Looking for the causes of an illness and a suitable therapy frequently resembles looking for a needle in a haystack. According to computer experts, a third of all collected data around the world are health-related. As a result, medical research would appear to be tailor-made for the potential of artificial intelligence: by using systems capable of learning, machines can process the data flood faster and more efficiently than would ever be possible for a person. This is not simply a futuristic fantasy, but involves technologies that are already in use today: for example, by means of data analysis researchers can detect atrial fibrillation at an early stage or identify patients susceptible to cardiovascular disease. Machines recognise illnesses from computer tomography images or X-rays faster and more reliably than some skilled specialist doctors.
On top of this, many people in Germany use health apps and wearables to record vital data. Some health insurers reinforce this trend to self-measurement: for example, by granting a subsidy for the purchase of a fitness armband. Up to now, the German system of statutory health insurance has barred any excesses of a “quantified self”. However, new forms of monitoring of the insured have long been less taboo for foreign social systems, which are for the most part organised along private insurance lines, as well as in the area of supplementary insurance. The project analyses the use of eHealth in the German health system – with a special focus on data-based research.
To facilitate a meaningful balance between freedom of research, commercial interests and data protection in the health sector, normative clarity is required. However, health-related big data applications oscillate between two opposing poles in data protection law terms: on the one hand, EU legislation assigns health data a high level of protection in the GDPR, with strict requirements for the lawfulness of processing (Art. 9 GDPR). On the other, the GDPR acknowledges extensive research privileges and has created exceptions and statutory permissions in favour research (cf. for example Art. 9  GDPR). The project will explore the limits of permissible processing of health data in this respect and systematise the corresponding data subject rights.
Prof. Dr. Mario Martini