INNOVATING TELEHEALTH VIA RESPONSIBLE DESIGN Do the new General Data Protection Regulation & Responsible Research and Innovation
meet one another in the Telehealth domain?
Author: A.A.M. Jochems
Anr: 465473
Masterthesis
Law & Technology
First reviewer: mr.dr. C.M.K.C. Cuijpers
Second reviewer: T. Crepax
Tilburg, 18 April 2017
1
Table of contents Table of contents ............................................................................................................................ 1
1. Introduction ................................................................................................................................. 3
1.1 Scope of the research ............................................................................................................ 4
1.2 Research method ................................................................................................................... 5
2. The promises and challenges of Telehealth innovation ........................................................ 7
2.1 Introduction ............................................................................................................................. 7
2.1.1 Motiva: an example of telehealth for chronically ill patients ............................................ 9
2.1.2 Promises of Telehealth .................................................................................................. 10
2.1.3 Challenges of Telehealth ............................................................................................... 11
2.2 Stakeholders ......................................................................................................................... 13
2.2.1 Producers ....................................................................................................................... 13
2.2.2 Health care providers..................................................................................................... 14
2.2.3 Patients .......................................................................................................................... 15
2.2.4 Health insurance companies ......................................................................................... 16
2.2.5 Government ................................................................................................................... 17
2.3 Legal framework ................................................................................................................... 17
2.4 Social framework/norms ....................................................................................................... 18
2.5 Summary .............................................................................................................................. 19
3. The General Data Protection Regulation & Telehealth ........................................................ 20
3.1 Introduction ........................................................................................................................... 20
3.1.1 Key changes .................................................................................................................. 21
3.2 Data Protection by Design .................................................................................................... 22
3.2.1. The seven foundational principles ................................................................................ 23
3.3 Data Protection Impact Assessment .................................................................................... 26
3.3.1 The six steps of the Data Protection Impact Assessment process ............................... 28
3.4 Summary .............................................................................................................................. 30
4. Responsible Research and Innovation & Telehealth ........................................................... 31
4.1 Introduction ........................................................................................................................... 31
4.1.1 Aims of Responsible Research and Innovation ............................................................ 33
4.1.2 The scope of Responsible Research and Innovation ................................................... 34
4.2 Approaches to Responsible Research and Innovation ........................................................ 35
4.2.1 The four dimensions ...................................................................................................... 36
4.3 Summary .............................................................................................................................. 39
5. GDPR & RRI where do they meet and where do they diverge with regard to Telehealth &
Data Protection? ........................................................................................................................... 40
5.1 General Data Protection Regulation & Responsible Research and Innovation .................. 40
5.1.1 The similarities ............................................................................................................... 40
5.1.2 The differences .............................................................................................................. 41
2
5.2 Discussion: hampering or stimulating innovation of telehealth technologies? .................... 42
5.3 Summary .............................................................................................................................. 43
6. Conclusion ................................................................................................................................ 45
References .................................................................................................................................... 47
3
1. Introduction On 4 May 2016 the European Commission (EC) published the official text of the General Data
Protection Regulation (GDPR), with an implementation period of two years it shall apply from 25 May
2018.1 The first draft was already released in January 2012 and ever since a lot has been written about
the new GDPR. In most of these articles the authors write about the differences between the new
GDPR and the current EU Data Protection Directive or about their position towards the GDPR. Some
write about what the GDPR will mean for the protection of its European citizens, but very little is
written about what the GDPR will mean for organizations that have to comply with this regulation. In
particular what the GDPR will mean for developers of telehealth. The health technologies that these
developers make, need to comply with data protection regulation as health technologies often depend
on data in order to function.
A good example of a telehealth technology that needs to comply with data protection
regulation is a telemonitoring system. Reiter & Habetha define a telemonitoring system as:
“The remote monitoring of patients’ state of health. It is fundamentally used to control and
treat chronic patients’ by ‘enabling patients to measure their vital parameters and symptoms
at home on a daily base with the aim to improve their disease management”.2
It helps chronically ill patients to live longer independently, meaning they can stay longer at their own
home instead of a nursing home. A telemonitoring system can measure the patient’s heart rate,
weight, blood pressure, glucose level, even in some cases their movements. These personal data will
be transmitted, analysed and presented to the health care staff supporting the patient. Based on these
data, the staff checks whether the patient is alright and if not they will contact the patient or give the
patient the care he/she needs.
From a medical perspective, these technologies need as much information as possible to give
the patient the best care. The crux of this matter is that while it is in the best interest of the patient to
gather as much data as possible, it can also become a problem for the patient: the more data gathered,
the more chance the privacy of the patient is at jeopardy. Therefore it is important that telehealth
organizations comply with data protection regulation. Data protection regulation makes sure there is
a minimum level of protection when data is gathered, processed and analysed.
1 Protection of personal data. (n.d.). Retrieved 2017, January 15, from http://ec.europa.eu/justice/data-protection/ 2 Reiter & Habetha 2010, p. 918-938; What is Telemonitoring. (n.d.). Retrieved 2017, January 15, from http://www.igi-global.com/dictionary/telemonitoring/29645
4
Unfortunately, data protection regulation cannot always keep up with the development of new
technologies and often gets confronted with the Collingridge dilemma3, which Von Schomberg explains
as:
“Implying that ethical issues could be easily addressed early on during technology design and
development whereas in this initial stage the development of the technology is difficult to
predict. Once the social and ethical consequences become clearer, the development of the
technology is often far advanced and its trajectory is difficult to change”.4
In order to prevent accountability, telehealth organizations have to address legal, ethical and social
issues before, during and after the development process by foreseeing and encountering risks, by
reflecting on what is known and unknown, by including the public and other stakeholders and by
responding quickly to different needs, requirements, views, issues and values.5 Such a Responsible
Research and Innovation (RRI) approach can help telehealth organizations reduce their liability and
increase the acceptance of their new health technologies by society.
1.1 Scope of the research Although telehealth has become familiar phenomenon in the current healthcare system, according to
Von Schomberg: “the new generations of ICT technologies are more controversial, as their increased
pervasiveness into people’s daily life and into the social infrastructure also raise a number of legal,
ethical and social issues”.6 The data gathered by these telehealth technologies consists out of
vulnerable information which can be useful for not only doctors, but also parties which do not always
have the best intentions. Because these telehealth technologies gather more and more vulnerable
information, privacy and data protection becomes more and more important.7
This thesis will focus on privacy and data protection regarding telehealth for chronically ill
patients, in particular the new GDPR. The GDPR introduces some new provisions, these new provisions
often mean more protection for the individuals, but could be problematic for telehealth organizations.
For these organizations the provisions could mean: more requirements and restrictions for new
technologies and adjustments for existing technologies, leading to higher costs or not making a certain
invention at all.8 On the other hand, telehealth organizations know that if they comply with the GDPR,
3 This dilemma was introduced in 1980 by David Collingridge in his book: ‘The Social Control of Technology’. 4 Von Schomberg 2011, p. 8. 5 Setiawan & Singh 2015, p. 229. 6 Von Schomberg 2011, p. 8-9. 7 Broekhuijsen 2014. 8 Business Europe, ERF & ERT 2016, p. 9.
5
their products will meet the legal standards and therefore have a higher chance to get accepted by
society.9
This explains the increased interest in and promotion of the RRI-approach by politicians, as
innovating with a RRI-approach ensures compliance with social and moral standards set by society.
The RRI-approach ensures this by “anticipating and assessing potential implications and societal
expectations regarding research and innovation, with the aim to foster the design of inclusive and
sustainable research and innovation”.10
To limit the scope, this thesis focuses on two of the new provisions introduced by the GDPR,
the Data Protection Impact Assessment (DPIA) and Data Protection by Design (DPbD). These two
provisions are very interesting in light of a RRI-approach as they both imply a forward-looking
responsibility, meaning that all stakeholders have to take possible and probable impacts into account
during the whole innovation process (from initial concept to application).11 The main question
therefore is: Can a Responsible Research and Innovation approach help telehealth organizations with
complying with the provisions ‘Data Protection Impact Assessment’ and ‘Data Protection by Design’?
Sub-questions are: What is telehealth? What are the General Data Protection Regulation and its
provisions: the Data Protection Impact Assessment and Data Protection by Design? What does
Responsible Research and Innovation mean? And where do the General Data Protection Regulation
and Responsible Research and Innovation meet and where do they diverge with regard to telehealth
and data protection?
1.2 Research method To gain more information about the subject a doctrinal research was conducted. In this doctrinal
research, the search engines: Hein Online, Kluwer Navigator, KluwerLawOnline, Legal Intelligence,
EUR-Lex and WorldCat Discovery and the keywords: General Data Protection Regulation, Responsible
Research and Innovation, Telehealth Organizations, Telehealth, Data Protection Impact Assessment
and Data Protection by Design, were used.
This resulted in articles like ‘The proposed data protection Regulation replacing Directive
95/46/EC: A sound system for the protection of individuals’, written by P. de Hert & V.
Papakonstantinou. This article gives a quick overview of the differences between the GDPR and the
current Directive 95/46/EC. Another article that was found was ‘The Concepts, Approaches, and
Applications of Responsible Innovation’, written by B.J. Koops. This article gives an introduction to RRI.
9 The EU Data Protection Reform and Big Data Factsheet (2016). Retrieved from
http://ec.europa.eu/justice/data-protection/files/data-protection-big-data_factsheet_web_en.pdf. 10 Responsible research & Innovation. (n.d.). Retrieved 2016, May 8, from https://ec.europa.eu/programmes/horizon2020/en/h2020-section/responsible-research-innovation. 11 Setiawan & Singh 2015, p. 228.
6
The article ‘Developing a framework for responsible innovation’ written by J. Stilgoe, R. Owen & P.
Macnaghten provides a framework for RRI, which includes the four dimensions of RRI. An example of
an article for telehealth is ‘Ethical Challenges of Telemedicine and Telehealth’ written by B. Kaplan &
S. Litewka. This article gives a brief introduction to telehealth and discusses the ethical challenges that
telehealth faces.
This thesis focuses on the compliance of the two provisions of the GDPR, the DPIA and the
DPbD in the light of a RRI-approach by Telehealth Organizations. In chapter 2, a definition of telehealth
and an introduction of its stakeholders will be given. In chapter 3 the GDPR will be discussed, topics
that will be covered are: a brief history so far and the provisions DPIA and DPbD. RRI will be discussed
in chapter 4, this chapter provides a framework for RRI, including the four dimensions of RRI as
established by Stilgoe, Owen & Macnaghten. In chapter 5 the differences and similarities between
GDPR and RRI will be discussed, followed by a discussion whether the GDPR will hamper or stimulate
telehealth innovation. Finally, chapter 6 will provide a conclusion and an answer to the main question.
7
2. The promises and challenges of Telehealth innovation “Demographic change, rising incidence of chronic disease and unmet needs for more personalised care
are trends that demand a new, integrated approach to health and social care”.12 “Telehealth is such an
approach, it involves the use of telecommunications and virtual technology to deliver health care
outside of traditional health-care facilities. Well-designed telehealth schemes can improve health care
access and outcomes, particularly for chronic disease treatment and for vulnerable groups. Not only do
they reduce demands on crowded facilities, but they also create cost savings and make the health sector
more resilient”.13
2.1 Introduction Telehealth is related to telemedicine, eHealth, mHealth and telecare, but a distinction between these
concepts can be made. According to Kaplan & Litewka, the difference between telehealth and
telemedicine is that: “Telemedicine has a clinician as at least one of the participants, whereas
telehealth is any use of information technology for health purposes”.14 They add that:
“Both involve using electronic information and communication technologies for healthcare
when distance separates the participants. They span a spectrum of applications, from the
relatively simple—like linking telephone, video, facsimile, home computers, and other low-cost
technologies to various devices so that health-related information can be sent to clinicians from
individuals’ homes—to clinical consultations conducted at sites remote from each other and,
therefore, convenient to both clinicians and patients, to complicated procedures, such as
telesurgery, performed remotely”.15
Telehealth as well as telemedicine are basic elements of eHealth, which uses a wider range of
information and communication technologies to improve the quality of healthcare.16 According to Van
Dyk: “mHealth refers to eHealth applications that are executed with the help of mobile technology”.17
The Telecare Aware Group state that: “Telecare is the continuous, automatic and remote monitoring
of real time emergencies and lifestyle changes over time in order to manage the risks associated with
independent living”.18 As a preventative health application, telecare falls within the scope of telehealth
12 Stroetmann, et al. 2010, ‘Key messages’. 13 Hockstein/WHO. (n.d.). Telehealth. Retrieved from http://www.who.int/sustainable-development/health-sector/strategies/telehealth/en/ (accessed 2015, October 23). 14 Kaplan & Litewka 2008, p. 401; Wyatt & Sullivan 2005. 15 Kaplan & Litewka 2008, p. 401. 16 Hockstein/WHO. (n.d.). Telehealth. Retrieved from http://www.who.int/sustainable-development/health-sector/strategies/telehealth/en/ (accessed 2015, October 23). 17 Van Dyk 2014, p. 1285. 18 Telecare Aware Group 2012.
8
and not within the scope of telemedicine.19 Figure 1 shows the relation between telehealth,
telemedicine, eHealth, mHealth and telecare.
