Professional Documents
Culture Documents
International Conference On Current Situation and Challenges of Health Database in Each Country
International Conference On Current Situation and Challenges of Health Database in Each Country
REPORT
1pm-5pm, May 13th, 2017
JMA Auditorium, Tokyo, Japan
Program
� � � � � � � � � � � � � �� � � � � � � � � � � � � �� � � � � � � � � � � � � �� � � � � � � � 3
Message ……………………………………………………………………………………………………………………………………… 5
Yoshitake Yokokura
President, Japan Medical Association
President-Elect, World Medical Association
Keynote Address
“Current Situation regarding Health Database Utilization and Related Legislative
Systems in Japan”
� � � � � � � � � � � � � �� � � � � � � � � � � � � �� � � � � � � � � � � � � � 6
Ryuichi Yamamoto
Chief Director, Medical Information System Development Center
Invited Professor, Jichi Medical University
Lecture 1
“Improving Health with Databases and Biobanks: Promise and Pitfalls” ���� 16
Robert Wah
Former President, American Medical Association
Lecture 2
“Personal and Private Big Data: Genomes and Health Records” ���������� 23 Ju
Han Kim
Professor, Seoul National University College of Medicine
Lecture 3
“Development of the Taiwan Health Information Network and Health Cloud” � 31 Heng-
Shuen Chen
Assistant Professor, School of Medicine, National Taiwan University
Lecture 4
“Health Data: Its Protection and Better Use for the Public and Patients” � � � � 39 Norio
Higuchi
Professor of Law, Musashino University Faculty of Law
Comment
“Health Database: Are we ready to step forward?” ������������������� 47
Dong-Chun Shin
Professor, Yonsei University College of Medicine
PROGRAM
Moderator: Mari Michinaga, Executive Board Member, JMA
13:00 Opening
13:05 - 13:50 Keynote Address “Current Situation regarding Health Database Utilization
and Related Legislative Systems in Japan”
Ryuichi Yamamoto
Chief Director, Medical Information System Development Center
Invited Professor, Jichi Medical University
13:50 - 14:20 Lecture 1 “Improving Health with Databases and Biobanks: Promise and
Pitfalls”
Robert Wah
Former President, American Medical Association
14:20 - 14:30 Q&A
14:30 - 15:00 Lecture 2 “Personal and Private Big Data: Genomes and Health Records”
Ju Han Kim
Professor, Seoul National University College of Medicine
15:00 - 15:10 Q&A
15:10 - 15:20 Break
15:20 - 15:50 Lecture 3 “Development of the Taiwan Health Information Network and
Health Cloud”
Heng-Shuen Chen
Assistant Professor, School of Medicine, National Taiwan University
15:50 - 16:00 Q&A
16:00 - 16:30 Lecture 4 “Health Data: Its Protection and Better Use for the Public and Patients”
Norio Higuchi
Professor of Law, Musashino University Faculty of Law
16:30 - 16:40 Q&A
16:40 - 17:00 Comment “Health Database: Are we ready to step forward?”
Dong-Chun Shin
Professor, Yonsei University College of Medicine
3
Message
Yoshitake Yokokura
President, Japan Medical Association
President-Elect, World Medical Association
5
◉ Keynote Address ◉
Current Situation regarding Health
Database Utilization and Related
Legislative Systems in Japan
Ryuichi Yamamoto
Chief Director, Medical Information System Development
Center Invited Professor, Jichi Medical University
year 2000 (Slide 1). With the introduc-tion of ing that the introduction of computers must have
insurance claim processing software which began considerably reduced the amount of labor imposed
in the 1960s, the use of ICT relatively quickly on healthcare institutions. Because saving labor
became popular among healthcare institu-tions directly produces profit, ICT in healthcare rapidly
within the following decades. progressed in this area in those years.
As you all know, the governmentʼs universal In the 1980s, soaring national healthcare expen-
healthcare program, when it first started, was ditures arose as a problem, and the optimization of
mostly based on the fee-for-service system— the healthcare costs without sacrificing the quality
namely, the reimbursement was based on the sum of care became a social challenge. This facilitated
of all services provided, so a healthcare the streamlining of certain tasks, mainly in the area
institution had to endlessly repeat an extremely of administrative works that do not directly involve
large number of simple calculations to produce the delivery of care and the carrying of hard-copy
medical fee bill-ing statements. This posed a papers between places. Furthermore, large hospitals
considerable burden on the institutions. started to adopt a paperwork streamlining system—
Computers in the 1960s were quite incompe- the so-called “order entry system” or Ordering
tent—they were no match for the smartphones that System (R)—in the 1980s. So, an economic motive
everyone now has or even calculators of decent was behind this change, and the certain degree of
quality. Still, the task of repeating simple calcula- success had prompted larger hospitals to adopt such
tions over and over is easy for computers but ex- systems quickly.
tremely difficult and tiresome for humans, mean- The paperwork streamlining system was char-
6
◉ Keynote Address ◉ Current Situation regarding Health Database Utilization and Related Legislative Systems in Japan
(Slide 2) (Slide 3)
Brief History of Healthcare ICT in JAPAN Action Plan 2006 (Health field)
Medical Information System Development Center Medical Information System Development Center
7
(Slide 4) (Slide 5)
National Claims and specific screening information
Data Oriented Projects in Japan database system of Japan (NDB)
Medical Information System Development Center Health plan Medical institutes MHLW
National Insurance Claim and Health Check-up DB (NDB) Check-up data Claim data
2nd Pseudonymization and
Mid-Net Project (PMDA & MHLW) Health insurance claims review and store to NDB
reimbursement service
KDB 1st Pseudonymization
Nursing care evaluation DB Sending data (Claim data: 1/month, Prefixed
Check-up data: 1/year) Analysis
Nursing care insurance claim DB
National Cancer Registration Federation of National Health
Insurance organizations
National Clinical DB On demand Analysing System
1st Pseudonymization
・・・・・・・ Sending data (Claim data: 1/month,
Check-up data: 1/year) NDB is defined in “Elderly Persons’
Medical Genome Center Biobank (National Center for G & G) Health Care Act” for creating
Check-up data Claim data adequate health care insurance
Tohoku Medical Megabank Organization
Health plan Medical Institutes policy.
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
(Slide 6)
biobank, called the Medical Genome Center
Insurance Claim data
Date of birth (only month and year values)
(MGC) Biobank, for over 10 years now, but com-
Diagnosis
Data of beginning of care and number of days for paratively few specimens have been collected
care Health institute ID
Kind of visit
Existence of educational guidance
yet. The Tohoku Medical Megabank was created
Prescriptions with drug code, Injections with drug code Codes
of medical procedures, Codes of Surgical Operations with the intention of making the Tohoku Region
Codes of laboratory, physiological and radiological examination (without results)
Codes of Imaging diagnosis
Total costs
a top healthcare developed area after the Great
Double hashed value of Insurance claim ID, birth date and
gender Double hashed value of Name, birth date and gender
East Ja-pan Earthquake.
Health check-up data for life style related diseases Slide 5
Date of check-up or educational guidance shows how the insurance claim data and specific health check-up and guidance data are collected by the NDB, the first and
largest health database in Japan. The process of pseudonymiza-tion is repeated twice to ensure irreversible ano-nymization. The MHLWʼs database is shown
Code of Health plan on the right. The same process for anonymization ap-plies to the specific health check-up and guidance data. This database was constructed in response to
Code of examination institute the Act on Assurance of Medical Care for Elderly People.
Publication
ing patient privacy. The possibility of identifying Analysis by
Prefectural Judgment by Assessment Committee
exact individuals is thus still not zero when the care Governments evaluating the necessity of using NDB data
evaluating the public goodness of the survey or the rese
provided was extremely rare or when ex-tremely Advise to Minister of MHLW Decision by
Minister of
MHLW
rare drugs were used, even without their Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
9
(Slide 8) (Slide 9)
National Center for Geriatrics and Gerontology
Japanese Sentinel Project (Mid- Medical Genome Center Biobank
net project)
Medical Information System Development Center
SS-MIX:
Standardized Structured Medical record Information eXchange
Based on HL7 version 2.5 messages, CDA R2, and DICOM Over
800 hospitals already implemented SS-MIX standardized
Storage system.
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017 Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
operational for about 8 years now. each hospital. After the data extraction system and
Now, I would like to explain another health da- the removal of the ID information, the data under-
tabase, the MID-NET (Slide 8). This database was go statistical processing and extraction to provide
created under the Japanese Sentinel Project, which answers in the common language. The resulting
was inspired by the Sentinel Project proposed by files produced at multiple healthcare institutions
the US-FDA. Unlike other commonly created from this process are then integrated and analyzed,
health databases, this is a distributed database— to possibly reveal rare adverse effects or enable
namely, data are physically located at individual early detection. This project is operated mainly by
health institutions after being converted into com- the Pharmaceuticals and Medical Devices Agency
mon data models. (PMDA), which is equivalent to the US-FDA.
In this project, the hospital databases based on However, one drawback to the MID-NET is that
a common data model are given a standardized only the data from major hospitals are available.
que-ry (search/extract) language and somewhat Therefore, this project might not function well for a
stan-dardized statistical processing language, and disease for which patients do not commonly seek
the databases then return their results. Therefore, care at major hospitals or a drug that is not com-
the data never really leave the hospitals. monly used at major hospitals. There is a vision to
The SS-MIX2 standard, which is a MHLW gather data from nearby clinics at each major hos-
standard, is used as the common data model. Its pital, but nothing about this has yet been done.
contents are a combination of globally accepted Although they are all major hospitals at present,
basic standards such as HL7 and DICOM, and a 23 hospitals across the country are participating in
Standardized Storage System is housed in each this MID-NET project, including NTT Group hos-
hospital so that all hospitals can receive a shared pitals; university hospitals at Tohoku University,
inquiry and each hospital can answer it. the University of Tokyo, Chiba University, Hama-
For example, the accumulated data can amount to matsu University, Kitasato University, and Saga
10 million persons in 5 years, so even a drug that University; and Tokushukai Group hospitals.
only one in every 100,000 people uses will be used
by roughly 100 persons. In this project, which Biobanks in Japan
became operational this year, data collected from As a very brief introduction of a Japanese bio-
different hospitals are used to study the adverse bank, I would like to mention the Medical Ge-
effects of different drugs or to examine the effect of nome Center Biobank, which the National Center
countermeasures against certain side effects. for Geriatrics and Gerontology in Osaka has been
For example, in an EMR database of the MID- operating for over 10 years (Slide 9). Its scope of
NET Project, a standardized storage is created in operation is not very extensive, so the number of
10
◉ Keynote Address ◉ Current Situation regarding Health Database Utilization and Related Legislative Systems in Japan
(Slide 10)
tions. So, this project has already succeeded in
Tohoku Medical Megabank Organization (ToMMo) identifying new SNP variations
11
(Slide 11) (Slide 12)
Biobank Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017 Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
A health database will not function if it simply exist for diabetic patients, for example, should be
consists of a computer with data discs and a data- investigated—in fact, such a study is already un-
base inside (Slide 11). First, data must be collected. derway. Naturally, a similar study should be car-
Second, the collected data must be used. Risks ex- ried out on other diseases, but a database has to
ist in each process. Now, there are some points to be considerably large to study a rare disease.
