Nigel Jones, ex Head of Legal at Google EMEA and co-founder of the award-winning Privacy Compliance Hub, shows how HealthTech startups that understand the importance of privacy can flourish
The pace of change in healthcare is rapidly accelerating, fueled by technology, inefficiencies that come from siloed IT systems, and bright ideas from entrepreneurs who are joining the dots across the patient journey.
The pandemic provided a shot in the arm for the HealthTech sector, with more digitisation than ever before. Remote appointments have helped GPs see more patients quickly. Digital diagnostic tools are using artificial intelligence (AI) to assist in detecting cancers, or spotting serious eye conditions. And robots are carrying out surgery or 3D printing human cells.
But amid such innovation, there’s increasing scrutiny about the privacy implications of such technology. Wearable technology, for example, allows users to track everything from sleep and blood pressure, to steps and food. Critics are asking whether the collection of such intimate data, and the subsequent loss of privacy, is too high a price to pay for the likely health benefits.
Here’s how HealthTech entrepreneurs can make sure privacy empowers, rather than limits, their startup’s growth trajectory.
-
Be deliberate about the data you’re collecting and why
It’s easy to ask users for more and more information, but is it all really necessary for you to run your service? Map the data you’re collecting across your organisation, consider what it’s being used for, how long it’s stored and what happens to it once it’s no longer needed. If you can keep the amount of personal data you process to a minimum, it’s much easier to protect it. The scope of the work should also not change without being open about that change and, possibly, obtaining fresh consent. One crisis text line for urgent mental health support, for example, was recently found to have given third-party researchers access to millions of messages, despite promising never to do so.
-
Use privacy to build a reputation for trust
Data is a valuable resource and HealthTech startups need to be transparent with their users. Terms and conditions and privacy notices should be written in clear, accessible language and cover what happens to userdata, who it will be shared with, and the rights users have under the UK GDPR. Public opinion is largely sceptical of the ability of technology companies to keep digital health information secure – a global survey by Accenture, found 55% do not trust tech companies with this information. So those organisations that can make privacy a core part of their operation will stand head and shoulders above the rest.
-
Take cyber security seriously
The healthcare sector is a popular target for cyber criminals, reporting 17% of all data breaches in 2020/21, the highest of any one industry. Experts believe it’s seen as attractive to criminals because they believe they’re more likely to be paid. One survey of 100 cybersecurity managers in health found 81% had suffered a ransomware attack in the past year, and 38% elected to pay a ransom to get their files back. One attack on Ireland’s health service in May 2021 led to a number of hospital appointments being cancelled. Take security seriously and users will be more likely to trust you with their sensitive data.
-
Build a robust culture of continuous privacy compliance
Safeguarding privacy is a responsibility for everyone within an organisation, from HR and customer service, to sales, marketing and IT. HealthTech leaders should make it clear that they care about this issue and appoint champions in each team to keep privacy front of mind. Training should be easy to understand and held regularly. When every team member understands the importance of privacy, they will care about it and do their bit to protect it. Armed with the knowledge of where the parameters lie, staff are empowered to make the most of the data that’s collected, while asking ‘what does that mean for privacy’ at every step of the way.
Data is essential in the evolution of healthcare. But it’s a responsibility that needs to be taken seriously. With the right approach, entrepreneurs can push the boundaries of innovation and make a real difference to the lives of the public.
Nigel Jones is the co-founder of The Privacy Compliance Hub, a no-nonsense platform created by two ex-Google lawyers that makes compliance easy for everyone to understand and commit to. Take your free 10-minute GDPR health check here.
