• Chapter 7: Ethics

    • Chapter 7: Ethics

    This chapter contains information from the three World Health Organization documents: “The protection of personal data in health information systems – principles and processes for public health,” “Developing emergency care systems: a human rights-based approach,” and “COVID-19 and mandatory vaccination: Ethical considerations.” These documents are available under the CC BY-NC-SA 3.0 IGO License. WHO/EURO:2021-1994-41749-57154 © World Health Organization 2021 Some rights reserved. This work is available under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 IGO licence (CC BY-NC-SA 3.0 IGO; https://creativecommons.org/licenses/by-nc-sa/3.0/igo). Under the terms of this licence, you may copy, redistribute and adapt the work for non-commercial purposes, provided the work is appropriately cited, as indicated below. In any use of this work, there should be no suggestion that WHO endorses any specific organization, products or services. The use of the WHO logo is not permitted. If you adapt the work, then you must license your work under the same or equivalent Creative Commons licence. If you create a translation of this work, you should add the following disclaimer along with the suggested citation: “This translation was not created by the World Health Organization (WHO). WHO is not responsible for the content or accuracy of this translation. The original English edition shall be the binding and authentic edition: The protection of personal data in health information systems—principles and processes for public health. Copenhagen: WHO Regional Office for Europe; 2021”. Any mediation relating to disputes arising under the licence shall be conducted in accordance with the mediation rules of the World Intellectual Property Organization. (http://www.wipo.int/amc/en/mediation/rules/) Suggested citation. The protection of personal data in health information systems—principles and processes for public health. Copenhagen: WHO Regional Office for Europe; 2020. Licence: CC BY-NC-SA 3.0 IGO. Cataloguing-in-Publication (CIP) data. CIP data are available at http://apps.who.int/iris. Sales, rights and licensing. To purchase WHO publications, see http://apps.who.int/bookorders. To submit requests for commercial use and queries on rights and licensing, see http://www.who.int/about/licensing. Third-party materials. If you wish to reuse material from this work that is attributed to a third party, such as tables, figures or images, it is your responsibility to determine whether permission is needed for that reuse and to obtain permission from the copyright holder. The risk of claims resulting from infringement of any third-party-owned component in the work rests solely with the user. General disclaimers. The designations employed and the presentation of the material in this publication do not imply the expression of any opinion whatsoever on the part of WHO concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries. Dotted and dashed lines on maps represent approximate border lines for which there may not yet be full agreement. The mention of specific companies or of certain manufacturers’ products does not imply that they are endorsed or recommended by WHO in preference to others of a similar nature that are not mentioned. Errors and omissions excepted, the names of proprietary products are distinguished by initial capital letters. All reasonable precautions have been taken by WHO to verify the information contained in this publication. However, the published material is being distributed without warranty of any kind, either expressed or implied. The responsibility for the interpretation and use of the material lies with the reader. In no event shall WHO be liable for damages arising from its use. This document was developed by the Data, Metrics and Analytics Unit in the Division of Country Health Policies and Systems of the WHO Regional Office for Europe. The main author is Tobias Schulte in den Baeumen. Marieke Verschuuren and David Novillo Ortiz provided direction during the production of the report and technical advice during concept drafting, writing and review. Special thanks to Natasha Azzopardi-Muscat for her strategic guidance. For further information please contact the Data, Metrics and Analytics Unit (euhiudata@who.int). Aim of this guidance This guidance document is part of WHO Regional Office for Europe’s work on supporting Member States in strengthening their health information systems (HISs). Helping countries to produce solid health intelligence and institutionalized mechanisms for evidence-informed policy-making has traditionally been an important focus of WHO’s work and continues to be so under the European Programme of Work 2020–2025.(1) One of the instruments WHO uses in this work is HIS assessments. A common finding in these assessments across Member States in the WHO European Region is problems in the production of health statistics as a result of data protection frameworks that are not appropriately geared to enable use of secondary data for statistical and research purposes. WHO has therefore developed this guidance as part of its HIS strengthening toolkit.

    Data Protection

    Introduction and Scope

    In recent years, countries across Europe have implemented either new or considerably stricter data protection and cybersecurity laws. These laws continue to have a substantive impact on health information systems (HISs) and most public health activities in a wider sense. While data protection—or rather, the fundamental right behind the concept of data protection—receives widespread recognition, it should be noted that this right is not absolute but needs to be balanced with other fundamental rights and public interests, such as the right to health. This document aims to explore the conceptual implications and to give some guidance on how specific decisions that are unavoidable to balance the rights and interests at stake should be taken.

    While the ambition is to provide hands-on advice, it seems crucial to explore the concepts and principles of data protection first. Notably, data protection is not rocket science, as it requires clearly defined steps that can be followed in both design and implementation of a health information management system. Equally, data protection compliance is not particularly costly, in terms of either human resources or technology investments. With a few easy-to-implement steps, any organization in public health can increase its level of data protection compliance significantly. This guidance aims to give some insight into the “doing” of data protection.

    As data protection is based on principles that have evolved over time, section 2 gives a short historical overview, followed by a deep dive into the legal principles behind data protection. Section 3 covers the practical implications of these principles and addresses the rights of data subjects, as these are at the heart of the regulatory framework. Section 4 examines the elements that need to be balanced against these rights—in particular, the right to health and to public health in general. While public health is in a privileged position overall, it is clearly bound by the same standards as any other domain in terms of information technology (IT) security. Section 5 looks again at the secondary use of data for public health purposes, and at how the balancing of the interests at stake works in this context. Finally, section 6 gives an overview of the steps to be taken to make this happen, such as empowerment and oversight mechanisms.

    History of Data Protection and its Fundamental Principles

    History and Definitions

    In 1890, two American lawyers, Samuel D. Warren and Louis Brandeis, wrote “The right to privacy”, an article that argues that individuals have a “right to be left alone”, using the phrase as a definition of privacy (2). In 1948, the Universal Declaration of Human Rights was adopted, including the twelfth fundamental right: the right to privacy (3). As technological advances accelerated, so the legal frameworks of data protection evolved. In 1980, the Organisation for Economic Co-operation and Development issued guidelines on data protection in direct response to the increasing use and power of computers to process data (4). A year later, the Council of Europe adopted the Data Protection Convention—Convention 108—which was the first time the right to privacy was enshrined into law for European countries (5). Initially, the regulatory framework was supposed to protect the individual citizen from intrusions into their privacy by the state.

    In late 1983, the Federal Constitutional Court of Germany reached a fundamental decision regarding the so-called census judgment (6). The verdict was considered a milestone of data protection as it shaped the “right to informational self-determination”. The German Court decision would continue to influence the rise of data protection for decades to come. In 1995, the European Data Protection Directive 95/46/EC was created, reflecting technological advances and introducing new terms including processing, sensitive personal data and consent, among others. The Directive specifically targeted the increasing power imbalance between private corporations and citizens, clarifying that the right to informational self-determination is indeed universal and can be used against anybody.

    In 2016, the General Data Protection Regulation (GDPR) was approved by the European Parliament after four years of discussion (7). around the globe. In 2018, the United Nations enacted the Personal Data Protection and Privacy Principles as the primary source for the protection of personal data by all United Nations institutions (8). According to data protection laws globally, personal data means any information relating to an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly—in particular, by reference to an identification number (such as a social security number) or by one or more factors specific to their physical, physiological, mental, economic, cultural or social identity (such as surname and first name, date of birth, biometric data, fingerprints and so on).

    An important term in this definition is the word “relating”, as it implies both that the data are not owned by the data subject (in the sense of a property right) and that the data may equally relate to more than one person. To give an example, the information that a person is colour-blind (something that predominantly affects men) relates equally to the mother as a genetic carrier and to the father of the mother, who will also be colour-blind. Consequently, processing such data based on informed consent may require consent from all data subjects the data relate to. Thus, the “data subject” is any identified or identifiable natural person to whom the personal data refer.

    Personal data that have been de-identified, encrypted or pseudonymized but that can be used to re-identify a person remain personal data and fall within the scope of data protection laws. Personal data that have been rendered anonymous in such a way that the individual is not or is no longer identifiable are no longer considered personal data. For data to be truly anonymized, the anonymization must be irreversible.

    Core Principles of Data Protection in the Context of Public Health

    Data protection is principle-driven, building on the core principles enshrined in important documents such as Council of Europe Convention 108, the European Union (EU) Charter of Fundamental Rights (9) and the national constitutions of many countries. To ensure full compliance with applicable data protection laws and regulations, natural or legal people who process personal data should adhere to the following data protection principles.

    Following these principles ensures that data controllers, such as public health authorities, are capable of demonstrating that they are fully accountable for their activities, and that the data processing is conducted in a fair and balanced way that affects the right to informational self-determination, or the right to privacy, only to the extent necessary to pursue health-related public interest.

    Recommended actions

    The Lawful Basis of Data Processing

    Regardless of the purpose of processing personal data, such processing is prima facie not permitted unless the data controller has a valid lawful basis to do so (GDPR Article 6). This is enshrined in the first principle of data protection. Six lawful bases for processing are available. No single basis is better or more important than the others—which is most appropriate to use will depend on the purpose of the processing and the relationship with the individual. The lawful basis must be determined prior to the processing, and must be properly documented, as per processing activity. In detail, the six categories are as follows.

    In the case of data processing activities in the context of health information management tasks, it is obvious that certain types of lawful basis are more likely to apply. Data processing is likely to be carried out based on legal obligation and public tasks; in rare cases, vital interests may apply. Informed consent of the data subject is a critical legal basis: it obviously plays a major role in the case of research activities, but may also have implications for public health purposes that require a high level of completeness of datasets. Consequently, informed consent of the data subject may not be used if there is a basis in the law (such as a cancer registry), or if there is a clear preponderant public interest (as in the case of a pandemic). The concept of informed consent may only be chosen to the extent the data subject has a “real” choice, and if refusal to consent does not have negative implications for the data subject (11).

    In practice, informed consent of the data subject is often wrongfully applied, as any legal basis will suffice, and informed consent may have a substantive impact on the outcomes of public health activities. Thus, it is often advisable to select an alternative legal basis, but caution is needed, as transparency requirements continue to apply unless specific exemptions kick in.

    Recommended actions

    The Principle of Informed Consent

    As any data processing needs a legal basis, researchers often turn to the informed consent of data subjects in particular to legitimize the processing of personal data (12). As noted above, however, informed consent is one of six legal bases; it should only be used in public health if specific conditions are met.