attack. These attack points have to be clearly iden- Therefore, privacy protection as well as infor-
tified and managed. This is quite a tough task, and I mation protection are very important for the safe
believe that security is truly an eternal challenge. operation of biobanks, too. Collecting clinical in-
Just recently, the NHS of the UK was reportedly formation when these security aspects are insuffi-
hacked, and it seems there is no end no matter how cient poses an extremely high risk. A biobank con-
much you try. Still, we have to continue working tains materials that allow one to analyze all known
on it. In short, this is an area for the risk has to be genes if one wants, and a health database contains
reduced to an acceptable level. all clinical information; exploitation of both as a set
As for biobanks, their collections are biological can be extremely problematic. Therefore, I be-lieve
specimens, so they are generally stored in deep a database for a biobank should be under more strict
freezers. A deep freezer is extremely heavy and has management than a regular database.
quite a strong door, and it is not difficult to block
the access. Basically, it is relatively not dif-ficult to Japanese Legislative System on Priva-cy
prevent the stealing of specimens from a deep Protection
freezer—it is far easier than is ensuring in- Next in Slide 12, I would like to briefly intro-
formation security. However, biobanks alone are duce the content of the Personal Information Pro-
not much useful. A biobank with tissues and cells tection Act of Japan (PIPA), which was
to extract genes, for example, is not very useful complete-ly renewed in 2005. This law, which
without the information on what kind of patient the laid the foundation for privacy protection
cells are obtained from. legislation, is characterized by a major feature—
Therefore, a biobank is naturally accompanied by that is, a differ-ent system was in place for each
a health database of this sort. A biobank and a sector. Another way of saying this is that a
health database together, with additional informa- different set of rules exists for administrative
tion such as clinical findings, can be significantly agencies, independent administrative
meaningful. The outcome of the Tohoku Medical corporations, and municipal gov-ernments. The
Megabank so far was the result of a sample analy- rules themselves are not so differ-ent, but the
sis; it did not require clinical findings. In the next primarily responsible person is differ-ent because
step of the study, the types of SNP variance that these organizations belong to different systems.
12
◉ Keynote Address ◉ Current Situation regarding Health Database Utilization and Related Legislative Systems in Japan
Security Guidelines for Health Information Systems Security Guidelines for Health Information Systems
MHLW 2005 - 2017 MHLW 2005 - 2017
Medical Information System Development Center Medical Information System Development Center
1. Introduction Chapter 6: Basic Security Management of Health Information Systems
2. How to Interpret the Guidelines 6.1 Policy and Disclosure
3. Scope 6.2 Identify the Data and Risk Analysis
4. Responsibility for Handling Electronic Health Information 6.3 Organizational Security
5. Interoperability and Standardizations 6.4 Physical and Environmental Security
6. Basic Security Management of Health Information Systems 6.5 Technical Security
7. Requirements for full digital systems 6.6 Human Security
8. Requirements for Outsourcing of Data Storage 6.7 Discard of Health Data
9. Scanning or Digitizing of Analog Data. 6.8 System Development and Maintenance
10. Operation Managements 6.9 Taking out Information and Information Equipment
Appendix 1. Sample of rules for Basic Security Measurements 6.10 Emergency Action in Disasters or Other Incidents
Appendix 2. Sample of rules for Full Digital Systems 6.11 Security for Information Exchange with Networks
Appendix 3. Sample of rules for Outsourcing of Data Storage 6.12 Electronic Signature
Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017 Copy Right: Ryuichi Yamamoto, MD, PhD, MEDIS, Tokyo, 2017
In the case of healthcare, there are hospitals run years once a rule is established. Every new tech-
by municipal or prefectural governments, hospi-tals nology requires new guidelines to match, so the
run by independent administrative corpora-tions, MHLWʼs guidelines are revised very often.
and a few healthcare institutions run by the national I want to draw your attention to Item 6 on basic
government, while most other healthcare security (Slide 14); these guidelines advise on de-
institutions, including long-term care institutions, veloping a policy and making it available to the
are run privately. Therefore, the primarily respon- public and performing a risk analysis, and talks
sible persons under the law would differ among about security in terms of organizational,
these institutions. To be specific, the Minister of physical, technical, and human-resource
Health, Labour and Welfare is responsible for pri- perspectives and the destruction of health data.
vately-owned healthcare institutions; the Minister Healthcare delivery is continuous, but IT systems
of Internal Affairs and Communications is respon- do not last as long. Every 5 or 6 years, hardware
sible for institutions run by the national govern- must be modified, and such maintenance issues
ment; a chairperson of an independent administra- are also dealt with in the rules.
tive corporation or the Minister of Internal Affairs There are other situations to consider, such as
and Communications is responsible for institu-tions when a physician is making a house call or
run by an independent administrative corpo-ration; provid-ing home care and information has to be
and the head of a local autonomy, mayor, or taken out-side, when a large-scale earthquake or
governor is responsible for institutions run by a disaster occurs, or when is system is under attack
municipal/prefectural government. by a hacker. What needs to be done then? The
This means that the input of many different guide-lines provide all the above, describing how
peo-ple responsible for privacy protection needs to ex-change medical/health information via
to be collected before sharing health data among network, and introducing a guideline for
these institutions. Reportedly, this is one factor electronic signa-ture at the end.
that is negatively influencing health data sharing The rules of operation of every health database,
in real-ity. This is a major shortcoming. including the NDB and MID-NET, all refer to the
Slide 13 shows the MHLWʼs security guidelines MHLW guidelines, which must be adhered to.
for information management, which are based on So, this part is more or less the standard point-of-
the above-mentioned PIPA. These guidelines are ref-erence in terms of the security of health
revised almost every year, and the 5th edition will databases in Japan at present. Naturally, any
be published soon. Security needs to change in ac- flaws, loop-holes, or overlooked items are a
cordance with the changing technology; it is not serious problem, so every caution should be taken
something that remains acceptable for 5 or 10 in the repeated revisions.
13
The revision of the PIPA has been in progress Identifying Code. A whole genome is naturally
for 3 to 4 years now. First, the Act of 2005 pro- an identifiable code; however, it is yet not
vides rules, but they are very reserved and ex- defined in detail as to how small the genome
tremely loose when it comes to penalty. The unit information should be to be no longer considered
of enforcement was an organization, and the personal in-formation. The Personal Information
rules were insufficient to control and deter those Protection Committee has issued a set of
who have truly ill intentions. standards for the time being, but more
Another issue was the usefulness of the Act. deliberation is believed to be necessary.
Personal information can help develop society as Another thing to consider is the “weight” or
a whole through its positive use. The Act was sensitivity of the personal information—some in-
estab-lished to set rules for not causing any formation is heavy or highly confidential, whereas
inconve-nience to individuals and to avoid some is light or not so sensitive. For example, a
violation of their rights; however, as the name of point card is used when shopping at a grocery store.
the law im-plies, the operation of the law tended It creates data on who bought what at how much at
to focus too much on “protection.” a store, and this is considered personal
Additionally, the Act did not define what information—the same applies to a medical record
consti-tuted personal information—namely, it did at a hospital. Prior to the revision of the Act, both
not clearly lay down the standards as to how far shopping history data and medical record data were
iden-tifiability had to be reduced for personal equally considered personal information.
informa-tion to no longer be considered personal. In the revised Act that has adopted the concept
There-fore, one person might think that erasing of sensitive data, however, shopping data and
names and dates of birth from personal medical record data are treated differently.
information is enough to use the information Almost all health data are designated as sensitive
freely without con-sent on the one hand, while on data. Once classified as sensitive data—
the other hand, someone else might think that technically called “personal information with due
erasing names and dates of birth is not enough consider-ation” in Japan—the data cannot be
because the source can still be identifiable obtained with-out the consent of the source
through street addresses or shopping history. individuals. Sensitive data cannot be offered to a
Such extremes in opinions fed peopleʼs anxiety. third parity without consent, and the purposes of
Understandably, this anxiety made both the use cannot be changed. For other types of data,
user side and the source side feel unsure. So, the there is an option of “opting out”—that is, the
law was revised to ensure how “this sort of intent to offer data to a third party is made widely
informa-tion can be used” and “we will never known to the public, and the data can be made
inconve-nience you because we have de- available upon notifying the Personal Information
identified your information this much.” Protection Committee if rejection is not received
I will now list some characteristics of the re- from the individuals. However, this “opt out” is
vised Act, which came into effect on May 30th. not allowed for sensi-tive data under the law.
One that is relevant to both health databases and With this revision, healthcare institutions in
biobanks is the creation of Identifying Codes general such as hospitals, clinics, long-term care
(i.e., personal identification codes). This is facilities, or health check-up centers cannot offer
information that alone allows us to identify the patient data to anyone without first obtaining the
exact individu-al. For example, a passport individual patientʼs consent. In this sense, a genet-ic
number is unique, so a passport number alone analysis for a commercial purpose might be per-
can allow one to identify the exact individual. formed with his/her consent, but the risk of his/her
A genome sequence is also considered a type of materials being used for other intentions has been
14
◉ Keynote Address ◉ Current Situation regarding Health Database Utilization and Related Legislative Systems in Japan
people.
Assessment Committee
On the other hand, medical and health informa- PPDM
High
performan Laboratory Center
Small Hospitals
ce
tion is not just used for individuals—in fact, Authorized
De-identifying
statistical
process Reconfirmation Cloud ORCA
Small Hospital
Custom-made statics
Custom-made statics
of oneʼs own health, this also means that the is not good enough; a patient has to be instructed
information is not available for future medicine to read the notice on a bulletin board, and if the
as well. This is one area in which the revised Act patient does not refuse, and only then can the in-
has created some concern. formation be collected.
