9 minute read
Middle East & the Medical Metaverse (or ‘Medaverse’)
Christina Sochacki, Senior Counsel at Al Tamimi & Company, examines the issues around adopting the metaverse in healthcare delivery
Did you know that the concept of the metaverse is not new?
Apparently, the term ‘metaverse’ was coined in 1992 by author Neal Stephenson in his sci-fi novel Snow Crash. As far back as 1938, the concept of a 3D immersive internet was contemplated; the French poet and playwright Antonin Artaud is documented as using the term virtual reality in his collection of essays, “The Theater and its Double”. But when and how we will adopt the metaverse in healthcare delivery, and how the data can be monetised, are some of the big questions.
Organisations are increasingly dataheavy. As Middle East businesses go through a rapid process of digital transformation, they are increasingly looking for insight and advantage from the large datasets they hold and have access to. The laws concerning health data in the Middle East generally do not make specific reference to monetisation. This is because the laws are generally focused on the public health. Where monetisation is expressly referred to, such as in terms of national health information exchanges, it is expressed to be not permissible.
Further, in the Middle East region we see a number of countries having data localisation requirements where, even with a patient’s consent, the law prohibits use of health information, and deidentifying it isn’t necessarily su icient to get around the use and transfer restrictions set out in the laws.
With the growing trend for Middle East countries adopting European data protection legal principles, which focus on regulating a previously underregulated data economy and providing rights to individual data subjects to better control the use of their data, Middle East organisations need to ensure that their data monetisation strategies are in place, tested, and future-proofed to ensure that they can continue to secure value from the data they hold.
Framing the topic
The metaverse, or Internet 3.0 / Web3, is not simply augmented reality (AR), virtual reality (VR), or mixed reality (MR), but rather a digital ecosystem, a hybrid of these technologies that adds artificial intelligence, as well as other immersive technologies, and blockchain. The metaverse is a parallel digital world, or visual electronic depiction of reality. The movie Ready Player One instantly comes to mind (although I hope our reality doesn’t become as dystopian as in that movie).
Historically, healthcare delivery required physical patient and provider interactions; however, we already see that with telehealth services healthcare providers can make a diagnosis, administer medical treatment, or perform surgical procedures, among other things, remotely. Now, add in AR, VR, AI and a bunch of other techy acronyms, and digital health solutions appear to be at a pivotal transition point to unprecedented adopting in the healthcare industry (and life sciences too!).
Legal & Regulatory Considerations
Of course, this shi comes with its own legal and regulatory hurdles. The metaverse in healthcare (“Medaverse”) market is typically segmented by:
1.Component, such as: a. So ware, b. Hardware (VR Headsets, AR Devices), c.Technology, such as: d.Telemedicine, e.Augmented Reality f. Virtual Reality g.Mixed Reality, h.Artificial Intelligence, i.Digital Twins, and j.Blockchain.
Christina Sochacki Senior Counsel, Head of Healthcare & Life Sciences, KSA Al Tamimi & Co
“When and how we will adopt the metaverse in healthcare delivery, and how the data can be monetised, are some of the big questions”
2.Applications, such as: a.Patient Engagement, b. Pre-Operation & Post-Operation Planning, c.Immersive 3D Training, d.3D Lectures, e.VR Therapy, f. Diagnosis and Treatment, and g.Remote Monitoring.
3.By End-User, such as: a.Hospitals, b. Pharmaceutical, and c.Insurance Companies.
Across all these segments are data transfer elements - requiring access to the data from outside the country, or transfer of the data to another country. By way of example, Article 13 of the UAE Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology in Healthcare (“ICT Heath Data Law”), sets out the requirements for storing and transforming the health data and information outside State: “It is not permissible to store, process, generate or transform the health data and information outside State -which are related to the health services provided inside Stateexcept in the case where a resolution is issued from the competent Health Authority in coordination with the Ministry of Health and Prevention.” The supporting Ministerial Resolution No. 51 of 2021 Concerning Cases Where Health Data and Information May Be Stored or Transferred Outside the State, allows data transfer outside the UAE in limited circumstances:
National health information exchanges
Across the Middle East region, we are seeing national health information exchanges launched. In the Emirate of Abu Dhabi, UAE there is Mala i. In the Emirate of Dubai, UAE there is the Dubai Health Authority’s (“DHA”) Nabidh. And at the federal level in the UAE there is the Ministry of Health’s Riayati. In the Kingdom of Saudi Arabia, there is the Saudi health Information Exchange (“SHIE” or Saudi eHealth Exchange “SeHE”). In general, health data held in the local governmentcontrolled health information exchanges cannot be shared with third parties (beyond those identified by statute) nor monetised.
