MediaNama attended a round-table discussion on April 27th by SFLC.in on policy enabling Information Technology in healthcare. The round-table aimed to discuss questions around current and future regulation, the effect of government policy and technical aspects of providing healthcare using IT. Below are the main points made during the discussion. Quotes are paraphrased and not verbatim, they are unattributed since the discussion was held under Chatham House Rules.

Taking consent from patients: who takes consent, and dealing with emergent conditions

    • Taking consent from clinical trial participants: In the context of conducting clinical trials, an implied consent form is in place, wherein you obtain the consent of the patient, and it needs to be specified if the data is going to processed not locally, but in a second geography/country different from where its being collected. You have to explain to the patient what exactly happens with their data. We call the patients subjects and obtain their consent, and major hospitals are our sites. The ICF has to be obtained and explained by a doctor, so he will explain the drug that is being tested, and only then the trial will proceed.
    • How taking consent changes in trauma and emergent medical situations: During a medical trauma, a hospital or doctor will administer acute medical care and take care of what the person is suffering at that moment. Subsequent data brought in by his friends and family can be used to give him further treatment. Emergent conditions like brain strokes require acute treatment, technology can help maybe in an area where can I treat a patient without sending him to a [indiscernible]? UK and USA today have protocol which say that 16 minutes is the cut-off time for radiologists or doctors to report a stroke. But can this be reduced from 16 minutes to 2 minutes? This is where technology comes into picture. Can an AI system say with 90% accuracy that this is a brain bleed? Again, if the AI detects by mistake that it’s a brain bleed, then what?
    • Numerous medical conditions may arise during a patient’s hospitalization, especially in emergent cases. In such cases, hospitals need to carry out blood transfusions or new procedures, and we need to take consent. Taking consent for this must be a simple, one-line system without medical jargon.
    • Keeping patients at the center, while promoting innovation: Thinking about technology and data at each level of the value chain is useful because it brings in different geographies, harms, regulators, and damages. Currently, we don’t have a nice little flow chart each stage of each health technology with all actors and institutions mapped out. When it comes to keeping the patients at the centre of this discourse, preventing harm to patients is important but we cannot lose sight of promoting innovation and ensuring a fair marketplace. You don’t want barriers to innovation. We want to think about the laws we want and not the laws we have.

Brokering consent for e-prescriptions; licensed use of prescription data

  • “The customer gets license to use the data, but the actual data remains with us”: [Company name redacted] is the sole custodian of the patient prescription data (which is then sold to us), and we are a world-leader and repository of prescription data. We store this data, process it, run different algorithms, customize the data and sell it to the customers who want it for xyz reasons depending on what their business is. The AI tools helps the business customize their solution offering, and the customer gets a license to use this data although the actual data remains with us. There was a central policy framework which proposed a government repository linked with an Aadhaar number to store all electronic health records. Based on a public-private key system, the patient would have one key, the hospital would have the other. Before any third-party transfer data or processing data, the patient had to know first, and consent would be obtained via the key mechanism. The patient and hospital both have to give their consent for use.
  • From consent to informed consent: There isn’t going to shortage of medical data in India, it needs to be available through formal appropriate legal consent. Some may try to subvert this and use patient data for another use than what it was originally collected for. We need to make the journey from some kind of consent to informed consent.

Issues with doctor consultations apps: where is the consent?

  • “Confidentiality is actually not protected in reality”: When it comes to doctor consultation apps, there’s a contract between the doctor and the app. Companies like this come into the picture to protect the confidentiality pursuant to the provisions of that particular contract. Although we are required to do this, it doesn’t actually happen. Many patients get duped because they aren’t aware of what the laws are, and suddenly are shocked once they know that their personal data is out there. Then, it appears as if anybody with an internet connection can access your data. Consent means that you give assent or dissent to something; this is up to the individual because ultimately the data is theirs. Informed consent means that people know what’s going to happen to their data. The doctor has to explain the disease or ailment, as well as the treatment. He/She gives the patient all the information and then asks them to sign a form, which states the patient disease information, the data arising out of the treatment, and how it will be used. This, however, is not the reality and data is being misused.
  • Rumours of [Company Name redacted] promoting unreputed doctors: Rumours about [Company Name redacted] have been going around among doctors right now. Just as Google could put some sponsored search results higher, [Company Name redacted] has been doing so too. Companies like these can promote physicians with hardly a reputation in the professional circles, but the innocent have no clue and fall victim. Such behaviour needs to be curbed.