How to protect confidentiality of data by putting in place proper contractual arrangements, setting out how a party may use any information or data associated with the App during its development and prior to it being made available on the market.
The adoption of smart technology solutions by the health and care sector has exploded in 2020. The pandemic has driven the sector to increase its use of smart phone technology solutions (“Apps”), an example of which is conducting video consultations and assessments. Adoption has historically been slow to develop across the sector generally, potentially due to perceived risks in maintaining integrity of special category personal data.
Now that more health and care providers are transitioning to greater use of Apps, the Covid-19 pandemic has propelled providers to implement systems which can assess an individual’s needs remotely.
In the ‘new normal’, the sector will increasingly adopt and implement the use of Apps to assess and deliver person-centric health and well-being advice and services. The Apps which are created will be in demand, competition is likely to be high and the potential commercial value to providers is significant.
Apps are created by combining software with data (in its broadest sense and by use of personal data). Part 1 of this 2-part series explored how intellectual property rights in Apps might be protected commercially. Part 2 will delve into how to protect confidentiality of data by putting in place proper contractual arrangements which set out how a party may use any information or data associated with the App during its development and prior to it being made available on the market.
A successful health and social care App must ensure data confidentiality. Any failure to do so may result in a data breach, resulting in potential claims by individuals affected as well as an investigation and potential fine from the ICO or other regulators. That is without taking account of the reputational damage, which would likely reduce consumer confidence in the product and company which will consequently impact on revenue and the ability to enter the supply chain (particularly with large organisations such as the NHS).
Use of personal data should always be minimised (e.g. limited to data needed to achieve the intended purpose) and anonymised data should be used where possible. However, use of personal data is likely necessary for health care Apps. A potential solution to address the risk of being victim to a cyberattack and potential data breach is to apply cryptographic algorithms to encrypt data. Cryptographic algorithms are used for tasks including data encryption and authentication. The benefit to using cryptographic algorithms being that if exchanged data is intercepted, the attacker is not able to understand the content, so the risk is reduced.
When designing an App, you should ensure that the confidentiality of any personal data is properly managed by applying the following measures and ensuring these are reviewed and managed whilst the App is in use:
If engaging third party software developers, you should ensure robust obligations of confidentiality are also put in place, including, for example, the purposes for which information can be used and its restrictions on use.
The benefit of having such obligations in place is that if data is shared, either purposefully or accidentally, during App design and development, the risk that there is misuse of the data (which offers a commercial advantage rather than a bad faith use of personal data) can be addressed by having an enforceable right against that third party to (i) seek an injunction preventing further use; and (ii) claim damages for breach of contract. To the extent any registrable intellectual property right subsists in the App (which is prevented due to prior disclosure), you may have a remedy to pursue such registration if it can be established that the disclosure was made in breach of confidence.
Apps have a valuable place in the healthcare market and will likely continue to attract significant investment to produce better ways of delivering healthcare solutions. However, failing to address the above risks prior to starting App development has the potential to thwart any project timelines for implementation and commercialisation, but is also at increased risk of being subject to a future dispute and potential breach of an individual’s data rights.
Partner
richard.nicholas@brownejacobson.com
+44 (0)121 237 3992
The BMA is advising all NHS / HSCNI consultants to ensure extra-contractual work is paid at the BMA minimum recommended rate and to decline offers of extra-contractual work that doesn't value them appropriately.
NHS England has published (October 2022) new guidance - Assuring and supporting complex change: Statutory transactions, including mergers and acquisitions.
NHS England has issued an updated (publication 11 October 2022) suite of Complex Change guidance about how it will assure and support proposals for complex change that are reportable to it. New and (where it is still in force) existing Complex Change guidance are as follows.
Created at the end of the Brexit transition period, Retained EU Law is a category of domestic law that consists of EU-derived legislation retained in our domestic legal framework by the European Union (Withdrawal) Act 2018. This was never intended to be a permanent arrangement as parliament promised to deal with retained EU law through the Retained EU Law (Revocation and Reform) Bill (the “Bill”).
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
In Mogane v Bradford Teaching Hospitals NHS Foundation Trust the Employment Appeal Tribunal (EAT) considered whether it was fair to dismiss a nurse as redundant on the basis that that her fixed-term contract was due to expire before that of her colleague.
Three months on from the commencement of the new statutory Integrated Care Systems (ICS) Anja Beriro and Gerrard Hanratty reflect on the main themes and issues that have come from the new relationship between local government and health.
The majority of people do not feel the need to embellish their CV to get that coveted position and move on up the career ladder. Their worthiness and benefit to the hiring organisation are easily demonstrated through the recruitment process – application, psychometric testing, selection day or interview.
On Saturday 15 October a wave of light swept the internet when thousands of people flooded social media with pictures of candles to remember the babies that they have lost. This event signifies the end of Baby Loss Awareness Week which aims to break the silence that is associated with baby loss in pregnancy and infancy.
The Coronavirus Act 2020 allowed any registered medical practitioner to sign a medical certificate of cause of death (“MCCD”), even if the deceased was not attended to during his or her last illness and not seen after death, provided that the medical practitioner could state the cause of death to the best of their knowledge and belief.
In our latest Shared Insights session, Focus on Emergency Medicine, chaired by Jennifer Fagin and Amelia Newbold, we were pleased to be joined by: Dr Alex Crowe, Deputy Director Incentive Schemes & Academic Partnerships, NHS Resolution and Consultant Nephrologist and Miss Susie Hewitt MBE, Consultant in Emergency Medicine, University Hospitals of Derby and Burton NHS Foundation Trust.
Browne Jacobson has been ranked as a Top Tier law firm in 25 key practice areas in Legal 500 UK 2023, the independent directory of comparative law firm performance. The firm also continues to underpin its status as one of the leading law firms in the East Midlands region with 16 Tier 1 rankings.
On 7 July this year, NHS England published its statutory guidance for Integrated Care Boards (ICBs) and with it set out the ICBs’ role and responsibilities and how they should collaborate, interact and carry out their anti-fraud, bribery and corruption functions in concert with NHS England.
The Chancellor’s recent mini-budget provided a significant announcement for business as it was confirmed that the off-payroll working rules (known as “IR35”) put in place for public and private sector businesses from 2017 and 2021 will be scrapped from April 2023.
This case provides a reminder to contracting authorities that whilst the bar for an award of damages in procurement cases is high, following the Supreme Court ruling in Energy Solutions EU Ltd v Nuclear Decommissioning Authority [2017] 1 WLR 1373, it is not insurmountable when a contracting authority has acted with disregard to the Public Contracts Regulations 2015 (PCRs). There is also further guidance as to the use of frameworks
Welcome to our August edition of Public Matters, our monthly round-up of legal updates, news and insights for the public sector.