The outbreak of the 5th wave of COVID-19 in Hong Kong has left the city’s healthcare facilities stretched to the brink. The recent challenges faced by Hong Kong illustrated the important needs to establish reliable, resilient, and robust patient care and health services.
To this end, the implementation of telehealth and telemedicine services, which enable remote communication with patients without direct physical contact, will provide Hong Kong with a solution in response to the public health crisis arising from the COVID-19 pandemic. From a broader perspective, the application of innovative technologies, including Blockchain and artificial intelligence (“AI”), contributes to the digitalization of the healthcare system which can function more effectively and efficiently.
In particular, the use of Blockchain technologies in this approach further enhances security, privacy and the immutability of patient records, while the AI-assisted detection or diagnosis is safer, more accurate, and faster than previous methods.
As such, it is crucial to look into whether Hong Kong’s existing laws allows for the practice of telehealth and the applicable data protection laws, as well as other significant legal developments around the world.
What is telehealth
Telehealth or remote health is the delivery of healthcare services in a setting where patients and providers are separated by distance, using information, sensors and other integrated communications technologies for the diagnosis or treatment of diseases and injuries.
Most importantly, Telemedicine enables healthcare professionals to remotely monitor, diagnose, and treat patients while mitigating the risk of exposure of physicians, staff, or patients to COVID-19.
Telehealth and telemedicine are by no means novel innovations and have been implemented in jurisdictions where long distance travel is a problem. It stands to be a significant asset especially in the face of COVID-19 where visitation to a healthcare facility (by a number of persons with similar concerns) may end up becoming a nosocomial flashpoint. Use of telehealth and telemedicine can also contribute to the alleviation of global inequality of medical resources by enabling access to healthcare services without the need of physical traveling.
Regulations of telehealth and patient data protection
In Hong Kong, telehealth or telemedicine has been in use and is covered in the Ethical Guidelines on Practice of Telemedicine issued by The Medical Council of Hong Kong in December 2019, which follows the definition of telemedicine in the World Medical Association Statement on the Ethics of Telemedicine. The guidelines effectively bring any medical advice provided over telecommunications under the auspices of the Medical Registration Ordinance (Cap. 161), which only allows medical professionals registered within Hong Kong may deliver telehealth services to Hong Kong’s population.
Since March 2016, Hong Kong has been operating an information infrastructure platform called Electronic Health Record Sharing System for the collection, sharing, use and safe keeping of patients’ health data. The System is regulated by Electronic Health Record Sharing System Ordinance (Cap. 625) (“eHRSSO”), under which the healthcare services providers can have access to and share the patient’s health record in the System for healthcare-related purposes with the patient’s consent. Despite that there are no specific data protection laws that apply to the provision of telehealth services in Hong Kong, the eHRSSO may apply to the sharing of patient’s electronic health record during telehealth/telemedicine consultations with healthcare providers subject to the Ordinance.
In addition, the health data and records are also protected under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) which regulates the general collection and handling of personal data. The “personal data” is broadly defined in the PDPO as any data relating directly or indirectly to a living individual, hence it would likely to include the data generated during telehealth services.
Telehealth in China (“PRC”) is commonly referred to as “internet plus healthcare” and was made possible after a series of administrative rules were promulgated on 17 July 2018 by the PRC National Health Commission and National Administration of Traditional Chinese Medicine pursuant to PRC State Council’s Opinion to Promote “Internet Plus Healthcare” promulgated on 25 April 2018.
There are no data protection laws that applies specifically to provision of the “internet plus healthcare” in China. Pursuant to the Administrative Measures for Internet Diagnosis and Treatment (For Trial Implementation) (《互聯網診療管理辦法（試行）》), medical institutions shall comply with all relevant laws and regulations on information security and confidentiality of healthcare data, including the Cyber Security Law (《網絡安全法》) and the Regulations of the PRC on Administration of Human Genetic Resources promulgated by PRC State Council (《人類遺傳資源管理條例》).
There are currently no laws or regulations specifically relating to telehealth in Australia, and the existing laws and regulations relating to the provision of healthcare apply to telehealth. Since 30 March 2020, a range of healthcare services delivered via telehealth has become eligible for subsidy under the Medicare (Australia’s universal health insurance scheme) and hence available at no cost to the patients in cases where there is a pre-existing clinician-patient relationship.
