We all know that we are living in a time of tumultuous change, however, it is still sometimes overwhelming to think about how much life has changed in the last 30 years because of technology, and to know that this is only the beginning of that journey. Perhaps, ironically, as one of the most ancient of professions, medicine and healthcare may also experience, and cause, some of the most transformative and societally impactful effects of this technological paradigm shift.
In this article, we examine some of the key technological changes affecting how business, and in particular the profession of medicine and the provision of healthcare, is being affected, as well as looking at some of the legislative initiatives in the UAE that have been developed to foster this while at the same time protecting patients.
Data is the lifeblood
Information, data, knowledge sharing, and experimentation are fundamental to scientific progress. The swathes of new data being generated on a daily basis is now in the region of 2.5 quintillion bytes of data and growing. About 90 per cent of that data was created in the last two to three years alone. By 2025, it is expected that the total amount of digital data in the world will be about 163 zettabytes.
Data for medical and healthcare purposes may not, of itself, be a large proportion of that total amount of data (compared with, for example, how many photos are uploaded to Instagram each day), and analysis of Big Data can still lead to false positives (such as Google Flu Trends failure in 2013). There is however no doubt that the collection and analysis of data will lead to innovations in the analysis, treatment and prediction of health and medical trends, and will transform healthcare as we know it today.
One way to gather data about patients is through telemonitoring. This is already happening at a commercial level through fitness trackers, phones, smart watches and apps designed specifically for these devices. More targeted collection of specific data can occur through more precise monitoring devices capable of monitoring blood sugar, heart rate, blood pressure, movement throughout a day etc., in real time, or very close to it. Again, the collection of this data from these and other devices and sensors (for example, through the Internet of Things within a patient’s home or workplace) will contribute to the data lakes needed to allow scientists (including data scientists) and medical professionals to be able to analyse trends, identify risks and develop innovative solutions.
Telemedicine at its most basic level could be someone picking up a phone to a doctor. However, advances in communications technology now allow for a more intimate experience with doctors that are not in the same location as the patient. There are obvious benefits to this, for example, enabling patients living remotely to have more ready access to doctors and specialists who, even if they can’t make detailed diagnoses, might at least be able to provide an initial assessment.
Telesurgery is also becoming increasingly popular. However, there remains a number of fundamental risks and limitations around undertaking telesurgery, given its dependency on telecommunications networks, which remain vulnerable to latency (lags) in the communications, cyber-attacks, or even power outages. Another issue that telesurgery needs to address is feedback and haptic delay. Surgeons rely upon the feedback they receive in real time from a patient, as well literally feeling their way through the surgery. Remotely operating on a patient means that the surgeon won’t have those immediate tactile cues to assist her or him during surgery. To address this, technologies are being developed to enable surgeons to remotely “feel” what they are doing, as well as see it.
Again, it is expected that, as communications and computing become even more ubiquitous than they are at present, there will be innovations to reduce the risks caused by these and other factors. For example, January 2019 saw the launch of the first regulated live telehealth platform in the Dubai Health Care City, while separately the UAE’s first patient safety blockchain solution was developed, used in conjunction with Near Field Communication (NFC) tags, enabling the verification of the authenticity of blood bags and pharmaceutical products across the medical supply chain.
A common problem doctors and pharmacies face regularly are patients who shop between doctors in order to overprescribe to addictive drugs that patients can abuse.
Data exchanges over a unified prescription system can go some way to solve these problems. These systems allow for prescriptions to be logged in a centralised system that records each patient’s prescription, and when the patient has fulfilled it.
It is also a very convenient way for patients to be able to collect their medicines without needing to worry about keeping the physical document evidencing their prescriptions safe, and to have the option to visit any number of pharmacies that each have access to the same information.
The next frontier – Artificial intelligence, predictions and robotics
Given the current pace of digital transformation we are now entering the initial phases of what was once science fiction. Although by no means perfected yet, Artificial Intelligence (AI), combined with advances in quantum computing and data science, will play an increasingly large role in the practice of healthcare. It is expected that the use of AI and machine learning will soon be regular tools in the practice of medicine on a day-to-day basis, including for specialist diagnoses and development of treatment plans. The volumes of data that can be collected, and analysed, by these tools and quantum computing is mind blowing. To not develop these capabilities in a way that can assist humanity in its development would be a wasted opportunity, to say the least.
The combination of AI, Big Data, Quantum Computing and robotics will be a step again, as surgeons may start relying upon it more often for the treatment of patients in remote places, including during outbreaks of deadly diseases, or in conflict zones.
But what about privacy?
One of the most sacred traditions in healthcare is doctor/patient confidentiality. There have long been legal and ethical requirements to protect patients’ confidentiality, and the UAE is no exception. However, these requirements now need to be considered in a context where there are vast swathes of data, often in many locations, being used by different entities, for various purposes. What can be done to maintain patient confidentiality, in a modern, cloud-based environment?
Big Data, by its definition, is not interested in the specific information related to one individual. Personal data might be caught in a data lake, but this is not necessary for Big Data to be analysed.
