We are in a new era of global technology advancement. The United Nations, World Economic Forum and other international organisations are regularly calling it the ‘Fourth Industrial Revolution’ (1). Various groups have compared today’s ‘data’ or ‘digital’ revolution, and recently artificial intelligence, (2) in the scale of the inventions of the internet and electricity. As the digital revolution engulfs the health sector as we know it, communities around the world need to be ready. Health research and implementation organisations have to be ready, and above all the World Health Organization (WHO) must be ready for this revolution.
While the world unites to fight the COVID-19 global health emergency together, the pandemic proves the need for strong global cooperation. Travel and trade restrictions are in effect as all labor goes digital. Transparency and accountability of countries’ surveillance, monitoring and reporting systems have been questioned (3). Relevant global guidelines, standards and norms are not complete; national disease databases are not up to date. In the absence of a cure, health systems are stretched; gaps in medical and scientific research are laid bare (4).
None of these issues can be addressed without sharing of data, biological sample and epidemiological information on a global scale. COVID-19 is evidencing the limitations of data hoarding and the benefits of data pooling. But as we embrace this digital revolution, as we think about the benefits of data sharing, ethical considerations are more important than anything else – we must ensure the respect, privacy and confidentiality of individual user data in safe, secure, interoperable and above all trustworthy systems. Health data needs to be a global public good, and that will need good global health governance led by WHO.
We will need to learn from COVID-19, as we have from other global health emergencies (5 , 6). In 2005 the world was reeling from the effects of SARS. In a step towards ensuring better public health decisions and governance, WHO Member States signed the International Health Regulations (IHR). (7) The objective of the IHR is “to prevent, protect against, control and provide a public health response to the international spread of disease in ways that are commensurate with and restricted to public health risks, and which avoid unnecessary interference with international traffic and trade” (7). It is an international treaty, a legal instrument. It is a ‘hard law’ and needs a legal basis. The IHR has an ‘opt-out’ framework – Member States that do not opt out are legally bound to it. It requires all countries to “detect, assess, report and respond” severe public health events – and its objective indicates it is a balance between disease control and free trade.
The IHR clarified the chaos around reporting and action on public health events; for example, it led to the formation of the categorisation ‘Public Health Emergency of International Concern’ or PHEIC (7). It ensured better national surveillance and reporting mechanisms are put in place by necessitating that some diseases must always be notified (wild polio, smallpox, SARS and new influenza sub-types), and that some diseases must always be investigated (like cholera, yellow fever and four others). The IHR has directly facilitated response activities to the COVID-19 pandemic.
Much of the response and recovery is necessarily digital, but digital health today causes the most chaos in the health sector. Including and beyond emergency response digital platforms for data sharing and epidemiological modeling, it also includes e-health, m-health, data systems like Electronic Health Records and Health Management Information Systems like DHIS2, Logistics Management Information Systems, diagnostics, artificial intelligence for health, and more. There are no globally accepted definitions, benchmarks or standards in place. Yet it is revolutionising global health – several organisations have specialised digital health/innovation departments or teams, and several more have data sharing policies. This holds true with WHO (which has a digital health and innovation team, as well as data sharing policies for public health emergencies (8) and outside of public health emergencies (4) ), as also in other U.N. agencies (UNICEF, UNAIDS); with most country governments; (4) with international organisations and NGOs such as OECD, The Global Fund and PATH; with foundations like the Bill and Melinda Gates Foundation; and with private companies, namely Microsoft.
The IHR does not address data sharing. Additionally, the IHR’s construct allowed restriction to Member States but clearly global health data governance needs to be more stakeholder inclusive. While IHR is vital during emergencies, data sharing is crucial in health programs, interventions and efforts during and outside of emergencies, as indicated by WHO data policies (4 , 8). Here lies the case for an independent WHO treaty on inclusive, equitable and responsible cross-border data and information sharing. The next few paragraphs will look at the different legal, ethical, political and technical aspects to achieve this.
From a legal standpoint, among the different WHO treaties two regulations and one convention of whose scale potential health data regulations must be considered here. The first regulation considered is the WHO Nomenclature Regulations (9) in 1967 that simplifies understanding of disease and health, and the effectiveness of the tools used to protect populations from disease, infirmity and affliction. The second regulation is the IHR mentioned above, used mainly during and around public health emergencies. Regulations are generally opt out – as are these two – while conventions are ‘opt in’, meaning countries that would like to sign and ratify are welcomed to do so. The Framework Convention on Tobacco Control (FCTC) (10) tabled in 2003 is another treaty, but a convention. While it is opt in, all Member States but nine have signed and six have signed but not ratified. While other treaties have been proposed, one with an active movement is the Framework Convention on Global Health, (11) that seeks to ensure equity and justice in global health programs. We can take different follow up lessons from each of these treaties.
Several stakeholders have called for or encouraged an IHR-type treaty on data sharing, including in fact the private sector (12), government representatives, civil society and research institutions. One legal precedence for a global data sharing regulation is as an addendum to the IHR – similar to how the protocol on illicit trade is an addendum to FCTC (13). Relevantly IHR does not have a legal basis for sanctions – which has been widely criticised (14). Another precedence is as a separate convention or as an addendum to the FCGH, given organisations active in global health are the most vocal, and arguably most affected stakeholders of data sharing regulations. However, given the cross-border sensitivity and time-independent nature of health data sharing an opt out basis (like IHR) has been advocated over an opt in basis (like FCTC). Moreover, the IHR deals mostly with public health emergencies.