Ten years on from the launch of the iPhone, the rise of the smartphone is the most significant technological development in a generation. Today the average iPhone is unlocked 80 times per day, with the average user spending 145 minutes interacting with their device, generating reams of personal data that has propelled a handful of companies savvy enough to capture it into the stratosphere.
Whilst data has historically centred on search queries, app downloads and purchases, the rise of personal health apps has opened a new, potentially lucrative, stream of information that both public and private sectors would love to get their hands on. In 2014 Apple released its own ‘Health’ app, embedding health informatics at the heart of its operating systems and since then the explosion in popularity of personal health trackers means there is a treasure trove of information that could help with everything from public health planning, to drug development, to reducing the pressure on the NHS.
The value of this data has not gone unnoticed – big Pharma has been steadily investing in mobile devices and patient-facing apps for years and 2017 has seen a huge increase in UK HealthTech seed investment combined with an increase in deal size. So far in July alone there has been £37.4m. £32.05m was invested in the first quarter, compared to a huge £66.23m in the second quarter. The same period last year saw only £22.96m invested in the first quarter, followed by a mere £0.5m in the second quarter. According to a Silicon Valley Bank report, HealthTech investment is at an unprecedented high.
The diversity of the emerging sector, ranging from genomics to artificial intelligence, has the opportunity to transform the way health and care is delivered. But this is not a free run to printing money, as with everything in the NHS, there are significant barriers to implementation. Setting aside the difficulties of change management within organisations, serious concerns around privacy protection are proving to be a roadblock to the creation and acceleration of innovative digital products that have the ability to drive crucial change within the NHS.
The difficulties faced by tech companies manoeuvring in this space were brought to light by the recent issues surrounding Google DeepMind app’s use of personal data, which raised questions from the influential National Data Guardian for health and care, Dame Fiona Caldicott, surrounding the legality of using 1.6m patient records without consent. Ultimately, the Information Commissioners Office ruled that the Google DeepMind trial failed to comply with the Data Protection Act.
However, that was not the first time a company had been tripped up by these issues. It was not even the first time Google had been.
In 2008 Google launched ‘Google Health’ a personal health record (PHR) service which allowed users who opted in to upload their health records into the cloud. The service was shut down four years later due to lack of uptake, with one of the primary reasons cited as concerns over what people’s data would be used for.
In the UK, governance of information in the health space is already a quagmire, with companies having to navigate the Data Protection Act (DPA), the Caldicott principles and the NHS code of practice. Moreover, the impending introduction of the General Data Protection Regulation (GDPR) in May 2018 and changes to the Caldicott principles will serve as further impediments if companies are not fully compliant. The Government’s recent response to Dame Fiona Caldicott’s review of data security, consent and opt-outs, confirmed that the national data guardian will be given a statutory footing and the ability to impose new regulatory scrutiny of data security and harsher penalties for serious data breaches.
But what does this mean for the market and the glut of health apps and devices? Increased competition and increased regulatory risk.
Regulation vs opportunity
The implementation of the GDPR will see the tightening of requirements to demonstrate consent when using personal data. Fines for improper use of data will increase considerably, from £500,000 for a breach under the DPA to either 4% global turnover or £20m, whichever is larger. Furthermore, under the changes to the Caldicott principles patients will now have the right to opt out of their data being used in cases other than for their direct care. Use of anonymised data remains the same, however, it will become a criminal offence to combine anonymised data with other sources thus rendering it identifiable. As highlighted by Professor Jonathan Montgomery, chair of the Nuffield Council on Bioethics, “in the context of health data, the difficulty is magnified by the fact that in order to be useful the data has to be quite rich about your health: The richer it is, the more possible it becomes to use those techniques to correlate.” (The Big Data Dilemma report, Science and Technology Select Committee, April 2016).
And this is a fundamental problem – for the data to be valuable it has to be (at least in part) identifiable, for privacy concerns to be allayed it can’t be.
Public sector personality disorder – innovation and inertia
Whilst there is constant rhetoric from politicians that “the tech revolution is happening” the public sector is woefully behind the curve in adopting digital possibilities and its antiquated approach to procurement is simply not structured to embrace disruptive technology.
According to GK’s own research over 75% of STP plans highlight “technological transformation” as a key priority, but exactly what this means will vary across the 44 plans and largely be driven by the personalities involved.
Personal health data could revolutionise the provision of public health services and deliver the efficiencies so badly needed by a stretched system, but to do that there must be a sea change in the way government thinks about health. For years the joke has been that what we have in this country is not actually a National Health Service but a National Sickness Service and big data could finally give health planners the opportunity to change this. Data could create a system where preventable diseases are actually prevented, through data-led intervention long before patients become critical and land on the treatment table at an over-burdened hospital. Data could help plan public health campaigns, and better target interventions on nutrition, smoking, exercise or any number of things to exactly where it is needed before it becomes an issue. Remote monitoring via apps and devices could ensure pressure is kept off A&E departments by alerting the individual and clinicians the moment any warning sign began to develop.
All of this is possible today. It is needed today. And the Department of Health, NHS England and everyone involved in health procurement need to wake up to the possibilities.
In the face of growing demand for health and care services, and in an era of increasingly personalised care, there is clearly an important role for HealthTech. But balancing the public concerns, regulatory challenges and dealing with a slow to innovate public sector will present challenges. It is fundamental that any HealthTech company looking to sell to the NHS is not only well versed in data protection and cyber security but also the intricacies of selling to the public sector.
Initiatives such as the Global Digital Exemplars demonstrate that NHS Trusts are increasingly recognising the need for better digital infrastructure and systems, such as Electronic Patient Record (EPR) systems and decision support systems. Whilst it undoubtedly represents a viable market for organisations who believe they offer the solutions to the NHS’ digital problems, growing demand is leading to increasing competition for contracts.
It is therefore vital that any organisation wishing to win business in this area ensures that they have the following things:
We are in an exciting phase of digital transformation in our healthcare system; for it to be realised HealthTech companies need to understand the complex regulatory landscape, and the procurement processes of the NHS.
For questions relating to cyber security, data protection or investment advice please contact Fleur, at firstname.lastname@example.org
If you would like further information on how to better understand and navigate the current and future opportunities, please contact Emma, our B2G lead at email@example.com