    Consent is only appropriate if a public health or medical institution offers data subjects a real choice, and if the data subject is neither directly nor indirectly coerced to consent to the data processing. If the consent is obtained in a medical setting, this is always a critical issue, as refusal to consent may have severe implications on the level of care. Equally, if a data controller cannot—or does not intend to—offer a genuine choice, consent is not appropriate, as the consent process would be misleading and inherently unfair.

    Consent must be properly documented; the documentation used should be clear, concise and in a language accessible to the data subjects. Data subjects should have adequate time to consider their choice, and have access to further details and consultation, as deemed necessary. An important part of informed consent is the word “informed”, as discussed further in the section on transparency.

    Recommended actions

    Transparency

    As noted above, one of the core principles of modern data protection laws is the principle of transparency. This links back directly to the landmark decision of the German Court on the census judgment of 1983 (see section 2.1), in which the Court stated: The general right of personality encompasses, based on the notion of self-determination, the power conferred on the individual to, in principle, decide themselves whether and to what extent to disclose aspects of their personal life... If individuals cannot, with sufficient certainty, determine what kind of personal information is known to their environment, and if it is difficult to ascertain what kind of information potential communication partners are privy to, this may seriously impair the freedom to exercise self-determination (14). Thus, transparency is fundamentally and intrinsically linked to the principle of fairness. Transparent processing in a public health context is about being clear, open and honest with data subjects, and therefore requires public health institutions to disclose the basic elements of processing activities (15).

    The provision of clear and concise information in a language that is accessible to the data subject is required, whether the data are collected directly from the data subject or obtained from a third party.

    The provision of information is also vital in the case of a change in the purpose of processing—for example, a secondary use of health data—unless specific exemptions apply. Key examples of such exemptions are situations in which the provision of such information proves impossible or would involve a disproportionate effort, or in which the exemption is provided for in law.

    As a guide and indicator, public health data controllers may refer to Articles 13 and 14 of the GDPR for the set of information to be provided to the data subject. In addition to direct communication with data subjects via privacy notices or privacy terms, it is also advisable for public health institutions to engage in active dialogue with civil society, and to report regularly to the public on data protection activities.

    Recommended actions

    The Protection of Data Subjects in Data Protection Law

    The Rights of Data Subjects

    Modern data protection laws aim to empower citizens to exercise their rights in a world increasingly dominated by technology companies and other players that process vast amounts of data relating to citizens. The empowerment of citizens is equally important in the context of medical care and similar health-related settings, such as end-of-life decisions. The rights of data subjects are, as in the medical setting, intrinsically linked to the principle of transparency, as only educated and empowered citizens are capable of exercising their rights. Responsibility for adherence to the rights of data subjects rests with the data controller. As such, the data controller is also obliged to ensure that any data processor—or, in case of a controller-to- controller transfer, any data recipient—honours the rights of data subjects (16). In detail, these rights are as follows.

    Adherence to the rights of data subjects is of the utmost importance—in particular, in the context of public health activities, as such compliance by health institutions fosters citizens’ trust in the processing activities. If a tracing app in a pandemic situation like COVID-19 ignored the rights of data subjects and paved the way to using such data for secondary purposes, such as the collection of taxes, citizens might refuse to use it. In the online world, trust is the most important currency; once lost, it is almost impossible for public health authorities to regain (18).

    Recommended actions

    Data Protection and Public Health—Legal Framework and Limitations to the Privileged Position of Health

    Data Protection in HISs (Including Regulatory Approaches to Health)

    Over the last three decades, the level of regulation in the field of data protection and cybersecurity has increased. This guidance focuses less on high-level documents like the EU Charter of Fundamental Rights and instead looks at the level of regulation closer to professionals operating in the field of HISs.

    To do this, it is important to distinguish between sector-specific laws regulating the processing of health data, general data protection laws (like the GDPR) and laws that govern the processing of personal data and may have direct or indirect consequences on HISs (such as ePrivacy).

    Sector-specific laws are important to the extent that they provide clear guidance on the processing of personal data for health purposes and often serve as a legal basis for processing activities. Such laws may either address specific public health tasks (such as a cancer registry) or govern the use of health information in a clinical/medical setting (as with electronic health records), with subsequent secondary use of data for public health purposes. In fact, data protection calls for development and implementation of such laws, as these help to achieve a maximum level of transparency and democratic legitimacy.

    The application of general data protection laws and, in particular, the impact of wider legislation tends to pose significantly greater challenges in the context of HISs. Across general data protection legislation, the processing of personal data for health purposes is privileged. This is the case not only for processing of data for the protection of health (“vital interest”) but also for the use of personal data for public health purposes.

    For example, Recital 46 of the GDPR states: The processing of personal data should also be regarded to be lawful where it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person (19). … Some types of processing may serve both important grounds of public interest and the vital interests of the data subject as, for instance, when processing is necessary for humanitarian purposes, including for monitoring epidemics and their spread or in situations of humanitarian emergencies, in particular in situations of natural and man-made disasters.

    Consequently, public health is privileged in terms of the legal basis for data processing (the justification), the scope of processing activities and, in particular, secondary use of personal data for managing HISs.

    In day-to-day practice, the implications of further legislation often pose significant problems, including but not limited to ePrivacy (such as website “cookies”), critical infrastructure or IT security regulations. Putting all these laws and regulations into practice, and anticipating the direct and indirect implications in the design and management of HISs, requires a deep understanding of the subject matter and relevant legal expertise.

    Professionals in the health information management domain must also be aware that the privileges public health enjoys do not extend to protection of the integrity and availability of data. In brief, serving a laudable purpose—such as protecting public health—does not justify lowering standards of IT security. Such privileges are strictly tied to the specific public health purposes and do not justify secondary use of data for other purposes per se. It is permissible to set up infrastructures that serve secondary use of data, such as registries or biobanks, but each case of secondary use must be scrutinized to protect the interests of data subjects and society (20).

    Recommended actions

    The “How To” of Data Protection in HISs (Including Data Protection by Design and by Default)

    Complex and large-scale data processing activities in the public health sector require careful planning and execution. To the extent that such systems require processing of personal data, data protection regulations require data controllers to ensure that they consider privacy and data protection issues at the design phase of any system, service, product or process, and then throughout the lifecycle. Developing and integrating data protection solutions in the early phases of a project identifies any potential problems at an early stage to prevent them in the long run. As such, following a data protection by design and by default approach is part of the accountability of data controllers (21).

    Data protection by default requires controllers to ensure that they only process the data necessary to achieve the specific purpose. This links to the fundamental data protection principles of data minimization and purpose limitation. For the public health sector, this does not lead to a “default to off” solution, as the default design principle again calls for a balancing of the interests at stake, and for limitation of purposes to vital interests such as protection and promotion of health.

    Taking the COVID-19 situation as an example, large-scale processing of personal data relating to all citizens may be justifiable and perfectly compliant with the principles, to the extent that such processing is necessary to mitigate the risk of the COVID-19 pandemic. But the principles also call for effective safeguards to ensure that personal data are not used or abused for secondary purposes unless the secondary purpose is equally justifiable (such as research with pseudonymized or anonymized data).

    As such, public health institutions must also select partners and service providers carefully—and, in particular, data processors and their subprocessors. IT security and data protection requirements should be part of any relevant tender and procurement process, and the contractual obligations of partners and service providers should mirror all relevant regulatory requirements on the data controller, or any additional requirements a data controller may deem necessary—for example, for the mitigation of reputational risks.

    Recommended actions

    Data Protection and IT Security

    While IT security was traditionally concerned with the integrity and availability of data, data protection was associated with the confidentiality of the processing. In recent years, these topics have increasingly merged, and regulatory acts like the GDPR stipulate very stringent data security requirements for data controllers (22). This means that controllers (and processors) must have appropriate security measures in place to prevent the personal data they hold being accidentally or deliberately compromised. As such, controllers should bear in mind that while information security is sometimes reduced to cybersecurity (the protection of networks and information systems from attack), it also covers other things like physical and organizational security measures.

    Thus, adequate organizational and technical measures for the protection of personal data are vital to maintain the trust of data subjects in the processing, and will help public health systems to secure public support and compliance of data subjects. Measures may include not only technical measures—such as encryption of data at rest and in transit—but also solid identity and access management or data governance approaches, including classification of data (for example, as strictly confidential/confidential/public). A key aspect of protection is tight management of administration and access rights; public health institutions—and health institutions in general—often fail to implement a strict “need to know” principle.

    Regulations like the GDPR may not outline the exact security measures required. Instead, they require controllers to have a level of security that is “appropriate” to the risks presented by the processing. Public health authorities and other actors in the sector need to consider this in relation to the latest developments and costs of implementation, as well as the nature, scope, context and purpose of the processing.

    Bearing in mind that the public health sector is often tasked with processing sensitive personal data, such as data relating to health and physical well-being, data subjects will expect a very high level of data security in such operations. Having said that, non-availability of funds for data security measures is no excuse, to the extent that those measures are necessary to achieve an “appropriate” level of protection. An important topic is the handling of data breaches—breaches of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data (23). This includes breaches that are the result of both accidental and deliberate action. Institutions of any size or setup are easily overwhelmed by a data breach situation. As such, public health institutions are advised to plan for this eventuality, possibly even by conducting a cyber incident simulation. A data breach plan—with clear allocation of tasks and responsibilities—is needed, including a data breach communication strategy. An important tool is regular penetration tests, carried out by an independent third party: in simple terms, a data controller should invite “ethical hackers” to test the weaknesses of the system. Many countries have IT security or cybersecurity agencies that support public health institutions in setting up such concepts. For institutions that serve operational purposes, a disaster recovery plan is equally critical and strictly required.

    Recommended actions

    Processing of Personal Data in Public Health Systems—Guardrails for Primary and Secondary Use of Data

    Use of Personal Data for Management of HISs (Including the Concept of Secondary Use)

    For the purpose of this document, the term “HIS” refers to a system designed to manage health care data in a wider sense. This includes systems that collect, store, manage and transmit a patient’s electronic health records, a hospital’s operational management or a system supporting health care policy decisions. Obviously, different dimensions of HISs pose significantly different and heterogeneous data protection challenges (24). While the temporary non-availability of data may be negligible in the context of health care policy-making, it may have catastrophic consequences in a hospital setting.

