News and developments

Legal Challenges That Health Technologies Can Face

INTRODUCTION

Health technologies, also known as “HealthTech” is one of the rapidly growing sectors in the world and Turkey.  The health industry, which has an important potential in developing innovative products and technologies, has increased the quality of service by developing with digital transformation tools such as the internet of things, machine communication, cloud computing, big data, wearable and portable technologies.[1] It is expected that these technologies, which create a big difference especially in the diagnostic stages and these technologies are expected to be used more widely after the Coronavirus outbreak and the number of entrepreneurs and investors taking part in this sector is expected to increase. In Turkey, thanks to the applications developed by the Ministry of Health such as e-pulse, e-report, telemedicine, ESIM, MIZ and SİNA, health technologies have now gone beyond “getting online appointments”. However, these rapid developments do not have the same reflection in the legal field. In this article, the legal dimensions of health technologies will be examined.

2. OVERVIEW OF THE STATUS AND REGULATIONS IN TURKISH LEGISLATION

With the developments in health technologies; it has become quite easy to collect data from patients and to evaluate or store those data, and the amount of data that can be collected, processed or stored has increased considerably compared to the past. As a natural consequence of this situation, obtaining and processing those data according to national legislation such as Personal Data Protection Law No. 6698 (“Law”) or international legislation such as the General Data Protection Regulation brings challenges. Personal data, which means any information about a particular or identifiable natural person, it is protected in our legal system by Law No. 6698 and other relevant legislation. In the aforesaid Law, it is regulated that the medical data of individuals are sensitive personal data and more comprehensive protection is provided compared to another type of personal data. If data has the nature of medical data, the protection regime for sensitive data will be implemented.

However, with new technologies, uncertainty may occur regarding which data can be defined as medical data. Medical data can be accessed by combining information collected from social media likes, visited websites, and electronic shopping, such as pieces of a puzzle and this situation is defined as “Emergent Medical Data” in the literature. Emergent Medical Data is related to the data that making a connection to medical data is difficult or the date seems to not related to health. It is seen that the connection between these data is generally established with complex data analysis. In this case, it should be determined which data is included in this scope of the form of personal medical data, and legal protection provisions applied to medical data should be applied according to the result. However, it is not easy to determine in the first stage whether the Emergent Medical Data or the data regarding medical status are in this sensitive category. At this point, strict interpretation can lead to the weakening of the protection and even disappearance thereof in some cases.[2]

Another important point that needs to be emphasized is obtaining the consent of the data subject. According to the Law, explicit consent means; “consent on a particular subject that is based on being informed and expressed with free will”. Explicit consent will also enable the person to determine the limits, scope, form and duration of the data which allowed to be processed. The enlighten the data owner whose explicit consent will be obtained is a necessity arising from the Law and it is the right of the person concerned to have information about the purpose and how to use the data. However, as stated earlier, medical information can be accessed from the “Emergent Medical Data” which is thought to be unrelated to health. In this case, it may be misleading to decide only on the characteristic structure of the data. The mentioned data should also be considered for initial and subsequent use and these issues should be reflected in the content of the open consent declaration. The data subject must know what they have accepted or rejected to have control over their medical information. It is necessary for the transparency of data processing processes, the information about the next usage areas of data.[3]However, in many examples such as remote diagnosis and treatment, e-medicine, e-medication, legal problems related to the transfer of medical data will likely be faced, as information transfer is a part of this technology and even its most basic element.[4]

These developments in health technology may also cause important concerns regarding data security. The importance of providing data security, which is a responsibility stipulated in the Law, has increased with the advancement of technology since the equipment such as cardiac pacemakers, hip prostheses and products such as wearable health technologies are now widely use and can connect to the internet themselves. This situation makes cyberattacks against these objects more likely and can create severe consequences such as unauthorized access to medical information, loss of control of the person over their data, and financial and moral damage. Besides, attacks on new technology products may have a direct impact on the health of individuals. Examples of possible hazards are that the cardiac pacemaker fails to function after a cyberattack, or that the glucose meter is in a position to mislead the person.[5]

3. CONCLUSION

When an assessment of health technologies is made under the applicable legislation, it is seen that the most important difficulty that can be encountered is the size of the medical data collected through these technologies and applications. The regulations regarding topics such as the consent of the data owner, data transfer and data security seem to be insufficient or tend to get violated.  However, it is important to mention that with the widespread use of technologies such as artificial intelligence, machine learning and deep learning in the field of health, and the increase of robotic applications, it seems possible that deeper legal and ethical discussions will be observed in the future and the changes in the law would be shaped by the developments in these technologies.

[1] “Endüstri 4.0 Gelişim Süreci ve Sağlıkta Dijital Dönüşüm”, Prof. Dr. Şebnem ASLAN, Arş. Gör. Şerife GÜZEL, 2nd International Congress On New Horizons In Education And Social Sciences (ICES-2019) Proceedings, 2019

[2] Bkz. “Sağlık Bilişim Teknolojileri ve Yeni Hukuksal Soru(N)lar”, Dr. Elif Küzeci, İnönü Üniversitesi Hukuk Fakültesi Dergisi –İnÜHFD- Cilt:9 Sayı:1 Yıl 2018 s. 477-506

[3] ibid, p.461

[4] ibid, p.461

[5] ibid, p.493-494