Data as a critical asset in the health sector
11 May 2020
This article first appeared in Life Sciences Lawyer Magazine in May 2020.
The collection of vast sets of data and their subsequent valuation and monetisation has become a driving force in the global economy. Technologies that can generate, analyse and deploy this growing quantity of information are being adopted increasingly across public and private organisations. Stakeholders from across the value chain are becoming more aware of the opportunities provided when technologies like data analytics and artificial intelligence are applied to the exponential volume of data being created in our digital world.
The EU Commission has indicated that “Digital solutions for health and care can increase the well-being of millions of citizens and radically change the way health and care services are delivered to patients”1 . The variety of healthcare use cases illustrates the great potential value of data exchange in the life sciences sector. Pharmaceutical companies are launching schemes to share research data to help transform diagnosis and develop customised medicine. The use of "real world data" (collected outside formal clinical trials) by healthcare professionals, public authorities and private companies can ensure that healthcare products, innovative technologies and therapies meet patients’ needs, leading to favourable health outcomes. In addition, data generated by the Internet of Things (IoT) can help deliver better diagnosis, treatment or personalised care and patients’ proactive management of their data through technology can improve outcomes by encouraging better adherence to treatment plans and better management of chronic diseases. Private companies are also developing computer programs to collect and analyse healthcare data from users in order to build better and more tailored products and services.
All these initiatives illustrate the great potential of data and the need to use it to support the rapid advanced delivery of new medical and healthcare products and services. While data is the key enabler for digital transformation in the life sciences sector, success will depend on the quantity and quality of data obtained as well as how effectively organisations can generate insights and unlock value. In some cases, data held by private companies can be used for a new purpose (e.g. secondary use of patients’ data) and be made publicly available (although under specific restrictions), shared with other companies, or processed securely by the public sector, depending on the extent to which sharing the data presents privacy risks or undermines competition.
Stakeholders are increasingly discovering the long-term benefits of accessing and/or exchanging data, thus increasing the trend towards data sharing. Such a data value cycle can only be managed through data sharing agreements governing the access to and exchange of the data.
There are two key elements to successfully working with data that organisations need to have in place before they can think about data monetisation. First, organisations need to assess the value of their data by undertaking data audits. Second, they need to have a robust procedure in place for concluding data sharing agreements.
1. Data audits as a first step towards any data monetisation strategy
Digitalisation has brought Board-level focus to the potential of data found in the business to be “monetised” – ie used to generate efficiencies or economies in the organisation or developed into new revenue-attracting opportunities in its own right. But how should organisations approach data monetisation? One of the first steps will be to understand what sort of data the business holds, and this process is often described as an internal data audit. However, as volumes and types of data increase exponentially, the very task of answering the question “what data do we have?” can be hugely complex and difficult to answer, and can even take more time and resource to answer than the value to be found in the data deserves.
We would recommend, then, before embarking on a data audit, to take a step back. Rather than trying to “boil the ocean” and document the state and value of all the data in the business, begin by thinking about where you want to get to. Start by focusing on the areas of the business where you believe data can bring the most insight and add the greatest value. In this area or areas, what data do you have or need to acquire to bring you closer to your goals?
The way data can be shared, and its subsequent challenges, will depend on the types and categories of data. Data can be obtained from multiple sources such as publicly available sources, a company’s own processes (e.g. sales processes), third-parties’ data sets, and/or from the outcome of artificial intelligence machines. Organisations could then find themselves dealing with all sorts of data types, such as open data, derived data, personal data coming directly from individuals, and commercially licensed data. Good data mapping may help to assess the relevant contractual terms to be applied in a data sharing arrangement. Thus, considering the different strategies and business models around data, conducting audits to understand what data is used by the business, where it comes from, how it should be managed and finally how to unlock value and commercialise it, should be considered as an essential preliminary process. Good data management is also essential for companies to understand how to avoid risks and liabilities arising from misuse of data.
The first thing to establish is who owns the data. This may be difficult due to the absence of a European regulation that specifically regulates ownership of data. Indeed, most jurisdictions do not recognise that data can constitute property by itself but instead confer certain protection on data and data sets when that data meets specific requirements (i.e. copyright, database rights, trade secrets, or patents). What makes the issue even more complicated is the multiplicity of categories of data and the numerous stakeholders involved in the data value cycle. Depending on the ownership, different rights and obligations will apply to stakeholders.
In the health sector, the development of big data has raised complex questions with regard to data ownership, as it is likely to involve the collection and exchange of large amounts of data, including the personal data of patients. Therefore, it may be unclear who will own such data among the different stakeholders involved, such as the healthcare organisation, the patient, providers, or any other third party.
The absence of harmonisation of approaches to healthcare data in different jurisdictions further complicates the picture. For example, health data is neither managed in the same way in all European Union member states nor within national healthcare systems.
2. Data monetisation through contractual agreements
Access and exchange of health data appears to be essential to optimize the efficiency of health services and to promote research, disease prevention and personalised healthcare. To this end, access to and/or exchange of data must be enabled and facilitated.
From a legal perspective, data sharing can be addressed through contractual agreements that create legal certainty in a fragmented and undeveloped regulatory environment. Such contractual arrangements may take different forms, including partnership agreements, data sharing agreements or license agreements.
Although the benefits of data sharing are significant, data sharing agreements raise important challenges. From the possible loss of competitiveness to the potential reputational damage when monetising sensitive types of data, challenges surrounding partnerships are numerous. It is thus not only essential to implement good contractual solutions to minimise risk and maximise commercial gain, but also to carefully consider how the associated risk can be mitigated when sharing or monetising data. Contractual rights and obligations will vary depending on the purpose of the transaction (e.g. research or regulatory submission), nature of counterparties (e.g. medical institutions and practitioners, pharmaceutical companies) and data categories (e.g. clinical data, sales data, commercially licensed data etc.). For instance, when sharing clinical data, non-compete clauses and fair revenue sharing should be considered, whereas proper remuneration should be covered when providing patient data to a software editor or artificial intelligence service provider. This explains why, before using analytics to generate revenue and growth from data, it is essential to assess the value of the data asset.
It is also of paramount importance to carefully define data assets and the scope of the right to use this data by providing an exhaustive description of the data to be shared and the permitted actions to be performed on and with the data (e.g. analytics, engineering, translating, decompiling, storing, altering etc.). In addition, covenants, warranties, indemnities and confidentiality should be covered in the data sharing agreements. The parties should also consider covering methods for data delivery, the security measures to be implemented, and data intellectual property rights – including the rights in relation to deliverables generated in the course of their collaboration. Many stakeholders want to obtain explicit recognition of the ownership of the data they hold. It can be extremely complex to define the concept of data ownership through the terms of data sharing agreements. In addition, exclusive ownership of the data is often difficult in practice given the multitude of stakeholders, the complex data flows, and the numerous activities performed on the data. It is therefore often more important to focus on the scope of the license (i.e. on the permitted actions to be performed on and with the data) without preventing the data sharing from achieving its initial purposes. Data sharing is likely to move from standard licensing models to more bespoke, full product and service packages.
When drafting a data sharing agreement, organisations should also consider their own regulatory requirements (i.e. specific statutory prohibitions on data sharing), copyright restrictions, or confidentiality duties that may affect a company’s ability to share data.
Finally, planning for what will happen to the data in the event of termination of the agreement is vital to avoid conflict at the end of the contractual relationship.