‘Telehealth can be helpful if clinicians and their patients are separated by distance, it uses
telecommunications to send health information from the patient’s home to the clinician by linking
telephones, tablets, home computers and other technologies to various monitor devices. This makes
it possible to conduct clinical consultations at sites remote from each other and therefore convenient
to both clinicians and patients, especially for chronically ill patients’.20
Chronically ill patients are patients that suffer from a chronic disease and are physically or
mentally not able to live (fully) independently. They spent more time visiting one hospital after
another, instead of enjoying their time at their own home. For these chronically ill patients, more than
other patients, telehealth can make a big difference and have a huge impact on their lives by giving
them a change to live their lives a little bit more to the fullest.21 It is therefore that this thesis will focus
on telehealth specifically for chronically ill patients. Virtual home health care is an example of
telehealth that can make the lives of chronically ill patients a little easier by making it possible for them
to receive guidance in certain procedures while remaining at home.
19 Van Dyk 2014, p. 1284. 20 Kaplan & Litewka 2008, p. 401. 21 Kaplan & Litewka 2008, p. 402.
Figure 1: Telehealth, telemedicine, eHealth, mHealth and telecare.
Retrieved from: Van Dyk 2014, p. 1284.
9
2.1.1 Motiva: an example of telehealth for chronically ill patients Motiva, developed by the Dutch company Philips, is a good example of a virtual home health care
platform and will be briefly discussed in this sub-chapter in order to give a better understanding of
how a telehealth technology could look like.
Motiva is a content rich and interactive telehealth platform, specifically designed to help
empower chronically ill patients effectively manage their disease state.22 It enables behavioural change
through daily, personalized interactions and engaging content, delivered via a secure network
connection to the patient’s television.23 The Motiva platform organizes patient information in a clinical
dashboard, with recommended actions for the nurse to consider based on the patient’s individual care
plan and current status. It dynamically reprioritizes patients, based on their most recent health data
from the home and your clinical rules. It also automates many routine disease management tasks, such
as health assessments and patient education, and surveys selected patients on a daily basis, triggering
motivational messages to patients who are doing well and informing clinicians when others need closer
attention.24 The Motiva platform exists out of three components: Motiva Monitor, Motiva Coach and
Motiva Guide.
Motiva Monitor is for a small percentage of highly acute patients whose chronic disease
typically consumes the greatest percentage of healthcare spending. For example, patients that have
suffered a heart attack and therefore have a higher risk at heart failure25. These patients receive a set
top box for the secure network connection as well as wireless devices to measure weight and blood
pressure. Other vital signs, such as blood glucose measurements or pulse oxygen levels, are also
possible. At this service level, nurses can provide the full complement of Motiva services, by providing
additional patient self-management tools reinforced by one-on-one interactions. With daily
monitoring of vital signs, the goal is to reduce unnecessary hospitalizations, intervene appropriately if
indicated by patient data, and keep healthcare claims in check while helping the patient achieve a
greater quality of life.26
Motiva Coach is for patients who stand to gain from behavioural changes but whose disease
does not warrant daily vital sign monitoring. Motiva Coach also provides a connection through a set
22 Motiva. (n.d.). Retrieved 2015, October 14, from http://www.healthcare.philips.com/main/products/telehealth/products/motiva.wpd 23 Home healthcare, Telehealth Motiva. (2010). Retrieved from http://www.healthcare.philips.com/pwc_hc/main/shared/Assets/Documents/Homehealthcare/Telehealth/Motiva_English_2010_New_Final.pdf (accessed 2015, October 14), p. 2. 24 Home healthcare, Telehealth Motiva. (2010). Retrieved from http://www.healthcare.philips.com/pwc_hc/main/shared/Assets/Documents/Homehealthcare/Telehealth/Motiva_English_2010_New_Final.pdf (accessed 2015, October 14), p. 4. 25 American Heart Association 2015. 26 Home healthcare, Telehealth Motiva. (2010). Retrieved from http://www.healthcare.philips.com/pwc_hc/main/shared/Assets/Documents/Homehealthcare/Telehealth/Motiva_English_2010_New_Final.pdf (accessed 2015, October 14), p. 7.
10
top box, delivering daily content to the patient, including interactive surveys, relevant educational
videos and personalized motivational messages. At this service level, nurses provide targeted
information to encourage patient behaviour change, monitoring patient status through automated
surveys and periodic re-assessments. The goal is to help patients take a more active role in managing
their own health, in order to prevent or postpone a decline in their condition.27
Motiva Guide is for the less acute population, whose conditions are considered at-risk / early
chronic but not severe. Motiva Guide allows care providers to keep track of at-risk patients, as well as
maintain a historical record of phone-based assessments and patient education. At this service level,
nurses are able to document patients’ status and determine if they should be considered for more
frequent, personalized care. The goal is to help with patient stratification and proactively identify
patients in clinical decline so that their conditions can be correctly managed.28
The Motiva platform (launched by Philips on the Dutch market in 200729), is an interactive
platform that transmits data via a broadband Internet connection from the patient’s home (using the
patient’s television) to a workstation at the hospital. The system allows for sending information from
the medical staff performing the telemonitoring, which will be displayed on the patient’s television
(educational videos, questionnaires to establish the patient’s baseline status, personalized messages
and alarms), and for deployment of automated self-monitoring equipment (scale and
sphygmomanometer30) in the patient’s home to record weight, heart rate, and blood pressure; these
data are presented graphically on the patient’s television and are transmitted, analysed, and presented
to the medical staff supporting the patient via a dedicated web application.31
2.1.2 Promises of Telehealth Telehealth can be beneficial for the health system. By using electronic information and communication
technologies it provides more availability of information and services at any time and any place and
provide better accessibility of health care for all patients.32
If a patient needs special care which is not located near the patient, telehealth can help
providing this care by making it possible to get in touch with healthcare providers all over the world.
Telehealth can save travel time for both patient and clinician, by making it possible for patients to
check their vitals by themselves at home instead of visiting the clinician or the clinician visiting the
patients at home. Providing patients a better overview of their health data can also make them more
27 Idem. 28 Idem. 29 ANP 2009 (official press release of Philips). 30 A sphygmomanometer is an instrument for measuring blood pressure. 31 ‘How telehealth works’, <http://www.telehealth.philips.com/how_telehealth_works.html> accessed 24 July 2015. 32 Kaplan & Litewka 2008, p. 402.
11
aware of their own health situation and might trigger them to act more responsible regarding their
health, which can result in less visits to the doctor or hospital.33 This has a financial benefit, because
fewer visits often mean lower costs, for both patients and hospitals.
These days almost everyone has a TV screen and internet at home, these two ingredients alone
already make the use of telehealth possible and thus easy accessible. A patient using Motiva said: "If
you know how to press a button, you know how it operates. The TV screen tells you everything you
need to do."34 This shows that telehealth does not have to be complicated and is easy to use. Patients
receive education, personal guidance and treatment for their health conditions via a television channel
while staying at home, this makes it for doctors and nurses possible to treat more patients. Philips
stated in a press release that Motiva enables a single nurse to provide 500 patients instead of 100 à
150 patients the care they need within the same amount of time.35 The combination of interactive
guidance and telemonitoring often provides the patients a more secure and safe feeling, by enabling
them to stay in their own comfortable home and environment, ‘instead of being institutionalized, with
fewer intrusions by healthcare workers and more control over their privacy, health management,
schedule and activities. This could also offer their loved ones some reassurance, knowing that the
patients’ health conditions are being monitored’.36
According to Kaplan & Litewka:
“These new developments seem to provide what people want: personalized relationships with
providers, information targeted to their concerns and needs, and interactive tools for health
and disease management’. They think that, ‘patients and others needing healthcare services
will benefit from the use of these technologies in several ways commonly considered
‘‘empowering’’ and that it is likely that the care paradigm would shift from crisis intervention
to promoting wellness, prevention, and self-management’.37
2.1.3 Challenges of Telehealth Before telehealth can deliver these promises, it first has to overcome some challenges. According to
Friedberg & Quashie: “Telehealth is increasingly becoming a vehicle for generating, transmitting and
storing large volumes of electronic health information, and as telehealth platforms and delivery models
continue to evolve, the ways in which providers are creating and using health information are
33 Youtube. (2014, June 2). IOS 8 healthkit Keynote WWDDC 2014-full. Retrieved from https://www.youtube.com/watch?v=ByOpv-JRnAU (accessed 2016, November 12). 34 Philips Launches Motiva TV-based Remote Patient Management. (2006, May 12). Retrieved from http://www.appliancedesign.com/articles/90393-philips-launches-motiva-tv-based-remote-patient-management-5-12 (accessed 2016, November 12). 35 ANP 2009 (official press release of Philips). 36 Kaplan & Litewka 2008, p. 402. 37 Kaplan & Litewka 2008, p. 402.
12
constantly changing”.38 Because telehealth technologies continue to evolve, it continues to raise new
legal and ethical issues.
Technology often evolves more quickly than legislation, this means that when legislation
almost catches up with the technology, the technology already has changed. This makes it not only for
legislators difficult to ensure a minimum level of safety, but also for the telehealth providers. When
they have a new technology and there is not yet regulation for that technology, the telehealth
providers have to decide by themselves to which safety standards this new technology has to comply
and have to take future regulation into account in order to make sure the technology continues to
exist. This means that telehealth providers need to take potential risks and hazards into account
before, during and after the development process in order to exclude liability. In other words, the
telehealth providers have to innovate responsibly, also known as responsible research and innovation
(see chapter 4).
Another challenge can be the accessibility. Although telehealth can be beneficial for the health
system by providing more availability of information and services at any time and any place and better
accessibility of health care for all patients, there is still a part of the population that does not have
access to the required telecommunication technologies. For example, not everybody can afford a TV
and internet, which makes the use of a telehealth technology like Motiva for those people impossible.
In that case telehealth will only benefit the people that can afford a TV-screen and internet, not the
ones that are less fortunate.
The aging population could also be a challenge for telehealth, elderly people are generally
more difficult to persuade in using telehealth technologies. They have a tendency to distrust these kind
of technologies, because they have known a world without technologies that keep track of everything
they do. Nowadays young people grow up with these kind of technologies and do not know any better
than to be surrounded by it 24/7. A telemonitoring system like Motiva could make the patients feel
like their privacy is being invaded and give them an uncomfortable feeling.39
Telehealth can improve health care, but in order to function well it needs a lot of data and not
just any data, it needs sensitive data, personal data about someone’s health condition. Before
telehealth technologies you only had to fear that the doctor’s assistant would shout in a waiting room
full of people that you can pick up your medicine for haemorrhoids. Now everything, from an ingrown
toenail to an abortion, can be disclosed if health data is not protected properly. Using telehealth
technologies means the involvement of multiple parties who gather, share and process your sensitive
health data, which makes it important to ensure that responsibilities for securing and managing these
38 Friedberg & Quashie 2013. 39 AARP & Microsoft 2009, p. 7.
13
sensitive data are clearly defined and that each party is aware of its own responsibilities and those of
the other parties. 40
2.2 Stakeholders By using a telehealth technology a lot of sensitive data is being obtained, processed and shared by
multiple parties. To ensure the safety and efficiency of such technologies, it is important to know which
parties are involved and what their purposes are for collecting, processing and sharing these data.
In this chapter the different stakeholders that are involved in telehealth technology will be
discussed. Because telehealth is very broad and because the role of stakeholders can vary between EU
Member States, this thesis will focus on the stakeholders that are involved in telehealth for chronically
ill patients within the healthcare system. This means healthcare provided by health institutions like
hospitals, so non-profit and public organizations.
Within this telehealth domain there are five main categories of stakeholders: the producers,
the health care providers, the patients, the health insurance companies and the government (see
figure 2).
2.2.1 Producers Producers manufacture the telehealth services or products and the health care providers buy these
services or products. This quid pro quo relation stimulates innovation, innovating technologies cost a
40 Friedberg & Quashie 2013.
Figure 2: Telehealth in a health care system.
Adapted from: Janssen et al. 2013, p. 8.
14
lot of time, effort and money. By rewarding the producers with money for their innovating
technologies, producers are stimulated to keep innovating and improving the healthcare system. This
corresponds to what Adam Smith likes to call the ‘invisible hand’41. According to Hahnel, Smith’s
‘invisible hand’ means that: “when constrained by competitive markets, actors who simply pursue their
self-interest inadvertently promote the social interest as well”.42 This shows that producers of health
care services and products not only have a predominantly economic interest, but indirectly a social
interest as well.
Still, to ensure the economic interest will not outweigh the social interest, the government has
created legislation to which the producers of health care technologies have to comply. This kind of
legislation ensures a minimum level of quality and safety, examples are Law on Medical Devices, Law
on Data Protection and Law on Public Health.
For example, Motiva is a telehealth service that is manufactured by Philips, health care
providers buy Motiva and provide it to its patients, Philips is in this case the producer of Motiva. If
Philips only keeps an economic interest in mind, meaning producing products at the lowest costs as
possible and selling them for the highest price as possible, it could mean cuts have been made what
can jeopardize the safety and efficiency of Motiva. When products are unsafe and inefficient, patients
will not get the right quality of health care and therefore these products will not be accepted by society
(in this case the hospitals and patients). To guarantee a minimum level of quality and safety, legislation
imposes a responsibility on Philips to develop telehealth services and products that are safe and of a
certain quality. With this responsibility comes a liability, if Philips does not comply with these minimum
levels, it will be liable. The insurance that the products meet the legal standards make it easier for
products to get accepted by society.
