COVID-19 Blog
03 April 2020

The case for health data regulations

We are in a new era of global technology advancement. The United Nations, World Economic Forum and other international organisations are regularly calling it the ‘Fourth Industrial Revolution’ (1). Various groups have compared today’s ‘data’ or ‘digital’ revolution, and recently artificial intelligence, (2) in the scale of the inventions of the internet and electricity. As the digital revolution engulfs the health sector as we know it, communities around the world need to be ready. Health research and implementation organisations have to be ready, and above all the World Health Organization (WHO) must be ready for this revolution.

While the world unites to fight the COVID-19 global health emergency together, the pandemic proves the need for strong global cooperation. Travel and trade restrictions are in effect as all labor goes digital. Transparency and accountability of countries’ surveillance, monitoring and reporting systems have been questioned (3). Relevant global guidelines, standards and norms are not complete; national disease databases are not up to date. In the absence of a cure, health systems are stretched; gaps in medical and scientific research are laid bare (4).

None of these issues can be addressed without sharing of data, biological sample and epidemiological information on a global scale. COVID-19 is evidencing the limitations of data hoarding and the benefits of data pooling. But as we embrace this digital revolution, as we think about the benefits of data sharing, ethical considerations are more important than anything else – we must ensure the respect, privacy and confidentiality of individual user data in safe, secure, interoperable and above all trustworthy systems. Health data needs to be a global public good, and that will need good global health governance led by WHO.

We will need to learn from COVID-19, as we have from other global health emergencies (5 , 6). In 2005 the world was reeling from the effects of SARS. In a step towards ensuring better public health decisions and governance, WHO Member States signed the International Health Regulations (IHR). (7) The objective of the IHR is “to prevent, protect against, control and provide a public health response to the international spread of disease in ways that are commensurate with and restricted to public health risks, and which avoid unnecessary interference with international traffic and trade” (7). It is an international treaty, a legal instrument. It is a ‘hard law’ and needs a legal basis. The IHR has an ‘opt-out’ framework – Member States that do not opt out are legally bound to it. It requires all countries to “detect, assess, report and respond” severe public health events – and its objective indicates it is a balance between disease control and free trade.

The IHR clarified the chaos around reporting and action on public health events; for example, it led to the formation of the categorisation ‘Public Health Emergency of International Concern’ or PHEIC (7). It ensured better national surveillance and reporting mechanisms are put in place by necessitating that some diseases must always be notified (wild polio, smallpox, SARS and new influenza sub-types), and that some diseases must always be investigated (like cholera, yellow fever and four others). The IHR has directly facilitated response activities to the COVID-19 pandemic.

Much of the response and recovery is necessarily digital, but digital health today causes the most chaos in the health sector. Including and beyond emergency response digital platforms for data sharing and epidemiological modeling, it also includes e-health, m-health, data systems like Electronic Health Records and Health Management Information Systems like DHIS2, Logistics Management Information Systems, diagnostics, artificial intelligence for health, and more. There are no globally accepted definitions, benchmarks or standards in place. Yet it is revolutionising global health – several organisations have specialised digital health/innovation departments or teams, and several more have data sharing policies. This holds true with WHO (which has a digital health and innovation team, as well as data sharing policies for public health emergencies (8) and outside of public health emergencies (4) ), as also in other U.N. agencies (UNICEF, UNAIDS); with most country governments; (4) with international organisations and NGOs such as OECD, The Global Fund and PATH; with foundations like the Bill and Melinda Gates Foundation; and with private companies, namely Microsoft.

The IHR does not address data sharing. Additionally, the IHR’s construct allowed restriction to Member States but clearly global health data governance needs to be more stakeholder inclusive. While IHR is vital during emergencies, data sharing is crucial in health programs, interventions and efforts during and outside of emergencies, as indicated by WHO data policies (4 , 8). Here lies the case for an independent WHO treaty on inclusive, equitable and responsible cross-border data and information sharing. The next few paragraphs will look at the different legal, ethical, political and technical aspects to achieve this.