An effort is currently underway under a law to
Positive Use of Health Data for Medi-cal establish a system to de-identify (anonymize) and
Research in the Public Interest provide these data upon fully reviewing the pur-
For this reason, the next-generation healthcare poses of use based on appropriate standards, and
infrastructure law just passed the National Diet this ensuring that the purposes can be met and that the
past April (Slide 15). This law defines a ser-vice individuals and the institutions from which these
provider responsible for anonymization who will data are obtained will not be inconvenienced, dis-
provide personal information exclusively for the criminated, or unjustly judged in any way. This
purpose of medical research and technology law, commonly called the Health Infrastructure
innovation with the public interest in a way that it for Next Generation Act, is a brand new legisla-
will never infringe the privacy of the individuals. tion, and its detailed operation is still waiting to
This Authorized De-identifying Organization For be established. Nevertheless, this law marks the
Health Data is a service provider that meets cer-tain start-ing point of creating a legal system that
criteria and is authorized by the government. Each promotes the proper use of health data including
healthcare institution is allowed to collect patient medical services and healthcare.
information on an opt-out basis for the Au-thorized This concludes my presentation regarding the
De-identifying Organizationʼs use after carefully movements on health databases in Japan. Thank
informing the patients. Having a notice on a you for your attention.
bulletin board and waiting for the word “no”
15
◉ Lecture 1 ◉
Improving Health with Databases and
Biobanks: Promise and Pitfalls
Robert Wah
Former President, American Medical
Association @RobertWahMD
(Slide 1) (Slide 2)
Implementation of EHRs
$20B
Population-Based Analytics
EHRs
$15B
Population Analysis
and Decision Support
$10B
HIEs
$5B
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
I would like to speak today about health data- ogy, the bits and bytes and boxes of getting
bases and biobanks and how we can use them to digital information together. I am more interested
improve the healthcare of our patients. I believe in what we can do with the information once we
that there is both promise and pitfalls in the use have it in a digital format, and that is where I
of health databases and biobanks. think we are right now. We can use very
powerful technology and computers to analyze
Three Waves of Health Information the digital information we have to help our
Technology in the United States patients become healthier and stay healthy.
When I think about health information technol-
ogy in the United States, there are really three “All of Us” Research Program
waves on which that has happened (Slide 1). The I would like to turn to a project that we are just
first wave was that we moved from paper records about to start this month in the United States. The
to digital records, and we spent about 30 billion name of the project is the “All of Us” Research
dollars making this happen. Program. It comes out of our goal of providing
Then we spent about another one billion U.S. “precision medicine” for our U.S. citizens. What
dollars to make health information exchanges so we mean by “precision medicine” is that we want
that we can connect the digital information we now to tailor treatment specific to an individual (Slide
have. Once we have the network-connected digital 2).
information, we enter the third wave; a new phase In the old days when a patient came to my office
of population analysis and decision support. and was diagnosed with diabetes, we would say for
As a physician, this is the interesting part for me diabetics this is what we do for all diabetics. But
in all of this. I am not so interested in the technol- now with personalized medicine, we can say
16
◉ Lecture 1 ◉ Improving Health with Databases and Biobanks: Promise and Pitfalls
17
(Slide 4) (Slide 5)
fare, and the psychological aspects of warfare. What I want to talk a little bit about is cyber se-
This will be a different cohort to study, but it will curity. You no doubt heard the headlines last night
still be a group of people to obtain rich informa- that there was a major hacking incident with the
tion from, and will provide a source for future re- United Kingdom National Health Service.
search and very exciting discoveries. The I have been talking about the cyber security of
“Million Veteran Program” already has 550,000 healthcare data for a long time. There are two
volunteers signed up to participate, so it is a little ma-jor threats to healthcare data that we can see.
bit ahead of the “All of Us” Program, which we One is the criminals, particularly in the United
are going to start in May of 2017. States, that are trying to steal healthcare data, and
These projects sound very similar to some of what we find in the United States is that this
the research I have heard other countries are health in-formation and stolen credit cards are
doing. Here in Japan we just heard about some being sold on the black market.
database creation that has already started and will If a credit card sells for one dollar in the crimi-
be on-go-ing. I was in Sweden two and a half nal marketplace, a health record sells for 50 to
weeks ago, and in Scandinavia they have a long 100 dollars in the same criminal black market.
history of col-lecting information on their The reason is the criminals use the information
citizens. We are see-ing this around the world, and health record to create a false identity. Using
where governments and private agencies are this false identity, they can then perpetrate very
collecting these new rich sources of information exten-sive financial fraud. They take the false,
with which we will be able to do research and, I created persona that they crafted from healthcare
believe, make very exciting discoveries. data and commit financial fraud, such as taking
out loans, creating credit cards, and buying boats
Cyber Security or houses. This seems to be a problem that is
I want to talk about the security considerations more focused in the United States than in other
that we need to keep in mind. I just showed you countries because of the way our financial system
two projects in the United States that show great works in the Unit-ed States.
promise. Now, letʼs talk about some of the risks and However, one problem that we are seeing every-
pitfalls that we have to think about as we gath-er where in the world that differs from information
this rich pool of information on our patients and theft, is ransomware. This is actually what hap-
citizens. I often say that I think health information pened with the National Health Service over the
technology for healthcare is really an intersection of past 24 hours. With ransomware, what happens is
health IT, cloud computing, and cyber security that the criminal elements invade a computer sys-
(Slide 5). At the middle of that intersection are our tem and then create some sort of a program that
patients. We should always remember that this is all encrypts and locks very critical files inside the
coming about for the betterment of our patients. computer system, so the computer system will not
18
◉ Lecture 1 ◉ Improving Health with Databases and Biobanks: Promise and Pitfalls
(Slide 6)
work because their files are locked.
The ransom part is that the criminals will not Historical perspectives
unlock the files or give you the key until you pay
The WMA has been concerned about health data for decades.
them a ransom. This is a problem everywhere in
– As early as 1973 in a “Resolution on Medical Secrecy” addressing Computers
the world, and that is what we are seeing with the and Confidentiality in Medicine at 27th General Assembly [GA] in Munich
– GA in Venice in 1983, short statement
NHS today. My company does a lot of work for – GA in Washington, DC 2002, extensive declaration
the NHS, so I have information about this issue. – The WMA Declaration of Taipei on Ethical Considerations regarding Health
Databases and Biobanks approved Nov 2016 by Taipei General Assembly
It looks like the attack that just happened in the
last 24 hours was not actually targeting the
National Health Service. It just happened to get
into the Na-tional Health Service, and that is why we call a bell that you cannot un-ring: once the
it is grab-bing all the headlines, but many people bell rings, everybody hears it.
believe it probably started in Spain with an Patients are very mindful and fearful that their
attempt to attack the telephone system there. very personal and confidential information may
So, we are seeing this wave of attacks, and show up on the Internet, and they are expecting us
what usually happens is a small piece of software as physicians and healthcare workers to do every-
we call “malware” is embedded in an email and thing we can to protect that very private and confi-
then somebody inadvertently clicks on the bad dential information that they have provided us. So
part of the email, which launches a ferocious there are many reasons why we need to improve
malware program into that computer and locking cyber security in healthcare: because of the false
down the files whether they be pictures, identity and ransomware problem, because of the
documents, or files, it locks them and then the privacy problem, and because of the security and
criminal demands a ran-som to unlock it. This is trust that our patients give us to keep their confi-
something we all have to be very mindful of, and dential information secure and private.
very vigorous in protect-ing against.
Another point about cyber security is that our WMA Declaration of Taipei
patients expect us in healthcare to continue to be I want to talk about the Declaration of Taipei. We
the good data stewards of their healthcare infor- as the World Medical Association thought this
mation. Patients give us as physicians very private declaration was important for physicians to talk
and confidential information because they know by about the ethics of collecting health databases and
doing so we can help them improve their healthcare biobanks going forward (Slide 6). It was a very
and maintain their health. However, they will lengthy and detailed project, and as I said, the
become very uncomfortable giving us information WMA has been concerned about this for a very
if we fail to continue to be good data stewards of long time. As early as 1973, there was a resolution
that information because patients have seen that on medical privacy by the World Medical Associ-
financial information has shown up inap-propriately ation, and then in 2002 there was a very extensive
on the Internet in the past. declaration on the digital information we are start-
Patients also know that if a credit card shows up ing to collect on patients. We felt that this declara-
on the Internet that it is a problem. But you can tion needed to be revised in 2017.
undo the problem. It takes a lot of work—it might The revision process started back in 2012, and it
take a year or so—but you can undo the problem if took almost four years to complete these very dif-
your credit card shows up on the Internet. If your ficult and challenging ethical guidelines. We had a
diagnosis of diabetes or HIV infection or the fact lot of input; we had open consultations in Copen-
that you take psychiatric medications shows up on hagen and Seoul. We had another open consulta-
the Internet, that cannot be undone. That is what tion during 2016, and we had a committee com-
19
prising members from all around the world, relies to make sure that we are taking care of their
including the JMA, who provided a very rich ethical and scientific concerns regarding using
range of perspectives on what their national con- data or conducting research. So we relied on the
cerns are about privacy and the security of health research ethics committee to unravel some of
information. These efforts resulted in the these very sticky problems because we cannot
Declara-tion of Taipei. possibly anticipate every problem in our Declara-
A couple of things for us to think about when we tion of Taipei.
look at this: one, which was already touched on in Now, it is worthwhile saying that there is a
the last lecture, is the question of what is identi- pret-ty broad spectrum of research ethic
fiable information and what is de-identified and committees across the world. Some countries
anonymized. The problem today is that with all the have very devel-oped research ethics committees,
ways available to link information, we proba-bly while those in other countries are not quite as
cannot completely anonymize or delink all the developed, and so we recognize this and we put it
information. This is particularly true when we have down on paper as well.
genetic information about individual pa-tients, as We also think it is important to think about gov-
that is a very specific fingerprint that would ernance. How is this data being managed, whether it
identify individual patients. be fluids, genomic data, or digital information?