To dive a bit further, Nabidh is a secure healthcare platform that allows public and private healthcare facilities in Dubai to exchange trusted healthcare information. Healthcare providers can use Nabidh to securely share patient health information electronically, while adhering to the Nabidh policies and guidelines for data collection, storage, and sharing. Mala i is a health exchange platform governed by the Health Information Exchange policy (“ADHIE Policy”) of the Abu Dhabi Department of Health (“DOH”). This policy enables healthcare providers to share patient health information electronically, with guidelines in place for the collection, storage, and sharing of health data. For any patient health data held in the health information exchanges of DOH and DHA, there are prohibitions on data sharing with third parties and monetisation. The use of (including monetisation of) identified patient data requires both consent and approval from regulators upon being satisfied that confidentiality is protected.
Thus, where the Medaverse expects to draw upon Middle East locally generated or hosted data, it will be necessary to further analyse the source of such data, restrictions on its transfer or access (whether from in or outside the country), and whether monetisation of such is permitted.
National genome programmes
We are also seeing the launch of genomics programmes in the Middle East. Abu Dhabi, Dubai, and Saudi Arabia have the most notable programmes.
Under the Abu Dhabi Emirati Genome Program, all genomic data is owned by the government and there are strict provisions regarding its storage, access, and use. All research including data sharing arrangements requires regulatory approval. While local policy on genomics research speaks to the concept of value creation (benefiting the population, innovators, and stakeholders, as well as introducing public private partnerships and incentives schemes to motivate the sharing of genomic data), regulatory approval is required for such activities.
In Dubai, in general, the sharing of health data with private third parties for ‘secondary use’ (e.g., research, public health, quality improvement, safety initiatives, insurance, payment, and marketing), requires regulatory approval. The DHA’s Policy for Health Information Assets Classification sets out their requirements for classifying health information in the Emirate of Dubai. This policy applies to both identifiable and de-identifiable patient health data and is in accordance with the DHA Policy on Confidentiality and Data Protection. Specifically, it requires that the “sharing of Sensitive Data with Private third parties should be evaluated and approved by the DHA [Health Informatics & Smart Health Department]”. Under the policy, “Sensitive Data” is defined as personal data which includes information data about a person’s family, ethnicity, health, a iliations, political views, religious beliefs, or personal life.
In KSA, the Saudi Human Genome Program is specifically created to, amongst other things, enable scientists and researchers to benefit from the genetic information in the programme, utilising the information to develop diagnostic and prevention tools to reduce the incidences of genetic disease in KSA. Saudi Arabia’s Ministry of Health has published a suite of policies relating to the SHIE, which are broadly aimed at the use of health information, including patient data, in the context of the increased adoption of technology and digitalisation in the health system. Under the SHIE framework, the implementation of ongoing technological improvements to the healthcare system is contemplated on two main fronts. The first is the adoption of secure technology solutions to enable streamlined patient care via online health records. The second is making available de-identified patient data that can inform research. This can be used by both the public sector, for example, by guiding public health policy responses (e.g. containment and prevention of epidemics, or targeting health awareness programs), and by the private sector, for example, by developing new treatments and pharmaceuticals.
Future looking
I leave you with the 64-million-dollar (adjusted for inflation) question: Which segments will be accepted into and used in the Medaverse first?
Regulating healthcare professionals
Healthcare World’s Editor-in-Chief Sarah Cartledge speaks to Helen Featherstone, General Manager of GMC Services International about the importance of a comprehensive regulatory framework
Over the past 160 years, the UK’s General Medical Council (GMC) has become one of the leading professional healthcare regulators in the world.
