• Regulation
  • Call for Papers - six days to go

    Sharing eHealth experiences and research finding’s essential to progress. These are the main goals of the Health Informatics South Africa (HISA) Call for Papers (CfP) for its conference at eHealthAFRO 2017 on 2 to 4 October 2017 in Johannesburg. It’s hosted by the South African Health Informatics Association (SAHIA). The CfP has four topics. They are:

    • eHealth Strategy, governance and regulation
    • eHealth impact through routine health information
    • Cyber-security related to eHealth applications
    • eHealth systems related to public health and surveillance. 

    Papers on other relevant eHealth topics may be considered. Will extra papers include health informatics developments and research on eHealth futures, such as AI and health analytics?

    The timetable is: 

    • Full papers submitted to South African Computer Journal (SACJ), complying with SACJ’s submission guidelines, by Monday 28 August 2017    
    • Notification of paper acceptance on Friday, 15 September 2017
    • Final author registration by Friday, 22 September 2017
    • Final paper due Friday, 29 September.

    A special SACJ edition will published presented papers. They’ll comply with SACJ’s editorial process, so at the end of the submission form, comments to the editor should include “HISA Conference paper.”

    eHealthAFRO 2017 brings together researchers and practitioners active in health informatics. At least one author should register for eHealthAFRO and present the paper at the HISA Conference for the paper to be eligible for SACJ publication. SACJ charges ZAR6,000 for publication costs for accepted papers, but authors with no funding can apply for this to be waived.

    Prof Nicky Mostert-Phipps is the contact for submissions. She is a software development lecturer at the Nelson Mandela Metropolitan University Faculty of Engineering’s Built Environment and Information Technology, and can provide more information about HISA’s conference and preparing and submitting papers.

  • Kenya’s mHealth standards for documentation add clarity

    Covering a wide range of mHealth standards, Kenya’s Ministry of Health has set a firm foundation to step up its wide eHealth regulation and good practices. The first main section in Kenya Standards and Guidelines for mHealth Systems deals with development and functions. It’s comprehensive.

    Software development has to comply with a set of phases: 

    • Requirement gathering
    • Systems analysis
    • Systems design
    • Development and implementation
    • Systems testing
    • Operations and maintenance
    • Support
    • Post-implementation M&E.

    Documentation needed for these includes:

    ·       Systems Requirement Specification (SRS)

    ·       Software design documents, depending on the mHealth software design methodology, will include some of:

    o   Unified Modelling Language (UML) diagrams

    o   Data Flow Diagrams (DFD)

    o   Flow charts

    o   Entity relationship diagrams

    ·       Implementation plan, including:

    o   Implementation manual

    o   Training and capacity building manual

    ·       Test plans

    ·       Deployment procedures

    ·       M&E criteria.

    Three other required documents are:

    • Technical manual
    • Developer’s guide
    • User manual.

    Four requirements for data validation are included:

    • First order, ensure valid data formats and values and prevent obvious data entry errors
    • Second order, historical data comparisons for alerts for changes
    • Third order assess data for consistency in specific forms and indicator sets
    • Fourth order, assess statistical outliers for validity. 

    These examples show the range and rigour of Kenya’s mHealth standards. They fit all types of eHealth too. It’s a considerable benchmark for all Africa’s health systems.

  • Kenya’s setting up new mHealth legislation

    Africa’s eHealth legislation and regulation needs considerable developed. Kenya’s stepping it up, eHealth experts have welcomed proposed eHealth legislation, including the Health Act 2017 and the Kenya Standard and Guidelines for mHealth Systems. They see the legislation as facilitating Interoperability (IOp) between private and public healthcare, and as guidelines to move wider eHealth on says an article in ITWEB Africa.

    The Health Act 2017 says within three years of its operation, the Ministry of Health (MoH) will implement management information banks. They’ll include an IOp framework for data interchange and security to improve personal health information management.

