- By Miriam Friedmann
Checking the Health Data Use Act: How Germany wants to modernize health research
The German healthcare system is on the verge of significant change. The planned Health Data Use Act (GDNG) is set to revolutionize access to and linkage of health data for research. What this means for doctors, researchers and patients - and how Health Minister Lauterbach intends to ensure data protection: an overview of the most important questions and answers.
What is the health data use act (GDNG)?
The Health Data Usage Act - GDNG for short - is intended to modernize and strengthen Germany as a research location. The focus is on the question of how and to what extent researchers may access patients' health data.
German Federal Health Minister Karl Lauterbach wants to implement it to make Germany more attractive again for researching companies and scientists. The new law is scheduled to come into force on January 1, 2024.
Why does German Health Minister Lauterbach want to reform the handling of health data?
Germany has fallen behind in international comparison as a research location in the medical sector, according to the Ministry of Health.
Inconsistent regulations, a lack of laws and bureaucratic hurdles make it difficult for companies to conduct research. In January 2023, for example, the announcement by the German pharmaceutical company Biontech that it was leaving Germany for the UK with its cancer research caused a sensation.
Now the GDNG is intended to modernize Germany's handling of digital health data, make the Federal Republic internationally competitive and thus ensure that medical innovations can also be developed in Germany.
What is health data?
What data counts as health data is regulated by the General Data Protection Regulation (GDPR). Article 4, paragraph 15 states that "health data (are) personal data relating to the physical or mental health of a natural person, including the provision of health services, revealing information about his or her state of health."
Simply put: Health data is all information stored by doctors' offices and hospitals about patients' illnesses, medications, examinations, operations and treatments.
Why are researchers allowed to use health data?
In short, because, according to various experts, the interest of society and the interest of the individual must be weighed against each other and balanced.
"We have an ethical disbalance in Germany. We prioritize the protection of privacy and informational autonomy very much, and we forget about beneficance and the benefits to patients, to society and the important social goods we could generate ," Alena Buyx, Chair of the German Ethics Council , for example, commented during a panel on data use and AI at the Data for Health Conference 2023.
By way of background, the GDPR already allows data to be used for medical research under certain conditions. This is because consolidated data provides research with immense insights for improving medical therapies. Ultimately, society as a whole benefits from this.
The GDNG specifies this use and aims to strike a balance between the interests of the individual and those of society. Legally insured persons will still be able to object to the use of their data under the planned Health Data Usage Act. The key difference is that the opt-in becomes an opt-out.
What are the goals of the health data use act?
The law is intended to reorganize four major areas. The Federal Ministry of Health described them in March 2023 as part of its digitization strategy..
We briefly present and classify the individual points here.
Goal 1: Easier access to health data
What the German Department of Health is proposing:
In the original, the website of the Federal Ministry of Health states: "A central data access and coordination point will be established to provide access to research data from various sources (e.g., cancer registries, health insurance data). Linking of different data sources will be enabled via research pseudonyms. Data will remain stored in a decentralized manner."
What the proposal means in concrete terms:
Germany wants to simplify access to national health data for research purposes. In the future, a central office at the Federal Institute for Drugs and Medical Devices (BfArM) will regulate access to all nationally accessible health data. It will also mediate between the data centers and researchers. Until now, researchers have had to apply for data from sources such as the cancer registry or health insurance data individually from the relevant states.
Health data should continue to be stored in a decentralized manner and divided into individual subject areas, such as the cancer registry. In our view, this makes perfect sense, because a central data repository would create various problems, from data security and massive storage capacity to the question of who should finance it and how.
We expect considerable advantages for Germany as a research location from a central coordination office:
- Fewer hurdles in the application process
- Reduction of time-consuming bureaucracy
- Access to networked and thus possibly larger amounts of data for scientists and researchers
- Faster implementation of research projects
- Positioning Germany as a modern research location in international comparison
Goal 2: A central state data protection officer
In the future, there is to be a central state data protection officer for nationwide research projects. Until now, the different states have regulated access to data individually - despite uniform requirements under the GDPR. Due to the partly different requirements of the 16 state data protection officers, nationwide research is anything but trivial.