    This guidance focuses on the management of HISs and the policy-making dimension. Such data may often be aggregated or anonymized, and may therefore not fall under data protection regulations. In terms of public health policy-making, the secondary use of data is of utmost importance. If possible, personal data should be aggregated or anonymized at source, minimizing data protection risks and maintaining the control of the initial data controller. Depending on the use of the data—for example, in cancer registries or biobanks—aggregation or anonymization at source may have an impact on the quality, requiring a centralized approach to processing. Personal datasets and aggregated or anonymized data should be kept separate, at least by means of a logical separation, and ideally in physically separated IT systems.

    Infrastructure should be set up as needed, based on a concept of pseudonymization (rather than anonymization) (25), enabling public health data controllers to go back to an individual data subject, to the extent that this is to the direct benefit of the data subject. An example might be processing of data relating to environmental determinants of health—such as research on asbestos in a specific community or industry (26).

    Recommended actions

    Personal Data and Health Research (Including the Concept of Secondary Use)

    One of the core principles of data protection is the principle of purpose limitation, as data controllers need to specify the exact purpose prior to starting processing activities. In the case of health data, the purpose limitation principle is not absolute, as secondary use of health data is often vital for management and improvement of public health systems. As such, health-related data, including data on various determinants of health, are an important resource for policy-making, health systems management and research (27). Research is privileged, and the freedom of research (and researchers) is a constitutional fundamental right in many countries, and in various multinational policy documents (28).

    To the extent that research is the primary purpose of the data processing, and such data have been obtained with the informed consent of the data subjects, the consent limits the ability to use data for further purposes if these purposes are not strictly related to the primary purpose. In practice, a more complex situation is secondary use of data for public health purposes—for example, data that have been processed initially in a medical setting (29).

    Some laws and regulations are very specific about the legal safeguards required, and in the case of the GDPR call on Member States to regulate the issue in more detail in national law, as health itself is primarily outside the competence of the EU. Irrespective of the specificities of the GDPR, secondary use is permitted if such use is not incompatible with the primary purpose, if there is a lawful basis and if the processing is proportionate and necessary steps are undertaken to maintain the security of the data. To the greatest extent possible, data protection calls for pseudonymization, masking or even anonymization of data if such data still serve a public health purpose. It would be an infringement of data protection law if the data were kept in their original shape and form just as a matter of convenience, or to minimize processing efforts.

    Due to the heterogeneity of the regulatory landscape in the WHO European Region, a detailed assessment is needed on a case-by-case basis before embarking on a specific research project that requires secondary use. Again, it is of utmost importance to document the deliberations carefully, and to be as transparent as possible towards the data subjects and other relevant stakeholders. Specific requirements may apply if the activities require transfers of data across borders or to a multinational organization.

    In the case of processing of data for public health and research, certain limitations to the rights of data subjects may apply. Public health workers and researchers are encouraged to make use of these exemptions only as far as strictly necessary. Equally, exemptions may apply in terms of the retention/deletion of data, as new—and therefore different—retention periods may apply.

    Recommended actions

    Finding the Balance Between Data Protection and Public Health

    As noted above, personal data is not a “property” of the data subject, as it relates to a person but may equally relate to others. Laws, regulations and courts also note that individuals are part of society; they interact with society and are subject to various legal interests that may equally require protection. In the context of public health and the management of HISs, the right to health in particular is a core fundamental right that is globally recognized as one of the most important rights of individuals.

    The right to health was first articulated in the WHO Constitution of 1946, which states that “the enjoyment of the highest attainable standard of health is one of the fundamental rights of every human being”. The preamble to the Constitution defines health as “a state of complete physical, mental and social well-being and not merely the absence of disease or infirmity” (31).

    The right to health is an inclusive right, extending not only to timely and appropriate health care but also to the underlying determinants of health, such as access to safe and potable water and adequate sanitation, healthy occupational and environmental conditions, and access to healthrelated education and information, including on sexual and reproductive health. While the right to health is a fundamental right that protects the individual, it also serves as a justification for activities of state agencies and other stakeholders that aim to foster the right to health. Thus, the creation and maintenance of an HIS, which supports access to health information and the management of health systems, is a legally recognized interest that needs to be balanced with data protection.

    Balancing in this sense should not be perceived as a yes or no decision, but rather as an attempt to protect both interests and the underlying fundamental rights in the best possible way (32). Consequently, all public health actors should define the public health interest they want to pursue (the “purpose”), and then identify the methods and means that pose the least possible threat to the right to informational self-determination. In rare cases, the analysis may show that the public health interest does not justify curtailment of the right to informational self-determination; in other scenarios—such as during a pandemic—even severe implications for data protection may be legally acceptable. Notably, the concept of purpose is of the utmost importance in this context, as the processing of data from a COVID-19 contact-tracing application may be acceptable for the purpose of protecting public health, but at the same time may not be acceptable for law enforcement activities targeting petty crime.

    The balancing of interests at stake—and in particular the accordance of fundamental rights—equally needs to be reflected in the policy-making processes, including drafting of laws and other pieces of legislation. Much of this is due process, as the decisions underlying such balancing require judgements, often under conditions of uncertainty (for example, during a situation like COVID-19, as it is unclear a priori how a pandemic may unfold). Again, it is crucial to be transparent in deliberations and to communicate properly to citizens and other actors of civil society.

    The process of balancing the interests and fundamental rights at stake is not an easy one, and there is no universal recipe. Achieving an accordance of the rights requires proper documentation and transparency towards all relevant stakeholders, including the wider public and data subjects affected by the activities. This process is also important to determine whether a data processing activity may require the consent of the data subject or whether a legitimate, preponderant legal interest justifies the processing of personal data.

    Recommended actions

    Building a Data Protection Management System in Public Health

    Operationalizing Data Protection in HISs

    Data protection laws around the world pursue a risk- and process-oriented approach to ensure the confidentiality, integrity and availability of data and the resilience of systems. This requires a periodic process to review the effectiveness of the security measures and their continuous improvement. Data protection is not a one-off activity, but a task that needs to be embedded into all activities relating to the management of HISs. Equally, data protection is a task and responsibility of everyone involved in data processing, and should not be assigned exclusively to a data protection officer or data governance department.

    An important tool to ensure that all relevant stakeholders in an organization assess data protection requirements is the data protection impact assessment (DPIA). This formal process and documentation tool is widely used for high-risk data processing activities, and various data protection authorities and other stakeholders provide templates. A DPIA is recommended prior to the going live of a new IT system or processing activity (33).

    Data protection officers should be in post to guide the organization, but the day-to-day responsibility for compliance with data protection laws rests with the data controller, as the entity in charge of data processing.

    As such, data protection requires adequate resources, continuous training and support from the highest management level. The data controller should also ensure that relevant data protectionaudit capacities are available, and should be able to support audits of data protection authorities. A data protection audit is defined as a systematic and independent examination to determine whether activities involving the processing of personal data are carried out in accordance with an organization’s data protection policies and procedures, and whether this processing meets the requirements of the applicable regulatory framework (34). The audit programme should lead to a continuous improvement plan, and may lead to the completion of industry certification programmes, such as ISO 27001 or ISO 27701 (35).

    Recommended actions

    Education and Empowerment

    Data protection is an important component of the human-centric approach to technology and a compass for the use of technology in the digital transition of economies and policy-making. In a public health system increasingly based on the processing of personal data, the legal safeguards highlighted above are an essential tool to ensure that individuals have better control over their personal data and that these data are processed for a legitimate purpose, in a lawful, fair and transparent way. As data protection must be embedded into the design and execution of public health programmes, this requires education and empowerment of both citizens and public health professionals.

    Data competence, including governance of data processing and protection of personal data, must become an integral part of the qualification of public health professionals working on HISs (36). Such education must be based on the principles described, but should also cover the applicable regulatory framework. An important element is the continuous qualification of professionals who have already passed the period of academic education. Workshops, hands-on exercises and problem-based learning are needed to break the barriers between public health and data protection.

    Continuous education is also vital to enable public health professionals to keep up with the pace of implementation of new technologies, such as cloud computing or blockchain-based systems. Empowerment is needed to be capable of applying the principles of data protection correctly in the ever-changing technological landscape.

    Recommended actions

    External Oversight, Internal Control and Enforcement Measures

    As part of the accountability principle, data protection requires any data controller to take responsibility for their processing activities and for how they comply with data protection principles. Having appropriate measures and records in place to demonstrate compliance is critical. Another key requirement is internal and external control; this control structure may take a different shape or form depending on the applicable law. Various data protection laws lay down that the position of a data protection officer or privacy officer should be established. This is an independent role in an organization that provides advice to the data controller, maintains the records of the processing activities and serves as a point of entry for data subjects and authorities.37 The data protection officer also leads audit activities, both in-house and into third parties that process data on behalf of the data controller. The audit function of the data protection officer is regularly supported by internal or external IT audit capabilities. Importantly, a data protection officer should not have any conflict of interest, and should report to the highest management level of the organization.

    The majority of countries in the WHO European Region have created specific data protection authorities, and some differentiate between authorities overseeing public or private institutions. Using its statutory powers, a data protection authority will examine complaints from data subjects in relation to potential infringements of data protection law, conduct enquiries and investigations regarding infringements of data protection legislation and take enforcement action where necessary, and promote awareness regarding the rights of data subjects to have their personal information protected under applicable data protection law.

    Public health authorities should bear in mind that the risks associated with data protection infringements are manifold, with reputational damage the primary risk. In addition, public health authorities and research institutes can be subject to monetary fines (in the case of the GDPR up to €20 million) or to an injunction or call for remedy by a data protection authority.38 Clearly, this requires solid data protection risk management at any larger public health institution—as such, expert knowledge is required at the interface between compliance, IT and data protection.

    XX 37 For more details see: Guidelines on data protection officers (‘DPOs’). Brussels: European Commission; 2017 (https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612048).

    38 Voigt P, von dem Bussche A. Enforcement and fines under the GDPR. In: The EU General Data Protection Regulation

    (GDPR). Cham: Springer; 2017: 201–17.

    22 THE PROTECTION OF PERSONAL DATA IN HEALTH INFORMATION SYSTEMS—PRINCIPLES AND PROCESSES FOR PUBLIC HEALTH XX

    One important way to address such risk is to adhere to recognized standards and certificates, such as the ISO 27701 for data protection management systems. As pursuing such certificates can be cumbersome and requires the allocation of adequate resources, any data controller should set up an internal data protection control system that is adequate and corresponds to the data protection risks of the organization.