    Tony Wood, Managing Director at My Dawa, an online service for ordering prescription and wellness products, said he welcomed legislation that builds the eHealth ecosystem. "With everything, as you look at the world, technology is moving faster than regulation, governments and policy. More can now be done on how these are implemented going forward. I hope they are going to be implemented through open consultation where the public and private sector are working together." This seems like the next step.

    The 66-page guidelines are wide ranging. They set out definitions and extend across mHealth implantation, standards, governance and policy. The proposed legislation’s scheduled for debate in the national assembly. It’s a crucial stepping stone implementing successful and sustainable mHealth and wider eHealth.

  • UK’s NHS made illegal patient data transfer to Google’s DeepMind

    As eHealth expands its reach, and Artificial Intelligence (AI) becomes routine, benefits will increasingly depend on health systems handing over their patient data to specialist companies. It seems inevitable, but it might not always be legal. The UK’s NHS found that it wasn’t.

    An article in the UK’s Guardian says the Royal Free London NHS Trust, based in London, broke the law in November 2015 when it transferred 1.6m patient-identifiable records to DeepMind, the AI outfit owned by Google. It was part of a project where DeepMind’s built Streams, an app that provides clinical alerts about kidney injury. It needed the data for testing.

    The ruling says by transferring the data and using it for app testing, the Royal Free breached four data protection principles and patient confidentiality under common law. It sees the transfer as not fair, transparent, lawful, necessary or proportionate. Patients wouldn’t have expected it, they weren’t told about it, and their information rights weren’t available to them. 

    The UK’s Information Commissioner agreed. Its view’s that the core issue wasn’t the innovation. It was the inappropriate legal basis for sharing data which DeepMind could use to identify all the patients. A better way’s to keep the data in the health system and interface with apps such as Streams only when a clinical need arises. 

    Two issues are important. One’s dealing with an apparent data-grab of millions of patient records by a global organisation. The other’s the way the NHS seems keen to embed a global company into its routing working. Both need regulating and protection of patients’ rights and interests. 

    These offer insights for Africa’s health systems to deal constructively with external eHealth and AI firms. The relationships are already on a trajectory. A lesson from the NHS and DeepMind project’s essential that Africa avoids being dragged along its wake. There’s still time to do it.

  • Sierra Leone sets up a National eHealth Coordination Hub

    Succeeding with eHealth’s complexities across national health systems invariably needs a core organisation. Sierra Leone’s Ministry of Health and Sanitation has set up its National eHealth Coordination Hub to co-ordinate and regulate eHealth. It’ll also support eHealth expansion across the country’s health system. The Ministry of Information and Communications is a leading part of the initiative too.

    A report in Awoko says support’s provided by UNICEF as part of a US$2 million project financed by the United States Agency for International Development (USAID) to strengthen Sierra Leone’s eHealth Management Information System in Sierra Leone. It’s part of the US Government’s commitment to strengthen health systems and services after Ebola. Laurie Meininger, Deputy Chief of Mission, said the Awoko that “Sierra Leone is taking a step in the right direction, recognizing the growing importance of health coordination for the future health and sustainable development goals in Sierra Leone.”

    The Hub has three main goals I supporting the government’s eHealth ambitions. They’re:

    • Co-ordination
    • Regulation
    • Improve alignment of data with national health system goals.

    Acfee’s regulations database has extending across 64 eHealth regulation topics shows Africa’s health systems trailing those on other continents. Catching up’s a big task that needs resources for regulation risk assessments, regulation decisions and compliance reviews. Selecting and implementing relevant and appropriate priorities are essential to expanding eHealth regulations.

    It’s an important achievement. For Africa’s health systems, affordable, sustainable eHealth decisions are tough to take. Creating the Hub provides Sierra Leone with a constructive way to take them. 