Since we probably cannot completely ano- How is it going to be handled; who is going to be in
nymize or de-identify information with todayʼs charge; and who is going to be held accountable for
technology, we also need to think about what we the management of this information? So we think it
have always traditionally thought and relied on— is important to consider these issues going forward
that if we pool all the information and remove all that go beyond the ethical considerations of health
the labels it is okay, the information cannot be databases and biobanks.
linked back to a certain patient or individual. With biobanks, again, this is not just informa-
This is not true anymore. tion but also tissue and fluids. Many of the same
We also have to think about consent. We are very issues come up as with digital information, but
comfortable in medicine about getting in-formed there is an additional dimension when you talk
consent from our patients. But in the world of about tissue, body fluids, and blood.
databases and biobanks, where we may collect We were especially concerned about the han-
information today in 2017 but not use it for anoth- dling and transfer of materials. I can tell you that
er 10, 20, or 30 years, the consent issue is very from the perspective of Africans, based on their
different. If I obtain the consent of my patient in long history of being exploited, they are very con-
2017 to use their information or their blood, what cerned that people or countries or industries will
happens if I discover a new purpose to study their come to Africa and take advantage of the African
blood or information in 20 or 30 years? How do I peopleʼs poverty and maybe lack of sophistication
get their permission in 2017 for something that may and they will exploit their population, particularly
happen in 20 or 30 yearsʼ time? This is a very in taking biological materials. That is why it was
challenging issue that we need to deal with. important that we state in our Declaration to be on
What we said was the cornerstone of how we in guard against the kind of exploitation that African
medicine should handle this, is through research people are concerned about.
ethics committees, because almost every country Next is security; we already talked about this.
has a process where medical, ethical and legisla- It is very critical that our patients know that we
tive experts come together and create research eth- are continuing to be the best stewards possible of
ics committees. These committees set a sort of their data and keeping it secure and private.
golden standard on which everyone in healthcare
20
◉ Lecture 1 ◉ Improving Health with Databases and Biobanks: Promise and Pitfalls
(Slide 7)
Let me switch gears to say that we are very ex- The Middleware:
Supporting software to make
the App Openoranalytic Healthrun.
shared across the eco-system
• Data duplication is minimised
Connect Platform • Single consistent security
cited about the current level of technology and what The Infrastructure:
Hardware/servers
model
• Provides an environment for
The Current State of the Enterprise…. pluggable frameworks
we can do with the data once we have all the • Everyone builds
• Sharing of data and code
their own iceberg becomes the de-facto model
from scratch
do 25 billion dollarsʼ worth of business each year, never reused opportunities my Apps
21
(Slide 8) (Slide 9)
going to build a Grand Healthcare Platform in the gy in healthcare is to provide better information for
center for healthcare (Slide 8). better healthcare decisions (Slide 9). As I said, I am
This platform will be a virtual pool of informa- a physician who loves technology but not be-cause I
tion. It will not be one hard drive, one big data like the bytes and bits and boxes. I do not write
center that we are going to put everything into. code at night; I do not make applications on
The data will be federated, which means that it weekends. I am simply a doctor who wants tech-
will stay where it was created. We are not going nology to help me take better care of my patients.
to put it all in one place. But once we have this The way I think technology will help me take bet-
virtu-al pool of information at the center for ter care of my patients is by providing better infor-
healthcare, everyone participating in healthcare mation for making better decisions.
will be able to contribute to and extract Everybody in healthcare will make better deci-
information out of the pool. sions with better information. Patients, doctors,
Everybody around the circle—physicians, nurs- governments, payers, and researchers will all
es, specialists, hospitals, laboratories, medical so- make better decisions with better information. It
cieties, manufacturers, governments, payers, pa- is the role of technology to deliver the right
tients, and citizens—will all contribute to and informa-tion to the right person at the right time.
extract data from this pool of information. I think That is the really exciting promise of what we are
we are very quickly heading towards this system, talking about in health databases and biobanks.
and these little gold arrows are very secure pipes, I want to again thank the Japan Medical
with strong security for going in and out of the Associ-ation for your kind invitation. It is always
pool. This is where we are heading. I am excited a plea-sure and a privilege for me to travel
about this future because the pool of information is around the world and hear what is happening in
going to become very rich with health databases healthcare from the frontlines. Thank you for
and biobanks adding to it. your attention. I hope this information will be
helpful, and I am happy to answer any questions
Better Information for Better Health-care in the Q&A ses-sion.
Decisions
Finally, it is my belief that the role of technolo-
22
◉ Lecture 2 ◉ Personal and Private Big Data: Genomes and Health Records
◉ Lecture 2 ◉
Personal and Private Big Data:
Genomes and Health Records
Ju Han Kim
Professor, Seoul National University College of Medicine
(Slide 1)
I was previously here 13 years ago, so today is
my 13-years-later presentation, with a slightly I have sequenced my genome!
dif-ferent topic about health data. The title of my
talk is “Personal and Private Big Data”. I use the
word “personal” because, as you all may have
seen in the previous two lectures, although the
data has great value, it also has risk, and we need
to deal with that. The reason why we have risk is
that the data is personal—and even private—so
we may need to develop a strategy to deal with
both these complex, contradicting issues.
I will start by briefly introducing the .. with my twelve students
complexity of genomic data, on which my your genome sequence at all because it is in you.
research focuses, and then explain our pilot Genome data contains even more information than
system, which is intend-ed to orchestrate balance your entire medical record, especially when you are
between the risks and benefits of using this very in a healthy state. It is valuable, and the cost was
sensitive and very vul-nerable data. initially very expensive but is now below a
For this reason, the title includes “Genomes thousand dollars, so there is no reason why we do
and Health Records.” If I could add one more not integrate this genomic data into patientsʼ
type of data then it would be LifeLogs, which are health records. But it is very tricky.
being used by many members of the public. For So I decided to sequence my genome in 2011,
the first time in the entire history of medicine, when it was still very expensive, and I gave my
patients themselves have started to generate and genomic data to my students for them to try to find
use their own data using lifelogs. Thus LifeLogs out something about me from my data. The first
should be added to this complex system. genomic site that was interpreted was Chromo-
some 15 (Slide 1). They were all “A”s. So I have an
I Had My Genome Sequenced! AA genome type. The first step when you have
I will start with my personal experience con- identified one genome type from your genome is to
cerning my genome. Genomic data is extremely link your genome type to your database.
sensitive. As was shown in previous talks, genom- Here is the population structure of AA genome
ic data cannot even be anonymized. It is identifi- type among Han Chinese in Beijing (HCB) and
able, plain and simple. You cannot even change Japanese in Tokyo (JPT)� , which represents my
23
(Slide 2)
ethnic group very well. This data says that when
I am one third, my type of person may be found
in one third of the whole population of my ethnic
group.
You then link this data to some knowledge base
and find that I am a fast caffeine metabolizer—
which has been a well-known genome type for a
long time—and then eventually you link this data to
literature. One German article says that this type of
person—the genome type, by the way is on the
cytochrome A2 enzyme—is well-known to be a fast
caffeine metabolizer. They have done some clinical
research and have found that this type of person, ter than you because today hypercoagulability is
because they can metabolize caffeine very well, more of an issue than bleeding tendencies. Many
high levels of caffeine consumption does not of you may have to take anticoagulants to prevent
increase their cardiovascular risk. So at least the you from prothrombin events, especially in old
test had some positive implications in that respect. age. So slightly lengthened bleeding-time is not a
I am encouraging all my students to sequence health risk; rather, it could be a benefit.
their genomes, now that it is affordable. I am go- What happens if I take a new oral anticoagulant
ing to give you one more interesting example drug such as Rivaroxaban (Xarelto), which is a di-
con-cerning my genome which is both terrifying rect F10 inhibitor? If I take a F10 inhibitor, it will
and valuable, as well as revealing (Slide 2). I have lower my functional activity to 30, which means
found that I have Coagulation Factor 10 (F10) in- that I could be killed at any time. It is a terrifying
hibition. Coagulation Factor 8 deficiency is the risk. Rivaroxaban (Xarelto) is a blockbuster drug
cause of hemophilia. F10 deficiency is extremely which has 13 million prescriptions in the United
rare; there have been only two cases reported in States alone. I have researched the lawsuits against
the world. this drug on drugwatch.com. You do not want to
But I found that one copy of my F10 has been see this kind of TV ad: the Waldman Smallwood
lost. This type of inhibition is loss-of-function in- law firm called for those who have experienced bad
hibition. So I lost one F10 copy. If I had lost both side effects from taking the Xarelto drug to contact
copies, I could not have been born, because them. For this one anticoagulant drug, Ri-varoxaban
bleed-ing could not be stopped at all. So it is (Xarelto), there are currently 7,400 lawsuits filed,
okay, I do not have any bleeding tendencies. But and they will be resolved this year in Louisiana
one of my laboratory physicians took me to her court. Taking such drugs could be very dangerous.
lab and mea-sured all factorial activities. All my
blood coagu-lation factors are okay—showing The frequency of my type of F10 inhibition is
100% function activity—except for F10, which one in 167. So within this audience, at least one
shows 67% of normal activity, which is below person may have a similar problem as me, which
the minimum lim-it (which is 74 at my hospital), means about 760,000 people in Japan—not a small
and my prothrom-bin time (PT) is 12.3 seconds, number. One interesting thing is that the indica-
which is above our upper limit for PT. tions for the prescription of this drug have nothing
It is clear at a molecular level and functional to do with coagulopathy; rather, the main prescrip-
level as well as physiologically that I have thin tion indication is atrial fibrillation for elderly pa-
blood. So my bleeding time is longer. What the tients to prevent thromboembolic events. So peo-ple
implication here is, is that I may have evolved bet- who are older than 80 have an almost 20%
24
◉ Lecture 2 ◉ Personal and Private Big Data: Genomes and Health Records
(Slide 3) (Slide 4)
160
140
120
100
F10 (U/dL)
80
R² = 0.9994
R² = 0.9829
60 R² = 0.9826
40
R² = 0.9757
20
0
0 5 10 15 20 25 30 35 40 45
Rivaroxaban (pg)
chance of having atrial fibrillation, and so their pranolol and Betaxolol. But her scores for many
physician will prescribe this drug to them and one other drugs were within the normal range of
in 167 will be killed without anyone knowing what scores. Why would you prescribe this particular
has happened. I posted a message on my Facebook drug to this subject if you knew she has a particu-
page to all my physicians saying, “Could you lar mutation on these pharmacokinetic genes?
prescribe me an F10 inhibitor drug if you knew my I have created a smartphone app for her and that
genome type?” No one answered. shows her genomic sequence and CCR (Continui-ty
It was an exercise; I do not conduct full-blown of Care Record) and recognizes prescription sheets
experiments on myself or others. The functional and checks them for signs of risk for her to show to
activity of others who took the drug fell from 100 her physician. I have said to her, “Wow, these are
to 60, which is the therapeutic target for functional very important pharmacokinetic genes related to
activity while the drug concentration is increasing more than 200 drugs, so what happens to you?” Her
to the therapeutic level (Slide 3). My functional ac- answer was, “Professor, I take just half of the drugs
tivity level started at 67 and fell to below 30, which I am prescribed because I have expe-rienced so
means the drug could be toxic to me. many side effects.” After a pause, I re-plied, “You
Regarding adverse drug reaction (ADR), which did a good job.” This experience is actually
is the fourth leading cause of death in the United changing my beliefs because it is an issue
States, there are 2.7 million severe adverse reac- concerning compliance. Patient should take their
tion cases in the United States alone, from which drugs according to their physicianʼs instructions or
128,000 people may die, and the additional costs prescriptions, but in cases such as this, we may
of these drug side effects on par with the cost of have to be more cautious.
cardiovascular disease. It is a huge problem. Interpersonal variability is a very big issue for
How-ever, we may be able to manage this big data. If you integrate old personal big data,
problem by knowing interpersonal variabilities. you can tailor your diagnosis and therapy to indi-
vidual patients. Interpersonal variability is some-
Era of Personal Pharmacogenomics thing that has not been integrated into current
Slide 4 shows examples of 22 beta blockers; the medical practices.
lines are the scores for my students and me. This
particular female student, the red line, shows very LifeLogs
low scores for Propranolol none-selective and I have briefly touched on the importance of the
Betaxolol selective beta-blockers, which means she genome in this era of “precision medicine” (Slide
has a mutation on her cytochrome 1A1, 1A2, and 5). As I mentioned at the beginning of this talk,
3A5, which are the major enzymes for Pro- LifeLogs will be a problem. Patients, for the first
25
(Slide 5) (Slide 6)
Proprietary Adminstraton
EMR Hospital A Hospital B Hospital C
EMR
Regulation Hospital-centered
K-CDM
분석수행
결과
분석
질의 보안
Query
Constructor/
Analysis Code
Research
DW DW DW
자료 습득 eCRFs
FDA Metadata-Validation 폼 생성
Ontology-enhancement
Data indexing
Clinical research/trials
Databases
Protocol
Creation
BioEMR 임상연구
Clinical
XNet
Community Dr.-centered
CareNet
간호/케어중심 Agents
Pt. participatory
BMeSH: Biomedical
Avatar Metadata Standard
5 Pt.-centered for Health
time in medical history, have started to collect their son because he made his own genomic data pub-
own data and let the data work for them. The types lic, and the sonʼs argument was, “You and I share
of data are ever-increasing and should be in- half of the same data. You do not have the right
tegrated into patientsʼ health records very soon. But to release my data.” That is the reason for the
LifeLogs are outside the medical system. As law-suit. So genome data is extremely tricky to
doctors, we do not have control over LifeLog data. man-age in our healthcare system.