Health information is granted additional protections under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Telehealth services are identified as a health service provider under the Privacy Act, and they are required to only collect health information by lawful and fair means, with the patient’s consent and where the information is reasonably necessary for providing a health service to that patient.
Telemedicine services in Singapore can only be provided by only medical doctors registered with the Singapore Medical Council under the Medical Registration Act (Cap. 174) of Singapore. This sector is due to be regulated as part of the final phase of the Healthcare Services Act 2020 (“HCSA”) in late 2023. The HCSA requires the licensing of direct doctor and/or dentist-led teleconsultations, while the indirect telemedicine providers (i.e., platforms offering software-as-a-service for teleconsultation, directory listing, payment solutions) will not be licenced.
Telemedicine services is regulated by Circular No. 49/2017/TT-BYT Regulating the Management of Telemedicine issued by Vietnam’s Ministry of Health in 2017 (“Circular 49”), which also applies to organizations and individuals abroad connecting in telemedicine activities with Vietnamese medical facilities from abroad. Under Circular 49, tele-consultations can only be conducted by institutions registered with the Ministry of Health in Vietnam, and via internet systems at registered health facilities to ensure data security and confidentiality.
Telehealth and Blockchain
Centralization is a key impediment in existing telehealth and telemedicine systems which in turn, poses the risk of single point of failure. This factor is further worsened by the fact that centralized data is prone to a variety of external and internal breaches compromising the reliability and availability of systems. To this end, Blockchain can address such crucial weaknesses given the fact that the decentralized distributed nature of Blockchain can be leveraged to manage a shared ledger of encrypted health records with all ledger copies are kept verified and synced with every node affiliated with the Blockchain.
The adoption of Blockchain technology into existing telehealth systems can bring numerous possibilities and opportunities for secure digitization of healthcare, such as successfully establishing the provenance of clinical data, legitimacy of users seeking patient data, managing identities of devices used for remote patient monitoring, preserve patient anonymity, and automate the payments settlement.
Furthermore, the immutability of patient records offered by Blockchain solutions will undoubtedly be a benefit and help to address the issues of patient data privacy which at present are governed by the PDPO and the eHRSSO. In this regard, the decentralized nature of Blockchain data storage meant that the PDPO may also have to be updated in order to account for data stored on the Blockchain and how such personal data may be adequately secured.
AI handling of healthcare data
AI is another existing but underutilized technology in health, which uses machine learning algorithms to identify patterns in healthcare data and provide actionable insights for clinicians, thus improving patient care. An easy improvement on the existing LeaveHomeSafe (a digital contact tracing app launched by Hong Kong Government) may be AI-assisted diagnosis whereby, aside from simply recommending users to undergo testing, a questionnaire can be sent to at-risk individuals to better gauge their situation and recommend the appropriate follow-up action at the appropriate levels. No doubt, the city’s stretched medical services will benefit greatly where raw data is automatically processed into actionable knowledge.
The use of telehealth services and the application of the Blockchain and AI technologies hold great potential to alleviate Hong Kong’s 5th wave COVID-19 crisis by enabling efficient healthcare access and offer better care coordination and treatment outcomes. To this end, the traditional telemedicine systems mostly rely on outdated methods to store, maintain, and protect patients’ data which can be a vulnerability. Blockchain is a solution with which a complete and trustworthy medical history of a patient can be maintained and tracked by the authorized users through immutable records.
Hong Kong may refer to the legislative progress in other jurisdictions for formulating its own regulatory framework in respect of the use of telehealth services as well as data security in this connection. Recently, there has been a push by the Legislative Council to mirror the new implementation of Singapore’s Healthcare Services Act of 2022 in the Medical Registration (Amendment) Bill 2021 which may include the introduction of a licensing scheme for telehealth service providers. At the same time, the Bill will also aim to make it easier for overseas doctors to practice in Hong Kong in the hopes of solving the city’s shortages of medical practitioners. On the other hand, Hong Kong may also consider the approaches of PRC and Australia by introducing specific data protection rules for the healthcare data.
All in all, it remains to be seen whether a comprehensive set of legislation will be made in the future targeting specifically telehealth in Hong Kong and how they may be delivered, and if appropriate, allow a channel for health resources overseas to be channelled into Hong Kong in situations of emergency.