Networking the healthcare world through Content, Events and Connections

WHF Magazine Globe

Middle East & the Medical Metaverse (or ‘Medaverse’)

April 26, 2023
by Healthcare World

Christina Sochacki, Senior Counsel at Al Tamimi & Company, examines the issues around adopting the metaverse in healthcare delivery 

Did you know that the concept of the metaverse is not new? Apparently, the term ‘metaverse’ was coined in 1992 by author Neal Stephenson in his sci-fi novel Snow Crash. As far back as 1938, the concept of a 3D immersive internet was contemplated; the French poet and playwright Antonin Artaud is documented as using the term virtual reality in his collection of essays, “The Theater and its Double”.

But when and how we will adopt the metaverse in healthcare delivery, and how the data can be monetised, are some of the big questions.

Organisations are increasingly data-heavy. As Middle East businesses go through a rapid process of digital transformation, they are increasingly looking for insight and advantage from the large datasets they hold and have access to. The laws concerning health data in the Middle East generally do not make specific reference to monetisation. This is because the laws are generally focused on the public health. Where monetisation is expressly referred to, such as in terms of national health information exchanges, it is expressed to be not permissible.

Further, in the Middle East region we see a number of countries having data localisation requirements where, even with a patient’s consent, the law prohibits use of health information, and deidentifying it isn’t necessarily sufficient to get around the use and transfer restrictions set out in the laws.

With the growing trend for Middle East countries adopting European data protection legal principles, which focus on regulating a previously under-regulated data economy and providing rights to individual data subjects to better control the use of their data, Middle East organisations need to ensure that their data monetisation strategies are in place, tested, and future-proofed to ensure that they can continue to secure value from the data they hold.

Framing the topic 

The metaverse, or Internet 3.0 / Web3, is not simply augmented reality (AR), virtual reality (VR), or mixed reality (MR), but rather a digital ecosystem, a hybrid of these technologies that adds artificial intelligence, as well as other immersive technologies, and blockchain. The metaverse is a parallel digital world, or visual electronic depiction of reality. The movie Ready Player One instantly comes to mind (although I hope our reality doesn’t become as dystopian as in that movie).

Historically, healthcare delivery required physical patient and provider interactions; however, we already see that with telehealth services healthcare providers can make a diagnosis, administer medical treatment, or perform surgical procedures, among other things, remotely. Now, add in AR, VR, AI and a bunch of other techy acronyms, and digital health solutions appear to be at a pivotal transition point to unprecedented adopting in the healthcare industry (and life sciences too!).

Legal & Regulatory Considerations 

Of course, this shift comes with its own legal and regulatory hurdles. The metaverse in healthcare (“Medaverse”) market is typically segmented by:

1.Component, such as:
a. Software,
b.Hardware (VR Headsets, AR Devices),
c. Technology, such as:
d.Telemedicine,
e. Augmented Reality
f. Virtual Reality
g. Mixed Reality,
h. Artificial Intelligence,
i. Digital Twins, and
j. Blockchain.

2.Applications, such as:
a. Patient Engagement,
b.Pre-Operation & Post-Operation Planning,
c. Immersive 3D Training,
d. 3D Lectures,
e. VR Therapy,
f. Diagnosis and Treatment, and
g. Remote Monitoring.

3.By End-User, such as:
a. Hospitals,
b.Pharmaceutical, and
c. Insurance Companies.

Across all these segments are data transfer elements – requiring access to the data from outside the country, or transfer of the data to another country. By way of example, Article 13 of the UAE Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology in Healthcare (“ICT Heath Data Law”), sets out the requirements for storing and transforming the health data and information outside State: “It is not permissible to store, process, generate or transform the health data and information outside State -which are related to the health services provided inside State-except in the case where a resolution is issued from the competent Health Authority in coordination with the Ministry of Health and Prevention.” The supporting Ministerial Resolution No. 51 of 2021 Concerning Cases Where Health Data and Information May Be Stored or Transferred Outside the State, allows data transfer outside the UAE in limited circumstances:

National health information exchanges 

Across the Middle East region, we are seeing national health information exchanges launched. In the Emirate of Abu Dhabi, UAE there is Malaffi. In the Emirate of Dubai, UAE there is the Dubai Health Authority’s (“DHA”) Nabidh. And at the federal level in the UAE there is the Ministry of Health’s Riayati. In the Kingdom of Saudi Arabia, there is the Saudi health Information Exchange (“SHIE” or Saudi eHealth Exchange “SeHE”). In general, health data held in the local government-controlled health information exchanges cannot be shared with third parties (beyond those identified by statute) nor monetised.