Here I have a question for all of us. My LifeLog
works for me at my cost without any preservation. Health Avatar on Common Data
For the first time in the entire history of medicine, Model
the patients themselves have started generating I observed two themes in the first keynote speech
their own data. Before that, doctors created pa- by Dr. Yamamoto. One is the centraliza-tion of all
tients' data on their behalf. What about our health healthcare information data in a single repository.
records? Health records are stored in our EMR The other is the creation of a distribut-ed system
system; they sleep for long periods of time and are which was a sentinel system for Japan. We have a
only awakened when the patient visits their physi- similar system K-Sentinel, and we have created a
cianʼs office. Health records then work for the pa- Common Data Model from different hospitals,
tient for a short duration—of course, in a very ef- although different hospitals have differ-ent data
ficient manner—and are then closed and sleep structures (Slide 6). When we supplied the Common
again 24/7. I would like to make health records Data Model, named K-CDM, they trans-formed the
alive, make the medical data inspire and work for data into a Common Data Model that is currently
the patient 24/7. used in 12 hospitals and that can be used for
Genomic data is even more complicated. There pharmacovigilance surveys, which are con-ducted
is no way to store your genome data. You cannot for governmental use to ensure drug safety. This
store your genome data in one particular hospital medical, EMR system serves hospital presi-dents
because you cannot see or use the data when you and administrators. However, I realized that as yet
are in a different hospital. But you cannot distrib- there are no, or very few, systems designed to serve
ute all of your genome data to many institutions physicians and patients themselves.
because it contains very sensitive information, We have created a physician-centered applica-
like mine does. It is inherently identifiable, and it tion. While the EMR system is an institution-cen-
is not just personal or private data, it is also tered information paradigm, we would like to cre-
family data, so it is shared. ate physician-centered information for each
Actually a son of Nobel laureate, James Wat- different specialty, such as cardiology and ne-
son, his assistant, has filed a lawsuit against Wat- phrology, and then allow users to communicate
26
◉ Lecture 2 ◉ Personal and Private Big Data: Genomes and Health Records
(Slide 7) (Slide 8)
Pharmacy B
Fittness
ClinicB
ClinicC Pharmacy C
genes
Integrity
market
Open Innovation
Env.
deli
27
(Slide 9) (Slide 10)
• 인제대 상계 백병원
• 경주 동국대 병원
• 건양대 병원
• 이대목동 병원
• 파티마병원
• 측추병원
• 곽내과의원
• 을지대 병원
• 부산대 병원
the practice of hemodialysis is standardized all making decisions together with their patients and
over the world. Patients visit the clinic two or so on.
three times a week; it is very data intensive; and We have extended usage of this distributed
it is a disease of the elderly, and so the healthcare app, so currently in South Korea, we have about
costs for chronic kidney disease is ever-increas- 15 ma-jor hospitals and clinics using the app,
ing. I heard that Taiwan spends 8% of health ex- which actu-ally shares the same structure base as
penditure on hemodialysis. We therefore created the Common Data Model for pharmacovigilance
a system to test this kind of paradigm. I showed you previously.
Slide 10 shows the app for physicians. Physi-
cians have all their patientsʼ data, and each Pharmacovigilance
patient has their own data; physicians can send So the same system, same structure—which is
data infor-mation such as hemoglobin, a distributed one—serves two totally different
pro-poses: for clinical practice, and for govern-
potassium, and calci-um—the most important
ment-driven pharmacovigilance for drugs and in-
information—to each patient and it will be fections. The advantage of this system is that you
displayed and managed by the patient. are able to manage the whole clinic. Individual
We started three years ago in our own hospital, patientsʼ data can be compared to the average
and currently we have 15 major hospitals using this data of 100 hemodialysis patients, which makes it
system (Slide 11). The advantage of this is that eas-ier to persuade and educate your patient.
medical staff can perform rounding with all of the
information stored in this system and the informa- We have had experience with this. Slide 12
tion can be sent to patients and used by doctors in shows a drugʼs classification. Hemodialysis is the
28
◉ Lecture 2 ◉ Personal and Private Big Data: Genomes and Health Records
Hemoglobin drops
16
most standardized practice, so the drugʼs classifi- if you have big data that is managed well, you
cation provides standardization of all your analy- may be able to respond to a pattern of data
sis and displays your laboratory results, which in- without knowing the underlying reality.
clude about 100 items. We have created a system covering all these as-
We incorporated all these in the program, and pects and made the Version 2.0 look much prettier
one day a clinic found that average hemoglobin and so on (Slide 15). Gradually we have expanded
levels at the clinic had gone down, which doctors this system from the dialysis unit to pediatric can-
had never known to happen before the introduc- cer, breast cancer (Pink Avatar), colon cancer,
tion of this kind of system (Slide 13). It was a big sports medicine, ArthroNet, and psychiatry, which
problem, so we researched every event that had is my specialty (Slide 16). We are attempting to
happened at this particular clinic two years ago, reorganize our computing paradigm for each spe-
and we found that a new drug had been cialty-based, physician-centered computing para-
introduced at around that time. digm. Eventually we will have a platform, and so
We did not have any evidence that the drug we would like to orchestrate interplay amongst
caused this kind of problem, but the salesman had smartphones and iPad apps and servers. We have
said you have to wait for at least three or four created a health avatar platform where you can plug
months and so on and so forth; so the clinic just in your personal patientʼs avatar—which is
stopped using the drug without confirming a caus-al composed of your genome, your LifeLog, and your
relationship because low hemoglobin levels were a medical records, which are logged in—and the
disastrous condition, and hemoglobin lev-els went physicianʼs system, which is also logged in, and
up again (Slide 14). It was a lesson for us: they will interplay with a secure platform in a
29
(Slide 17) (Slide 18)
3
IoA for Health:
Internet of Avatars, Agents and Apps
Your Genome
Personal
Health Record Lifelog
Health Avatar
Big Data
Distributed Agents
Open API
Doctor’s App
EMR
Hospital-centered
병원 의료원 보건소
시
연 Avatar
Pt-centered
!
CareNet
Care-centered
verifiable manner. Then, as I mentioned, third clinically relevant data supported by data technol-
par-ty players can provide intelligent clinical ogy to build clinical and patient applications that
decision support apps (Slide 17). can be uniformly connected based on this data
technology.
Internet of Avatars, Agents, and Phy-sician We are trying to build a community-wide pro-
Apps gram, and I realized that we need another layer,
In imitation of IoT, “Internet of Things”, I have which is for caregivers. Caregiver-centered infor-
named our concept the “Internet of A3”: the Inter- mation systems are also required. Clinical research
net of Avatars, Agents, and physician Apps (Slide about multi-centered information for each center
18). Our aim is to create cyberspace counterparts of can be supported by this kind of technology.
our activities in the real world. Agents can be What I realized was that the current EMR sys-
supported by such programs, and we have already tem is merely an institution-centered information
developed many (Slide 19). system, but not a system for all of us. It is not a
In summary, hospitals have built their own pro- physician-centered or patient centered one (Slide
prietary systems, but these are primarily designed 20). One solution does not fit all. We need physi-
to serve their own institution. However, once a cian-centered information systems and pa-tient-
system is transformed into a common format, it can centered information systems, as well as
be used by government agencies without cen- community-centered information systems, in the era
tralizing data, as in the Japanese central program of personal and private big data.
(see Slide 6). In Korea, we call this system “K-Sen- Thank you for your attention.
tinel”. From the managed data, you can pull out
30
◉ Lecture 3 ◉ Development of the Taiwan Health Information Network and Health Cloud
◉ Lecture 3 ◉
Development of the Taiwan
Health Information Network
and Health Cloud
Heng-Shuen Chen
Assistant Professor, School of Medicine, National
Taiwan University
(Slide 1) (Slide 2)
Development of Taiwan Health Infor- The purpose of this project is to return health in-
mation Network formation to citizens. Personal Health Records
To begin, I will give you an overview of the (PHRs) subsequently become a major issue in de-
de-velopment of the National Health Information veloping the national Taiwan Health Cloud (Slide
Network (HIN). In 1988, HIN version 1.0 was 1).
made for public health administration and health In HIN ver. 1.0. for health insurance manage-
insurance management. At that time, there were ment, we had three major regional centers—in
only labor health insurance and government em- Taipei, Taichung, and Kaohsiung—and these
ployee insurance schemes. cen-ters were connected via network (Slide 2).
The National Health Insurance system started In HIN ver. 2.0, we incorporated EMRs and
in 1995. In 1999, after the Internet become very medical images. Medical information and images
pop-ular, Taiwan started to develop electronic are stored on National Health Insurance Agency
medical records (EMRs). Subsequently, with the servers and are connected by virtual private net-
aim of developing a medical image exchange works. Other medical information application
center on the network, the HIN version 2.0 was shared among hospitals and clinics is on the
introduced around 2000. In 2001, National Inter-net (Slide 3).
Health Insurance IC cards were launched, and At the National Health Insurance Agency, there
many Internet appli-cations were later developed. is an Electronic Medical Records Exchange Cen-
In 2008, the Ministry of Health and Welfare ter with an index server, and hospitals can
started the National Health Informatics Project. connect to this exchange center (Slide 4).
