Data protection, new tech and privacy Charles.Lowe@ourmobilehealth

Data protection, new tech and privacy [email protected] 447860 619424 @LoweCM @ourmobilehealth

Warnings: 1) I am not a lawyer 2) 15 minutes is way too short So please familiarise yourself with the laws and check any important statements with your local legal advisers

General Data Protection Regulation aka GDPR Comes into force 25 May 2018 – 38 days’ time! Huge non-compliance cost: fines 4% global t’over/ 20m, plus compensation claims & reputational damage “Personal data” now includes genetic, mental, economic, cultural & social identity data New role of DPO as a person with expert knowledge of DP law and practices to ensure internal compliance

Three key principles Privacy by default Privacy by Data

Key implications for patients Explicit consent now required for data storage/use Consent can be withdrawn Right to erasure/be forgotten Privacy policies must be comprehensive, simple, easy to understand Access to personal data cannot (normally) be refused Right of data portability between systems

EC response for mHealth apps EC-initiated industry Code of Conduct: – In response to EC Green Paper 2014 – Initially voluntary, however volunteers accept legal liability under GDPR – Based on GDPR with appropriate mHealth enhancements – Current structure Q&A – Issue remains ensuring compliance – Still needs Article 29 WP approval for completion – See https://ec.europa.eu/digital-single-market/en/privacy-code-conduct-mob ile-health-apps

How we assess apps ASSESS REVIEW Assessment: 1. 2. 3. 4. 5. Apps 6. 7. 8. 9. 10. 11. Overview Effectiveness Regulatory Approval Clinical Safety Privacy & Confidentiality Security Usability Accessibility Interoperability Technical Stability Development plan Consolidation & Check Regulations Standards Best Practice Monitor 3 Experts: Clinical Patient Safety IT/IG CURATE & Distribute

How we assess apps ASSESS REVIEW Assessment: 1. 2. 3. 4. 5. Apps 6. 7. 8. 9. 10. 11. Overview Effectiveness Regulatory Approval Clinical Safety Privacy & Confidentiality Security Usability Accessibility Interoperability Technical Stability Development plan Consolidation & Check Regulations Standards Best Practice Monitor 3 Experts: Clinical Patient Safety IT/IG CURATE & Distribute

The basic processes this fits into This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-NC

TRUST It’s about building confidence

How are patients affected? Experience to Q2 17 NHS Apps Library EMIS Apps Library Diabetes Prevention Programme Good Thinking (mental health) Parkinson’s UK

Thank you [email protected] 447860 619424 @LoweCM @ourmobilehealth