    Recommended actions

    Section Conclusion

    Compliance with data protection requirements is a challenge for the entire public health community, and specifically for all institutions actively involved in the management of HISs. Notably, the gradually increasing regulatory pressure over the last decades is forcing the public health sector to adjust its policies and practices regarding processing of personal data. It is important to demystify data protection and to provide guidance on how to set up public health measures that comply fully and serve the community. Safeguarding data protection in public health involves new and significant challenges, as technological advances expand the frontiers of areas such as surveillance, Big Data and cloud data storage. Consequently, it is of great importance that public health institutions are equipped to balance the different fundamental rights at stake, and to apply the principles of data protection.

    Data protection is not rocket science: it requires legal and technical artisanship, the allocation of adequate resources and the training of all professionals involved in the processing of personal data. Data protection is not a one-off activity but a continuous effort that is based on an institutional vision, a governance concept and a willingness to be accountable. This accountability, based on a thorough risk assessment, builds on the documentation of data protection activities and persistent internal and external oversight.

    While doing justice to all these aspects and requirements may sound overwhelming at first, the most important thing is to get started, even if the start is less ambitious and more a piece-meal approach than a holistic concept.

    Ethics of Emergency Care

    The delivery of emergency care is an effective strategy to reduce the global burden of disease. Emergency care cross cuts traditional disease-focused disciplines to manage a wide range of the acute illnesses and injuries that contribute substantially to death and disability, particularly in low- and middle-income countries. While the universal health coverage (UHC) movement is gaining support, and human rights and health systems are integral to UCH, few concrete discussions on the human right to emergency care have taken place to date. Furthermore, no rights-based approach to developing emergency care systems has been proposed. In this article, we explore key components of the right to health (that is, availability, accessibility, acceptability and quality of health facilities, goods and services) as they relate to emergency care systems. We propose the use of a rights-based framework for the fulfilment of core obligations of the right to health and the progressive realization of emergency care in all countries.

    Introduction 

    Increasingly, the global health community is recognizing the important role that emergency care plays in delivery of health services. Estimations suggest that emergency care could address 54% to 90% of deaths and 900 million to 2.5 billion disability-adjusted life years in low- and middle-income countries (37,38). The effect of emergency care on the burden of disease is due to its ability to deal with a wide variety of acute injuries and illnesses across the lifespan of all populations. While primary prevention efforts are important to reduce the burden of acute diseases, emergencies continue to occur in both the most developed and least developed countries. 

    Emergency care is a health service that cross cuts traditional disease-focused disciplines and provides prompt interventions for many disease-specific emergencies, including pregnancy-related complications, communicable and noncommunicable diseases and injuries. Health systems in many countries are often fragmented and composed of programmes with a narrow focus on disease-specific care. However, well organized emergency care appropriately distributed across a country allows for timely coordination of services and resources, and optimum efficiency and efficacy in treating a range of acute conditions, from out-of-hospital care at the scene of an injury or illness to treatment and stabilization in the emergency unit, and early operative and intensive care (39). Indeed, emergency care systems address at least 12 of the targets of the sustainable development goals (SDGs; targets 3.1–3.9, 3d, 11.5 and 16.1) and are particularly relevant to universal health coverage (UHC) (40). 

    Such claims about the effect of emergency care systems are important, but equally imperative is the human rights argument for access to emergency care. A human rights approach to access to emergency care can provide both legal and moral support to advocacy efforts. Legal support relies on a complex collection of international treaties, national constitutions, domestic laws and court rulings pertaining to the so-called right to health. Moral support is philosophically more difficult to define, but no less important for policy-makers and global stakeholders because it bases support for human rights on our shared humanity regardless of existing laws and treaties (41). 

    Previous use of a human rights approach to health services has successfully changed global health policy, most notably in the campaign against human immunodeficiency virus (HIV) and acquired immunodeficiency syndrome (AIDS) (42). 

    By recognizing that stigmatization of people diagnosed with HIV created a marginalized population with reduced access to care, poor health outcomes and unchecked spread of disease, policy-makers were compelled to ensure basic human rights protections (43).

    These protections improved access to health services and medications, guaranteed the availability of preventative measures in vulnerable populations and reduced discriminatory practices (41). 

    Such protections have reduced morbidity, mortality and disease transmission; AIDS-related deaths have decreased by more than 51% (0.94 million/1.9 million) since 2004 and new HIV infections by 47% (1.8 million/3.4 million) since 1996 (43). 

    The focus on vulnerable populations with little access to care and subsequent poor health outcomes has many similarities to the delivery of emergency care. Emergency conditions, such as traumatic injuries, disproportionately affect people in low- and middle-income countries. About 90% of the burden of death and disability from injuries occurs in low and middle-income countries (44). In many parts of the world, vulnerable or marginalized people who are otherwise unable to access health care will seek care for acute conditions and for exacerbations of chronic diseases through their only available means of care, emergency services (45).

    In addition, the urgency of perceived emergency conditions leaves people highly vulnerable to financial pressures. Where access to emergency care is not guaranteed, hospitals may demand exorbitant payment before offering life-saving emergency care, leaving patients and their family members with an impossible decision to make under pressure: pay for life-saving medical care at the expense of housing or food security, or forego care and risk death or permanent disability. In fact, families in many parts of the world are routinely forced to sell assets or borrow money against collateral before care will be provided, and this situation is more likely for households headed by women (46, 47). The death of Alex Madaga in Kenya highlights this problem. Mr Madaga sustained serious head injuries from a road traffic crash and died hours later after several health-care facilities had turned away his ambulance. At least two of the facilities denied him admission because his wife could not afford the sizeable deposit (48). The injustice of his death shows that access to emergency care can be denied even where emergency services are available.

    If emergency care is acknowledged as a human right and the associated obligations this right places on countries are understood, it becomes clear that a nation cannot fulfil its duty to its people without strategically developing emergency care. A rights-based framework for emergency care must therefore: (i) define the legal obligation to respect, promote and protect a universal right to emergency care; (ii) set rights-centred development priorities for emergency care systems in resource constrained countries; and (iii) provide an instrument to monitor and evaluate emergency care systems considering human rights (49).

    In this article, we explore the foundational arguments for a rights-based approach to emergency care. We review the evolution and key components of the right to health, introduce a rights-based framework for the core obligations that all countries must fulfil to guarantee the right to emergency care, and consider some priorities for the progressive realization of comprehensive emergency care systems.

    Right to Health

    The right to the highest attainable standard of health has evolved since its first mention in the constitution of the World Health Organization (WHO) in 1946 (50–52). Two years later, the United Nations’ Universal Declaration of Human Rights became the first legally-binding treaty to introduce the right to health; it states, “Everyone has the right to a standard of living adequate for the health and well-being of himself and of his family" (53).

    The ratification of the Universal Declaration of Human Rights placed health within the context of human rights for the first time, but offered little direction on what constitutes the right to health. Subsequently, the International Covenant on Economic, Social, and Cultural Rights and the Convention on the Rights of the Child further codified the right to the highest attainable standard of health (54, 55). The covenant expresses this right in terms of freedoms (e.g. freedom from medical experimentation without consent) and entitlements (e.g. access to essential medications) (54, 56). These agreements require nations to respect, promote and protect these rights, and all countries have ratified at least one binding treaty that enforces the right to the highest attainable standard of health (51). However, in 2008, fewer than one third of the ratifying countries worldwide had recognized the right to health in their constitutions or national statutes, which is a critical step to full implementation of the ratified treaties (51). A study using the Universal Periodic Review (2008–2012) of the Human Rights Council to track implementation of the SDGs noted that 9% (496/5390) of all human rights recommendations from the review concerned health systems and services, but follow-up implementation was low: 21% (32/156) fully implemented and 41% (64/156) partially implemented (58).

    Points to Consider

    Essential Elements of the Right to Health Applied to Emergency Care

    Availability

    Definition: Health resources must be available in sufficient quantities within the country to manage the population’s needs, including trained personnel, health-care facilities and essential medicines.

    Application to emergency care: Availability of emergency care services requires a sufficient number of emergency units, prehospital and facility-based providers with specific training in emergency care, and essential equipment and medicines, among other things.

    Accessibility

    Definition: Health facilities, goods and services must be distributed in such a way as to be accessible to everyone without discrimination. Special consideration should be given to vulnerable populations, underserved geographic regions and affordability.

    Application to emergency care: Accessibility to emergency care depends on coordinated systems that allow patients experiencing acute illness or injury to arrive at a facility that has the necessary capabilities to stabilize the patient or offer definitive care. To make emergency care accessible requires integration of prehospital systems and a coordinated network to transfer patients from basic district hospitals to referral hospitals when needed. Key considerations include coverage in rural and underserved areas, and protection of vulnerable populations (e.g. minorities, indigenous populations, children, pregnant women, refugees and immigrants) from discrimination.

    Acceptability

    Definition: Health facilities and services should be respectful of medical ethics and culturally appropriate to the local context.

    Application to emergency care: Emergency care services should be provided in a culturally acceptable manner and be consistent with medical ethics (e.g. treatment of the patient regardless of ability to pay). This obligation requires an open and transparent process in providing and improving emergency care systems that takes account of local customs and needs by encouraging community participation.

    Quality

    Definition: Health facilities, goods and services must be scientifically and medically appropriate and of good quality.

    Application to emergency care: Emergency care must be delivered with a focus on quality, which necessitates establishing standards and resource-appropriate best practices, as well as measuring outcomes to ensure quality is met.

    Right to Emergency Care

    The International Covenant on Economic, Social, and Cultural Rights defined the right to the highest attainable standard of health, but left countries with little guidance on how to promote and protect this right. In response, the Office of the United Nations High Commissioner for Human Rights released General Comment No. 14: The Right to the Highest Attainable Standard of Health in 2000.23 This document operationalized the right to health and clarified the scope of countries’ obligations by introducing six core obligations (outlined in the next section) and four interrelated essential elements, availability, accessibility, acceptability and quality (Box 1) (59).

    Although not legally binding, General Comment 14 is widely accepted as an authoritative guide to interpreting the right to health (51, Numerous court cases concerned with the right to health have been successfully tried in national courts using General Comment 14 as customary practice, which may be enforced as if law.27 While other documents and resolutions, such as the SDGs, provide practical targets on certain rights-based topics, they are neither as comprehensive nor enforceable as General Comment 14.

    Applied to emergency care, the elements of availability, accessibility, acceptability and quality outline the relevant functions of a health system that are essential to an emergency care system that respects, promotes and protects the right to health. These elements do not represent an exhaustive list of functions that ensure a complete emergency system, but they are useful for setting implementation and funding priorities.