2.2.2 Health care providers Health care providers buy the telehealth service (or product) from the supplier and offer the services
to their patients or clients. This could be the hospitals that, for example, buy Motiva from Philips in
order to provide it to their chronically ill patients. Within this group of stakeholders a division can be
made between investors, users and the IT-department, these stakeholders can influence the telehealth
service.43
Investors have influence because producers of telehealth services often depend on investors
to make the production of the service happen. An investor can be, for instance, a partnership or a
board of a health institution. If a hospital wants a telehealth service like Motiva it can choose to invest
41 Smith 1776: Book IV, Chapter 2, Paragraph 9. 42 Hahnel, 2016, Chapter 1, Paragraph 8. 43 Janssen et al. 2013, p. 21.
15
in this telehealth service by offering money to Philips, which in their return will be able to manufacture
this kind of telehealth services for the hospital.44
Users have influence, because they are the ones that are actually going to use the telehealth
service and provide it to their patients. Without the support of the users the telehealth service will not
succeed. Users can be, for example, medical experts or nurses. If Motiva wants to succeed it does not
only need to benefit the end-users (patients), but also the doctors and nurses that are going to use this
telehealth service as a healthcare provider. In this case Motiva saves them travel time, gives them
more input on health data of their patients and gives them an easy tool to educate their patients.45
The IT-department has influence because they have to implement and maintain the telehealth
service. If the implementation and maintenance are very expensive and take a lot of time, this could
mean the telehealth service is not worth buying. To guarantee the support the service needs in order
to become a success, it is important to take all stakeholders into account during the development of
the telehealth service.46
Health care providers can be interested in buying a telehealth service if the service: improves
the quality of health care, for example by ensuring more safety. Increases the efficiency of the
processes, for example a smarter registration system. Leads to saving labour, so that more care can be
provided with the same amount of people. Increases the service level, for example by better accessible
care. Reinforces their position in comparison to other health care providers. Improves their corporate
image, for example by making it possible for patients to have more control. Can be applied in their
existing health care system and the users can see the benefits of the service. 47
2.2.3 Patients “Improving the health of the population they serve” is, according to the WHO Health System
Performance Framework, one of the main goals of health care systems.48 This shows that patients, as
end-users, are an important group of stakeholders, they are the centre of the health care system.
Health care, including telehealth services, is specifically created for patients.49 Patients receive the
health care from the health care providers. Health care insurances make sure that the patients can
afford the care they need and the government sees to it that the provided care meets the quality and
safety requirements.
44 Factsheets stakeholders. (2013). Retrieved from http://5.157.81.93/somehealth/wp-content/uploads/2013/05/factsheets-stakeholders.pdf (accessed 2016, October 11); Janssen et al. 2013, p. 21. 45 Idem. 46 Idem. 47 Idem. 48 Healthcare systems. (n.d.). Retrieved 2015, October 23, from www.who.int/trade/glossary/story049/en/; Murray & Frenk 1999, p. 6. 49 Janssen et al. 2013, p. 17.
16
Because health care is about patients, this group of stakeholders can have a huge influence on
telehealth services. They are the ones who demand, the other stakeholders are the ones that supply.
Patients will be interested in telehealth services if these services: improve the efficiency of health care,
for example by increasing the compliance to legislation. Prevent deterioration or complications.
Improve the accessibility of the health care, for example by providing online consultations. Decrease
the impact their health conditions have on their (social) life. Make it possible for patients with a chronic
or severely limiting condition to remain in control. Stimulate motivation, an example is the application
of ‘serious gaming’ in therapy. Give a better insight on their own health conditions, by for example
providing access to their own health records. Provide comfort and are easy to use. 50
2.2.4 Health insurance companies Health insurance companies are, in this case, the stakeholders that reimburse the telehealth service
provided to the patients by the health care providers. Within this group of stakeholders a division can
be made between the innovation department, the investment fund, the purchasing department and
the commerce department.51
The innovation department selects and reviews the promising telehealth services. The investment
fund is important for financing the development of the telehealth service. The purchasing department
negotiates with the health care providers and purchases large quantities of care, they try to do this in
the most efficient way. The commerce department is important because they see telehealth services
as a distinctive feature and are the ones who compose the additional insurances for the individuals
and the collective insurances for the organizations. 52
Because better care for a lower price is important for health insurance companies, telehealth
services can be interesting for this group of stakeholders if the telehealth service: gets enough support
of the health care providers and patients, for example by co-creation; generates health benefits,
meaning a better quality of care or life; reduces the costs for care by increasing the self-reliance of the
patients or by reducing the workload of the health care providers; leads to substitution, meaning no
extra care but replacement of existing care; leads to the reduction of omissions, by preventing or a
faster recovery; and meets the national agreements.53
50 Factsheets stakeholders. (2013). Retrieved from http://5.157.81.93/somehealth/wp-content/uploads/2013/05/factsheets-stakeholders.pdf (accessed 2016, October 11); Janssen et al. 2013, p. 17. 51 Janssen et al. 2013, p. 25. 52 Factsheets stakeholders. (2013). Retrieved from http://5.157.81.93/somehealth/wp-content/uploads/2013/05/factsheets-stakeholders.pdf (accessed 2016, October 11); Janssen et al. 2013, p. 25. 53 Idem.
17
2.2.5 Government The government determines which telehealth services and products should be included in the basic
benefit package and thus should be reimbursed by the health insurance companies. It obligates health
insurance companies to ensure that the necessary health care is accessible and affordable for
everyone. 54 To make sure that the provided health care is up to standards, telehealth services and
products may only enter the health care market if they meet the minimum level of quality and safety.
To ensure this minimum level the government has created legislation to which producers, health care
providers and health insurance companies have to comply.55
2.3 Legal framework The stakeholder analysis shows that policy and politics play a part in the regulation and innovation of
telehealth. In this chapter the legal framework for telehealth for chronically ill patients will be
discussed. The data that are being used and the amount of stakeholders that are involved in telehealth
makes it important to have some regulation that ensures the safety and efficiency of telehealth.
Telehealth does not only have to comply with Dutch legislation, but to European legislation as
well. European member states are obligated to adapt their national legislation according to European
directives. The problem of this implementation process is that every member state can give an own
interpretation to these directives. This decreases the harmonization among the European member
states and can even result in legal uncertainty as telehealth is becoming more and more a cross-border
phenomenon. Different interpretations can make it very difficult for stakeholders to determine to
which regulations they have to comply. The following European directives are relevant for telehealth56:
The Data Protection Directive57, the e-Commerce Directive58, the Medical Devices Directive59, the
Directive on Distance Contracting60, the Directive on Electronic Signatures61 and the Directive on
Professional Qualifications62.
54 Factsheets stakeholders. (2013). Retrieved from http://5.157.81.93/somehealth/wp-content/uploads/2013/05/factsheets-stakeholders.pdf (accessed 2016, October 11); Janssen et al. 2013, p. 35. 55 Idem. 56 Bahr & Denjoy 2015, p. 9-13. 57 The ‘Data Protection’ Directive, Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ 1995 No. L281/31. 58 The Directive on Electronic Commerce, European Parliament and Council Directive 2000/31/EC. 59 European Parliament and Council Directive 2007/47/EC amending Council Directive 90/385/EEC on the approximation of the laws of the Member States relating to active implantable medical devices, Council Directive 93/42/EEC concerning medical devices and Directive 98/8/EEC concerning the placing of biocidal products on the market, OJ 2007 No. L247/21. 60 European Parliament and Council Directive 97/7/EC on the protection of consumers in respect of distance contracts, OJ 1997 No. L144/19. 61 European Parliament and Council Directive 1999/93 on a Community framework for electronic signatures, OJ 2000 No. L13/12. 62 Directive 2011/24/EU.
18
This thesis will focus only on the new General Data Protection Regulation (GDPR) as this regulation is
going to replace the current Data Protection Directive as from 2018 (see chapter 3). The new GDPR is
called into existence to increase the harmonization regarding data protection among European
Member States. As Telehealth technologies become more and more privacy intrusive, it is interesting
to see whether the new GDPR can keep up and cope with these kind of new inventions. The provisions
that will be in particular discussed are ‘Data Protection by Design’ (DPbD) and the ‘Data Protection
Impact Assessment’ (DPIA) as these two provisions try to find a balance in stimulating privacy intrusive
innovation on the one hand and hampering data and privacy infringements on the other hand.
According to Purtova, Kosta & Koops:
“These two provisions demonstrate a ‘compliance by design’ approach and can help achieving
compliance with the legal regulatory framework relating to telehealth. In contrast to
compliance by detection, where requirements are formulated and compliance is checked during
or after the execution of the relevant process and necessitate technology or process redesign
in case of violation, in compliance with design the rules are already taken into account when
designing technologies and processes (Lohmann 2013)”.63
2.4 Social framework/norms Apart from the legal framework there is also a social demand for innovating responsibly. Telehealth
technologies innovate rapidly and regulation often lacks the speed to keep up with this kind of
technologies. By the time that there is new regulation the technology is old and already changed, so
the regulation making process can start all over again. To fill this gap, society demands the producers
of telehealth technologies to take social and ethical issues into account when developing and
innovating telehealth technologies. Telehealth technologies need to take these social and ethical
issues into account in order to get accepted by society.64 If they will not get accepted by society, they
will not succeed.
An ethical dilemma could be finding a balance between protecting privacy on the one hand
and providing usable and user friendly services on the other hand. Motiva, for example, is a usable and
user friendly telehealth service that makes it possible for chronically ill patients to stay at home while
being monitored from a distance. In order to make this possible, the patients need to give up a part of
their privacy. The question here is: Does the usability and user friendly component outweigh the
privacy component and to what extend?
63 Purtova, Kosta & Koops 2014, p. 16. 64 Kaplan & Litewka 2008, p. 413.
19
As Kaplan & Litewka illustrate in their article, ‘Ethical Challenges of Telemedicine and
Telehealth’, another ethical challenge could be the GDPR-principle of informed consent. Health care
providers need a patient’s informed consent in order to collect, process and share this patient’s data.
They state that: “informed consent in telehealth means being aware of the benefits and burdens of a
telehealth technology. But that new technologies may involve new kind of risks, so that consent implies
consenting to risks impossible to anticipate”.65 It is therefore important that producers of health
technologies innovate responsible.
A Responsible Research and Innovation (RRI) approach can help the GDPR to strengthen its
principles in cases where the GDPR alone is not enough to guarantee a patients safety. In this case, the
RRI-approach means that producers already have to take these possible risks into account while
designing a telehealth technology, not only during the development process, but also before and after
the process. This ensures that when a patient gives an informed consent, a patient can do so with the
knowledge that the telehealth technology will be able to anticipate quickly when a possible risk might
occur.
2.5 Summary This chapter showed that telehealth can be helpful if clinicians and their patients are separated by
distance, as it uses telecommunications to send health information from the patient’s home to the
clinician by linking telephones, tablets, home computers and other technologies to various monitor
devices. A telemonitoring system like Motiva is an example of a telehealth technology that can make
the lives of patients a little easier by making it possible for them to receive guidance in certain
procedures while remaining at home. However, by using this telehealth technology a lot of sensitive
data is being obtained, processed and shared by multiple parties. To ensure the safety and efficiency
of telehealth technologies, it is important to know which parties are involved and what their purposes
are for collecting, processing and sharing these data. Within the Dutch telehealth domain there are
five main categories of stakeholders: the producers, the health care providers, the patients, the health
insurance companies and the government. All these different stakeholders do not only have to comply
with Dutch legislation, but to European legislation regarding telehealth as well. Apart from the legal
framework there is also a social and ethical demand for responsible innovation. In the next chapter
the legal framework, in particular the new GDPR, to which the stakeholders have to comply, will be
further discussed.
65 Kaplan & Litewka 2008, p. 406.
20
3. The General Data Protection Regulation & Telehealth In 2009 the European Commission (EC) made a first step towards unifying data protection within the
European Union (EU). The Commission wants to replace the current EU Data Protection Directive
95/46/EC with one single law, the General Data Protection Regulation (GDPR). The aim of this
regulation is to bring more harmonization among the European Member States regarding data
protection. They released a first draft of the GDPR on 25 January 2012, on 4 May 2016 the final draft
of the GDPR was published. After entering into force on 24 May 2016, the attending Member States
have a period of two years to fully implementing this regulation as it shall apply from 25 May 2018.66
3.1 Introduction The current EU Data Protection Directive 95/46/EC was enacted in 1995 and is still the centrepiece of
the existing EU legislation on personal data protection. The directive has two objectives: to protect the
fundamental right to data protection and to guarantee the free flow of personal data between
Member States.67
Due to rapid technological developments the protection of personal data faces new
challenges. Data sharing and collecting is increasing more and more every day. Social media, for
example, has contributed to individuals sharing their personal information without hesitation on the
internet making it publicly and globally available. This makes it for private companies and public
authorities possible to collect and use those data for their own purposes. Technology has changed the
economy as well as social life. To stimulate the economic development it is important to build trust in
the online environment. If consumers do not have confidence in the online environment they will
hesitate to buy online and adopt new services, which can have a negative effect on the development
and innovative use of new technologies. It is therefore that personal data protection has been placed
high on the Digital Agenda for Europe.68
Besides Directive 95/46/EC data protection has also been codified in articles 16(1) and 16(2)
of the Treaty on the Functioning of the European Union (TFEU) and article 8 of the Charter of
Fundamental Rights of the EU (Charter). The Lisbon Treaty introduced articles 16(1) and 16(2) TFEU.
