizens. With its commitment to data portability, could GDPR also serve as an opportunity to finally fix the problem that is interoperability in healthcare? Will it be the push that is needed to make interoperability an imperative?

Data portability, in a healthcare context, could mean that patients have a right to take their data with them between different organisations – meaning that these health bodies will have to make sure that they can;

a) find the information, and

b) make it available in a transparent format.

This could prompt organisations to think generally about how they provide and receive data, potentially assisting interoperability, as well as how they would deal with more specific provisions, such as the “right to be forgotten”.

But whether it will be transformative on the interoperability front remains to be seen. Some argue that GDPR on its own will not be enough to fix the problem and feel it will have to be associated with some sort of standard from the NHS.

Over the years there have been several attempts to set standards to ensure that information can be passed between different systems. For example, this summer NHS Digital said it was moving to Fast Healthcare Interoperability Resources, (FIHR), standards to improve communications between hospitals and GP practices. While suppliers have worked hard to ensure they comply with standards, they must walk the line of meeting client demands and satisfying standards. This challenge is exacerbated by the heavy usage of old, outdated systems that need replacing.

Despite these challenges GDPR could improve interoperability because it will clarify and improve data protection regulations. It has the potential to build the public’s trust in what NHS organisations are doing with their data, making them more likely to share their data. It could also give NHS records a well needed clean up and reorganisation, prompting organisations to think about the way they store data, who can see it and why they are keeping it.

At the very least, having this information defined, documented and accounted for – in the one place – will save an administrative headache if a patient exercises their GDPR right to ask for the information to be removed.


Read the full article here.