31
(Slide 3) (Slide 4)
(Slide 5) (Slide 6)
32
◉ Lecture 3 ◉ Development of the Taiwan Health Information Network and Health Cloud
(Slide 7) (Slide 8)
surance Agency; the Disease Control Cloud; and and robotics in performing surgeries. For both
the Care Cloud, which is for long-term care and out-patient and inpatient chemotherapy, we use
disabled people. The care and services can be smart chemotherapy management (Slide 8).
con-nected. This integration effort is still in the There are many physiological data devices.
begin-ning stages. Data can be collected by using compatible proto-
cols. We have physiological data gateway, which
Taiwan Smart Healthcare is connected to the cloud and shares data among
Smart healthcare uses Information and Commu- the care providers (Slide 9).
nication Technology (ICT) to promote patient The previous speaker mentioned hemodialysis,
safety, medical care quality, and healthcare ser-vice and in Taiwan hemodialysis accounts for 8% of
efficiency. Patient engagement is becoming more healthcare expenditures. It is very important to
complex in our rapidly aging society. The increased im-plement good hemodialysis management
healthcare needs and lack of resources are forcing (Slide 10).
us to make some changes.
The advantage for Taiwanʼs smart healthcare Big Data + Open Data + My Data
in-dustry is that we have strong ICT and good First, we need to collect all the health informa-
medi-cal care. There is a huge hospital market: tion and create big data. We then need to make
100,000 hospitals globally, 500 in Taiwan, and this big data available to all healthcare providers
25,000 in China. and citizens. PHRs must become open data, then
Currently we use automation and many e-pre- “my data”.
scription systems (Slide 7). We use many monitors Here is an example of big data. In Taiwan, all
33
(Slide 11) (Slide 12)
(Slide 15)
the hospitals need to provide their real time ICU
bed information so that we can know in an emer-
gency situation which hospital to send the ambu-
lance to.
The future is ABCD, Analytics, Big data,
Cloud computing, and wearable Devices.
Alongside dis-ruptive technology―the most
innovative technol-ogy, according to McKinsey
& Company―the mobile Internet, knowledge
management systems, cloud computing, and the
Internet of Things (IoT) are ranked the top.
Wearable devices are becoming very small.
This one may be available on the market (Slide its. Usually for a chronic disease patient, I might
11). It features many functions: emergency calls, see the patient once every three months. But what
fall detection, heart monitoring, and even sleep happens between these visits? We still need to
detection (Slide 12). make efforts such as lifestyle modifications or
I myself wear a device here. You can see how I health education, and so this device can be useful
slept well last night because I was treated by the (Slide 13).
JMA president to a very good dinner―I can There is still a lot of hype about the Internet of
show you on my smartphone. Things (IoT) (Slide 14). This innovative technolo-
This device can be used between healthcare vis- gy has several stages. IoTs are still at the peak of
34
◉ Lecture 3 ◉ Development of the Taiwan Health Information Network and Health Cloud
expectations. Wearable devices are very useful mation Network (NHIN), useful applications for
(Slide 15). PHRs can be developed (Slide 18).
We currently have two kinds of PHR: My Health
Personal Health Records in Taiwan Bank and PharmaCloud. Citizens can use their
I will now talk about the elderly problem and health insurance card and go to the website to
the integration of long-term care into personal download their own personal health records from
health records. In Taiwan, aging of society is the National Health Insurance Agency (Slide 19).
pro-gressing very fast, and will peak in 2060. Physicians can also access a patientʼs PHR when
These are the problems (Slide 16). he/she visits the clinic or hospital. The provider IC
In 2000, 10% of the elderly accounted for 25% card, used in combination with the patient IC card,
of total healthcare expenses, but by 2025, they can access not only the patientʼs health records,
will account for more than half of total healthcare including medication records and laboratory ex-
ex-penses. amination results, but also medical images.
PHRs can be retrieved from electronic health
records (EHRs), which are patient-centered. Development of the Community Med-ical
EHRs are collected from different hospitals and Group
clinics, while electronic medical records (EMRs) In 2000, we developed the Community Medical
are kept within the one institution (Slide 17). Group (CMG), and in 2001 we further developed a
At a national level, PHRs can be retrieved and Community Healthcare Information System for this
collected from different government agencies or the group. In 2009, we developed the PHR Work-ing
private sector. With the National Health Infor- Group of the Taiwan Association of Family
35
(Slide 20) (Slide 21)
36
◉ Lecture 3 ◉ Development of the Taiwan Health Information Network and Health Cloud
(Slide 26)
(Slide 22). We added the terminal stage (end-of-life
care, palliative care, and bereavement care).
For the continuum of healthcare, we use IT
technology to provide telehealth or remote moni-
toring (Slide 23).
Holistic care is patient-centered, involves the
whole community, and is based on the concept of
family medicine (comprehensiveness, continuity,
coordination, accessibility, and accountability)
(Slide 24).
Assisted living has six categories. There are
many assisted living services and they are incor-
porated into our new long-term care 2.1 to this hospital last year. I want to become a grass
programs (Slide 25). roots person to develop a bottom-up healthcare
in-formation system in this area (Slide 26).
Puli Christian Hospital In our current design (Slide 27), we have the
Currently I work in the center of Taiwan. Our Health Information Management Center to cover
hospitalʼ service zone covers 9% of the area of different subsystems in four dimensions: Preven-
Taiwan with only about 0.7% of the population; the tion Stages, Healthcare Continuum, Holistic Care
region has a high altitude and an aged society. This and Assisted Living. We have different settings
is a relatively closed community. I just moved and different personnel. Different personnel pro-
37
(Slide 27)
mation technology, we can develop health clouds
integrated with community medical groups and
integrated delivery systems, which will be the be-
ginning of a capitation system in the future.
Conclusion
What is a capitation system? We now have a
new law called the National Health Insurance
Law. Article 44 of this law states: “To promote
preventive medicine, implement the referral sys-
tem, and to improve the quality of medicine and
treatment, the Insurer should draft the family
vide different services, and so they need to use phy-sicians system. The benefits of the family
this kind of system. physi-cians system should be paid out on a per
As a hospital, we have an advantage because person basis”.
we are the only regional hospital and the biggest This is the “family-doctor-system-per-capita”.
hos-pital in the area, and we provide a very wide The capitation payment system is included in the
range of services, including mobile clinics and law. In future, we hope to provide comprehensive,
long-term care. We can incorporate all the continuous, and holistic healthcare through prima-
services you can imagine. ry care family doctors in communities.
Regarding the future prospects for PHRs, PHRs That concludes my talk. Thank you very much
have empowered the engagement of patients and for your attention.
members of the general public in their own health
promotion and management. With the advance of
wireless networks, wearable biosensors, and infor-
38
◉ Lecture 4 ◉ Health Data: Its protection and better use for the public and patients
◉ Lecture 4 ◉
Health Data:
Its Protection and Better Use for the
Public and Patients
Norio Higuchi
Professor of Law, Musashino University Faculty of Law
I would like to begin by mentioning the two learn that the law, not the delay in technology de-
things I felt when listening to the experts who velopment, was perhaps involved in the delay of
have given lectures here so far. HIT development in Japan.
As Professor Yamamoto said, ICT development I felt that HIT, the law, and the public awareness
in the healthcare sector in Japan was relatively ad- are all important, and all three need to be promot-ed
vanced until the year 2000—perhaps it was more to build a health information system.
advanced than in other countries. After 2000,
however, the tides changed and so did the situa- From my Experience: Health Informa-tion
tion. In fact, the lectures by Dr. Wah of the United Technology (HIT) is the Key
States, Dr. Kim of Korea, and Dr. Chen of Taiwan I would like to mention a few things I have ex-
have substantiated this, and it made me feel that perienced. This is an anecdote—I have a friend
Japan has to make a stand now. Particularly in Tai- named Murray Katcher, who is a very interesting
wan, where not only is there a universal health in- man. He is a pediatrician, and although I believe
surance system similar to that in Japan but also a he is already retired, he was a professor at the
community-based care system has already been Uni-versity of Wisconsin. When his friend
established, Dr. Kim reported that the information became the Governor of Wisconsin, Dr. Katcher
exchange for this community care is in progress served as his Chief Medical Officer for some
and a form of care called “assisted living” in years as the sec-ond highest position in governing
healthcare is being built. Obviously, a system for state health and welfare, a position similar to the
sharing information is necessary for long-term care, vice minister of the Ministry of Health, Labour
and a more personalized care and help for each and Welfare of Ja-pan (MHLW).
individual is being built. I feel that there is so much I visited Wisconsin for several research projects,
more that Japan can learn from Taiwan as we work and I had an opportunity to ask him various ques-
on promoting our Community-based tions directly. It just so happens that shortly after
Comprehensive Care System. 2000, when I was involved in a medical accident
Another thing that left a strong impression on investigation system, I asked him this ques-tion—
me was the cause of the delay in health informa- “What is the most important thing, and what is the
tion technology (HIT) in Japan. I taught law for key strategy for the state government, to re-duce the
about 40 years at law schools, and Japan was an number of medical accidents?” His an-swer was
advanced nation in the HIT field until around “HIT.” This surprised me because I did not
2000 or so, but has considerably lagged behind in anticipate such an answer. He explained that all
the last decade or two. I was very disappointed to data from accidents must be collected and ana-
39
(Slide 1) (Slide 2)
40
◉ Lecture 4 ◉ Health Data: Its protection and better use for the public and patients
(Slide 4)
pan in 2001, which Professor Yamamoto intro-
duced in his keynote lecture, so the ideas are uni-
versal in that sense. In this Grand Design, quality EHR risks
improvement in healthcare and cost saving are at 1) Resistance to the use of technology
the top of the list. IT naturally comes into play 2) data breach and unauthorized
when talking about cost and quality. Improved use with invasion of privacy
ef-ficiency and reliable medical records—I 3) data breach and error resulting
believe these two are essential. You canʼt in threats to the health of patients
remember all the vaccinations you had, right? It
would be a great help if there is a good record of
such information somewhere.
4
So, information sharing and communication are
important, and health data are very important for that can have negative consequences.
epidemiologic and clinical research; therefore, So, is it better to not do anything for HIT? This
health data should be used—and should be avail- is not a matter that should be simply decided by
able—to improve to healthcare management, majority vote, but many people, including
quality improvement, and public health. The use of myself, believe that there are benefits to IT
health data is not just for the public good; it is also development and that things will move in that
for the benefit of individuals. With HIT, my direction anyway. In short, there are many
medical history, including what kind of treatment I benefits to HIT develop-ment, and they are
have undergone, what prescriptions I am taking, diverse. It can contribute to so-cial development,
and what allergies I have, will be all available if I and sooner or later each of us will benefit as well.
fall unconscious or must be carried to a hospital in However, there are two con-cerns that need to be
an ambulance. alleviated: the invasion of privacy due to data
However, there is also a risk in using HIT breaches, and the threat to healthcare quality for
(Slide 4). Listed at the top of the list was that people individuals due to these data breaches.
might resist this sort of technology. The first wave
of resistance might come from healthcare institu- Revision of the Japanese Personal In-
tions, which will be asked to bear the costs. It is formation Protection Act
understandable considering the initial cost in- The revised Personal Information Protection
curred, and I believe some form of aid would be Act of Japan will take effect on May 30 of this
necessary—however, what is really behind their year. So, why was it revised? The Act was first
mind is the fear against advancing HIT. I would legislated in 2004 and was then revised only a de-
imagine that they have their reasons, but there is a cade or so later, so what happened during these
clear sense of fear in general against advancing years is key. Normally, a law is not revised in
technology. such a short period.