    General Comment 14 applies to countries at all levels of economic development. Central to the four essential elements are the overarching concepts of resource availability and progressive realization. These principles mean that developed countries with enough resources are obligated to ensure that the right to health is fully realized, whereas countries with constrained resources are not expected to fulfil this requirement immediately. So as not to permit low income nations to delay their obligations on the right to health indefinitely, progressive realization means that all nations are required to move “as expeditiously and effectively as possible towards the full realization of article 12” of the International Covenant on Economic, Social, and Cultural Rights.23 For example, an advanced nationwide prehospital system with ambulances staffed by trained professionals has not been feasible in Uganda due to resource constraints. Nonetheless, an innovative project that trained police, taxi drivers and community leaders in basic prehospital trauma care could be an effective way of creating a rudimentary prehospital system.28 Researchers estimated that if this project was scaled up, it would cost only US$ 0.12 per capita, or US$ 25–75 per life year saved.28 This project used available resources to help fulfil Uganda’s core obligations while planning for progressively realizing a more complete prehospital system.

    Core Obligations

    The core obligations outlined in General Comment 14 are fundamental to the right to health and must therefore be guaranteed immediately, regardless of a country’s economic development; they are important exceptions to the principles of resource availability and progressive realization. Four of the six core obligations relate directly to the delivery of emergency care: (i) access to health facilities, goods and services on a non-discriminatory basis; (ii) provision of essential drugs; (iii) equitable distribution of all health facilities, goods and services; and (iv) adoption and implementation of a national public health strategy and plan of action that addresses the health concerns of the whole population. The remaining two core obligations: (v) access to essential food; and (vi) access to shelter and sanitation, do not directly relate to emergency care.

    Table 1 gives a rights-based framework linked to the core obligations, organized according to WHO’s health system functions,30 which countries would have to fulfil when developing emergency care systems.

    Access

    Countries have an obligation to ensure the right to access health facilities, goods and services on a non-discriminatory basis. The obligation to protect from discrimination is particularly important for vulnerable or marginalized groups. All governments should therefore create legislation that guarantees access to emergency care services for all people regardless of race, ethnicity, religion, citizenship status or ability to pay. For example, the constitutions of South Africa (Article 27)31 and Kenya (Article 43)32 guarantee that no one may be refused emergency medical treatment, while legislation in the United States of America (Emergency Medical Treatment and Active Labour Act)33 mandates that anybody who presents to an emergency department for care must be screened and stabilized before requesting payment.

    Essential Medicines

    Essential medicines are those that “satisfy the priority health care needs of the population.”34 These medicines should be available in sufficient quantities and with assured quality at all times.35 A government’s duty to provide access to essential medicines is already enshrined in several national constitutions.36 A study in 2006 reported 59 court rulings from low- and middle-income countries in which access to essential medicines was successfully claimed under the right to health.27 Timely access to essential medicines during an emergency is a key function of emergency care systems. This requirement recently prompted the African Federation for Emergency Medicine to develop a list of essential medicines specifically for the delivery of quality emergency care.37

    Equitable Distribution

    All countries are obligated to ensure equitable distribution of health facilities, goods and services. For emergency care systems, this obligation requires a specific plan that distributes specialized services equitably between regions of a country, coordinates referral networks and places trained providers in the locations where the population needs them. Population-level spatial analysis for prehospital systems has been shown to be a feasible method of understanding the geographic prehospital needs of the population in Ghana.38

    The same geospatial approach can be used for both planning the positioning of facilities for treating emergency conditions and assessing the current distribution of facilities to identify any mismatch with population needs.39,40 However, this approach is of limited use in settings where the emergency care capabilities of each facility are unknown. Researchers have noted that proximity to a hospital does not guarantee access to emergency care, since many facilities in low- and middle-income countries lack the trained staff and resources necessary to deliver good-quality emergency care.41 In addition, marginalized populations, such as migrants or refugees, may not be located where populations are densest (e.g. cities). Thus, a system that primarily considers population density may neglect to provide adequate,  nondiscriminatory access to vulnerable populations.

    National Public Health Plan

    A national public health strategy cannot be complete without inclusion of an emergency care system. These systems are important not only for everyday public health needs, but also for maintaining resilient health systems that are capable of responding to disasters, disease outbreaks and other crises.4 The process of developing and refining the national health plan must be transparent and participatory to ensure both its appropriateness and quality, as highlighted in the Declaration of Alma Ata and Ouagadougou Declaration as they pertain to primary health-care systems.42,43 While the emergency care system is concerned with the acute phases of an accident or illness, it is also an important point of access for many people seeking care who may then be referred to rehabilitation or primary health care follow-up.44

    7.1.png
    Figure 7.1

    Progressive Realization

    The core obligations are the foundation of a rights-based emergency care system, but progressive realization drives most of the ongoing development and refinement of the system. Once countries have fulfilled the core obligations, they must work quickly and effectively to fully achieve the right to emergency care. As a result of the complexity of emergency care systems and differences in country contexts and resource availability, a single pathway for development of such systems that is appropriate for all countries does not exist. However, the four essential elements set out in General Comment 14 can help prioritize the development of each component of the emergency care system. Indeed, 15 years after the release of General Comment 14, the right to health is still a priority in the 2030 agenda for sustainable development. While the agenda is not a binding human rights document, the targets of its SDGs are based on human rights and feature prominently the principles of equality and non-discrimination.22

    Examples of progressive realization can be found in components of the emergency care system. In out-of-hospital emergency care, timely care at the scene of an injury or illness and prompt transport to a health-care facility save lives. Out-of-hospital emergency care is an important access point to the emergency care system. However, the prehospital system, including trained providers (e.g. paramedics) and ambulances, which is common in high income countries, is too costly for most low- and middle-income countries. Instead, Iraq, Cambodia and South Africa successfully introduced lay first responders, drawn from the community, at a lower cost.45,46 As resources allow, the emergency care system should be expanded to include professional prehospital responders. Implementing certification of emergency medical technicians in Mexico nearly halved the risk of death in people treated by this emergency care service.47

    Delivery of good-quality emergency care requires a health workforce with training in emergency care. While many high-income countries have a full team of physicians and nurses specialized in emergency medicine, low- and middle-income countries may rely on clinical officers, independent nurses and general practice physicians to provide frontline emergency care. Therefore, training of these health-care staff is important. For example, training of staff in a dedicated paediatric emergency area in Malawi to perform emergency triage assessment and treatment halved inpatient mortality.48 In the Democratic Republic of the Congo, training non-specialists to perform correct, basic orthopaedic care of open fractures reduced amputation rates, from 100% to 21%.49 Through a public–private partnership that mobilized sufficient resources in the United Republic of Tanzania, Muhimbili National Hospital launched the country’s first emergency medicine residency programme to train specialist doctors.50 These examples demonstrate that gradual improvements are feasible and in keeping with the concepts of resource availability and progressive realization.

    Assessing Progress

    The use of a rights-based approach is not only important during the development of emergency care systems, but also for evaluating and improving the system. Assessment is essential to ensure that countries are accountable and meet their human rights obligations.51 Assessment should include indicators of health and human rights that help governments and non-state actors measure progress and identify gaps. Monitoring at the global level (e.g. through the Universal Periodic Review) can track progress and allow planning for the progressive realization of emergency care in individual nations.22

    Health and human rights indicators are most often either health indicators that draw conclusions about human rights promotion, or human rights indicators that indirectly measure health outcomes.52 Recently, a hybrid of health and human rights indicators has emerged, which looks at the existence of health-related laws and regulations, their quality and their implementation.52 Regardless of which type of indicator is used, specific indicators for the promotion and protection of the right to emergency care should be drawn from the four essential elements. Special attention must be paid to the quality of care delivered, protection of vulnerable populations, involvement of the community, transparency, methods for obtaining indicator data, and the intended use of the results to avoid unintentional violations of the rights of certain groups during the assessment process.52,53

    Section Conclusion

    Emergency care is an often overlooked, but essential component of the right to the highest attainable standard of health and UHC. Particularly for vulnerable and disadvantaged populations, emergency care is often the last chance for the health system to save a life. In view of the obligations placed on governments to respect, promote and protect the right to the highest attainable standard of health, countries must prioritize the funding and implementation of emergency care systems. International organizations such as the United Nations, WHO and the World Bank should be tasked with providing the technical guidance for countries to implement a rights-based framework for emergency care and following through with monitoring and evaluation. Implementation of a rights-based framework for emergency care requires countries to enact legislation that ensures access to non-discriminatory emergency care and establish a regulatory body with appropriate oversight and authority to enforce these laws.

    All countries, regardless of resources and economic development, must begin by ensuring that the core obligations are fulfilled. Once these obligations are met, countries should use the essential elements in General Comment 14 to progressively build a comprehensive emergency care system and should continuously evaluate progress. The call for countries to develop and improve emergency care systems is justified not only by the positive effect emergency care will have on the well-being of the population, but also by the obligation to respect, promote and protect the right to the highest attainable standard of health. We argue that this obligation cannot be fulfilled without a rights-based approach to provision of good-quality emergency care.

    Ethical Considerations for Mandatory Vaccinations

    Vaccines are one of the most effective tools for protecting people against COVID-19. Consequently, some governments and organizations have made COVID-19 vaccination ‘mandatory’ to increase vaccination rates, discharge what are perceived to be duties of care to at-risk populations and/or achieve public health goals. Others may be considering whether they ought to do the same, and, if so, under what conditions, for whom, and in what contexts.

    Governments and institutions mandate many actions or types of behaviour to protect the well-being of the public. For instance, in many parts of the world, people are required to wear seatbelts, motorists with poor visual acuity are required to wear corrective lenses, restaurant owners are required to regularly submit to food service inspections and medical assessments are required for certain jobs. Governments and institutions also have a history of requiring vaccination as a condition for working in certain settings/roles or attending school. Such policies can be ethically justified, as they may be crucial to protect the health and well-being of the public. This value, however, may come into tension with others, such as individual liberty and autonomy (i.e., allowing individuals to make their own decisions about their health) (1). Although interfering with individual liberty or autonomy does not necessarily make a policy intervention unjustified, policies that constrain or eliminate individual choice can be controversial and raise a number of ethical considerations, and so they should be justified by advancing another valuable social goal, like protecting public health.

    Vaccination mandates can be ethically justified; however, their ethical justification is contingent upon a number of conditions and considerations, including the contexts within which they are implemented. This document identifies and articulates important ethical considerations that should be explicitly evaluated and discussed through ethical analysis by governments and/or institutional policy makers who may be considering mandates for COVID-19 vaccination. The aim of the document is to identify and articulate salient ethical considerations so that policy makers may engage with them; it does not aim to fully explain or address these ethical considerations and issues. This document updates a policy brief initially published in April 2021 in response to changes in the COVID-19 vaccine landscape, including authorization of vaccines for children and additional information about, and experiences with, vaccination mandates for COVID-19.