  • Africa’s eHealth legal framework needs developing – unpacking the 3rd Global Survey on eHealth

    Africa’s eHealth legal and regulatory framework is behind global trends, as eHNA has reported. More insights are provided in Chapter 6 of the WHO Global Observatory for eHealth (GOe) publication eHealth Report of the third global survey on eHealth Global diffusion of eHealth: Making universal health coverage achievable. The report's data source is the WHO Global Survey 2015.

    Key findings include:

    • Slow but steady development of general eHealth regulation, with 33% of countries with  specific policies or legislation to define medical jurisdiction, liability or reimbursement of eHealth services
    • About 47% have legislation to promote safety, quality and standards of health related data
    • About 78% have health data privacy legislation and 55% have legislation to protect the privacy of electronically patient data. They’re up from 73% and 31% since 2010, so a big step up for eHealth data laws.

    The survey focused on EHRs, which are dealt with in detail in Chapter 5. They are seen as the basis of eHealth systems, so a good indicator of general eHealth regulatory framework maturity. Consequently, countries that don’t have EHRs aren’t covered.

    Africa’s overall position’s about half the global average. Catching up is not easy, Much of the current eHealth regulation’s generic, such as data protection laws and telecommunications regulation. It takes time to find a slot in countries' legislative programmes. eHNA posted that Angola took some five years to complete its data protection laws. This’s a typical timescale that other countries have said is needed to move eHealth regulation on.

    The challenge is exacerbated because eHealth regulation extends well beyond EHRs. Examples are data transfer and communication using mHealth services and new regulatory aspects such as eHealth governance and cyber-security. African countries will be unable to set up comprehensive regulations for all eHealth settings in the medium term, so setting eHealth regulation priorities is crucial.

    From these, eHealth laws and regulations are needed alongside finance and resources for a regulatory body and compliance reviews. These have to compete with finance and resources for expanding eHealth services and emerging demands such as cyber-security and human capacity building. An important question for Africa’s how much eHealth regulation’s needed?

    -------------------------------------

    Image from the WHO report

  • India’s planning eHealth laws to tackle data breaches

    As cybercrime expands and eHealth becomes more affected and infected, India’s planning legislation for comprehensive civil and criminal remedies for eHealth data breaches. It’ll also set up an enforcement agency. Provisions are being drafted to deal with any breach of patients’ data.

    A report in the Times of India says the legislation will include a comprehensive legal framework to protect individual’s eHealth data, ownership of eHealth data, and health data standardisation for data collection, storage and exchange. African countries could benefit by monitoring India’s initiative as a comparator for their own eHealth legislation and regulation.

    Much of Africa’s eHealth in its infancy, so most African countries don’t have specific eHealth regulations. In 2012, a study for the European Space Agency (ESA), led by Greenfield Management Solutions (GMS), identified a 45% gap in Africa’s eHealth regulation compared to developed countries. Not much has changed since then. eHNA reported previously on Africa’s eHealth regulatory perspectives. Much more remains to be done, but it must not stifle innovation.

  • African eHealth needs data protection laws

    With much of Africa’s eHealth in its infancy it’s not surprising that most African countries don’t have specific eHealth regulations in place. In 2012, a study for the European Space Agency (ESA), led by Greenfield Management Solutions (GMS), identified a 45% gap in Africa’s eHealth regulation compared to developed countries. Not much has changed since then.

    One way to address this shortfall is for Africa to follow the EU's example in laying down common laws to help countries protect data as governments implement eHealth. A Liquid Telecom report, Cybersecurity and Data Protection, in ITWEB Africa, highlighted Uganda, Kenya, Tanzania, Ghana, Zimbabwe and South Africa as countries that are in the process of initiating data protection laws in Africa. eHNA reported recently that Angola has approved its data protection laws.

    Kenya’s Data Protection Bill 2013 aims to make it difficult for third parties to mine personal information without owners’ consents. Ghana’s Data Protection Act 2012 is facing slow enforcement. South Africa passed its legislation in September 2016. In Zimbabwe privacy is enshrined in the constitution. The only initiative to encompass most African countries is the African Union's Convention on Cyber Security and Personal Data Protection 2014, which  remains unratified by countries.

