Every day, healthcare and health research systems around the world generate vast amounts of data that could profoundly transform how we manage public health and understand, prevent, and treat diseases. From electronic health records and genomic sequences to imaging studies and population health statistics, responsible use of this information could accelerate medical research and fuel medical breakthroughs.
Ensuring privacy and individual freedoms while using health data
The core challenge for governments is to strike a balance between using health data for public good and safeguarding individual rights like privacy and autonomy. This requires distinct types of legal and technical protections, depending on how the data are collected and used.
The OECD Recommendation on Health Data Governance encourages countries to make health data available for public interest uses such as research and innovation, while safeguarding individual privacy and freedoms. The level and type of safeguards that are needed depend on how the data are collected and used. In clinical research, where patients participate directly in trials or medical studies, a key requirement is informed consent, recognising the importance that individuals can exercise their right to make autonomous decisions.
But over the past few years, health data have increasingly been collected indirectly, through routine health care services or the digitalisation of health systems. For example, analysing blood test results from a cohort of people can help identify markers of liver cancer, allowing for early discovery and treatment and improved survival rates. In these cases, it may be impossible or impractical to get individual consent each time data are reused. This raises the question of under what conditions health data can be reused without individual consent, and in the name of the public interest.
Many countries are updating their laws to address this question. For example, Australia, Finland, France, Germany and the United Kingdom have introduced legal frameworks that explicitly allow the use of health data for ‘public interest’ purposes, without consent but with heightened privacy safeguards in place.
These developments reflect an important shift in health data governance. They recognise that consent does not always work, and that people’s best interests can be better served when a clear public interest is established, and strong technical and organisational protections are in place. Safeguards may include secure and trusted environments for data processing, the use of privacy-enhancing technologies, data anonymisation and measures to manage re-identification risks, the appointment of data protection officers and staff privacy training, as well as strict access controls.
The OECD Recommendation supports this approach, encouraging countries to establish a clear legal basis for using health data in the public interest when consent is impossible, impracticable, or incompatible with the achievement of health-related public interest purposes.
Three major obstacles to the effective use of health data
While significant progress has been made through legislative initiatives, there are still major challenges to using health data. New OECD analysis identifies three key areas that present significant obstacles: regulatory fragmentation, bureaucratic hurdles, and lack of public trust.
The fragmentation of health data governance frameworks across countries creates unintended barriers to cross-border research and innovation. OECD analysis finds that the legal basis of public interest is not found in all legal systems, or is not always well-defined, and criteria for its establishment are scarce. This creates very practical challenges for cross-country collaboration on health data utilisation.
Researchers and public health officials face unclear, complicated and slow approval processes for access to health data. These approvals are typically put in place to ensure that protective measures have been duly considered in the absence of consent. However, OECD analysis found that an approval process for health data access may involve two to three different government entities and may take up to 18 months to achieve. Simplifying and streamlining such processes, through measures as simple as the harmonisation of forms for national approval requests, would help minimise administrative burdens, support efficient data management, and save time and money.
Trust in the use of health data for public interest purposes varies across countries. According to a 2023 study by Gillespie et al., 85% of people recognise AI’s potential in improving healthcare services, however 75% express concerns about potential risks such as data privacy and digital security. Studies find that trust in data sharing varies dramatically across countries, from 88% in Israel to just 55% in the United Kingdom, even with anonymisation safeguards in place.
What policymakers can do to overcome health data use challenges
None of these hurdles are insurmountable. To address them, the OECD recommends a three-pronged approach.
Work towards common standards and terminology – particularly for concepts such as research, secondary use and public interest – while respecting local contexts and values. This does not require identical laws in every country, but rather compatible frameworks that facilitate cross-border collaboration while upholding rigorous privacy protections. Countries should also implement clear criteria for evaluating when health data may be used in the public interest without individual consent – specifically in cases where obtaining consent is impossible, impracticable, or incompatible with achieving legitimate health objectives.
Use a risk-based approach that prioritises low privacy risks but high-benefit applications to expedite valuable research. For example, an emerging practice is to establish trusted data environments that foster strong protections while enabling value from networks. This is only one of several options available within privacy-enhancing technologies, which provide privacy protection safeguards while facilitating data use. Additionally, creating simple and evidence-based approval processes to minimise the number of regulatory authorities and steps in the process can significantly improve the use of health data in policymaking and innovation, both at the domestic and global level.
Build public trust through engagement. The public broadly supports using health data for societal benefit, but they demand transparency, robust protection measures, and meaningful involvement in how these decisions are made. This could be accomplished through public surveys and awareness-raising campaigns on how health data may be used for the public interest. Public assemblies on the use of health data have already taken place in France, where citizens discussed the integration of the European Health Data Space regulation into French law, and in the United Kingdom through the OneLondon Citizens’ Summit.
Health data have the potential to transform healthcare and public health, but only if countries can overcome barriers of trust, governance and bureaucracy. By aligning standards, streamlining processes, and engaging the public, policymakers can unlock the full value of health data while safeguarding individual rights. With the right frameworks in place, health data can become a cornerstone for innovation, better care, and stronger health systems worldwide.