From setting the standards by which all medical doctors need to abide by to registration, revalidation, the setting of medical education and standards, medical school accreditation and having a robust complaints handling process, the GMC works through every phase of a doctor’s professional life. The GMC Services International (GMCSI) has been established to support the core services provided by the GMC globally, delivering advisory services through a non-UK-centric model.
At the centre of every healthcare system is a secure regulatory framework, surrounded by implementation processes and structures. The GMCSI o ers a peoplecentred approach, with patient safety, workforce supply, governance and quality as standard. The knowledge base behind the GMCSI allows for flexibility through experience, o ering tailored services to improve the landscape for all healthcare professionals and thereby improving patient safety.
Helen Featherstone, General Manager of GMCSI, works closely with International Ministries of Health and Regulators to identify opportunities for more e ective regulatory systems. “Ethical guidance is the core of regulation,” she says. “We focus on prevention rather than punishment, and on culture, values, teamwork and leadership as well as process and standards.”
This approach allows the cultivation of a patient-focused culture within a healthcare system to improve safety, access, quality and consistency across highly diverse workforces in order to ‘professionalise the professionals.’ In delivering programmes
GMCSI is able to access the GMC’s pool of 1,300 sta and a further 1,000 associates.
Empowering healthcare professionals
By creating supportive environments and nurturing healthcare workers through their professional journey, and by using the subject matter expertise of the GMC, GMCSI is able to provide structures to maintain and improve standards. These structures form an important component of the overall healthcare system and places healthcare practitioner regulation at the core.
“Medical doctor registrations ensure all practicing professionals in the region are suitably qualified, and regulators can maintain contact with registered doctors through the revalidation process which take place every 5 years,” she says. Medical doctor registration and revalidation are two important elements of successful regulation. Other elements include the regulation of medical education and the handling of complaints made against medical doctors, called Fitness to Practice (FTP). E icient data tracking of the medical doctors’ journeys during their careers feeds into the overall healthcare system, enabling input into workforce planning as well as the calculation of medical school placements, to mention a few examples.
Regulating professionals
GMCSI has o ered advice and guidance on setting up robust registration and licensing processes to a number of countries which promoted revalidation as standard to encourage continuous career development for their workforce.
One example looked specifically at reforming an overly bureaucratic process that was unable to deliver the number of licensed doctors needed. The process delayed newly qualified medics from registering and applicants were moving on to other regions before their registration had gone through. The system review led to the implementation of a fast-track system for applicants with certification from other reputable healthcare systems regulators, under the guidance of the GMC. The system took advice on considering appropriate thresholds from other countries and enabled the establishment of an e ective process with a balance between competitiveness and risk. In order to ensure e iciency, a programme to reduce the wait time for primary source documentation verification for the regulation of new healthcare professionals was produced.
Consulting work has also been done in the setting of medical education standards and medical school assessments to ensure these standards are being adhered to. “It is important for regulators to work with medical schools to make sure they are delivering against all the required standards,” states Helen, highlighting the importance of consistent medical education standards across the country to ensure standardised medical education.
In order to deliver a completely comprehensive system, the regulatory framework must go even further.
“Fitness to practice is key, but actually we find the complaints process is of huge importance. It is important for the public to raise concerns over medical treatment received and to have a robust system in place to address these concerns. Serious complaints can then be investigated and action taken if deemed necessary. This is very important for overall patient safety.
GMCSI recently supported a new regulator of healthcare professionals, specifically focused on the processes behind complaints handling. The regulator focused on setting up fitness to practice rules and was given guidance on legislative requirements, as well as dra ing decision outcomes, information handling, detailed triage decision making policy, sanctions and a fitness to practice publications policy.
GMCSI is able to draw on a wealth of experience from the GMC and provides knowledge and guidance for every aspect of the regulatory framework with access to consultants in standards, registration, revalidation, fitness to practice, medical education and director-level executive functions. Regulatory system reviews are crucial, and up to date practices provide the foundations for a stable healthcare landscape. Taking care of this environment provides the best service possible to patients, with patient safety as the core focus at all times. .
These regulatory frameworks set the standards which all medical doctors need to adhere to, thereby promoting trustworthiness and giving patients confidence in the care they receive.