    What Does “Mandatory Vaccination” Entail?

    Contemporary forms of “mandatory vaccination” make vaccination a condition of, for example, working in particular jobs or settings such as health care, attending school or participating in certain activities (2). Typically, mandatory vaccination policies permit a limited number of exceptions, such as medical contraindications that are recognized by legitimate authorities (3). Despite its name, “mandatory vaccination” is rarely compulsory, i.e., people are not forced to be vaccinated. In other words, there is a difference between saying ‘you must be vaccinated’ and ‘you must be vaccinated in order to…’. Still, mandatory vaccination policies constrain individual choice in non-trivial ways, for example, by carrying consequences that make noncompliance challenging. Vaccination mandates are not uncommon (2), although it should be noted that the World Health Organization (WHO) does not presently support the direction of mandates for COVID-19 vaccination, having argued that it is better to work on information campaigns and making vaccines accessible (4). In addition, WHO has issued a position statement that national authorities and conveyance operators should not require COVID-19 vaccination as a condition of international travel (5).

    Laws and the legal justifications for mandatory vaccination differ by jurisdiction (6). Yet, what is ethical or ethically obligatory cannot and should not necessarily be reduced to what the law entails because not all that is ethical is legal, and vice versa.

    Ethical Considerations Regarding Mandatory COVID-19 Vaccination

    The following considerations should all be explicitly evaluated and discussed through an ethical analysis by governments and/or institutional policy makers who may be considering COVID-19 vaccination mandates. They should be considered alongside other relevant scientific, medical, legal and practical considerations not described in this document and should be reviewed in the light of evolving evidence.

    1. Necessity and Proportionality

    Mandatory vaccination should be considered only if it is necessary for, and proportionate to, the achievement of one or more important societal or institutional objectives (typically but not exclusively public health objectives, which may also be in service of social and economic objectives). Among others, such objectives may include interrupting chains of viral transmission, preventing morbidity and mortality, protecting at-risk populations and preserving the capacity of acute health care systems or other critical infrastructure. If such objectives can be achieved with acceptable, less intrusive policy interventions (e.g. public information campaigns, community mobilization campaigns, non-pharmaceutical interventions) and within an acceptable time frame, the ethical justification for a mandate would be weaker because achieving those objectives with less restriction of individual liberty and autonomy tends to yield a more favourable balance between the values of protecting the health and well-being of the public and individual liberty and autonomy (1). It should be noted that the use of vaccination mandates and other policy interventions, such as public information campaigns, are not mutually exclusive.

    As mandates represent a policy option that must be balanced with other values, such as individual liberty and autonomy, their ethical justification will tend to be stronger if they increase the prevention of significant risks of morbidity and mortality and/or promote significant and unequivocal societal or institutional benefits. If such benefits or objectives cannot be achieved without a mandate—for instance, if a substantial portion of individuals are able but unwilling to be vaccinated and this is likely to result in significant risks of COVID-19-related harms—their concerns should be addressed proactively if possible. If addressing such concerns is ineffective, and those concerns remain a barrier to the achievement of important objectives, and/or if low vaccination rates in the absence of a mandate put others at significant risk of serious harm, a mandate may be considered necessary. In this case, those proposing the mandate should communicate the reasons for the mandate to the affected communities through effective channels and find ways to implement the mandate in such a way that it addresses the reasonable concerns of communities.

    Individual liberties should not be restricted for longer than necessary in order to achieve the most favourable balance between the values of protecting the health and well-being of the public and individual liberty. This can be achieved, for example, by introducing ‘sunset’ clauses indicating the conditions that would warrant the removal of a mandate. Policy makers should therefore frequently re-evaluate the mandate to ensure it remains necessary and proportionate to achieve important objectives. In addition, the necessity of a mandate to achieve important objectives should be evaluated in the context of repeated vaccinations (boosters) and the durability of protection conferred by vaccination. Ultimately, mandates may be necessary and proportionate in some circumstances and not others, at one time and not another, and in some jurisdictions and not others.

    It is important to acknowledge that there may be significant uncertainty about whether less intrusive policy interventions would be capable of achieving important societal or institutional objectives(which would thereby render vaccination mandates unnecessary). Where a threat of severe outcomes exists in the absence of effective countermeasures, waiting to implement vaccination mandates until all other options have been found to be ineffective may result in significant harms that might otherwise have been avoided, violating the duty to protect the public from harm. Consequently, while an obligation exists to ground decisions about vaccination mandates in the best available evidence, a lack of full certainty regarding the ineffectiveness of other measures should not necessarily preclude the use of vaccination mandates if there is reason to believe they would be effective at averting significant harm.

    Finally, if alternatives to mandates exist that are capable of achieving desired objectives but are considered less acceptable (e.g. school closures, stay-at-home orders), a mandate could in this case also be considered necessary—that is, necessary to achieve stated objectives without using less acceptable interventions. Insofar as vaccination mandates are used to facilitate the removal or easing of other public health and social measures used in pandemic response—such as remote learning, business closures and border restrictions—not using vaccination mandates may in fact represent a less favourable balance between protecting the health and wellbeing of the public and individual liberty and autonomy.

    2. Sufficient evidence of vaccine safety

    Data should be available that demonstrates the vaccine being mandated has been found to be sufficiently safe in the populations for whom the vaccine is to be made mandatory. When safety data are lacking or when they suggest the risks associated with vaccination outweigh the risks of harm without the vaccine, the mandate would not be ethically justified, particularly without allowing for reasonable exceptions (e.g. medical contraindications). Policy makers should consider specifically whether vaccines authorized for emergency or conditional use (as opposed to receiving full market licensure from a national regulatory authority) meet an evidentiary threshold for safety sufficient for a mandate (7). In the absence of sufficient evidence, there would be no guarantee that mandating vaccination would achieve public health or other objectives. Furthermore, exposure of populations to a potentially harmful product via a mandate would violate the ethical obligation to protect the public from unnecessary harm if the harm the product might cause outweighs the degree of harm that might exist without the product. Evidence generated from clinical trials and real-world use has demonstrated that authorized COVID-19 vaccines meet this condition of safety (8).

    Even when the vaccine is considered sufficiently safe, mandatory vaccination should be implemented with no fault compensation schemes to address any vaccine-related harm that might occur. This is important because it would be unfair to require people to seek legal remedy from harm resulting from a mandatory intervention (9). Such compensation would depend on countries’ health systems, including the extent of universal health coverage and how they address harm from vaccines that are not fully licensed (e.g. vaccines authorized for emergency or conditional use).

    3. Sufficient evidence of vaccine efficacy and effectiveness

    Data demonstrating that the vaccine is efficacious in the population for whom it is to be mandated and is an effective means of achieving the identified public health/societal/institutional objective should be available. For instance, if mandatory vaccination is considered necessary to interrupt transmission chains and/or prevent harm to others, there should be sufficient evidence that the vaccine is efficacious in preventing infection and/or transmission (as appraised by legitimate authorities such as WHO’s Strategic Advisory Group of Experts on Immunization or national regulatory authorities). Alternatively, if a mandate is considered necessary to prevent hospitalization and protect the capacity of the acute health care system, there should be sufficient evidence that the vaccine is efficacious in reducing hospitalization. Policy makers should carefully consider whether vaccines authorized for emergency or conditional use (as opposed to receiving full market licensure from a national regulatory authority) meet evidentiary thresholds for efficacy and effectiveness sufficient for a mandate (7). Additionally, for vaccines consisting of multiple doses, policy makers should consider the number of doses necessary to effectively pursue stated objectives.

    4. Justice in access and availability

    As a condition for implementing a mandate, supply of the authorized vaccine should be sufficient and reliable, and the populations that would be affected by the mandate should be able to easily access the vaccine without cost to them. Those implementing a mandate should make it as easy as possible to be vaccinated. For instance, vaccination programmes should be delivered in community settings with a particular emphasis on targeting communities that face disadvantage for systemic reasons. The absence of a sufficient supply, free access and meaningful, barrier-free opportunities to be vaccinated would not only render a mandate ineffective but would create an unduly burdensome, unfair demand on those who are required to be vaccinated but are unable to access the vaccine. Such a mandate would threaten to exacerbate social inequity.

    In many cases, there is a social gradient in vaccine uptake owing to multiple factors, including distrust resulting from histories of oppression, marginalization and discrimination. Consequently, insofar as mandates could lead to negative outcomes for those choosing not to meet the condition of being vaccinated, mandates could disadvantage populations already experiencing systemic disadvantage, which may create or exacerbate inequity. In addition to ensuring meaningful access and availability of vaccines and taking steps in good faith to respect human rights obligations, effort should therefore be made to work with communities to proactively address reasons for vaccine hesitancy. At the same time, it should be acknowledged that insofar as vaccination mandates can protect at-risk populations (such as people who are unable to be vaccinated or are immunocompromised), not using vaccination mandates could exacerbate inequity experienced by such groups because of increased vulnerability to exposure and/or illness.

    5. Public trust

    Policy makers have a duty to carefully consider the effect that mandating vaccination could have on public confidence and public trust, particularly on confidence in the scientific community and vaccination generally (10). If such a policy threatens to undermine confidence and public trust, it might affect both vaccine uptake and adherence to other important public health measures, which can have an enduring effect (11). In particular, the coercive power that governments or institutions display in a programme that constrains or eliminates choice could have unintended negative consequences for at-risk or marginalized populations (12). High priority should therefore be given to threats to public trust and confidence among historically disadvantaged minority populations, ensuring that cultural considerations are taken into account. Vaccine hesitancy may be stronger in such populations and may not be restricted to concerns about safety and effectiveness (13) because mistrust in authorities may be rooted in histories of unethical medical, public health and other policies and practices as well as structural inequity (10). Such populations may regard mandatory vaccination as another form of inequity or oppression that makes it more difficult for them to access jobs and essential services (14).

    At the same time, policy makers should consider the effect that not mandating vaccination could have on public confidence, public trust and inequity, as well as on various important freedoms. Public confidence and trust may be undermined, for example, if steps known to protect the public from harm are not taken as part of the pandemic response, particularly if they are not implemented in settings with populations that are in vulnerable situations (e.g. congregate settings in which care is provided to older adults and hospitals).