Article 16(1) states that everyone has the right to protection of their personal data and article 16(2)
TFEU provides a specific legal basis for the adoption of rules on the protection of personal data. Article
8 Charter describes the protection of personal data as a fundamental right.69 The EC evaluated the
functioning of the EU instruments on data protection at the request of the European Council and was
66 COM(2012)11 final; Protection of personal data. (n.d.). Retrieved 2017, January 15, from http://ec.europa.eu/justice/data-protection/ 67 COM(2012)11 final, p. 1. 68 COM(2012)11 final, p. 1-2. 69 COM(2012)11 final, p. 2.
21
asked to present, where necessary, further legislative and non-legislative initiatives (The Stockholm
Programme 2010).70 After the evaluation the EC stressed the importance of applying the context of
the right to personal data protection consistently in all European Member States and concluded that
a more comprehensive and coherent policy is needed.71
The current framework is facing some problems like a fragmented implementation of personal
data protection across the European Union, legal uncertainty and a publicly shared view of serious
risks related to personal data, in particular in combination with online activities (Special
Eurobarometer 359).72 According to the EC: “this is why it is time to build a stronger and more coherent
data protection framework in the EU, backed by strong enforcement that will allow the digital economy
to develop across the internal market, put individuals in control of their own data and reinforce legal
and practical certainty for economic operators and public authorities”.73
3.1.1 Key changes The GDPR contains a few key changes in comparison to the current Directive 95/46/EC. This thesis will
focus on just two of those key changes, namely the new provisions: Data Protection by Design (DPbD)
and the Data Protection Impact Assessment (DPIA). These provisions are most relevant, because they
both can help finding the answer to the central research question of this thesis, as they both
incorporated all aspects of the legal framework, in this case the GDPR.
DPbD-provision introduces the obligation to design data protection into the development of
business processes for products and services (Data Protection by Design), to set privacy settings at a
high level as a default (Data Protection by Default), to collect only the personal data that are necessary
and to delete data as soon as possible.74
DPIA-provision introduces the obligation to conduct a DPIA when specific risks occur to the
rights and freedoms of data subjects. According to De Hert & Papakonstantinou, this could include:
“inter alia, processing of sensitive data or when the type of processing otherwise involves specific risks,
in particular when using specific technologies, mechanisms or procedures, including profiling or video
surveillance”.75 They state that: “a Data Protection Impact Assessment may be defined as a systematic
process for evaluating the potential effects on privacy and data protection of a project, initiative,
proposed system or scheme and finding ways to mitigate or avoid any adverse effects”.76 Purtova, Kosta
& Koops, add that: “the DPIA has an in-built feedback-loop to adjust the data processing practices /
70 The Stockholm Programme 2010, p. 1. 71 Idem. 72 TNS Opinion & Social 2011. 73 COM(2012)11 final, p. 2. 74 Idem. 75 De Hert & Papakonstantinou 2012, p. 140. 76 Idem.
22
technologies and the DPIA processes depending of the DPIA’s outcomes”.77 The Data Protection Impact
Assessment should describe, assess and provide measures to mitigate risks. If the DPIA shows high
risks, then the data controller should seek the advice of the data protection officer.78
Both provisions will be further discussed in the following chapters.
3.2 Data Protection by Design In 2014, the EC announced that:
“‘Privacy by Design’ and ‘privacy by default’ will become essential principles in EU data protection
rules – this means that data protection safeguards should be built into products and services from
the earliest stage of development, and that privacy-‐friendly default settings should be the norm –
for example on social networks”.79
The Commission introduced this DPbD-principle (also known as Privacy by Design) for the first time in
2012, when they released a first draft of the GDPR. DPbD has been codified in article 25 of the GDPR
and is a methodology that makes it possible to build privacy into the design and architecture of IT
systems, business processes and networked infrastructure. DPbD tries to ensure that privacy has been
taken into account before, at the start of, and throughout the development and implementation of
initiatives that involve the collection, processing and storage of personal data. By using innovative
approaches that are anchored in genuine respect for individual’s personal data, DPbD shifts the privacy
focus to prevention rather than compliance, this makes privacy protection more a ‘design feature’,
instead of a compliance burden.80 Purtova, Kosta & Koops state that “DPbD is an integral part of
strengthening accountability for data processing in the GDPR, i.e. not only actual implementation of
the data protection requirements, but also the ability to demonstrate compliance (art. 24 GDPR)”.81
DPbD aims to prevent privacy risks from occurring by focusing on the design and operation of
IT systems throughout their lifecycle. It makes leaders and project managers direct their attention to
achieve the objectives of IT projects in such a way that privacy is respected and the legal requirements
are met. If this is not the case and a project cannot prove that it complies with privacy or other
regulatory requirements it needs to be rethought so that it does. In other words DPbD can save costs
77 Purtova, Kosta & Koops 2014, p. 20. 78 Art. 35 GDPR. 79 ‘Progress on EU data protection reform now irreversible following European Parliament vote’ (12 March 2014) <http://europa.eu/rapid/press-release_MEMO-14-186_nl.htm> accessed 1 March 2016. 80 CPDP 2014, p. 1. 81 Purtova, Kosta & Koops 2014, p. 21.
23
while ensuring better privacy, because if privacy is already built into the IT system, costly privacy
retrofitting is not needed anymore.82
Other benefits are for one, the identification of potential problems at an early stage, what
makes addressing them often simpler and less costly. Second, the increased awareness of privacy and
data protection across an organization. Third, organizations are more likely to meet their legal
obligations and less likely to breach them. Four, actions are less likely to be privacy intrusive and
therefore less likely to have a negative impact on individuals.83 Lastly, according to the law firm Allen
& Overy, “implementing Data Protection by Design can both demonstrate compliance and create
competitive advantage”.84
3.2.1. The seven foundational principles The Information and Privacy Commissioner of Ontario, Ann Cavoukian, was one of the first and most
prominent advocates of the term ‘Privacy by Design’. She has put DPbD on the political agenda and
introduced the seven foundational principles on which DPbD is based. The principles aim to:
“proactively make privacy the default setting in all areas of technological plans and business practices
and explain how privacy should be embedded into the design of systems, in a positive-sum manner-
that does not detract from the original purpose of the system”.85 Figure 3 shows Cavoukian’s concept
of DPbD, it exists out of a trilogy of encompassing applications, to which the seven foundational
principles apply, namely: “information technology, accountable business practices, and physical design
and networked infrastructure”.86 For enabling DPbD to ensure privacy, all seven foundational
principles need to be taken into account.
82 Idem. 83 What is ‘privacy by design’? (n.d.). Retrieved 2016, March 1, from http://ico.org.uk/for_organisations/data_protection/topic_guides/privacy_by_design 84 Allen & Overy 2017, p. 9. 85 Purtova, Kosta & Koops 2014, p. 21. 86 Gürsus, Troncoso & Diaz, p. 3.
24
3.2.1.1 Proactive not reactive, preventative not remedial
DPbD has the character of proactive measures rather than reactive measures. DPbD tries to prevent
privacy invasive events from happening. It takes control by not waiting for the privacy risks to occur
and if they have occurred to resolve them, but it aims to prevent the risks from occurring. This means
that DPbD comes not after the fact, but before the fact.87 This suggests that organizations need a clear
commitment to set and enforce high standards of privacy. That individuals are working in a culture of
continuous improvement, within and across the organization and share this commitment. That to
address poor privacy design, anticipate to poor privacy practices and outcomes, and to correct any
negative impacts before they happen in proactive, systematic and innovate ways, organizations need
to establish and maintain practices and methods.88
3.2.1.2 Privacy as the default setting
By ensuring that personal data is automatically protected in all ICT systems, business practices or
processes, DPbD tries to deliver the maximum degree of privacy. The privacy should remain intact even
87 Cavoukian 2011, p. 2. 88 Idem.
Retrieved from: CPDP 2014, p. 3.
Figure 3: The seven foundational principles of Data Protection by Design.
25
if an individual does nothing, this means that the individual does not have to take steps to protect his
or her privacy, it is built into the system, by default.89
According to this principle, the privacy settings of Motiva should be set in such a manner that
it automatically provides a maximum level of privacy protection. It is then up to the patient to choose
whether he or she wants to alter certain privacy settings in order to enable Motiva to gather more
personal data.
3.2.1.3 Privacy embedded into design
DPbD is intentionally built into the design and architecture of IT systems, business practices or
processes and other initiatives that deal with personal data, it is not added after the fact. Because of
this, privacy becomes an essential part of the core functionality and gets integral to the system,
practice or process, without affecting its functionality.90
This principle expects Philips to have built privacy protection into the design of Motiva, which
enables Motiva to function without invading the privacy of the patient and which enables privacy
protection to get integrated without affecting Motiva’s functionality.
3.2.1.4 Full functionality: positive – sum, not zero-sum
DPbD tries to find all legitimate interests and objectives in a positive sum “win-win” approach and
not through an outdated approach like zero-sum, where unnecessary compromises or trade-offs
are made91. By proving it is possible to have both, DPbD avoids false dichotomies, such as privacy
versus security. The zero-sum approach means that only one of those values can be achieved at the
expense of the other, but not both simultaneously. DPbD replaces the traditional zero-sum
approach with the positive-sum approach, in which both values can be maximised to the greatest
possible extend. It shows that by building privacy into the design and implementation of IT systems,
the goals of protecting an individual’s privacy and the goal that the system sets out to achieve can
be achieved simultaneously. In other words, IT systems can be designed and implemented in such
a way that privacy is maintained or enhanced, without diminishing the functionality of the
technology.92
3.2.1.5 End-to-end security – full lifecycle protection
Because DPbD is built into systems and practices before personal data is being collected, processed
and stored, it can make sure that the data is secured throughout the entire lifecycle of the data
89 Cavoukian 2011, p. 2-3. 90 Cavoukian 2011, p. 3. 91 Cavoukian 2011, p. 3-4. 92 Cavoukian & Eman 2011, p. 1-4; Cavoukian 2011, p. 3-4.
26
involved. It is important for privacy to take appropriate security measures from the collection of data
through to the destruction of those data.93
By building privacy protection into Motiva before it starts collecting personal data, Philips can
ensure that the data gathered from the patient are protected while being collected, processed and
finally, erased.
3.2.1.6 Visibility and transparency – keep it open
DPbD tries to assure all stakeholders that the IT systems, business practices and procedures involving
personal data are operating in compliance with the stated promises and objectives and that these are
subject to independent investigation and verification. Every step needs to be visible and transparent
to the users and providers.94
3.2.1.7 Respect for user privacy – keep it user centric
DPbD requires that the interest of the individual is always at the forefront by offering measures such
as strong privacy defaults, appropriate notice and empowering user-friendly options. The managers,
architects and operators need to keep it user-centric.95
This principle requires Philips to have taken the interest of the patient always at the forefront
by providing the patient a safe, secure and user-friendly Motiva.
3.3 Data Protection Impact Assessment In 2012, the EC announced with the GDPR its plans to replace the existing notification requirement
with a new mandatory DPIA-framework. Under this DPIA-framework, which has been codified in article
35 GDPR, businesses are obliged to conduct a DPIA before operating with risky personal data
processing activities.96
According to Purtova, Kosta & Koops:
“DPIA refers to both methodology and a process (Wright 2012, p. 55). As a process, DPIA should
begin on early stages of design and last throughout the entire lifecycle of technology,
application or process so that the latter can be changed to account for data privacy and security
risks (ibid.). The DPIA process should be ongoing and repeat in case any change is made in the
product or process”.97
93 Cavoukian 2011, p. 4. 94 Cavoukian 2011, p. 4-5. 95 Cavoukian 2011, p. 5. 96 Wynn 2015. 97 Purtova, Kosta & Koops 2014, p. 17.
27
DPIA’s are an integral part of taking a Privacy by Design approach and can help organizations with the
identification and reduction of privacy risks, throughout the development and implementation of a
project, process or system. 98 According to the Information Commissioner’s Office (ICO), the UK’s
independent body set up to uphold information rights in the public interest99, “It enables an
organization to systematically and thoroughly analyse how a particular project or system will affect the
privacy of the data subjects involved.”100 DPIA’s aim to ensure the minimization of privacy risks while
allowing the project, process or system achieve its goals when possible. By analysing how personal
data and technology will be used in practice, risks can be identified and addressed at an early stage,
making it possible to test the analysis by consulting people who are working or are affected by the
project, process or system.101
The Commission has inserted a non-exhaustive list of examples of risky processing activities
for which a DPIA is needed in article 35 jo. art. 9(1) GDPR. Examples are: the use of genetic or biometric
data and personal data about an individuals’ health, religion or race.102 In this same article, the
Commission provides a description of what should be included in a DPIA:
"The assessment shall contain at least a systematic description of the envisaged processing
operations and the purposes of the processing, an assessment of the necessity and
proportionality of the processing operations in relation to the purposes, an assessment of the
risks to the rights and freedoms of data subjects, the measures envisaged to address the risks,
including the safeguards, security measures and mechanisms to ensure the protection of
personal data and to demonstrate compliance with this Regulation, taking into account the
rights and legitimate interests of data subjects and other persons concerned.”103
If a DPIA shows that processing activities have a high degree of specific risks to the rights and freedoms
of data subjects, businesses are obliged to consult regulators about these risks and offer measures to
remedy such situations. Businesses can face a potential fine under the GDPR if they do not conduct a
DPIA when obligated or if they do not consult with regulators when needed.104 This reassures
individuals that organizations that conducted a DPIA have followed best practices and are less likely to
be privacy intrusive. Organizations can also benefit from a DPIA, because identifying a privacy risk in
an early stage, usually means a simpler and less costly solution.105 In addition, Purtova, Kosta & Koops
mention other benefits, like:
98 ICO 2014, p. 4-5. 99 See for more information about the Information Commissioner’s Office: https://ico.org.uk/about-the-ico/. 100 ICO 2014, p. 5. 101 ICO 2014, p. 5-6. 102 Wynn 2015. 103 Art. 35 GDPR; COM(2012)11 final, p. 63. 104 Wynn 2015. 105 ICO 2014, p. 8-9.
