Background reader - Key questions & trends on health data and digital health

This document provides a quick overview of key questions around health data use and exchange, as well as digital health. Feel free to add your resources in the comments section below!

The digital revolution and its potential for healthcare

Digital technologies and AI are on the verge of revolutionizing healthcare nationally and globally. New approaches and tools based on processed health data are changing the way people interact with healthcare professionals, institutions and other emerging actors in health. Digital technologies can support governments in achieving universal health coverage (see SDG n°3) and better addressing public health challenges such as spreading infectious diseases. They can also largely benefit research and development in the academic and medical field more generally.

The most important source for the development and functioning of these technologies is health data. Here, especially the personally generated health data each and everyone of us produces for instance via smartphones, wearables, social media or patient portals, is likely to play an essential role. This data has the potential to allow for a more precise monitoring of our health, a real-time exchange with health care professionals as well as new and improved treatment methods. Furthermore, it could lead to a shift from treatment to prevention of diseases.

However, the potential of these digital and AI-driven solutions for public health is not fully leveraged as common rules around the exchange, use and processing of health data are insufficient in most countries, let alone on a global scale. (As an example on health apps, read Ferretti et al. 2019) This is once again visible in the discussions surrounding the ongoing pandemic in the case of contact tracing.

We recognize four areas of use where personally generated health data are of the highest interest:

  1. Public health policy: Focusing on the role this data will play for the government's public health objectives.
  2. Healthcare services: Emphasising the function this data plays regarding your personal health condition.
  3. Commercial use: Discussing the role this data plays for private business use.
  4. Research: Exploring the potential of this data for medical research.

This background reader should provide the necessary information to understand the current situation, the debate and ongoing challenges, which can help in discussing the above-described topics in more detail. It is structured into three questions:

  1. Health data: What are we talking about?
  2. What does the law say?
  3. What are the challenges, opportunities and fears related to health data and digital health technologies?

1. Health data: What are we talking about?

Health data can be defined in different ways. Many traditional definitions tend to focus on the direct link to a patient’s health. This could for example be blood value, patient records and prescriptions for medication. For instance, in the WHO’s Draft Global Strategy on Digital Health

«Health data: The record in electronic or other formats describing or illustrating the physical or mental health, reproductive outcome, quality of life, provision of health services, causes of death of an individual or population.» 

However, this leads to a serious problem. Many indirect data types with no direct health information are left out of the definition. Thanks to big data and artificial intelligence such data can be combined to create valuable health data. For instance, movement patterns of individuals can be linked to air pollution to create a risk assessment for lung diseases. Schneble et al. call this inferred data. (Read more on this topic: Schneble et al. 2020)

We therefore follow the broader definition of the OECD, that:

"“Personal health data” means any information relating to an identified or identifiable individual that concerns their health, and includes any other associated personal data."

OECD, Recommendation of the Council on Health Data Governance, OECD/LEGAL/0433

In this Policy Kitchen challenge, we are interested in personally-generated health data. This is data created, recorded, gathered or inferred with direct or indirect relations to health produced by individuals, notably via remote sensors, social media, mobile health apps and patient portals. (Based on the definition for patient-generated health data by Peterson & DeMuro 2015).

The generation of these new data types in health is notably facilitated by emerging actors in the health data ecosystem such as service providers of apps or producers of wearables. With these tools, we start to generate data in most areas of our daily life, whilst we for instance communicate our location and mood over social media. Regulators have difficulties to follow the developments and protect consumers from potential data abuse and discrimination. (Read more on this topic: Vayena et al. 2018)

2. What does the law say? 

Example of regional legislation: 

The EU for instance introduced a more open definition of health data in comparison to the WHO. The General Data Protection Regulation (GDPR) distinguishes three kinds of health data:

  • Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status. Art. 4(15) GDPR
  • Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question. Art. 4(13) GDPR
  • Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data. Art. 4(14) GDPR

All three fall under the special (i.e. sensitive) categories of personal data which enjoy a high protection. Their processing is generally prohibited, unless the so-called data subject has given explicit consent or there is a specific exception. Art. 9 GDPR.