    The extent to which mandatory vaccination policies accommodate conscientious objection may also affect public trust (15). There should, however, be strict scientific and prudential limits to appeals for accommodation or “conscientious objection”, especially when such accommodation might be used by individuals to ‘free ride’ the public health good of community protection (i.e., taking advantage of the benefit without contributing towards the cost of its production) or if they threaten public health and others’ right not to be infected with a virulent infectious disease (16, 17).

    Finally, it should be acknowledged that those opposed to the use of vaccination mandates may take advantage of social dissent even when the use of a mandate is ethically justified, which may impact social and community cohesion. Where mandates are used, careful and compassionate consideration must be given to the impact of the mandate on those who remain unvaccinated. Mandates should be used as a means of pursuing an important societal or institutional objective, not as a means of punishing disagreeable behaviour. Careful attention to the ethical considerations outlined in this document and about how mandates are introduced and managed may help to promote and/or preserve public trust, which may work to mitigate threats to social and community cohesion.

    6. Ethical processes of decision-making

    Policy makers have a duty to act in trustworthy ways, which can be promoted through ethical processes of decision-making and communicating decisions to the public. Transparency of decision-making is a fundamental element of ethical analysis and decision-making about mandatory vaccination. Policy makers have a duty to communicate the reasons justifying a mandate (or not), including how those decisions were reached and the consequences of noncompliance, in a manner that the general public can understand. Reasonable effort should be made to engage affected parties and relevant stakeholders, and particularly people who are marginalized or in a vulnerable situation, such as migrant workers, refugees and minorities, to elicit and understand their perspectives. Authorities contemplating mandatory vaccination policies should use transparent, deliberative procedures to consider the ethical issues outlined in this document in an explicit ethical analysis, including the threshold of evidence necessary for vaccine safety and effectiveness to justify a mandate. They should also demonstrate accountability for such decisions by explicitly and transparently communicating the rationale for decisions regarding the use of vaccination mandates to the public. As in other contexts, mechanisms should be in place to monitor evidence constantly and to revise such decisions periodically.

    Mandatory COVID-19 Vaccination in Context

    No vaccine is perfect. However, authorized COVID-19 vaccines have been shown to be safe and highly effective in preventing severe disease, hospitalization and death, and there is some evidence that being vaccinated will make it less likely to become infected and pass the virus on to others (18). That said, the nature of the COVID-19 pandemic and evidence on vaccine safety, efficacy, and effectiveness continue to evolve (including with respect to variants of concern, boosters, durability of protection, and authorization of new vaccines). Consequently, the six considerations identified above are described generally so that they can be applied at any point in time and in any context. The following examples illustrate how ethical considerations can be applied in three settings for which mandatory vaccination might commonly be considered.

    The General Public

    Vaccination mandates for general adult populations are rare (7), though several countries have made, or plan to make, COVID-19 vaccination mandatory for the general public (19). In the absence of a sufficient, reliable vaccine supply that would permit every eligible member of the general public to be vaccinated, a mandate for the general public would fail to address ethical consideration 4 regarding meaningful access and availability. Even if there is meaningful access and availability, policy makers should consider whether mandatory vaccination of the general population is necessary and proportionate to achieve important societal objectives (ethical consideration 1). More evidence may be required about vaccine uptake to determine whether a mandate is necessary. This will depend on local contexts and on the goals of the health system (e.g. protecting at-risk populations, preserving health system capacity). Similarly, the extent to which a mandate for the general public is proportional will depend to some extent on the local context, given the variation in COVID-19 epidemiology in different jurisdictions. Even if there is sufficient access and availability, and a mandate for vaccination of the general public is considered necessary and proportionate, policy makers should still consider how to promote trust and prevent or mitigate inequity if using a mandate (ethical consideration 5).

    In Schools

    In some jurisdictions, vaccination against the viruses that cause a number of diseases (e.g. polio, measles, mumps, rubella) is a condition for attending school. The objectives are to directly protect children from disease, reduce the risk of disease outbreaks and more generally control vaccine-preventable diseases (2, 20, 21). The justifications for the vaccination mandates for the aforementioned infectious diseases might be considered as a justification for COVID-19 vaccination mandates in school contexts, since COVID-19 vaccines authorized for children and adolescents are safe and effective in reducing the disease burden in these age groups and can reduce intergenerational transmission and minimise school disruptions (22). It could be argued, however, that mandates for routine paediatric vaccines are distinct from COVID-19 vaccines given the rapidly evolving nature of the COVID-19 pandemic and evolving evidence for COVID-19 vaccines, including their effectiveness against novel variants of concern, the number of doses necessary to achieve important societal or institutional objectives and durability of protection.

    In addition to evaluating the impacts of a mandate (or lack of a mandate) on the health of children, teachers, school staff and the broader community, mandates in schools should be evaluated for their potential impact on children’s education and related social and mental well-being. In particular, mandates should not result in denial of education to unvaccinated children in order to respect every child’s right to an education (23). Reasonable steps should therefore be taken to accommodate unvaccinated children so as to interfere as little as possible with their education while not jeopardizing the well-being or education of other children. Similarly, policy makers should evaluate the impacts that not having a mandate in schools might have for children’s health, education, and related social and mental well-being. The ethical justification for mandates in schools might therefore be strongest where it could be expected that the absence of a mandate would result in school disruptions that would affect the education and well-being of all students. In any case, policy makers will have to consider whether mandating vaccination as a condition of attending school is necessary and proportional to the achievement of an important societal or institutional objective (ethical consideration 1) and whether this could undermine public trust (ethical consideration 5).

    Health Workers

    Mandatory vaccination is perhaps most often discussed in the context of health and social care, particularly where health workers have direct contact with populations at high risk of SARS-CoV-2 infection or severe illness or death resulting from COVID-19 and given their ethical obligation not to harm their patients. Mandatory COVID-19 vaccination might appear to be particularly plausible for health workers given that vaccination of this population might be seen as necessary to protect health system capacity (ethical consideration 1) and because health workers are generally identified as a priority group for vaccination, meaning there is more likely to be a sufficient supply to meet the needs of this population (ethical consideration 4). Whether a mandate for health workers is necessary and proportionate (ethical consideration 1) and would not undermine trust (ethical consideration 5) might depend on the local context and, if possible, should be investigated empirically before a mandate is considered for this population.

    Mandatory vaccination against specific diseases is not uncommon in health care settings (24), including requirements that unvaccinated health workers stay at home during outbreaks, policies in which vaccination is required as a condition of employment, requirements that unvaccinated health workers be transferred to settings where the risk is lower and so-called “vaccinate-or-test” policies.

    Given current rates (and concerns) of health worker “burn-out” as a result of the pandemic and the potential consequence of an inadequately resourced health workforce (25), mandatory vaccination policies that require unvaccinated health workers to stay at home or require vaccination as a condition of employment or hospital privileges might have significant negative consequences for already overburdened health systems. Policies that require unvaccinated health workers to be transferred to settings where the risk is lower might have similar consequences, as they might remove critical health workers from settings that badly need personnel, such as congregate living settings where care is provided to older adults. Additionally, it may be difficult to distinguish high- and low-risk settings where there is widespread community transmission of SARS-CoV-2. At the same time, the absence of a policy that all but guarantees a high rate of vaccination coverage in health care settings may result in more infections, illness and hospitalizations among health workers, which could similarly negatively impact already overburdened health systems. It could also undermine public trust in the health system’s commitment to take steps to protect the health of its patients.

    Finally, some might consider whether vaccination mandates should be accompanied by an alternative to vaccination consisting of frequent testing as a means of demonstrating that one is not infected or infectious. So-called ‘vaccinate-or-test’ policies could plausibly be justified if they are just as capable of achieving important societal or institutional objectives as a vaccination requirement (and if barriers do not exist to frequent, reliable testing). In this case, such a policy would benefit from a more favourable balance between the values of protecting the health and well-being of the public and individual liberty and autonomy. Yet, it is hitherto unclear whether vaccinate-or-test policies would be as effective as vaccination mandates that do not have a testing option, because unlike vaccination, testing on its own does not reduce risk of infection and may fail to identify infections because of false negatives or inadequate testing frequency. In this case, vaccinate-ortest policies risk placing too much emphasis on the protective effect of frequent testing. 888

    Conclusion

    Ideally, policy makers should use less intrusive means or methods to encourage voluntary vaccination against COVID-19 before contemplating mandatory vaccination. In other words, mandates should be considered only after people have been given the opportunity to get vaccinated voluntarily and/or once there is sufficient reason to believe this alone will not be enough to achieve important societal or institutional objectives. Efforts should be made to demonstrate the health risks of not being vaccinated and the benefit and safety of vaccines for the greatest possible acceptance of vaccination. A number of ethical considerations should be explicitly discussed and addressed through ethical analysis when evaluating whether mandatory COVID-19 vaccination is an ethically justifiable policy option. Just as it is the case for other public health policies, decisions about mandatory vaccination should be supported by the best available evidence and should be made by legitimate decision-makers in a manner that is transparent, just, fair and non-discriminatory and involves the input of affected parties.