From a legal standpoint, among the different WHO treaties two regulations and one convention of whose scale potential health data regulations must be considered here. The first regulation considered is the WHO Nomenclature Regulations (9) in 1967 that simplifies understanding of disease and health, and the effectiveness of the tools used to protect populations from disease, infirmity and affliction. The second regulation is the IHR mentioned above, used mainly during and around public health emergencies. Regulations are generally opt out – as are these two – while conventions are ‘opt in’, meaning countries that would like to sign and ratify are welcomed to do so. The Framework Convention on Tobacco Control (FCTC) (10) tabled in 2003 is another treaty, but a convention. While it is opt in, all Member States but nine have signed and six have signed but not ratified. While other treaties have been proposed, one with an active movement is the Framework Convention on Global Health, (11) that seeks to ensure equity and justice in global health programs. We can take different follow up lessons from each of these treaties.
Several stakeholders have called for or encouraged an IHR-type treaty on data sharing, including in fact the private sector (12), government representatives, civil society and research institutions. One legal precedence for a global data sharing regulation is as an addendum to the IHR – similar to how the protocol on illicit trade is an addendum to FCTC (13). Relevantly IHR does not have a legal basis for sanctions – which has been widely criticised (14).  Another precedence is as a separate convention or as an addendum to the FCGH, given organisations active in global health are the most vocal, and arguably most affected stakeholders of data sharing regulations. However, given the cross-border sensitivity and time-independent nature of health data sharing an opt out basis (like IHR) has been advocated over an opt in basis (like FCTC). Moreover, the IHR deals mostly with public health emergencies.

Given the complex stakeholder landscape the first step towards productive multi-stakeholder collaboration is to understand their different inputs, needs, focuses and capacities. Let us briefly consider the following treaty life cycle (15).

Arguably we are now at the ‘Formulation of an initial idea by an influential group’ and ‘Network configuration’ phase, moving towards the ‘Issue formulation’ phase. It is here and beyond that stakeholder collaborations on a trustworthy platform become vital. That will need to lay a political foundation for domestic policy advocacy that is addressed eventually at the World Health Assembly. A proposed Health Data Regulations at this stage will require strong political impetus and commitment first and foremost, with support from the other stakeholders mentioned.

Source: The Legal Strength of International Health Instruments - What It Brings to Global Health Governance

Apart from these legal and political aspects, there are broadly four ethical considerations (16 , 17) we must take into account. The first concerns collaboration between different organisations, and specifically the collective implementation of interoperable, flexible systems. Trust between the collaborating institutions involved is key, as often these organisations have ownership of large swathes of data, expertise and other information. Trust can be built through collaboration, sharing and learning on a trustworthy platform. The second consideration is the regulation of the IT industry that is multi-sector by design – different national IT systems are driven by different actors, whether public sector, private sector or independent academia. Regulations such as GDPR (18) help reduce manipulation of user data by the IT industry. The third and possibly most important consideration as mentioned earlier is the privacy and confidentiality of users. Interoperable data architectures almost always necessitate anonymisation of user data, especially in health. Existing inequality can translate to ‘data discrimination’ of vulnerable and conventionally exploited populations. Gender equality must be prioritised. We cannot compromise on human rights. The final consideration is to ensure cross-border equity with information sharing – data and artificial intelligence cannot become an exploitation tool that ‘data-rich’ countries use as an advantage over ‘data-poor’ countries.

These legal, political and ethical considerations are best addressed on a neutral platform with a strong technology basis. Health data regulations clearly require a broad, strong and stable technology basis. Local technology advancement stories that contribute to global sharing can ensure internationally inclusive technology contributions. Global innovation and youth challenges led by U.N. agencies and civil society are steps towards this. Combining real time data integration with epidemiological models can help pandemic prediction, prevention and preparedness. It can also help reactive health systems act proactively. Technology-based tools can help health systems upgrade from siloed and paternalistic to integrated and patient-centric.

Given our current complex and chaotic digital health ecosystem, a neutral platform is key to driving health data regulations from an inclusive and equitable multi-stakeholder collaboration viewpoint. Digital governance is clearly a domain which necessitates the inclusion and diversity of not just population groups but also stakeholder groups. Governments and public sector must drive governance along with data-active international health organisations, and conventional under-representation from the private sector must be defied, while ensuring above all responsible and respectful innovation. This is why we need a WHO treaty on health data regulations.

Potential health data regulations would require their own complex ecosystem – with key stakeholders determined broadly and crudely in three categories: who has information, who uses information, and who facilitates information. These translate mainly to Member States, the private sector (especially those pushing for regulations and their competitors), foundations (which often own different projects around the world, including associated data and information) and civil society advocates (who are crucial change agents).

There are several currencies of collaborations that a regulation will require from strong, productive and effective collaboration. These could be financial resources; human resources to drive projects; data itself; models, algorithms, expertise and other tech tools; testbeds to validate data and these tech tools; functional network facilitation through influencers and change-makers; technical advice especially from WHO; and community advocacy. In this long and hard process, these tangible resources collectively build the ultimate currency of collaboration: trust.

In essence, today’s complex global health landscape deeply and urgently requires good global governance; and the best global governance is through an international WHO treaty in the form of health data regulations. Inclusive, equitable, concept-rich, respectful, innovative and multi-stakeholder collaboration in a neutral setting must drive this, through approaches that build inter-institution and public trust.


Written by Akarsh Venkatasubramanian, Project Manager, International Digital Health and Artificial Intelligence Research Collaborative (I-DAIR), Global Health Centre