Legal status quo in Switzerland:

Switzerland’s data protection law is fragmented, with an overarching federal legislation, cantonal legislations and some specific laws. The Federal Act on Data Protection applies to federal institutions (including the ETHZ and the EPFL) as well as private actors. Since 2017, its overhaul is under debate within the Swiss Parliament. In the current version of the law from 1992, “data on health” (without being defined more precisely) are classified as sensitive personal data. A consent is needed by the data subject for its processing. As a result, the current legislation is either not or just partially covering the various types of health data described above. Franziska Sprecher argues that the revision should improve transparency and control of data subjects. It should also align the law more closely to the GDPR without aiming at harmonisation (Sprecher 2019). The cantonal legislations apply to municipal and cantonal institutions (including hospitals and universities) as well as private actors working for cantonal institutions. Furthermore, there are many specific legislations such as the Federal Act on Research involving Human Beings, Federal Act on Human Genetic Testing or the Federal Act on the Electronic Patient Record, which have their own standards and schedule for revision but are according to Sprecher often incomplete and outdated (Sprecher 2019). Also, if there is the collection or exchange with data in a cross-border context, other legislation might apply. This is especially relevant for actors and institutions working with EU citizens and the GDPR (Read more on this, only available in German: here).

3. What are the challenges, opportunities and fears related to health data and digital health technologies?


Some experts focus on the efficiency-gains that can be made by digitising existing monitoring, care-taking and treatment methods. Telemedicine and the so-called mobile health (use of mobile wireless technologies for health) could improve the connectivity between health professionals and patients. An improved and faster flow of data would in return improve treatments. Simultaneously, the higher amount of data could improve research and quality of medication as well as strengthen public health. Others emphasize the possibility of an entirely new way of organising and experiencing health care. Participatory health is seen as an ideal where individuals have a high capacity to self-manage their health and are much more included into the clinical decision-making process. (Read more on this topic: Coughlin et al. 2018)


Yet, most of these promises haven’t fully materialized yet and the reality is probably going to be somewhere in between the utopian and dystopian visions. Currently, AI still plays a subordinate role in healthcare. Whilst the potential is huge, many challenges and open questions have to be resolved, ranging from data privacy and security as well as lacking interoperability between different systems to more broadly rethinking the healthcare system in its current form. (Read more on this topic: Denecke et al. 2019)

However, there are also severe risks related to data storage and processing both at an individual and community level. On an individual level, questions revolve around data ownership, control over data but also around what happens in cases of data breaches and who protects individuals against discrimination, either because they do not want or cannot use digital technologies or because leaked data is abused by third parties. On a community level, risks are different and revolve around the aggregation of data. The aggregated data is used in algorithms which can impact our daily lives regardless of their accuracy and the consent of all people affected. The legal structure is still not able to give complete answers to all these challenges. (Read more on this topic: Tisné 2020)


Coughlin et al.: Looking to tomorrow’s healthcare today: a participatory health perspective, Internal Medicine Journal 2018, vol 48, p. 92–96.

Denecke et al.: Artificial Intelligence for Participatory Health: Applications, Impact, and Future Implications, Yearbook of Medical Informatics 2019, p. 165–173.

Ferretti et al.: From principles to practice: benchmarking government guidance on health apps, The Lancet Digital Health 2019, Vol. 1., Issue 2, p. 55–57.

Franziska Sprecher: Datenschutz im Gesundheitsbereich, Aktuelle Entwicklungen, in: Kieser et al.: Datenschutztagung 2018, ein Blick auf aktuelle Rechtsentwicklung, Zürich 2019.

OECD: Recommendation of the Council on Health Data Governance, OECD/LEGAL/0433.

Peterson & DeMuro: Legal and Regulatory Considerations Associated with Use of Patient-Generated Health Data from Social Media and Mobile Health (mHealth) Devices, Appl Clin Inf 2015, 6: 16–26.

Schneble et al.: All Our Data Will Be Health Data One Day: The Need for Universal Data Protection and Comprehensive Consent, Journal of Medical Internet Research 2020, vol. 22. iss. 5.

The Federal Act on Data Protection.

Federal Act on Research involving Human Beings.

Federal Act on Human Genetic Testing.

Federal Act on the Electronic Patient Record.

Tisné: The Data Delusion, Protecting individual data is not enough when the harm is collective, 2020.

Universität Bern. Fact Sheet Datenschutz – wichtigste Definitionen & Beispiele.

Vayena et al.: Policy implications of big data in the health sector, Bulletin of the World Health Organization 2018, vol 96, p. 66-68.

World Health Organization: Draft global strategy on digital health 2020-2024, Draft 5th July 2020.

World Health Organization: The health data ecosystem and big data.