Access to data is of fundamental importance to the success of any data-driven initiative. Traditionally, the care of a patient has primarily been dependent solely on the data available at the care provider. However, it is evident that in today’s hyper-connected world, the data that could positively impact a patients’ health could typically reside across multiple entities and even in multiple countries. Experience gained from the BigMedilytics project has shown that while individual research pilots may be able to get access to data after very lengthy procedures, in the real-world, such strategies would not scale. In fact, even the innovation carried out in research pilots would proceed much further if the data access mechanisms were more streamlined. For example, in BigMedilytics, there was an instance where a hospital simply could not arrange to have data shared outside its physical boundaries due to privacy/security issues. This prevented it from collaborating with another research institute and resulted in long drawn negotiations. Finally, to resolve this issue, the hospital provided temporary “visiting researcher” contracts to researchers from the research institute so that they could process the data on the hospital’s premises based on its own terms and conditions. 

Such a construct would obviously be impossible to scale up in the real world and is a clear example of how siloed the world of healthcare is. In fact, the different silos in the healthcare sector are the greatest hurdles which prevent the wide-scale adoption of Big Data driven solutions. These silos can exist at different levels: within a hospital, across care providers and other entities (profit/non-profit organizations) or across countries. Silos within a hospital can be overcome through the adoption of open platforms that allow data from different systems to be integrated. However, for silos beyond the hospital, the technical challenges are less of an issue and instead regulations play a greater role. BigMedilytics demonstrated how sensitive healthcare data can be securely shared and processed across multiple organizations using technologies such as multi-party computation (MPC) in certain specific cases. However, MPC is not a panacea for all cases of data sharing. Instead, there is a more urgent need to streamline regulations to improve the competitiveness and innovation potential of the EU at a global level. The following are some points that could help:

• Clearer and updated guidelines (from the European Data Protection Board) on the concept of personal data and non-personal data; the EU Member States do not hold a unique and aligned position on the legal concept of personal data (and non-personal data). This limits the capability to re-use health data.
  
• Clearer and updated guidelines (from the European Data Protection Board) on anonymization techniques. In addition, a code of conduct on anonymization (or anonymization of personal data concerning health) is also needed.
  
• Reduce fragmentation of local conditions on data processing for scientific research purposes, given that Member states have leveraged art. 9 (4) GDPR to introduce further limitations to the processing of health data for scientific research purposes, such as the concept of ‘public interest of the research’, the ‘impossibility or  disproportionate effort to obtain consent’ or the concept of ‘research institute or body’. This fragmentation limits the capability to process health data in the context of research. In this respect, a code of conduct, followed by a harmonisation of the local GDPR implementation acts would be very helpful.
  
• Reduce fragmentation of local data protection/healthcare rules applicable to health data, in particular in the field of cross-border transfers of health data within the EU.