28
“DPIA aids demonstrating compliance with data protection regulation, among others, via DPIA
report. A well-executed DPIA may mitigate or even exclude civil liability under particular
circumstances (Gellert and Kloza 2012). DPIA can aid in gaining public’s – medical professionals’
and patients’ – trust in telehealth technologies.106 DPIA educates organisation’s employees and
partners about the organisation’s respect of and similar expectations towards employees and
partners concerning privacy. An industry or organisation initiating a DPIA may avoid undesired
regulatory interference (Wright 2012, p. 55). And the resulting high level of data protection,
low level of data risks and trust may have a positive effect on adoption of relatively new
telehealth technologies’.107
3.3.1 The six steps of the Data Protection Impact Assessment process It is important to start the DPIA at an early stage of a project, process or system. If the DPIA shows that
an organization could be facing some privacy risks, the organization should take appropriate measures.
When a DPIA is being conducted, the development of the project, process or system does not have to
wait until the DPIA is finished, they can run simultaneously. A proper DPIA process exists of six steps,
which all have to be taken into account while conducting the DPIA.108
3.3.1.1 Identifying the need for a DPIA
First, the organization should identify potential privacy risks and discuss these with stakeholders to
come up with a plan to address those risks. It is important that this step is taken at an early stage of
the development of a project, process, or system. It has been successful if the overall aims of the
project, process or system are described and the development process is adapted to address the
privacy concerns.109
3.3.1.2 Describing information flows
Second, an organization needs to explain how and for what purpose personal data will be collected,
processed and stored, who will have access and to whom it will be disclosed. The ICO state that: “this
step can be based on, or form part of, a wider project or process plan and can help to identify potential
unforeseen or unintended uses of personal data. The requirements are fulfilled if the people who will
be using the personal data are consulted on practical implications and potential future uses of personal
data are identified, even if they are not immediately necessary”.110
106 Purtova, Kosta & Koops 2014, p. 17. 107 Idem. 108 ICO 2014, p. 12. 109 Idem. 110 ICO 2014, p. 12-13.
29
3.3.1.3 Identifying privacy and related risks
Third, an organization needs to, where appropriate, communicate the risks and possible privacy
intrusions to the data subjects involved. It also needs to assess the corporate risks, which include the
assessment of the regulatory action that is needed, the reputational damage that has been suffered
and the amount of public trust that has been lost. According to the ICO, “it further needs to conduct a
compliance check against the GDPR and other relevant legislation and needs to maintain a record of
identified risks. To succeed this step, an organization needs to be open with itself about risks and
potential changes to a project, process or system”.111
3.3.1.4 Identifying and evaluating privacy solutions
Fourth, an organization should provide a solution to reduce or eliminate the privacy risks. It needs to
assess the costs and benefits of each measure to make sure the chosen approach has the most positive
impact on privacy and most favourable effect on the project, process or system outcomes. This step is
about balancing the achievement of the goals of a project, process or system on the one hand and the
impact on privacy on the other hand. Some risks might be eliminated altogether, others might be
reduced, but in most cases certain privacy risks will be accepted in order for a project, process or
system to continue.112
3.3.1.5 Signing off and recording the DPIA outcomes
Fifth, an organization needs to obtain a signoff (approving the DPIA) at an appropriate level, it needs
to produce a DPIA report, which includes all results that were acquired during the whole DPIA process,
from beginning to end. The ICO mentions that: “the report should record the decisions taken to
eliminate, mitigate or accept the identified risks. It must give the appropriate stakeholders access to
the DPIA report or a summary and should even consider to publish the report or other relevant
information. Publishing the report will improve transparency and accountability, it lets individuals learn
more about how the project, process or system affects them”.113
3.3.1.6 Integrating the DPIA outcomes back into the project plan
Finally, an organization needs to continue using the DPIA throughout the lifecycle of a project, process
or system and needs to ensure that the steps that are recommended by the DPIA are recorded and
implemented.114
111 ICO 2014, p. 13. 112 ICO 2014, p. 13-15. 113 Idem. 114 ICO 2014, p. 13-14.
30
3.4 Summary This chapter discussed the GDPR, which is going to replace the current EU Data Protection Directive
95/46/EC as of 25 May 2018. The GDPR contains a few key changes in comparison to the current
Directive 95/46/EC. The most relevant key changes for this thesis are: DPbD and the DPIA. DPbD has
been codified in article 25 of the GDPR and is a methodology that makes it possible to build privacy
into the design and architecture of IT systems, business processes and networked infrastructure. DPbD
tries to ensure that privacy has been taken into account before, at the start of, and throughout the
development and implementation of initiatives that involve the collection, processing and storage of
personal data. Under the DPIA-framework, which has been codified in article 35 GDPR, businesses are
obliged to conduct a DPIA before operating with risky personal data processing activities.115 DPIA’s are
an integral part of taking a Privacy by Design approach and can help organizations with the
identification and reduction of privacy risks, throughout the development and implementation of a
project, process or system. 116 The next chapter will discuss the Responsible Research and Innovation
approach, as there is besides a legal framework also a social and ethical demand for responsible
innovation.
115 Wynn 2015. 116 ICO 2014, p. 4-5.
31
4. Responsible Research and Innovation & Telehealth “Researches in cutting fields are more and more asked by funders and regulators to conduct responsible
innovation in order to increase the social and economic benefits and effectively manage the risks of
their work. They are expected to engage with the environmental, health and social impacts of the
technologies they are developing, deliver benefit and identify and mitigate risks in the process”.117
4.1 Introduction The term ‘responsible research and innovation’ (RRI), also known as ‘responsible innovation’, is more
and more used by academics and politicians, but it is still not clear what the term exactly means. There
is a wide variety of literature on the conceptualizations, approaches and applications of RRI. According
to Koops: “all trying to give a better understanding of what responsible research and innovation means
and what it implies for the theory and practice of innovation”.118
Koops brought in his article: ‘The concepts, approaches, and applications of responsible
innovation’, the definitions of Von Schomberg (2011), Stahl et al. (2013), Owen et al.(2013a), Blok &
Lemmens (2015) and Setiawan & Singh (2015) together. 119 Von Schomberg defines RRI as:
“A transparent, interactive process by which societal actors and innovators become mutually
responsive to each other with a view on the (ethical) acceptability, sustainability and societal
desirability of the innovation process and its marketable products (in order to allow a proper
embedding of scientific and technological advances in our society)”120.
Stahl et al. define RRI as: “a social construct or ascription that defines entities and relationships
between them in such a way that the outcomes of research and innovation processes lead to socially
desirable consequences.”121 Owen et al. describe RRI as “a collective commitment of care for the future
through responsive stewardship of science and innovation in the present”.122 Blok & Lemmens define
RRI as “a new approach towards innovation, in which social and ethical aspects are explicitly taken into
account (…) and economic, socio-cultural and environmental aspects are balanced”.123 Similarly,
Setiawan & Singh provide a contextualized working definition of responsible innovation as:
“Ensuring the accountability of innovation actors (the actors involved in the adoption of
innovation) through the engagement of anticipation, reflexivity, responsiveness, deliberation
117 Responsible Innovation. (n.d.). Retrieved 2016, May 8, from http://www.medical-technologies.co.uk/support-for-innovation/responsible-innovation/; Davies & Horst 2015, p. 50. 118 Koops 2015, p. 2. 119 Koops 2015, p 3. 120 Von Schomberg 2011, p. 9. 121 Stahl et al. 2013, p. 214. 122 Owen, Bessant & Heintz 2013, p. 36. 123 Blok & Lemmens 2015, p. 20.
32
and participation in the adoption of innovation while looking at the impact of innovation on
three aspects: environment, social, and economy”.124
These definitions all focus on what responsible means in responsible innovation, but do not exactly
give an understanding of what innovation means in responsible innovation. Koops thinks that:
“The lack of elaboration of ‘innovation’ in definitions of the term ‘responsible innovation’ does
not primarily indicate an unproblematic understanding of innovation; rather, it suggests that
responsible innovation literature can be seen as a sub-field of innovation. It does not primarily
aim at understanding or improving innovation as such, but rather at understanding how
innovation, whatever it means in different contexts, can be made ‘responsible’. The emphasis
here is on incorporating social and ethical values or aspects in the innovation process”.125
To understand what responsible innovation means, it is equally important to understand the definition
of the term innovation. Schumpeter gives an economic definition of innovation: ‘the activity in which
a new product and method of production are introduced, a new market is opened, and new
organizations of any industry is carried out”.126 Dosi’s definition of innovation suits that of Schumpeter,
as she defines innovation as: “the search for, and the discovery, experimentation, development,
imitation and adoption of new products, new production processes and new organizational set-ups”.127
According to Setiawan & Singh these definitions “imply that what is meant by innovation is not
limited to technological innovation, but rather constitutes the novelty of products, processes,
organisations, and markets”.128 They give a broader social definition of innovation:
“Innovation embraces any kind of changes that create certain kind of values for society while
bringing any products, ideas, methods, and any other objects into the market, either radically
or incrementally. Innovation emerges not only new kinds of techniques, but ultimately it gives
birth to new social practices that enable people improving their quality of life. By bringing new
things into the market, innovation is seen as a future-creating activity that changes the market
as well as the society itself”.129
This is in line with the definition of Crossan and Apaydin as they see innovation as:
“Production or adoption, assimilation, and exploitation of a value-added novelty in economic
and social spheres; renewal and enlargement of products, services, and market; development
124 Setiawan & Singh 2015, p 230. 125 Koops 2015, p 3-4. 126 Schumpeter 1934, p. 66. 127 Dosi’s 1988, p. 222. 128 Setiawan & Singh 2015, p. 228. 129 Idem.
33
of new methods of production; and establishment of new management systems. It is both a
process and an outcome.”130
The different definitions mentioned above all try to give a better understanding of the meaning of RRI,
but actually it is all up to society itself to determine what RRI exactly entails, as it is based on the norms
and values that arise from society. These societal, ethical and moral norms and values are not codified
and have no legal status, but can be seen as unwritten guidelines to ensure that society’s best interests
are taken into account before, during and after the innovation process. By taking these norms and
values into account a product or service has a higher chance to get accepted by society and therefore
a higher chance to succeed.131
4.1.1 Aims of Responsible Research and Innovation RRI is aimed to overcome the challenges and obstacles that innovation brings along. According to De
Jong et al. the challenges and obstacles are, for one, ‘the negative impacts, such as technology-induced
risks’. These negative impacts should be considered before, during and after the development process.
They mention a second challenge that concerns “rebalancing between financial and economic
performance innovation on the one hand, and alternative valued performance of innovation, such as
societal benefits and environmental protection, on the other hand (e.g. Tihon and Ingham 2011)”.132
RRI tries to combine both by integrating social and environmental benefits as well as financial and
economic performances into innovation.
According to De Jong et al. a third major challenge is: “the asymmetry between the speed of
innovation and the assessment of the impacts of the innovative products or the regulation thereof (e.g.
Owen 2009)”. Research and regulation are often one or two steps behind innovation. There seems to
be a vicious circle, because anticipation is often far too late and prevention almost impossible, while
innovation can have a huge impact on society and environment, with even damages as a result. When
research and regulation finally seem to catch up with a certain technology, there are already new
innovations that need to be dealt with and so it continues. RRI tries to ensure that societal, ethical and
judicial issues are taken into account at a very early stage by including scientists, professionals and
stakeholders before, during and after the research and development process of an invention.
As a fourth challenge they refer to: ‘the irreversibility’s and unintended consequences of
innovation that are not bound to the innovation’s location of origin, due to the global nature of
innovation. Innovation is a cross border phenomena, this means it can have impact on a global level’.
130 Crossan and Apaydin 2010, p. 1155. 131 Responsible research & Innovation. (n.d.). Retrieved 2016, May 8, from https://ec.europa.eu/programmes/horizon2020/en/h2020-section/responsible-research-innovation. 132 De Jong et al. 2015, p. 68.
34
The fifth challenge they point out is: ‘the ignorance and uncertainties towards the outcomes
of the innovation process’. RRI tries to take possible drawbacks into account, even if these drawbacks
are very unlikely to take place. This can be difficult, because in case of emerging technologies, the
knowledge is not always there.
They state that the final challenge relates to, ‘the distrust and rejection towards innovation’.
To succeed, it is important for innovations to be trusted and accepted by the public. If RRI is used
during the development of a technology, the technology can get a better reputation and therefor will
be easier accepted by the public, making the chance to fail less likely. 133
4.1.2 The scope of Responsible Research and Innovation RRI touches upon a lot of different areas, Davies & Horst mention the following ones: “innovation
process, corporate responsibility, regulation, a sustainable economy, global markets, business and
modern society”.134 In this thesis the focus will be on RRI with regard to Telehealth regulation,
specifically the General Data Protection Regulation (GDPR).