However, converting personal data into truly “anonymised” data, which might be an ethically and legally sound concept, is becoming increasingly difficult to do as computing power (quantum computing) continues to increase, making encryption less secure, and as techniques further develop to reverse engineer anonymised data.
Legal developments such as the EU’s General Data Protection Regulation (GDPR) go some way to requiring that data controllers take steps to ensure that processes and technologies have privacy built into them as a feature. However, this was always going to be an “arms race” between those seeking to protect personal data (and other forms of data), and those wishing to unlawfully exploit or damage it.
Privacy in healthcare is going to become even more important to patients in this new paradigm.
Other concerns – The hype curve, trust, competition and regulation
The above might sound fantastical, and it probably is. Gartner’s Hype Cycle curve is well known for its five stages of “The Technology Trigger”, “The Peak of Inflated Expectations”, “The Trough of Disillusionment”, “The Slope of Enlightenment” and finally, the “The Plateau of Productivity”.
The hype cycle has been criticised for not being scientific or borne out by analysis, however, it probably does chime with a general experience many of us have had in relation to the adoption of new technologies. While we are no doubt entering into a new phase of technological advancement and application, how and when these advancements will occur, or if they will occur in the manner we expect is, at best, a well educated guess (have you read a newspaper in a taxi lately, or just browsed your phone(s) in a Careem or Uber?) .
That said, the uptake of these technologies can be supported where patients and healthcare professionals trust the processes and the outcomes. Key to this will be not overpromising and under-delivering. Cautious optimism is perhaps the preferred approach.
Finally, but by no means exhaustively, there will inevitably be winners and losers in the race to develop technologies and services, and to get these to market. As with most new technologies, it is foreseeable that from a vast field of new start-ups a much smaller number of players will emerge as successful (think about how “the big 4” tech companies emerged from the Internet boom since the 1990s). Market power is likely to vest in these successful entities and most probably at an international scale. This will raise questions around the ethics and legalities of a few players having (exclusive?) access to medical information or knowledge, or the know-how and intellectual property, to vast swathes of certain data types (including genetic data), or access to AI products, software platforms, and their devices. There are already a few examples of this, including the recent revelations of Google’s Nightingale project, which is gathering medical data of “tens of millions” of medical records – without patients’ knowledge.
This, combined with Google’s recent purchase of Fitbit, and its extremely advanced computer science, should place it in an almost unassailable position when compared to many healthcare start-ups (and perhaps even established healthcare providers). It may also pique the interest of competition and data protection regulators, concerned with such a massive tech player moving into this vital sector (this, of course, depends upon how Google gathers data, and what it does with it – there have been no regulatory decisions about this as yet, but numerous news articles report consumer, and regulator, concerns about Nightingale). Regulators across a wide spectrum of sectors and disciplines, such as data protection, communications, healthcare and competition law, will need to work closely together to understand these issues and act in a manner that incentivises innovation, while at the same time protecting patients and other healthcare consumers. Past experience in technology regulation, such as telecommunications regulation, shows us how difficult this balance can be.
But what’s law got to do with it?
From a legal perspective, the UAE has already taken steps at various levels to regulate some of these emerging issues.
For example, the UAE’s Federal government recently issued Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields (ICT Health Law). The ICT Health Law requires the UAE Ministry of Health to establish a Central System in coordination with the UAE’s various health authorities and other healthcare sector stakeholders to keep, exchange and collect all health information and data. It further imposes a general prohibition on the transfer, storage, generation or processing of health information and data related to the provision of health services in the UAE to countries outside the UAE, except in cases defined in decisions issued by the various health authorities in coordination with the Ministry of Health.
By way of contrast, Dubai Health Care City (DHCC) Regulation No. 7 of 2013, applicable in the DHCC, does allow transfers of patient health information to countries, which the DHCC has determined to have an adequate level of protection, or where the transfer is authorised by the patient or otherwise necessary for the on-going provision of healthcare services, an arguably more pragmatic approach than that in place on the mainland.
In Dubai, the Dubai Administrative Resolution No. 30 of 2017 Concerning the Regulation of Telehealth Care Services (The Telehealth Regulations) regulates the requirements that must be satisfied in order to obtain a permit to perform telehealth services within the emirate of Dubai.
The Abu Dhabi Department of Health has issued a set of ‘Standards for the Provision of Tele-Monitoring’, which both encourages the availability of telemonitoring services to patients in the Emirate, whilst at the same time requiring that any healthcare providers, which do offer such telemonitoring services obtain a licence to do so. Importantly it prohibits the monitoring of a person without their knowledge.
The Abu Dhabi Department of Health has also issued a policy statement on the ‘Use of AI in the Healthcare Sector’, which seeks to articulate the Emirate’s vision for AI in healthcare, as well as outlining the key roles of relevant stakeholders.
This is an emerging legal field that is also converging practices that traditionally haven’t worked together, such as technology regulation, data protection law and healthcare law. We can expect a lot more change in this exciting field, both in terms of technological breakthroughs, but also in the complexity of laws and regulations surrounding it.
References available on request.