To dive a bit further, Nabidh is a secure healthcare platform that allows public and private healthcare facilities in Dubai to exchange trusted healthcare information. Healthcare providers can use Nabidh to securely share patient health information electronically, while adhering to the Nabidh policies and guidelines for data collection, storage, and sharing. Malaffi is a health exchange platform governed by the Health Information Exchange policy (“ADHIE Policy”) of the Abu Dhabi Department of Health (“DOH”). This policy enables healthcare providers to share patient health information electronically, with guidelines in place for the collection, storage, and sharing of health data. For any patient health data held in the health information exchanges of DOH and DHA, there are prohibitions on data sharing with third parties and monetisation. The use of (including monetisation of) identified patient data requires both consent and approval from regulators upon being satisfied that confidentiality is protected.

Thus, where the Medaverse expects to draw upon Middle East locally generated or hosted data, it will be necessary to further analyse the source of such data, restrictions on its transfer or access (whether from in or outside the country), and whether monetisation of such is permitted.

National genome programmes 

We are also seeing the launch of genomics programmes in the Middle East. Abu Dhabi, Dubai, and Saudi Arabia have the most notable programmes.

Under the Abu Dhabi Emirati Genome Program, all genomic data is owned by the government and there are strict provisions regarding its storage, access, and use. All research including data sharing arrangements requires regulatory approval. While local policy on genomics research speaks to the concept of value creation (benefiting the population, innovators, and stakeholders, as well as introducing public private partnerships and incentives schemes to motivate the sharing of genomic data), regulatory approval is required for such activities.

In Dubai, in general, the sharing of health data with private third parties for ‘secondary use’ (e.g., research, public health, quality improvement, safety initiatives, insurance, payment, and marketing), requires regulatory approval. The DHA’s Policy for Health Information Assets Classification sets out their requirements for classifying health information in the Emirate of Dubai. This policy applies to both identifiable and de-identifiable patient health data and is in accordance with the DHA Policy on Confidentiality and Data Protection. Specifically, it requires that the “sharing of Sensitive Data with Private third parties should be evaluated and approved by the DHA [Health Informatics & Smart Health Department]”. Under the policy, “Sensitive Data” is defined as personal data which includes information data about a person’s family, ethnicity, health, affiliations, political views, religious beliefs, or personal life.

In KSA, the Saudi Human Genome Program is specifically created to, amongst other things, enable scientists and researchers to benefit from the genetic information in the programme, utilising the information to develop diagnostic and prevention tools to reduce the incidences of genetic disease in KSA. Saudi Arabia’s Ministry of Health has published a suite of policies relating to the SHIE, which are broadly aimed at the use of health information, including patient data, in the context of the increased adoption of technology and digitalisation in the health system. Under the SHIE framework, the implementation of ongoing technological improvements to the healthcare system is contemplated on two main fronts. The first is the adoption of secure technology solutions to enable streamlined patient care via online health records. The second is making available de-identified patient data that can inform research. This can be used by both the public sector, for example, by guiding public health policy responses (e.g. containment and prevention of epidemics, or targeting health awareness programs) and by the private sector, for example, by developing new treatments and pharmaceuticals.

Future looking 

I leave you with the 64-million-dollar (adjusted for inflation) question: Which segments will be accepted into and used in the Medaverse first?

Share this article

< Back to home

We are
Healthcare World

The leading, networking, publishing, events
and consultancy business for international healthcare

 

If you’re looking to take your business
overseas, we can help you...

Share This