4.1.2.1 Governance of Responsible Research and Innovation
According to Koops, regulators are relative absent in the landscape of RRI. He state that: “the relative
absence of regulators in the landscape might imply that the governance of responsible innovation is as
yet underdeveloped, and perhaps that processes of responsible innovation are to a significant extent
self-governed”. 135 He states that one of the reasons for the relative absence of regulators in the
landscape of RRI could be found in Collingridge’s dilemma:
“Controlling a technology in its early development stages is difficult because there is not
enough known about the possible or probable impacts, but it is also difficult to control or
change the technology when it is in its final stages, intervention while the technology is already
well-developed can be very expensive and drastic (Collingridge 1980).”136
But although regulators are relative absent in the landscape of RRI, according to Koops, RRI:
“Should not be restricted to technological innovation stricto sensu: since technology interacts
with society and norms in a complex process of mutual shaping, responsible innovation is
broadly relevant wherever society innovates, be it in technologies, institutions, social practices,
133 Idem. 134 Davies & Horst 2015, p. 50. 135 Koops 2015, p. 10. 136 Idem.
35
or regulation. It is the combination of all these that should, ideally, be incorporated into
responsible innovation”.137
4.2 Approaches to Responsible Research and Innovation There are many different approaches to RRI. The European Commission (EC) for example uses the six
keys. The six keys are developed to get a better grasp on the meaning of RRI. According to the EC an
innovation needs to fulfil the following six keys in order to be responsible: engagement, gender
equality, science education, open access, ethics and governance.
Geoghegan-Quinn gives the following definitions of the six keys: Engagement is the first key
and means that all stakeholders (researchers, industry, policymakers and society) get involved and
participate jointly in the research and innovation process.138 Gender equality is the second key and
means that women as well as men must be integrated in the research and innovation content.139
Science education is the third key and entails an enhanced education process “to better equip future
researchers and other societal actors with the necessary knowledge and tools to fully participate and
take responsibility in the research and innovation process”.140 Open Access is the fourth key and means
that research and innovation must be transparent and accessible in order to be responsible.141 Ethics
is the fifth key and should be taken into account in the research and innovation process to ensure high
quality results and increased acceptability of research and innovation outcomes.142 Governance is the
sixth key and the umbrella for all the others. Policymakers are responsible for integrating the five other
keys into models of Responsible Research and Innovation in order to prevent harmful or unethical
developments.143
Another approach to RRI is the product- and process approach, which Koops discusses in his
article, ‘The concepts, approaches, and applications of responsible innovation’. Both approaches can
be applied to product innovation and process innovation.144 According to Koops:
“The product approach can be characterized by a focus on developing a method, a framework,
or guidelines that can be used to make innovation in a certain way more responsible. Often, it
involves the development of a normative framework (consisting of ethical and legal values and
norms) that is subsequently applied to a technology (concrete applications or a more abstract
137 Koops 2015, p. 5. 138 Geoghegan-Quinn 2012, p. 1. 139 Idem. 140 Geoghegan-Quinn 2012, p. 2. 141 Idem. 142 Idem. 143 Idem. 144 Koops 2015, p. 6.
36
class of technology), and this often is accompanied by an argument that the normative
framework should be applied from the start of the technology development process”.145
Risk assessment methods are an example of a product approach, it can help the developers to take the
ethical and social values into account at the beginning of an innovation process.146
Koops states that:
“The process approach can be characterized as a focus on developing self-learning procedures
that could be used to make innovation in a certain context more responsible. In contrast to the
product approach, the aim is less to develop substantively responsible frameworks or methods,
but rather procedures or practices that are procedurally responsible. It is often associated with
procedural values such as legitimacy, inclusiveness, and accountability, while the substantive
values that guide a certain technology or system transition are generated internally to the
context, through stakeholder involvement’.147
This procedural, self-learning focus is most visible in Owen et al.’s approach to responsible innovation:
“to innovate responsibly entails a continuous commitment to be anticipatory, reflective, inclusively
deliberative, and responsive”.148
Owen et al.’s approach to RRI is a well-known and often used approach, better known as the four
dimensions: anticipation, reflexivity, inclusive deliberation and responsiveness.
Despite the relevance and upsides of all the approaches mentioned above, this thesis will focus
only on the four dimension approach of Owen et al., as this approach is most in line with the two
provisions of the GDPR: Data Protection by Design (DPbD) and the Data Protection Impact Assessment
(DPIA).
4.2.1 The four dimensions “The challenge is how a framework for responsible innovation can accommodate plurality of political
and ethical considerations as these relate to social desirability and acceptability, allowing the inevitable
tensions, dilemmas, and conflicts to be identified and navigated, with a view to a democratic, equitable,
and legitimate resolution. These challenges make the case for broad, inclusive deliberation concerning
the purposes of, and motivations for, innovation essential”.149 According to Owen et al., innovation
needs to meet the following four dimensions in order to be responsible: Anticipation, reflexivity,
inclusion and responsiveness.
145 Koops 2015, p. 6-7. 146 Koops 2015, p. 7. 147 Idem. 148 Owen, Bessant & Heintz 2013, p. 29. 149 Owen et al. 2013, p. 37-38.
37
4.2.1.1 Anticipation
First, innovation needs to be anticipatory. This means that during the innovation process intended
impacts as well as possible unintended impacts need to be taken into account. These risks can be for
example economic, social or environmental and need to be dealt with beforehand during the
innovation process. To ensure this, researchers and innovators should ask themselves “what if….” and
“what else might it do?” over and over during the innovation process and support these questions with
technology assessment, methodologies that include foresight and scenario development. The aim of
anticipation is not to predict possible impacts, but to explore those impacts, which otherwise remain
undiscovered until it is too late.150
4.2.1.2 Reflexivity
Second, innovation needs to be reflective, meaning reflecting on what is known (motivations,
underlying purposes and intended impacts) and on what is not known (unintended impacts, risks,
uncertainties and dilemma’s). This includes reflecting on governance, ethical review and areas of
regulation.151 According to Stilgoe, Owen & Macnaghten: “reflexivity asks scientists, in public, to blur
the boundary between their role responsibilities and wider, moral responsibilities. It therefore demands
openness and leadership within cultures of science and innovation”.152 In other words: “holding a mirror
up to one’s own activities, commitments and assumptions, being aware of the limits of knowledge and
being mindful that a particular framing of an issue may not be universally held”. 153
4.2.1.3 Inclusion
Third, innovation needs to be inclusively deliberative. It needs to include the public and diverse
stakeholders in its innovation process in order to open up visions, questions, purposes and dilemma’s.
This inclusively deliberation can be ensured by discussing, debating, inviting and listening to wider
perspectives from the public and diverse stakeholders.154 This dimension imposes the inclusion of the
public and diverse stakeholders during the innovation process. According to Owen et al.: “this allows
the introduction of a broad range of perspectives to reframe issues and the identification of areas of
potential contestation”.155
By including and entering into dialogue with the public and the stakeholders (healthcare
providers, patients, health insurance companies and the government) during the innovation process,
150 Owen 2013b, p. 38. 151 Owen 2013b, p. 38. 152 Stilgoe, Owen & Macnaghten 2013, p. 1571. 153 Idem. 154 Owen 2013b, p. 38. 155 Idem.
38
Philips can discover the issues, dilemma’s and possible risks at an early stage as the dialogue can
provide diverse sources of social knowledge, values, and meanings. Stilgoe, Owen & Macnaghten
mention that Callon, Lascoumes & Barthe offer three criteria that ensure the quality of the dialogue:
“Intensity - how early members of the public are consulted and how much care is given to the
composition of the discussion group; openness - how diverse the group is and who is represented; and
quality - the gravity and continuity of the discussion”.156
4.2.1.4 Responsiveness
Lastly, innovation needs to be responsive. According to Owen et al. 2013, ‘the actors involved need to
use the collective process of reflexivity to both set the direction and influence the subsequent
trajectory and pace of innovation, through effective mechanisms of participatory and anticipatory
governance. This should be an iterative, inclusive, and open process of adaptive learning, with dynamic
capability’.157 Stilgoe et al. 2013, state that ‘responsiveness involves responding to new knowledge as
this emerges and to emerging perspectives, views and norms’. Von Schomberg 2013, mentions that
‘there are various mechanisms that might allow innovation to respond to improved anticipation,
reflexivity and inclusion’. According to him, ‘in some cases, application of the precautionary principle,
a moratorium or a code of conduct may be appropriate. Existing approaches to technology assessment
and foresight may be widened to engender improved responsiveness’. 158
Stilgoe et al. 2013 state that:
“Moving beyond the range of processes described above that seek to advance single or multiple
dimensions, responsible innovation demands their integration and embedding in governance.
The dimensions therefore do not float freely but must connect as an integrated whole. It is
necessary to draw connections both between the dimensions and with the context of
governance in which they sit. The dimensions may in practice be mutually reinforcing. For
example, increased reflexivity may lead to greater inclusion or vice versa. But these dimensions
may also be in tension with one another and may generate new conflicts. The surfacing and
subsequent negotiation of such tensions is central to making responsible innovation
responsive”.159
156 Stilgoe, Owen & Macnaghten 2013, p. 1572; Callon, Lascoumes & Barthe 2009, p. 160. 157 Owen 2013b, p. 38. 158 Stilgoe, Owen & Macnaghten 2013, p. 1572. 159 Stilgoe, Owen & Macnaghten 2013, p. 1573-1574.
39
4.3 Summary This chapter tried to give a better understanding of the meaning of RRI. Von Schomberg defines RRI
as:
“A transparent, interactive process by which societal actors and innovators become mutually
responsive to each other with a view on the (ethical) acceptability, sustainability and societal
desirability of the innovation process and its marketable products (in order to allow a proper
embedding of scientific and technological advances in our society)”.160
RRI is aimed to overcome the challenges and obstacles that innovation brings along. There are many
different approaches to RRI. The EC for example uses the six keys, another approach to RRI is the
product- and process approach. A more often used approach is that of Owen et al., better known as
the four dimensions: anticipation, reflexivity, inclusive deliberation and responsiveness. Setiawan &
Singh describe the four dimensions as follows:
“Anticipation means being able to foresee and encounter risks beforehand, this includes the
probable impact of innovation. Reflexivity means being reflexive and refers to a circular process
of creating and shaping innovations. Inclusion means taking part in the involvement of different
stakeholders in order to innovate responsible. Deliberation refers to a well-thought and
analyzed process by taking different aspects and discussions into account in order to keep
making progress. Responsiveness entails being able to respond quickly to different needs,
requirements, views, issues and values”.161
As the previous chapters have discussed the subjects telehealth, the GDPR and now also RRI, the next
chapter will discuss where RRI and the new GDPR meet one and another and where they differ from
each other with regard to telehealth.
160 Von Schomberg 2011, p. 9. 161 Setiawan & Singh 2015, p. 229.
40
5. GDPR & RRI where do they meet and where do they diverge with
regard to Telehealth & Data Protection? According to Stahl, Responsible Research and Innovation (RRI) is intrinsically linked to the General Data
Protection Regulation (GDPR), as he states that: “The web of responsibilities that RRI needs to master
and organize in order to contribute to the desirability and acceptability of research and innovation is
intrinsically linked to privacy in many ways”.162 In his article, ‘Responsible Research and Innovation:
The role of privacy in an emerging framework’, he gives an example of a collaborative research project
on a mobile biometric device for online banking applications, which demonstrates the link between
RRI and privacy and can be applicable for telehealth technologies as well:
“Actors with responsibility for privacy in such a project might include the policy-makers who
approved a call, funders who administer the budget, researchers who adhere to professional standards
or end user organizations which represent user interests. These subjects of responsibility could
discharge their responsibilities by including technology foresight, implementing value-sensitive design
or privacy by design, or using methodologies from constructive Technology Assessment. Their shared
normative commitment could refer to specific legal requirements, such as the European data protection
framework, but also to a broader goal of improving the greater good of society or minimizing the
potentially negative impact of end user perception on the acceptance of the technology”.163
5.1 General Data Protection Regulation & Responsible Research and Innovation The example of Stahl demonstrates that the GDPR and RRI are intrinsically linked. In this chapter the
similarities and differences between the GDPR and RRI will be discussed first, followed by a discussion
whether the GDPR hampers or stimulates innovation of telehealth technologies.
5.1.1 The similarities Some similarities are found between the GDPR and the RRI-approach. After analysing the GDPR
it becomes clear that Data Protection by Design (DPbD) as in art. 25 GDPR and Data Protection Impact
Assessment (DPIA) as in art. 35 GDPR are the two provisions of the GDPR that show the most
resemblances with the four dimensions of RRI (anticipation, reflexivity, inclusion and responsiveness).
The first resemblance is that both provisions, like Anticipation, try to take probable as well as
possible risks into account before, during and after development processes. A developer can build
DPbD into a telehealth technology enabling the technology itself to deal with the possible risks by
162 Stahl 2013, p. 713. 163 Stahl 2013, p. 712-713.
41
preventing or solving them. A developer can use the DPIA throughout the entire lifecycle of the
technology to identify probable and possible risks, making it easier to reduce or eliminate those risks.
The second resemblance is that both provisions, like Reflexivity and Inclusion, include the
stakeholders during the whole innovation process to discuss these risks and reflect on what is known
and what not. Making the innovation process an open and transparent process that enables to check
whether all stakeholders are operating in compliance with the stated promises and objectives. DPbD
tries to ensure this by subjecting the stakeholders to independent investigation and verification, and
by publishing the DPIA report, making it accessible for all stakeholders.
The third and last resemblance is that both provisions, like Responsiveness, provide the
capacity to adapt the innovation process of a telehealth technology or change its direction in response
to new emerged knowledge, perspectives, views and norms. DPbD as well as DPIA ensures this by not
engaging for only a period of time in the innovation process, but by engaging before, during and after
the innovation process. Making it possible to keep evaluating and reshaping the telehealth technology.
