ICT4D Conference: Unpacking the Complexities of Integrated Health Data and Data Ownership
May 15, 2018
“We are at an inflection point in digital development!” Lauren Woodman, CEO of NetHope, boomed over the crowd of 750-plus participants the first day of the recent ICT4D Conference in Lusaka, Zambia. It may indeed be a critical time for technology, but the means of reaching our collective goals can create healthy disagreements, ones that should be unpacked in exactly the kind of setting the ICT4D Conference creates.
Panelists, left, Virginia Simushi, Amy Paul, Rosemary Muliokela, and Derek Treatman.
A session called “Integrated Health Data and the Challenges of Data Ownership” during the second day of the conference offered up the perfect opportunity to debate those means of reaching success. I am not just pointing out this session because it was moderated by DAI’s Digital Frontiers’ Project Director Katie Shipley, but rather because it unearthed some of the conflicting viewpoints we should be hashing out. The concept of health data ownership raises questions such as:
If data is collecting by a variety of actors, who legally owns the data?
Who can access the data?
Where is the data stored?
Who is responsible for managing and securing the data?
Who can interpret the data and whose interpretation of the data is correct?
Who can use the data for decision-making?
And, how do we build systems that can communicate and share data with one another?
These are not questions with easy answers. However, they are questions that need to be answered if we want to successfully use data to inform health programming and subsequently health outcomes. A few points of contention that were brought up during this session were:
Many governments are now enacting laws that prohibit the storage of government health data in servers outside the country. Panelist Virginia Simushi, Principal ICT Officer at the Zambia Ministry of Health, argued that although data is being collected by a variety of companies and individuals it should be stored in one central place: the Ministry of Health. As the Ministry owns the data and is responsible for its security, this makes sense, but Derek Treatment, Director of Technology Solutions at Vital Wave made the point that often times servers in-country are actually less secure, reliable, and affordable as cloud servers. Based on his experience working with the Ethiopia Ministry of Health, he suggests storing data in the cloud in the near term and transferring it to the national data system once effectively up and running. There is no blanket solution. In theory, as the government owns data, it makes sense to store it in-country, but whether this is the right approach is completely context-specific. Data security is a huge consideration in this decision. If cloud servers can provide this security while in-country servers are improved, we can avoid a gap in data collection and use.
In her opening remarks, Simushi pointed out that there are a lot of partners collecting and sharing health data in Zambia and “sometimes they get permission and sometimes they do not.” She went on to request that all actors get permission to collect data before doing so. Panelist Rosemary Muliokela, mHealth Program Manager at the World Health Organization, reflected on her struggles working with telecoms and took Simushi’s request one step further, by recommending that any MOU between ministries and partnering organizations define exactly how the data is used. Treatment then outlined a practical step: Create data-sharing agreements, or legal documents that describe what the data owner is allowing the partner to do with the data. While the principle of “permission” was not a direct point of a contention on the panel, one audience member commented “to open data, you need to restrict it,” meaning that the process of getting permission will end up temporarily restricting partners looking to collect and analyze data.
I left this part of the discussion wondering what exactly the “permission” process entails. Defining the parameters of data collection and use in an MOU is no simple task. Then the document must go through ministry approvals, which takes time. This may pose a problem to partners who need to work fast.
When asked for concrete recommendations, panelist Amy Paul, Science and Technology Policy Fellow, U.S. Global Development Lab, noted that health data ecosystems are extremely fragmented and called for coordination under a shared set of standards created and mandated by governments. This will make sure data is collected in an interoperable way, and analyzed and shared properly. Muliokela also brought up the problem of siloed platforms that do not “talk to each other,” calling for a framework that guides implementers and sets expectations. Simushi agreed that a set of standards would force partners not to “stray outside the boundary of data they promised to collect.” In response, one audience member questioned the sustainability of interoperability, noting the technical limitations of having 14 different systems feed into one platform (DHIS2 in this case). Paul responded that the specifics of the minimum data sets for diseases should all be included in the standards to create a “national data dictionary.” The problem is that without an enforcement mechanism, these requirements will not fully take effect. At this point, there is no system that has the capacity to regulate partners who are collecting malaria indicators, for example, outside the scope of what is tracked through DHIS2.
The fact that the ICT4D community is having these conversations and debates is evidence enough that we are moving in the right direction when it comes to tackling the challenges of integrated health data and data ownership. It means there is a concerted effort to get this right, allowing Ministries of Health to lead the charge with guided, and restricted, support from partners. The common goal exists: Collect health data for decision-making to improve overall health for everyone. We now need to figure out the specifics of how to reach that goal.