    References

    1. European Programme of Work. In: WHO/Europe [website]. Copenhagen: WHO Regional Office for Europe; 2020 (https://www.euro.who.int/en/health-topics/health-policy/european-programme-of-work/european-programme-ofwork). All URLs accessed 3 November 2020.
    2. Warren SD, Brandeis LD. The right to privacy. Harv Law Rev. 1890;4(5):193–220.
    3. Universal Declaration of Human Rights. New York: United Nations; 1948 (https://www.un.org/en/universal-declaration-human-rights/).
    4. OECD work on privacy. In: Organisation for Economic Co-operation and Development [website]. Paris: OECD Publishing; 2020 (http://www.oecd.org/sti/ieconomy/privacy.htm).
    5. Convention 108 and Protocols. In: Council of Europe [website]. Strasbourg: Council of Europe; 2020 (https://www.coe.int/en/web/data-protection/convention108-and-protocol).
    6. Abstract of the German Federal Constitutional Court’s Judgment of 15 December 1983, 1 BvR 209, 269, 362, 420, 440, 484/83 [CODICES]. Karlsruhe: Federal Constitutional Court; 1993 (https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/1983/12/rs19831215_1bvr020983en.html).
    7. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). O. J. E. U. 2016, L119:1–88 (https://eurlex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679).
    8. Personal data protection and privacy principles. Geneva: United Nations System; 2018 (https:/www.unsystem.org/ personal-data-protection-and-privacy-principles).
    9. Charter of Fundamental Rights of the European Union. OJEU 2012, C326:391–407 (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT).
    10. Further details are available in: Handbook on European data protection law—2018 edition. Vienna: European Union Agency for Fundamental Rights; 2018 (https://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law-2018-edition).
    11. On the legal basis for processing data, a summary is available from: Lawful basis for processing. In: Information Commissioner's Office [website]. Wilmslow: Information Commissioner’s Office; 2020 (https://ico.org.uk/fororganisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-forprocessing/). On informed consent, see: Guidelines 05/2020 on consent under Regulation 2016/679. In: European Data Protection Board [website]. Brussels: European Data Protection Board; 2020 (https://books.byui.edu/-DLVXour-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en)
    12. Guidelines 05/2020 on consent under Regulation 2016/679. In: European Data Protection Board [website]. Brussels:European Data Protection Board; 2020 (https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en).
    13. Donnelly M, McDonagh M. Health research, consent and the GDPR exemption. Eur J Health Law. 2019;26(2):97–119.
    14. Abstract of the German Federal Constitutional Court’s Judgment of 15 December 1983, 1 BvR 209, 269, 362, 420, 440, 484/83 [CODICES]. Karlsruhe: Federal Constitutional Court; 1993 (https:/www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/1983/12/rs19831215_1bvr020983en.html).
    15. On the concept of transparency under the GDPR, see: Guidelines on transparency under Regulation 2016/679 (wp260rev.01). Brussels: European Commission; 2018 (https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51025)
    16. For details, see: Voigt P, von dem Bussche A. Rights of data subjects. In: The EU General Data Protection Regulation (GDPR). Cham: Springer; 2017: 141–87.
    17. For detailed information see: Chapter 6.1 of Handbook on European data protection law—2018 edition. Vienna: European Union Agency for Fundamental Rights; 2018 (https://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law-2018-edition).
    18. Hodges C. Delivering data protection: trust and ethical culture. Eur Data Prot L Rev. 2018;4(1):65–79.
    19. “Natural person” follows the definition of a data subject, e.g. in Art 4 (1) GDPR. The antonym would be a “legal person”, e.g. a limited liability company or an authority.
    20. For detailed information see: Chapter 9.3 of Handbook on European data protection law—2018 edition. Vienna: European Union Agency for Fundamental Rights; 2018 (https://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law-2018-edition).
    21. On the concept, see: Guidelines 4/2019 on Article 25 data protection by design and by default. In: European Data Protection Board [website]. Brussels: European Data Protection Board; 2020 (https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-42019-article-25-data-protection-design-and_en).
    22. For details of the security requirements regarding processing of personal data, see: Handbook on security of personal data processing. Athens: European Union Agency for Cybersecurity; 2018 (https://www.enisa.europa.eu/publications/handbook-on-security-of-personal-data-processing).
    23. See the guidance at: Personal data breaches. Wilmslow: Information Commissioner’s Office; 2020 (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data protection-regulation-gdpr/personal-data-breaches/?q=data+breach).
    24. For more details, see: Michelsen K, Brand H, Achterberg P, Wilkinson J. Promoting better integration of health information systems: best practices and challenges. Copenhagen: WHO Regional Office for Europe; 2015 (Health Evidence Network Synthesis Report, No. 40; https://www.euro.who.int/en/publications/abstracts/promoting-better-integration-of-health-information-systems-best-practices-and-challenges).
    25. Hintze M, El Emam K. Comparing the benefits of pseudonymisation and anonymisation under the GDPR. J Data Protect Priv. 2018;2(2):145–58.
    26. For example, see: Visonà SD, Villani s, Manzoni F, Chen T, Ardissino G, Russo F et al. Impact of asbestos on public health: a retrospective study on a series of subjects with occupational and non-occupational exposure to asbestos during the activity of Fibronit plant (Broni, Italy); J Public Health Res. 2018;7(3):1519. doi:10.4081/jphr.2018.1519.
    27. Taylor MJ, Whitton T. Public interest, health research and data protection law: establishing a legitimate trade-off between individual control and research access to health data. Laws. 2020;9(1):6.
    28. Chassang G. The impact of the EU General Data Protection Regulation on scientific research. Ecancermedicalscience. 2017;11:709. doi:10.3332/ecancer.2017.709. For an interesting perspective from Canada, see: Steeves V. Data protection and the promotion of health research. Healthc Policy. 2007;2(3):26–38.
    29. Peloquin D, DiMaio M, Bierer B, Barnes M. Disruptive and avoidable: GDPR challenges to secondary research uses of data. Eur J Hum Genet. 2020;28:697–705. doi:10.1038/s41431-020-0596-x.
    30. Chico V. The impact of the General Data Protection Regulation on health research. Br Med Bull. 2018;128(1):109-18. doi:10.1093/bmb/ldy038.
    31. Constitution of the World Health Organization. Geneva: World Health Organization; 1946 (https://www.who.int/about/who-we-are/constitution).
    32. Dworkin R. A matter of principle. Cambridge, MA: Harvard University Press; 1985.
    33. See the guidance at: Data protection impact assessments. Wilmslow: Information Commissioner’s Office; 2020(https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/).
    34. See the guidance of the French data protection authority: What you should know about our standard on dataprocessing audits. Paris: Commission Nationale de l’Informatique et des Libertés; 2020 (https://www.cnil.fr/en/what-you-should-know-about-our-standard-data-processing-audits).
    35. Lachaud E. The General Data Protection Regulation and the rise of certification as a regulatory instrument; Comput Law Secur Rev. 2018;34(2):244–56.
    36. For conceptual issues of embedding data protection in training and education programmes, see: González Fuster G, Kloza D. The European handbook for teaching privacy and data protection at schools. Brussels: European Commission; 2016 (https://books.byui.edu/-TxMZ).
    37. Nuffield Council on Bioethics. Public health: Ethical issues. London: Nuffield Council on Bioethics; 2007 (https://www.nuffieldbioethics.org/assets/pdfs/Public-health-ethical-issues.pdf).
    38. Gravagna K, Becker A, Valeris-Chacin R, Mohammed I, Tambe S, Awan FA et al. Global assessment of national mandatory vaccination policies and consequences of non-compliance. Vaccine. 2020;38:7865–73.
    39. Colgrove J, Bayer R. Manifold restraints: Liberty, public health, and the legacy of Jacobson v Massachusetts. Am J Public Health. 2005;95:571–6.
    40. World Health Organization. COVID-19 virtual press conference 7 December 2020 (https://books.byui.edu/-PJnP).
    41. World Health Organization. Interim position paper: Considerations regarding proof of COVID-19 vaccination for international travellers. Geneva: World Health Organization; 2021 (https://www.who.int/news-room/articles-detail/interim-position-paper-considerations-regarding-proofof-covid-19-vaccination-for-international-travellers).
    42. Walkinshaw E. Mandatory vaccinations: The international landscape. Can Med Assoc J. 2011;183:e1167–8.
    43. Gostin LO, Salmon DA, Larson HJ. Mandating COVID-19 vaccines. JAMA. 2020;325:532–3. COVID-19 and mandatory vaccination: Ethical considerations: Policy brief
    44. World Health Organization. Coronavirus disease (COVID-19): Vaccines safety. 24 January 2022.  Available at: https://www.who.int/news-room/questions-and-answers/item/coronavirus-disease-(covid19)-vaccines-safety.
    45. Halabi S, Heinrich A, Omer S. No-fault compensation for vaccine injury—The other side of equitable access to Covid-19 vaccines. N Engl J Med. 2020;383:e125.
    46. Schwartz JL. Evaluating and deploying Covid-19 vaccines—The importance of transparency, scientific integrity, and public trust. N Engl J Med. 2020;383:1703–5.
    47. Shetty P. Experts concerned about vaccination backlash. Lancet. 2020;375:970–1.
    48. Giubilini A. Chapter 3, Vaccination policies and the principle of least restrictive alternative: An intervention ladder. In Giubilini A, The ethics of vaccination. Cham (CH): Palgrave Pivot; 2019.
    49. Goldenberg M. Vaccine hesitancy: Public trust, expertise, and the war on science. Pittsburgh, PA: University of Pittsburgh Press. 2021.
    50. Opel DJ, Lo B, Peek ME. Addressing mistrust about COVID-19 vaccines among patients of color. Ann Intern Med. 2021;M21-0055. doi: 10.7326/M21-0055.
    51. Colgrove J. Immunization and ethics: Beneficence, coercion, public health, and the state. In: Mastroianni AC, Kahn JP, Kass NE, editors. The Oxford handbook of public health ethics, New York City (NY): Oxford University Press; 2020:435–44.
    52. Sutton EJ, Upshur REG. Are there different spheres of conscience? J Eval Clin Pract. 2010;16:338–43.
    53. Harris J, Holm S. Is there a moral obligation not to infect others? BMJ. 1995;311:1215–7.
    54. World Health Organization. Coronavirus disease (COVID-19): Vaccines. 16 March 2022. (https://www.who.int/news-room/questions-and-answers/item/coronavirus-disease-(covid-19)-vaccines)
    55. Factbox: Countries making COVID-19 vaccines mandatory. 31 December 2021. Available: https://www.reuters.com/business/healthcare-pharmaceuticals/countries-making-covid-19-vaccinesmandatory-2021-08-16/
    56. Vanderslott S, Marks T. Charting mandatory childhood vaccination policies worldwide. Vaccine. 2021;39:4054-62.
    57. MacDonald NE, Harmon S, Dube E, Streenbeek A, Crowcroft N, Opel DJ, et al. Mandatory infant and childhood immunization: Rationales, issues and knowledge gaps. Vaccine. 2018;39:5811-18.
    58. World Health Organization. Interim statement on COVID-19 vaccination for children and adolescents 29. November 2021. Available at: https://www.who.int/news/item/24-11-2021-interim-statement-oncovid-19-vaccination-for-children-and-adolescents.
    59. UN General Assembly. Universal Declaration of Human Rights, 10 December 1948, 217 A (III). Available at: https://www.un.org/en/about-us/universal-declaration-of-human-rights.
    60. Gruben V, Siemieniuk RA, McGeer A. Health care workers, mandatory influenza vaccination policies and the law. Can Med Assoc J. 2014;186:1076–80.
    61. Krystal JH. Responding to the hidden pandemic for healthcare workers: Stress. Nat Med. 2020;26:639.

    This content is provided to you freely by BYU-I Books.

    Access it online or download it at https://books.byui.edu/intro_to_nursing/chapter_7_.