5.1.2 The differences Besides similarities between the GDPR and the RRI-approach, there are some differences as well. For
one, the GDPR is a legal framework based on codified norms and values, while RRI is based on norms
and values that arise from society.
This demonstrates the second difference between the GDPR and RRI, as telehealth
technologies are constantly evolving it may be difficult for the GDPR to respond appropriately to these
new telehealth technologies. In order for the GDPR to be able to adapt to these new technologies, it
first has to enter a whole legislative process before it can be changed. RRI adapts quicker and more
easily to these new telehealth technologies as RRI is already a part of these new technologies. It is
society that determines the need for certain telehealth technologies, developers try to anticipate this
need by developing the technologies society asks for.164
This demonstrates the third and last difference between the GDPR and RRI. The GDPR has
defined and codified the requirements that developers of telehealth technologies need to meet in
order to ensure a high level of safety and protection. By acting in compliance with these requirements,
developers know they have fulfilled their legal responsibilities and therefore are less likely to be liable.
In contrast to the legal responsibilities, the social and moral responsibilities arising from RRI are not
defined, are subject to change and can be different within each culture, making it difficult for
developers to determine whether they have fulfilled these social and moral responsibilities or not.
164 Green 2001, p. 1-20.
42
5.2 Discussion: hampering or stimulating innovation of telehealth technologies? The similarities and differences between the GDPR and RRI show that although they are not the same,
they both intend to provide a high level of privacy and data protection. But can they ensure this without
hampering innovation, as stricter privacy and data protection often mean more rights for individuals
and more responsibilities for the developers of telehealth technologies?
According to De Hert & Papakonstantinou, the GDPR seems to be: “insensitive to financial
constraints: potentially risky personal data processing is often undertaken by small corporations that
may not have the financial means to conduct a proper DPIA”.165
This demonstrates that the GDPR might impose more requirements and restrictions for innovating,
certain inventions might need to be adjusted, what leads to higher costs, which might even result in
not making a certain invention at all. This can have a huge impact on health innovation as a whole.
According to Business Europe, the European Risk Forum and the European Round Table of
Industrialists, the GDPR can have a positive impact on innovation as well, as they state in their article,
‘Impact of EU Regulation on Innovation’, that: “Science-based decision-making provides a predictable
and objective framework for investments in new products and services. All impact assessments need to
have a sufficiently robust scientific background, no matter of their origin. Early engagement of
stakeholders, including industry, helps to avoid unforeseen negative consequences by providing
informed feedback. This goes for new legislative processes as well as for revisions to existing laws”.166
They follow stating that: “innovation is critical to maintaining competitiveness as it provides a growth
engine for the European economy. Regulation is required to set a level playing field for innovation,
ensuring it does not harm human health or the environment”. 167
This demonstrates that although the GDPR might imply hampering innovation with its stricter
regulation, it can also help telehealth organizations in ensuring a higher level of safety and efficiency
for their telehealth technologies as an advantage for the users. Which, in its turn, helps the telehealth
organizations to have more chance for their products and services to get accepted and therefore less
likely to fail when complying with these regulations. By taking possible and probable risks into account
before, during and after the development process, telehealth organizations have the ability to
encounter these risks in an early stage and therefore limit the risks and thus possible damages, saving
them a lot of money.
But according to Business Europe, the European Risk Forum and the European Round Table of
Industrialists, it depends on the quality of the legislation whether the GDPR stimulates or hampers
165 De Hert & Papakonstantinou 2012, p. 141. 166 Business Europe, ERF & ERT 2016, p. 5-8. 167 Business Europe, ERF & ERT 2016, p. 4.
43
innovation, as they argue that: “well-drafted legislation can stimulate innovation, poorly designed
legislation can stifle it. Regulation highly focused on precaution concentrates on risk avoidance but risks
to fail in considering potential benefits, stifling investments in innovation and jeopardizing future
competitiveness”.168 Similarly, Pelkmans and Renda mention that:
“A significantly stringent regulation can act as a double-edged sword: when the distance
between regulatory requirement and the status quo is excessive, firms not able to comply (for
technical or financial reasons) with the new requirements might go out of business. When this
is the case, the innovation-enhancing potential of stringent rules is replaced by a discouraging
effect on existing firms”.169
But as Van Diest state in her article, ‘EU GDPR: threat or opportunity’:
“The privacy issue, and therefore GDPR too, offers opportunities. Opportunities in terms of
stimulating innovation. Take the introduction of the Spyslide that recently came on the market.
Lots of people cover their webcam (...) because they fear government agencies, hackers,
investigative services and others will use it to spy on them. The Spyslide is a product that
responds very smartly to that desire for privacy. So apart from the rights and obligations around
GDPR, the topic of privacy can also be a driver for developing innovative services”. 170
The arguments mentioned above demonstrate that the GDPR can hamper as well as stimulate
telehealth innovation. According to the Commission, it will have to find a balance between “the policy
on protection of personal data and the policy of developing an innovative data economy”.171
5.3 Summary The GDPR and RRI share some similarities. Both try to take probable as well as possible risks into
account before, during and after the development process, both include the stakeholders during the
whole innovation process to discuss these risks and reflect on what is known and what not, and both
provide the capacity to adapt the innovation process of a telehealth technology or change its direction
in response to new emerged knowledge, perspectives, views and norms. Besides similarities they also
have differences, these differences include: the values and norms of the GDPR being codified and the
values and norms of RRI arising from society, RRI adapting more easily to new telehealth technologies
than the GDPR, and the GDPR providing a developer a defined overview of his legal responsibilities in
contrast to the responsibilities arising from RRI, which are undefined, subject to change and can be
different in each culture. The similarities and differences between the GDPR and RRI show that
168 Idem. 169 Pelkmans & Renda 2014, p. 11. 170 Van Diest 2017. 171 Maxwell et al. 2017.
44
although they are not the same, they both intend to provide a high level of privacy and data protection.
The discussion at the end of this chapter, demonstrated that the GDPR can hamper as well as stimulate
telehealth innovation. The statement of Business Europe, the European Risk Forum and the European
Round Table of Industrialists regarding this dilemma is appropriate: “innovation is critical to
maintaining competitiveness as it provides a growth engine for the European economy. Regulation is
required to set a level playing field for innovation, ensuring it does not harm human health or the
environment”.172 It is important to find a balance between privacy and data protection on the one hand
and stimulating telehealth innovations on the other hand.
172 Business Europe, ERF & ERT 2016, p. 4.
45
6. Conclusion Telehealth involves collecting, processing and sharing sensitive data between multiple parties, as it
uses telecommunications to send health information from patients to clinicians. These multiple parties
need to comply with the General Data Protection Regulation (GDPR) that tries to ensure the safety and
efficiency of these telehealth technologies. The provisions ’Data Protection by Design’ (DPbD) and
‘Data Protection Impact Assessment’ (DPIA) demonstrate this, as they both try to ensure the safety
and efficiency of telehealth technologies in a very early stage of the development.
DPbD is a methodology that makes it possible to build privacy into the design and architecture
of IT systems, business processes and networked infrastructure. It tries to ensure that privacy has been
taken into account before, at the start of, and throughout the development and implementation of
initiatives that involve the collection, processing and storage of personal data. Under the DPIA-
framework, businesses are obliged to conduct a DPIA before operating with risky personal data
processing activities.173 DPIA’s are an integral part of taking a Privacy by Design approach and can help
organizations with the identification and reduction of privacy risks, throughout the development and
implementation of a project, process or system. 174 These provisions show some similarities with the
four dimensions (anticipation, reflexivity, inclusive deliberation and responsiveness) of Responsible
Research and Innovation, which also aim to overcome the challenges and obstacles that telehealth
innovation brings along.
The GDPR as well as RRI try to take probable as well as possible risks into account before,
during and after the development process, both include the stakeholders during the whole innovation
process to discuss these risks and reflect on what is known and what not, and both provide the capacity
to adapt the innovation process of a telehealth technology or change its direction in response to new
emerged knowledge, perspectives, views and norms. Although these similarities might imply that the
GDPR and RRI are the same, they are not. The GDPR for instance, is based on norms and values that
are codified and provide a legal framework for privacy and data protection, while RRI is based on the
norms and values of society, providing a worldview on how to develop telehealth technologies that
are beneficial and safe for society.
It seems that these differences enable the provisions as well as RRI to complement each other
where necessary, ensuring society that telehealth technologies are safe and efficient in use. While the
GDPR is more defined than RRI, RRI can be of guidance in some matters, for example, if the
interpretation of a certain regulatory responsibility is unclear. The norms and values of society could
help giving a better understanding of the possible meaning of that responsibility. This gives indirect an
173 Wynn 2015. 174 ICO 2014, p. 4-5.
46
answer to the main question of this thesis: Can a Responsible Research and Innovation approach help
telehealth organizations with complying with the provisions ‘Data Protection Impact Assessment’ and
‘Data Protection by Design’?
Yes, RRI and the provisions DPbD and DPIA are although very similar not the same. But both
try to ensure the development of desirable telehealth technology for society. By complementing the
GDPR and providing guidance where necessary, RRI can help telehealth organizations with complying
with the provisions regarding DPbD and DPIA.
47
References
AARP & Microsoft 2009
AARP & Microsoft (2009). Boomers and Technology: An Extended Conversation. Retrieved from
http://assets.aarp.org/www.aarp.org_/articles/computers/2009_boomers_and_technology_final_re
port.pdf (accessed 2016, July 5).
Allen & Overy 2017
Allen & Overy (2017). The EU General Data Protection Regulation. Retrieved from
http://www.allenovery.com/SiteCollectionDocuments/Radical%20changes%20to%20European%20d
ata%20protection%20legislation.pdf (accessed 2017, January 10).
American Heart Association 2015
American Heart Association (2015). Causes and Risks for Heart Failure. Retrieved from
http://www.heart.org/HEARTORG/Conditions/HeartFailure/CausesAndRisksForHeartFailure/Causes-
and-Risks-for-Heart-Failure_UCM_002046_Article.jsp#.WHK0n9LhDIU (accessed 2017, January 10).
ANP 2009
ANP (2009, October 5). Philips en Achmea Zorg zien groei telezorg ziekenhuizen. Retrieved from
https://www.perssupport.nl/persbericht/34148/philips-en-achmea-zorg-zien-groei-telezorg-
ziekenhuizen (accessed 2016, November 12).
Bahr & Denjoy 2015
Bahr, C. & Denjoy, N. (2015). D5.5 v1.0 U4H Industry Report on Telemedicine Legal and Regulatory
Framework. Retrieved from http://united4health.eu/wp-content/uploads/2015/10/D5.5-v1.0-U4H-
Industry-Report-on-Telemedicine-Legal-and-Regulatory-Framework.pdf (accessed 2016, August 28).
Blok & Lemmens 2015
Blok, V. & Lemmens, P. (2015). The Emerging Concept of Responsible Innovation. Three Reasons Why
It Is Questionable and Calls for a Radical Transformation of the Concept of Innovation. In Koops, B.,
Oosterlaken, I., Romijn, H., Swierstra T. & Van den Hoven, J. (Eds.), Responsible Innovation 2:
Concepts, Approaches, and Applications (pp. 19–35). doi: 10.1007/978-3-319-17308-5_2
Broekhuijsen 2014
48
Broekhuijsen, M. (2014). Privacy nu belangrijker dan ooit. Retrieved from
https://www.lantech.nl/blog/privacy-nu-belangrijker-dan-ooit/ (accessed 2017, February 10).
Business Europe, ERF & ERT 2016
Business Europe, European Risk Forum & European Round Table of Industrialists (2016). Impact of EU
Regulation on Innovation. Repository of Industry Cases. Retrieved from
https://www.businesseurope.eu/sites/buseur/files/media/reports_and_studies/2016-12-
02_impact_of_eu_regulation_on_innovation_-_repository_of_industry_cases.pdf (accessed 2017,
February 18).
Callon, Lascoumes & Barthe 2009
Callon, M., Lascoumes, P. & Barthe, Y. (2009). Acting in an Uncertain World: An Essay on Technical
Democracy. Cambridge, MA: MIT Press.
Cavoukian 2011
Cavoukian, A. (2011). Privacy by Design, The 7 Foundational Principles, Implementation and Mapping
of Fair Information Practices. Retrieved from https://iab.org/wp-content/IAB-
uploads/2011/03/fred_carter.pdf (accessed 2016, February 25).
Cavoukian 2010
Cavoukian, A. (2010). Privacy by design: the definitive workshop. A foreword. Identity in the
Information Society , 3, 247–251.
Cavoukian & Eman 2011
Cavoukian, A. & Eman, K. (2011). A positive-sum paradigm in action in the Health Sector, Information
and Privacy Commissioner. Retrieved from https://www.ipc.on.ca/wp-
content/uploads/2010/03/pbd-positive-sum-paradigm.pdf (accessed 2016, February 25).
Collingridge 1980
Collingridge, D. (1980). The Social Control of Technology. New York, NY: St. Martin's Press.
COM(2012)10 final
European Commission (2012, January 25). Proposal for a Directive of the European Parliament and of
the Council on the protection of individuals with regard to the processing of personal data by
competent authorities for the purpose of prevention, investigation, detection, or prosecution of
49
criminal offences or the execution of criminal penalties, and the free movement of such data.
COM(2012)10 final.
COM(2012)11 final
European Commission (2012, January 25). Proposal for a Regulation of the European Parliament and
of the Council on the protection of individuals with regard to the processing of personal data an on
free movement of such data (General Data Protection Regulation). COM(2012)11 final.