Letʼs talk more concretely here. Is it really pos- Reportedly, the way that the Act addressed cer-
sible that someoneʼs private information, such as tain issues was insufficient—but I do not believe
their history of medical or psychiatric care or sex- that it was necessarily the case. Nevertheless, the
ually transmitted disease, will be exposed to the focus of the revision emphasized enhanced priva-cy
public? There may be cases in which the data are protection. The beginning of the Act addresses
recorded incorrectly. Letʼs say, I have an allergy but effective use of personal information and the pro-
the data were entered wrongly or tampered, and I tection of personal information when considering its
was then given a prescription or underwent surgery. use. So, it first lists both the use of the data and
Such error in recorded data is a problem their protection. It would have been better to re-ti-
41
(Slide 5)
tle the Act as the Personal Information Protection
and Positive Use Act, but the original title said
per-sonal information protection only, so New PIPA in fact
1) Scope of data protection enlarged
everyone thinks that it addresses nothing but
Entities with less than 5000 data are now covered.
protection— this is very unfortunate. 2) Establishment of the central agency of data protection
3) Data subjects' right to demand disclosure and to consent made
Now, there were two factors behind the revision, clear with direct enforcement.
4) Individually Distinct Code is per se personal information which
and one of them began in the EU. There are sever- could include genetic information.
5) Sensitive personal information includes health history data.
al Japanese laws whose creation was externally 6) Anonymization narrowly defined, making the creation of big
data difficult
pressured, but candidly speaking, this pressure is
These amendments are influencing badly against the more and
normally from the US. I will skip the details for better uses of health information.
42
◉ Lecture 4 ◉ Health Data: Its protection and better use for the public and patients
(Slide 6)
plained enough. Anyhow, the EU said that the
rights of the patients and the individuals should
be clearly stated, and so they are now. Bad influences against health IT
The fourth change was to introduce the idea of a Many examples of fear and anxiety, among others:
personal identification code to Japan, which in it- 1) Genomics academics are feeling that their research is
self expanded the concept of personal information. almost impossible, since genomic information may be
classified as Personally Distinct Code.
Anything that has to do with this personal identifi- 2) Since health history is now classified as sensitive
information, The new PIPA becomes a tremendous
cation code is now subject to the regulations of the barrier against collection of health data.
Act. This raised a major question as to what con- 3) The PIPA covering national hospital and universities
has made a restraint for health research, a bit narrower
stitutes personally identifiable information in the that private universities.
context of genetic data. The currently available
6
answer is that “not all genetic data are considered
personal information,” which is quite ambiguous. is not considered anonymization because the data
So ambiguous that any research involving “per- can be reverted back to its original form. Maybe
sonal” genetic data will need to have consent from the Ministry of Internal Affairs and Communica-
the subjects in advance, which will make things tions was behind this—I really do not know.
extremely difficult for researchers. Anonymized or
not, a study that includes genetic information may How and Why did This Happen?
be difficult if the data in question are consid-ered So, in short, this revised Act will do nothing but
personal. clearly prevent the positive use of “big data” over-
The fifth change was the introduction of the idea all. What happened to the basic policy of revising
of “sensitive information.” In the old Act, there was the law for positive data use? How did this hap-
only one kind of personal information. In the pen? I am only an outsider, so I really do not know.
revised Act, however, a new category of “sensitive The Japanese government is not monolithic; each
information” was created for particularly import-ant department is thinking differently. So, I speculate
personal information. Medical history was added to that a hard-working ministry in charge of protect-
this category at the last minute when fin-ishing the ing personal information thought nothing but of
bill for the revised Act. A medical histo-ry is a meeting the EU standards to serve its own inter-
history of medical and health records. Thus, all ests. They were not interested in the other key pur-
health information can be considered part of pose of revising the Act, which was to help use “big
medical history, and therefore sensitive informa- data” better.
tion. Health data are now so heavily protected that In some cases, the grounds for protection are
the “positive use” part has been neglected in some uncertain, and information is protected simply
ways. This is really difficult to understand. just because protection must be in place. In the
The sixth change was about making anonymized case of healthcare, privacy is surely protected,
“big data” available for use; however, the require- but people might die as a result. This is like
ments for the anonymization are so strict that any putting the cart before the horse—it is foolish.
data that can be reverted back to identifiable infor-
mation under certain conditions are not considered Revised Personal Information Protec-tion
as anonymized. The use of health data requires that Act: Negative effects
the data be traceable. Thus, health data have to Now that the revised Personal Information Pro-
undergo a process called “linkable anonymiza-tion,” tection Act is in effect, some negative influences
which is somewhat old-fashioned, before being are expected to take place (Slide 6). First, genetics
used. However, the revised Act utilizes so narrow researchers will no longer be able to use any ge-
interpretation that linkable anonymization netic data because they are considered to be per-
43
sonal identification codes. I am already hearing scopes, and privacy protection has always been
such a pressing claim from some academic ex- strictly regulated in every sphere, private and pub-
perts. At this rate, I also fear that genomic lic. These guidelines remain, but now the Personal
research will no longer be possible in Japan. Information Protection Act could come into play as
Second, now that medical history is considered a factor impeding research more directly. Health
sensitive information, it will be extremely researchers and many others are concerned for the
difficult to obtain health data, which could be a future development of healthcare.
serious threat to research projects such as new So, the Japanese legal system for personal infor-
drug devel-opment. mation protection is flooded by nearly 1,000 laws
Japan is a crowning example of the Galapagos and ordinances, which is a very strange phenome-
phenomenon when it comes to privacy protection. non—but it would not really matter if their content
In addition to the Personal Information Protection is all the same. Typically, laws are copied, any-
Act, different municipalities are legislating similar way—but, these laws ordinances are not all cop-ies.
laws and ordinances. As a result, there are now I asked someone to check if academic study is
close to 1,000 personal information protection laws exempted from the personal information protec-tion
and ordinances in Japan. Personally, I have never ordinances, and it turns out that about 30% of
heard of anything like this in other coun-tries, but prefectural ordinances and over 60% of municipal
maybe there are instances somewhere in the world. ordinances do not have such clearly stated exemp-
Nevertheless, this situation is clearly rare, and I do tion clauses. A city hospital, city college, or pre-
not know how we have arrived at this strange fectural university in these areas will be subject to
situation. the city and prefectural ordinances, and therefore,
So, what is the result? Now, there are three na- their academic study will be legally impeded as
tional laws for privacy protection in Japan—one well.
targeting the government administrative agencies
that govern national hospitals; one targeting inde- Enactment of the Health Infrastruc-ture for
pendent administrative corporations, which were Next Generation Act
formerly the national university hospitals; and one Now that this sort of legal system has been es-
targeting private institutions, clinics and hospitals. tablished, a different department in the govern-ment
There are some notable differences even among came up with a plan for a breakthrough to solve this
these three acts. Academic study is excluded from situation. Only a law, not guidelines, can act against
the scope of the law per se in the private area, another law, after all. A breakthrough law—
which means that academic use of personal infor- commonly called the Health Infrastructure for Next
mation is allowed in principle. In the area of na- Generation Act, which I have personally named the
tional university hospitals, in contrast, the Act says “landmark act”—was passed by the National Diet
academic use of personal information is permitted on April 28. Unfortunately, hardly any media
but except when these studies involve certain risks. organizations, except the Mainichi, re-ported on it.
So, this exception clause has become a source of Still, this act clearly states that health data can be
concern. The law even states that no ac-ademic legally used for research and develop-ment
study that may damage the interests of in-dividuals involving healthcare, despite the Personal
is allowed. It is not understandable that academic Information Protection Act (Slide 7).
researchers in private university hospi-tals and So, what does this mean for the future? The most
those in national university hospitals are subject to basic framework is very simple. Patient data from
different laws and treatments. each hospital will be collected to create “big data.”
In reality, ethical guidelines for medical re- Now, what is important here is not what happens to
search never exclude academic research in their a patient named Higuchi, but what hap-
44
◉ Lecture 4 ◉ Health Data: Its protection and better use for the public and patients
(Slide 7) (Slide 8)
7 8
(Slide 9)
Protection Act is not their concern. Of course, a
decent procedure is a must. Solid security mea-
What we should do from now on sures must also be in place because it is only natu-
3) The sharing of health information for the ral to care for security and privacy. However, it
purpose of health research and public health
should be generously possible.
should be made clear that, unlike the Personal In-
4) Finally, Make guidelines on medical ethics formation Protection Act, the Health Infrastruc-ture
for health research sponsored by Japan Medical for Next Generation Act will not make the use of
Association(JMA) to show that health
professionals are capable of professional health data for health research difficult. This point
autonomy. Also the training program should be has not been made clear in the current Health
established under these guidelines by JMA
which should be a model for other countries. Infrastructure for Next Generation Act.
Second, it is only reasonable to share informa-
9
tion for the benefit of patients. Privacy protection
pens to patients who have the same disease that I should not be without due cause, so it should be
do. So, the data will be anonymized but tracked, clearly stated that the use of health data for health
which means that the data will reveal information research is not subject to the Personal
such as how many years I have lived and which Information Protection Act.
drugs worked very well. To enable such tracking, Third, health data is not only meant to serve in-
several Authorized De-identifying Organizations dividuals; they are public information and are
will be created, and the data they anonymize will therefore meant to serve the good of the public
be made available to various projects. This way, (Slide 9). For example, I have been suffering from a
security is ensured and due consideration is paid disease for about 40 years now, but my physician is
for the use of the data under the new law. determining what treatment is appropriate for me
based on the data of other people with the same
What Should be Done Further ? disease, as well as his own knowledge and experi-
Now, can this Health Infrastructure for Next ence. If I am allowed to claim and declare that my
Generation Act solve everything? Someone told health information not to be used for others, it
me differently, and I will list four concerns (Slide would be nonsense in the first place. Thatʼs being a
8). free rider.
