Other regulations and laws impacting use of health data

In addition to general data legislation, there may be other laws, policies or regulations that impact governance of health data. For example:

• National laws protecting sensitive data about patients such as the United States' Health Insurance Portability and Accountability Act (HIPAA) regulations or EU’s European Medicine Agency (EMA) Clinical Trials Regulation.

• In Europe, some countries are bolstering data protection requirements with a ‘secondary use of health data’ law that specifically governs the conditions for sharing of health data beyond their primary uses. The Towards a European Health Data Space body is also advocating that health data is sufficiently unique that it requires its own governance legislation.

• Data strategies defining data governance principles at the national, regional and local levels, such as the UK National Data Strategy.

• Broader laws on how data should be collected, used and shared, such as digital economy, confidentiality and competition laws.

Key questions to ask:

• Are there any other applicable laws, policies or regulations that may impact the access, use or sharing of health data between third parties?

• To what extent is there a data policy or strategy for your jurisdiction, including data access, use and sharing?

• Is the country a member of any international organisation, policies or frameworks that promote a specific type of data collection, use and sharing? For example, the Nagoya Protocol on Access and Benefit Sharing.

Useful resources:

• The Canadian Institute for Health Information’s Health data and information governance and capability framework.

• The ODI’s Data landscape playbook has a play on assessing the regulatory and ethical context of data access initiatives.

• The WHO Health data governance summit report includes data governance best practices.