CPDP 2014
Commissioner for Privacy and Data Protection. (2014). Privacy by Design: Effective Privacy
Management in the Victorian public sector. Retrieved from
https://www.cpdp.vic.gov.au/images/content/pdf/CPDP_Privacy_by_Design_Background_paper_Oct
_2014.pdf (accessed 2016, February 25).
Crossan & Apaydin 2010
Crossan, M., and Apaydin, M. (2010). A multi-dimensional framework of organizational
innovation: A systematic review of the literature. Journal of Management Studies, 47(6), 1154–1191.
Davies & Horst 2015
Davies, S. & Horst, M. (2015). Responsible Innovation in the US, UK and Denmark: Governance
Landscapes. In Koops, B., Oosterlaken, I., Romijn, H., Swierstra, T. & Van den Hoven, J. (Eds.).
Responsible Innovation 2: Concepts, Approaches, and Applications (pp. 37-56). doi: 10.1007/978-3-
319-17308-5_3
De Hert & Papakonstantinou 2012
De Hert, P. & Papakonstantinou, V. (2012). The proposed data protection Regulation replacing
Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security
Review 28, 130-142.
De Jong et al. 2015
De Jong, M., Kupper, F., Roelofsen, A. & Broerse, J. (2015). Exploring Responsible Innovation as a
Guiding Concept: The Case of Neuroimaging in Justice and Security. In Koops, B., Oosterlaken, I.,
Romijn, H., Swierstra, T. & Van den Hoven, J. (Eds.). Responsible Innovation 2: Concepts, Approaches,
and Applications (pp. 57-84). doi: 10.1007/978-3-319-17308-5_4
50
Directive 46/95/EC
European Parliament and the Council of Europe (1995, October 24). Directive on the protection of
individuals with regard to the processing of personal data and on the free movement of such data.
Directive 46/95/EC.
Dosi 1988
Dosi, G. (1988). The nature of the innovative process. In Dosi, G. & Freeman, C. (Eds.). Technical
change and economic theory. London, England: Pinter Publishers.
Factsheets stakeholders. (2013). Retrieved from http://5.157.81.93/somehealth/wp-
content/uploads/2013/05/factsheets-stakeholders.pdf (accessed 2016, October 11).
Friedberg & Quashie 2013
Friedberg, R. & Quashie, R. (2013, September 19). Privacy & Concerns in Telehealth: Ensuring Legal
Compliance in Hospital Based Practices. Retrieved from
http://www.techhealthperspectives.com/2013/09/19/privacy-security-concerns-in-telehealth-
ensuring-legal-compliance-in-hospital-based-practices/ (accessed 2016, November 15).
Friedman 1996
Friedman, B. (1996). Value-sensitive design. ACM Interactions, 3(6), 17-23.
Geoghegan-Quinn 2012
Geoghegan-Quinn, M. (2012). Responsible Research and Innovation: Europe’s ability to respond to
societal challenges. Brussels, Belgium: European Commission.
Gürsus, Troncoso & Diaz 2016
Gürsus, S., Troncoso, C. & Diaz, C. (2016). Engineering Privacy by Design. Retrieved from
https://www.esat.kuleuven.be/cosic/publications/article-1542.pdf (accessed 2017, January 10).
Green 2001
Green, L. (2001). Technoculture. Crows Nest: Allen & Unwin.
Hahnel 2016
Hahnel, R. (2016). Income Distribution and Environmental Sustainability: A Sraffian Approach.
London, England: Routledge.
51
Healthcare systems. (n.d.). Retrieved 2015, October 23, from
www.who.int/trade/glossary/story049/en/
Hockstein/WHO. (n.d.). Telehealth. Retrieved from http://www.who.int/sustainable-
development/health-sector/strategies/telehealth/en/ (accessed 2015, October 23).
Home healthcare, Telehealth Motiva. (2010). Retrieved from
http://www.healthcare.philips.com/pwc_hc/main/shared/Assets/Documents/Homehealthcare/Tele
health/Motiva_English_2010_New_Final.pdf (accessed 2015, October 14).
Hustinx 2014
Hustinx, P. (2014, September 15). EU Data Protection Law: The Review of Directive 95/46/EC and the
Proposed General Data Protection Regulation. Retrieved from
https://edps.europa.eu/sites/edp/files/publication/14-09-15_article_eui_en.pdf (accessed 2016,
February 18).
ICO 2014
Information Commissioner’s Office (2014). Conducting privacy impact assessments, code of practice.
Retrieved from https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-
practice.pdf (accessed 2016, February 18).
IP/2015/5176
European Commission (2015, June 15). Commission proposal on new data protection rules to boost
EU Digital Single Market supported by Justice Ministers. IP/2015/5176.
Janssen et al. 2013
Janssen, R., Bodenstaff, L., Gyaltsen-Lohuis, E., Haaker, T., De Haan, W., Krediet, I., Menko, R., Prins,
H., Visser, S. & Hettinga, M. (2013). Succesvol ondernemen met eHealth. Innovatieroutes in de Zorg.
Zwolle, Nederland: Windesheim.
Kaplan & Litewka 2008
Kaplan, B. & Litewka, S. (2008). Ethical challenges of Telemedicine and Telehealth. Cambridge
Quarterly of Healthcare Ethics, 17, 401-416. doi:10.1017/S0963180108080535
52
Koops 2015
Koops, B. (2015). Responsible Innovation 2: Concepts, Approaches, and Applications of Responsible
Innovation. An Introduction. In Koops, B., Oosterlaken, I., Romijn, H., Swierstra, T. & Van den Hoven,
J. (Eds.). Responsible Innovation 2: Concepts, Approaches, and Applications (pp. 1-15). doi:
10.1007/978-3-319-17308-5_1
Maheu, Whitten & Allen 2001
Maheu, M., Whitten, P. & Allen, A. (2001). E-Health, Telehealth, and Telemedicine: A Guide to Startup
and Success. San Francisco, CA: Jossey-Bass.
Maxwell et al. 2017
Maxwell, W., Schoening, F., Rauer, N. & Freeman, R. (2017, January 25). DSM Watch: European
Commission’s Data Package Explores Data Ownership, Localization, Liability and Portability,
Highlighting Tensions with GDPR. Retrieved from
http://www.hldataprotection.com/2017/01/articles/international-eu-privacy/dsm-watch-european-
commissions-data-package-explores-data-ownership-localization-liability-and-portability-
highlighting-tensions-with-gdpr/ (accessed 20 February 2017).
Motiva. (n.d.). Retrieved 2015, October 14, from
http://www.healthcare.philips.com/main/products/telehealth/products/motiva.wpd
Murray & Frenk 1999
Murray, C. & Frenk, J. (1999). A WHO Framework for Health System Performance Assessment.
Geneva, Switzerland: World Health Organization.
Owen, Bessant & Heintz 2013
Owen, R., Bessant, J. & Heintz, M. (Eds.). (2013). Responsible innovation. Chichester, England: Wiley.
Owen et al. 2013
Owen, R., Stilgoe, J., Macnaghten, P., Gorman, M., Fisher, E. & Guston, D. (2013). A Framework for
Responsible Innovation, Chichester, England: John Wiley & Sons.
Pelkmans & Renda 2014
Pelkmans, J. & Renda, A. (2014), Does EU regulation hinder or stimulate innovation? Brussels,
Belgium: Centre of European Policy Studies.
53
Philips Launches Motiva TV-based Remote Patient Management. (2006, May 12). Retrieved from
http://www.appliancedesign.com/articles/90393-philips-launches-motiva-tv-based-remote-patient-
management-5-12 (accessed 2016, November 12).
MEMO/14/186
European Commission (2014, March 12). Progress on EU data protection reform now irreversible
following European Parliament vote. MEMO/14/186.
Protection of personal data. (n.d.). Retrieved 2017, January 15, from
http://ec.europa.eu/justice/data-protection/
Purtova, Kosta & Koops 2014
Purtova, N., Kosta, E. & Koops, B. (2014). Laws and Regualtions for Digital Health. In Fricker, S.,
Thuemmler, C. & Gavras, A. (Eds.). Requirements Engineering for Digital Health. Cham, Switzerland:
Springer.
Reiter & Habetha 2010
Reiter, H. & Habetha J. (2010). Exploring Personal Healthcare with the Help of Two Large European
Framework Programs for Healthcare: MyHeart and HeartCycle. doi:10.4018/978-1-61520-670-
4.ch044
Responsible Innovation. (n.d.). Retrieved 2016, May 8, from http://www.medical-
technologies.co.uk/support-for-innovation/responsible-innovation/
Responsible research & Innovation. (n.d.). Retrieved 2016, May 8, from
https://ec.europa.eu/programmes/horizon2020/en/h2020-section/responsible-research-innovation
Schumpeter 1934
Schumpeter, J. (1934). The theory of economic development. Cambridge, MA: Harvard University
Press.
SEC(2012)72 final
European Commission (2012, January 25). Commission Staff Working Paper: Impact Assessment.
SEC(2012)72 final.
54
SEC(2012)73 final
European Commission (2012, January 25). Commission Staff Working Paper: Executive Summary of
the Impact Assessment. SEC(2012)73 final.
Setiawan & Singh 2015
Setiawan, A. & Singh, R. (2015). Responsible Innovation in Practice: the adoption of solar PV in
Telecom Towers in Indonesia. In Koops, B., Oosterlaken, I., Romijn, H., Swierstra, T. & Van den Hoven,
J. (Eds.). Responsible Innovation 2: Concepts, Approaches, and Applications (pp. 225-243). doi:
10.1007/978-3-319-17308-5_12
TNS Opinion & Social 2011
TNS Opinion & Social (2011). Special Eurobarometer 359: Data Protection and Electronic Identity in
the EU. Retrieved from http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf (accessed
2016, February 3).
Smith 1776
Smith, A. (1776). Wealth of Nations, Book IV. In Cannan, E. (1904). An Inquiry into the Nature and
Causes of the Wealth of Nations. London, England: Methuen & Co., Ltd.
Stahl 2013
Stahl, B. (2013). Responsible research and innovation: The role of privacy in an emerging framework.
Science and Public Policy, 40, 708-716.
Stahl, Eden & Jirotka 2013
Stahl, B., Eden, G. & Jirotka, M. (2013). Responsible research and innovation in information and
communication technology: identifying and engaging with the ethical implications of ICTs. A
framework for responsible innovation. In Owen, R., Bessant, J. & Heintz, M. (Eds.). Responsible
innovation (pp. 199–218). Chichester, England: Wiley.
Stilgoe, Owen & Macnaghten 2013
Stilgoe, J., Owen, R. & Macnaghten, P. (2013). Developing a framework for Responsible Innovation.
Research Policy, 42, 1568-1580.
Stroetmann et al. 2010
55
Stroetmann, K., Kabitschke, L., Robinson, S., Stroetmann, V., Cullen, K. & McDaid, D. (2010). How can
telehealth help in the provision of integrated care? Copenhagen, Denmark: World Health
Organization.
Telecare Aware Group 2012
Telecare Aware Group (2012). What is Telecare? (and What is Telehealth). Retrieved from
http://telecareaware.com/what-is-telecare/ (accessed 2017, January 15).
The EU Data Protection Reform and Big Data Factsheet (2016). Retrieved from
http://ec.europa.eu/justice/data-protection/files/data-protection-big-data_factsheet_web_en.pdf
(accessed 2016, September 28).
The Stockholm Programme 2010
European Council (2010, May 4). The Stockholm Programme — An open and secure Europe serving
and protecting citizens. 2010/C 115/01.
Van Diest 2017
Van Diest, I. (2017, March 15). EU GDPR: threat or opportunity? Retrieved from
https://hellodata.org/en/articles/2017/03/eu-gdpr-threat-or-opportunity (accessed 2017, March 29).
Van Dyk 2014
Van Dyk, L. (2014). A Review of Telehealth Service Implementation Frameworks. Int. J. Environ. Res.
Public Health, 11, 1279-1298. doi:10.3390/ijerph110201279
Von Schomberg 2011
Von Schomberg, R. (2011). Towards responsible research and innovation in the information and
communication technologies and security technologies fields. Brussels, Belgium: European
Commission.
Von Schomberg 2013
Von Schomberg, R. (2013). A vision of responsible research and innovation. In Owen, R., Bessant, J. &
Heintz, M. (Eds.). Responsible innovation (pp. 51–74). Chichester, England: Wiley.
What is ‘privacy by design’? (n.d.). Retrieved 2016, March 1, from
http://ico.org.uk/for_organisations/data_protection/topic_guides/privacy_by_design
56
What is Telemonitoring. (n.d.). Retrieved 2017, January 15, from http://www.igi-
global.com/dictionary/telemonitoring/29645
Wright 2012
Wright, D. (2012). The state of the art in privacy impact assessment. Computer Law & Security
Review, 28(1), 54-61.
Wyatt & Sullivan 2005
Wyatt, J. & Sullivan, F. (2005). Ehealth and the future: Promise or peril? British Medical Journal, 331,
1391-1393.
Wynn 2015
Wynn, K. (2015, January 20). Data protection impact assessments-when will EU businesses be
required to carry them out? Retrieved from http://www.out-law.com/en/articles/2015/january/data-
protection-impact-assessments--when-will-eu-businesses-be-required-to-carry-them-out/ (accessed
2016, March 2).
Youtube. (2014, June 2). IOS 8 healthkit Keynote WWDDC 2014-full. Retrieved from
https://www.youtube.com/watch?v=ByOpv-JRnAU (accessed 2016, November 12).