The Personal Information Protection Act tends Of course, privacy and security are important and
to apply more strictly to independent administra- essential as premises, but permitting a person not to
tive organizations that were once national univer- use his/her data for public health just be-cause the
sities or national university hospitals, so they data belongs to that person is a misplace-ment of
should be assured that the Personal Information the information control right. It is not the
45
exercise of a right; rather, it is purely the abuse government; however, I believe that the Japan
of that right. Permitting such a right is ludicrous Medical Association (JMA) should be taking an
in the first place, and it should be made clear that initiative in setting up guidelines.
the sharing of health data for health research or Training on health data issues should also be
public health is allowed. in-cluded in the core curriculum of the JMA
Finally, there will be many risks and ethical is- Continu-ing Medical Education Program. Many
sues involved in the use of health data. Further- people will still be lost even when guidelines are
more, new questions and problems will emerge one available somewhere, and they need to undergo a
after another as technology advances. It is not certain training program as a prerequisite.
possible to always cope with them through law, as Todayʼs confer-ence is hosted by the JMA, so I
it takes time to create a law. This Health Infra- would like to take this opportunity, and be candid
structure for Next Generation Act was indeed an in saying that it will be essential to the true
exception. I believe it was a case that the health- practice of professional autonomy. Maybe no
care community was alarmed by the Personal In- other national medical asso-ciation has reached
formation Protection Act so much that the govern- out that far, but today, I would like to propose
ment moved quickly. The health data issue, that Japan could become a model case.
including the risk management and ethical chal- Thank you for your attention.
lenges involved, will require further efforts by the
46
◉ Comment ◉ Health Database: Are we ready to step forward?
◉ Comment ◉
Health Database:
Are we ready to step forward?
Dong-Chun Shin
Professor, Yonsei University College of Medicine
I have been engaged in WMA activities for not live without much knowledge of economy.
over 10 years. We always thank JMA and Dr. That is still effective. But in the 21st century,
Yokoku-ra for his continuous leadership and some people say we are living in risk society, so
contribution to the WMA and congratulate again we have to be prepared to be risk literate. The
Dr. Yokokura to be President-Elect of WMA. society can be divided by risk literate society and
We expect more leadership from Japan and Asian risk illit-erate society. We have to educate and
region in the global arena in various kinds of train what the risk is and what risk means. We
health issues in-cluding health database. also have to communicate among stakeholders
My title is “Are we ready to step forward?” I such as the gen-eral public, patients, healthcare
think we are ready to go. Before going on my providers, legisla-tors and policymakers, to talk
talk, I will try to briefly summarize the previous about what is the virtually zero risk.
four prominent speakersʼ talk. If we have well-designed policies and regula-
Firstly, Professor Yamamoto and Professor Hi- tions to make this kind of database utilization
guchi mentioned that Japan has two acts, which can pos-sible, we are in the track with very little
be contradictory; One act will promote and the virtual risk. However, those kinds of guidelines
other act will discourage. But I think these two and legis-lation are not enough to make virtually
tracks should and can be complementary, not con- risk zero status. We need to continually talk
tradictory. We can start to step forward on the ba- about the cases in some country and bridge it to
sis of security measures, some kind of legislation other regions with efficient communication. We
and protection law. Japan is ready by the amend- continually share our experiences to protect the
ment of PIPA, and I hope you can minimize the risk infringement of pa-tientsʼ safety.
of health database utilization down to the vir-tually Japan has a good cohort for Japan sentinel
zero level of risk by that legislation. proj-ect, which is an information project and also
We are talking about virtually zero risk in risk the Tohoku community, a very desirable third
science and risk analysis domain, in academic do- genera-tion cohort. That kind of cohort is
main. I have been engaged in that area for my life- expected to pro-duce unbiased finding of disease
time. So we should talk about what should be the etiology rather than hospital data.
virtually zero. In modern society, we cannot live Dr. Robert Wah also mentioned that research on
without any risk, from disaster, from technology database health information has started from elec-
development, from environment or from IT. We tronic medical record (EMR) and then is moving to
should be prepared to live in this risk society. the community cohort study, two kinds of mil-lion
People say that before the 21st century we could people cohorts. He also told us lots of import-
47
ant information to take care of patients and take information can be hacked or leaked in some way.
care of prevention especially. Dr. Wah also men- I think it is a big issue in his work.
tioned promises and pitfalls, and WMA declara- Dr. Chen introduced us to Taiwanʼs system from
tions in the aspect of security issues. He showed us past to present and to some future prospects, and
a way in the future in the aspect of data security and showed us how much we can save on paper and so
better use of data for better healthcare. We were on, by applying this kind of information system. It
entertained by several very nice Qs & As af-ter his makes me happy because I am a supporter of mak-
presentation. Some participant here asked if that ing hospitals green. Energy saving and material
kind of system is feasible in the future or not. We saving in hospitals are very important because we
have to think about technology across society. We are living with cost-containment in healthcare sec-
have much bigger pictures to deal with these very tor and we have to concern about the cost reduc-
important issues. These kinds of same ques-tions tion in our healthcare industry. So green hospital is
will be applied to any situations in our risky my recent work. Also he mentioned a very nice
society; How can we make people safe, how can we community project in a greater Puli area in the
make people in the state of peace of mind. I can tell middle of Taiwan, in which almost 90 percent of
in Japanese language that “anshin” equals “anzen” patients are covered, so it is a perfect cohort from
plus “shinrai”. So “anzen” is technology. We try to which we can expect many good results. In the fu-
make technology perfect to ensure pa-tients safety ture Taiwan will introduce partly the capitation
for their personal information. But that is not system, so it will make a big change for the behav-
enough. If people do not believe tech-nology, if iors both of patients and of healthcare providers and
people do not believe policymakers, government or I hope this change will ultimately enhance the value
experts, it does not work. So trust is another hand of patient care and the health of the people.
or another leg to go. We have two legs. One is Professor Higuchi gave a very nice, comprehen-
anzen or security, and the other one is shinrai. It sive talk, and introduced some basic concepts and
can make peace of mind, anshin, togeth-er. This principles, and also presented problems in Japan.
equation is very common in the risk anal-ysis He mentioned about a medical doctor in Wiscon-
society and the answer from Robert Wah is sin. Dr. Murray Katcher tells us that the key to im-
something similar to this concept. So I agree with proving patientsʼ safety and prevention of medical
his opinion. We need to make a consensus among accidents is health information technology. I agree
stakeholders. Continual communication and risk with that. As an individual medical doctor, we ac-
communication are required. cumulate patient care experiences in our lifelong
Dr. Ju Han Kim gave us quite an interesting pre- career. There is an individual doctorʼs embedded
sentation using his own genome data. Some medi- information, and all this kind of information is
cal doctors in history tried some vaccines to him- shared by health information technology, and
self and looked what was going on, and showed us enormous number of medical doctorsʼ lifetime in-
clear logic why this kind of work is critical to take formation is embedded in one small IT. It is great.
care of patient, individual patient and save the so- As you know we are already in the era of fourth
cial cost from drug misuse. Drug misuse could be industrial revolution. Artificial Intelligence sys-tem
assessed more precisely and reduced with genom-ic or AI can take part in our medical work in the near
data or health database. The pharmacovigilance future. In that case, this kind of accumulated
project is also impressive, and I want his project to information in some system makes us happy, or no?
keep growing and expect many avatars in Korea. It will depend on our decision and our way of
But still, security issues are left, because of cellu- thinking and working.
lar phones. A one-to-one, patient-doctor relation- According to Prof. Higuchi, access, quality and
ship does not make a big problem. But the mobile cost are the key aims of health law in the U.S., and
48
◉ Comment ◉ Health Database: Are we ready to step forward?
(Slide 1) (Slide 2)
to accomplish these three ends, health IT is the im- tors are well educated, well trained to take care of
portant key. He also introduced some points writ- patients and people, to make people healthy. Their
ten in the book titled “Health Care IT” and in ad- ethical standard can be going up even higher to lead
dition to all the benefits we already talked about, the society, to make all these things possible, to
there are job creation, transparency and healthcare make medical information usable and applica-ble,
reform as EHR benefits, through reengineering of and to make efficient communication to peo-ple in
precisions in healthcare sector. We need IT appli- the other sectors, patients and the general public.
cation in healthcare sector and we do need to min- That is my summary.
imize the risk of this new way of work down to I already spent, almost used up my time, but these
virtual zero. In order to be in that state, in that step, are my slides I prepared in advance. WMA Decla-
we have to discuss more among medical people, ration of Taipei is already mentioned (Slide 1). We
legislative people, general public and patients. have CMAAO, Confederation of Medical Associa-
Prof. Higuchi also mentioned that PIPA in Ja- tions in Asia and Oceania, and adopted a very nice
pan amendment will be effective this month to resolution in 2014 (Slide 2). I am Council Chair of
strengthen the protection of information. But as I CMAAO group and JMA serves as the Secretariat and
told you, I think this is a basic step to go forward holds Secretary General for a long time. In this
although he talked us many negative effects. It is resolution, we have three recommendations; “Each
a legislation, much stronger than guidelines or NMA (National Medical Association) shall urge each
framework, but these legislation can be compli- government to prepare the necessary legal sys-tems
mented by other legislation like the next genera- and procedures”. “Each NMA shall exert ef-forts in the
tion information legislation. This level of strict development and distribution of educa-tion and
guideline might be achieved by new technology. training programs”. It is very important. Also, “Each
If new technology is growing, we can make NMA shall exert efforts to support re-search activities
every-thing individual, every record permanent on ethical approaches”. - again it is very important to
and ev-ery information easy, and then we can raise young medical doctors in this way- and “to
make, and almost fulfil that kind of strict monitor whether such ethical principles are being well
legislation in our future society. followed”.
Let me stress once more the consensus among In Korea, it is very similar to Japan, but in Ko-rea
stakeholders. Who will drive or initiate this whole the benefit is that data is stored in one system. It is
work? In Prof. Higuchiʼs last slide, JMA, medical very powerful. But we cannot use that without any
association, medical people, have to be prepared permission from the government (Slide 3).
with very high standard of ethics. Ethical standard Government sometimes permits us to use it in the
is needed to initiate this work. I think medical doc- case of social benefit or patient benefit. But it is
49
(Slide 3) (Slide 4)
Personal Information Protection Act, 2011 Personal Information Protection Act, 2011
in Korea
• Data exportation was strictly limited in order to prevent
• Article 1 (Purpose) leakage of personal information
– The purpose of this Act is to prescribe matters • Data coding: resident ID numberrandomizedsecret
concerning the management of personal code
(Slide 5) (Slide 6)
50
This report can be downloaded at www.med.or.jp/english.
Copyright © 2017 Japan Medical Association. All rights reserved.
Japan Medical Association
2-28-16 Honkomagome, Bunkyo-ku, Tokyo 113-8621, JAPAN
Tel +81-3-3942-6489 / Fax +81-3-3946-6295
E-mail: jmaintl@po.med.or.jp
www.med.or.jp/english