    "Some 53 African states came together to agree a legal framework to regulate various fields of ICT activity, ranging from e-transactions and personal data protection to cyber security. The convention is not however any kind of legally binding instrument, and requires that individual countries put its principles into their own statute book," the report said.

    Data protection laws for successful eHealth development are important. While regulation usually lags behind implementation, its key that eHealth’s regulated and regulations are passed in due time.

    Even though the continent’s efforts for general data protection  are fragmented and need further development, the report believes that  some countries are progressive. "There still needs to be more consensus on the meaning of key terms like 'consent', 'public interest' and 'legitimate grounds'. But there is hope that such details can be thrashed out and enshrined in a binding framework that both protects citizens and allows for healthy economic development," the report suggests.

    Data protection in healthcare is an important first step to protecting patients private medical data. While it’s a good foundation, more specific eHealth regulations are needed. An eHNA post sets out some of the challenges and has a link to an article setting out some eHealth regulation themes that for Africa’s eHealth that can go alongside privacy.

  • Angola moves data protection on

    In 2012, a study for the European Space Agency (ESA), led by Greenfield Management Solutions (GMS), identified the gap at about 45% behind in Africa’s eHealth regulation compared to developed countries. A year before, in 2011, Angola’s Data Protection Law No. 22/11 came into force in 2011. It provided for a Data Protection Authority (DPA) to be established.

    It defined personal data as 'any information, regardless of its nature or the media on which it is stored, relating to an identifiable natural person.' This generic definition is important for advancing regulation for the country’s eHealth.

    The GMS study for ESA identified the long lead time needed to convert eHealth regulatory principles into enabling legislation. The project’s workshops with selected sub-Saharan countries identified a realistic legislative process of about five years. Angola’s experience of moving its data protection initiative on shows that long time scales are needed.

    An article in Data Protection Leader says Angola’s President, His Excellency President José Eduardo dos Santos approved DPA framework in Decree No.214/16, on 10 October 2016, some five years after the Data Protection Act passed into law. The DPAs’ roles include receive notifications and fillings from data processes, support the Government to develop and establish data protection policy and represent the country in international data protection initiatives

    As Africa’s health systems develop their eHealth regulatory environments, it’s essential that realistic timetables are set. The ESA study and Angola’s data protection experience shows that progress won’t be rapid. It reinforces the need to start and sustain a momentum to close the gap.

  • Africa’s eHealth regulation needs a boost

    eHealth regulation in Africa trails well behind developed countries. A study for the European Space Agency (ESA) in 2012, led by Greenfield Management Solutions, identified the gap at about 45% points.

    Acfee’s Tom Jones writes in Data Protection Leader (DPL) “Not much has changed since 2012.”  Considerable challenges remain, including:

    1. eHealth regulation must compete with other eHealth priorities
    2. eHealth regulatory bodies or organisations need establishing, requiring enacting legislation to define their delegated powers and resources
    3. This kind of legislation can take several years to agree on with stakeholders and more time to find a place in countries’ legislative agendas for approval
    4. eHealth regulations need enforcement and compliance reviews, which require resources and new skills
    5. Recruiting, training and retaining smart compliance teams is essential
    6. With so many other competing priorities, it is likely that any recruitment and training developments of eHealth regulation will be modest
    7. Phased, long term, sustainable and achievable goals are needed.

    This seems like an insurmountable task. Tom Jones proposes a start point as setting specific eHealth regulation for privacy, building on the generic privacy legislation already in place in 88% of African countries. Because privacy requirements stretch across many aspects of eHealth, it provides a route into the choices for subsequent steps towards greater legislations. The article sets out examples of these.

    As eHealth keeps expanding with new initiatives, like Big Data and analytics, the eHealth regulation gap keeps widening. It’s essential that Africa’s health systems start to catch up.