What the German Department of Health is proposing:
Literally, the German Federal Ministry of Health writes: "The lead data protection supervision for cross-state research projects will be extended to all health data. I.e.: Data protection supervision for cross-state research projects in the healthcare sector will then only be carried out by a state data protection commissioner."
What the proposal means in concrete terms:
Although the GDPR regulates data protection uniformly, the requirements for data processing vary from state to state: Some state hospital laws, for example, limit data processing outside medical facilities. This hinders research, digital health services and innovative technologies. Telepaxx therefore supports the proposal to centralize data protection supervision.
But: In our opinion, the proposal of the Health Data Use Act falls short. Germany needs a regulation for the general handling of medical data - not just for research projects.
Goal 3: Release health data to industry
In the future, not only scientific research institutions but also research-based industry will be able to access health data. Until now, this has been the sole preserve of university research.
What the German Department of Health is proposing:
The German Federal Ministry of Health describes its project as follows: "The Research Data Center Health (FDZ) at the BfArM is being further developed: In the future, the research industry will also be able to submit requests for data access there. The decisive factor for the requests is the purpose of use, not the sender."
What the proposal means in concrete terms:
A central and uniform regulation for the use of health data ensures equal opportunities in the research-based medical sector. Telepaxx expressly supports the plan to make data available to all researchers. Industry must have the same entitlement as university research.
Because physicians have so far linked their decision for an employer to their research ambitions, non-university institutions have been left behind. In practice, this means, for example, that physicians from privately run hospitals have so far had to switch to university hospitals in order to carry out a research project.
With the new regulations, all hospitals would be able to offer their embattled professionals the same research conditions - and would no longer have to fear losing long-serving, scientifically ambitious employees to university institutions.
Goal 4: Access to the health data of statutorily insured persons
In the future, researchers will also be able to access anonymized data from the electronic patient files of patients with statutory health insurance. Patients can, however, object to the release of their data in accordance with the GDPR.
Reading suggestion: What the EHR means for physicians - a classification
What the German Department of Health is proposing:
In the wording, the German Federal Ministry of Health writes on its website: "Data release from the electronic patient record (ePA) will be simplified, can be controlled in a user-friendly way in the ePA app (opt-out). Pseudonymized ePA data will be automatically retrievable for research purposes via the FDZ in the future."
What the proposal means in concrete terms:
Until now, researchers have not been able to access the data of people with statutory health insurance because the EHR was not yet widely available in Germany - and access was not regulated. In a first step, the EHR is now to be made mandatory by the end of 2024.
In a second step, the GDNG regulates access to the data stored there. From 2025, insured persons will then have to actively object to the use of their anonymized data (opt-out). When the EHR was introduced, they initially had to actively agree to it (opt-in).
We expect that this will make considerably larger volumes of data available to research. At the same time, data sovereignty remains with the patients, because they can continue to decide whether they want to release their data.
What does the GNDG mean for AI research?
The GDNG makes health data usable on a much larger scale (see Goal 3) - including for the use of AI software from the cloud.
It also explicitly allows the use of patient data for testing and training artificial intelligence applications in healthcare. Hospitals and radiologists, for example, would thus be able to test the reliability of AI tools more easily because they would have a larger database. We expect this to give a boost to medical AI research and AI applications in Germany.
What do the plans for the GDNG mean?
We believe the GDNG is an overdue response to the handling of digital research data.
If the law is passed as planned, it will significantly strengthen Germany as a research location. Above all, centralized access to decentrally stored data registers should make researchers' everyday lives considerably easier.
Initial Consultation
You have questions about data usage?
Feel free to contact me to learn more about how you can use your medical data in a DSGVO-compliant way for research projects.
Other articles that may interest you.
The GDNG: What the law means for clinics and researchers
Clarity at last on the handling of health data thanks to the Health Data Utilization Act (GDNG). What the law means for clinics and science: we take a look at the key points.
Modern teleradiology: efficient image exchange in the cloud
Cloud technologies are revolutionizing teleradiology. Find out how the German Radiation Protection Act defines teleradiology and how the cloud can be used.
Hospital Futures Act: From application to implementation
The German Hospital Future Act (KHZG) supports hospitals in digitization. Read here, how you can e.g. implement a medical data sharing portal without a lengthy IT project.