Their Best Intentions Don’t Mean Much – Sale of Your Genetic Data was Always on the Cards

Andelka M. Phillips^*

At the opening of the Senate Committee on the Judiciary hearing which commenced on 11 June 2025 [1] Senator Chuck Grassley, Chairman of the Committee stated:

“Genetic data is the blueprint to a person. It is sensitive, it is personal and in the wrong hands, it is dangerous.” He went on to say that “Data is a weapon, and genetic data is a particularly potent weapon.”[2]

Introduction

Our personal data is everywhere online. From online dating to buying your groceries, our lives are increasingly being made public. Our lives are in a sense performed publicly whether we are aware of this or not. As well as sharing data both publicly and privately, we often share our most sensitive data with companies marketing new services. This is particularly common in the context of the HealthTech space. A prime example of this is direct-to-consumer genetic testing (aka DTC or personal genomics) which has created a market for DNA tests in the consumer space. It has done this sitting outside traditional governance frameworks that apply to DNA tests conducted in a clinical setting. This does involve an element of trust. We trust that these businesses will protect our most sensitive data, but is this trust misplaced? My answer to this question is yes.

But just where is all this data going? How is it being used and what happens when something goes wrong? And this final question is a matter of when, rather than if, as no business can guarantee security of information and so many industries are experiencing large data breaches.

As well as using popular wearable tech to track many different aspects of health and wellness, or taking online fitness classes, specific industries have developed centred around particular types of sensitive data. The consumer genomics industry relies on harvesting consumers’ genetic data together with troves of other forms of their personal data. As I have previously written, this industry has remained largely self-regulated and the main means of industry governance has been the contracts and privacy policies of DTC companies.[3] The contracts can, in fact, be seen as a form of private legislation imposed on consumers.[4] As is mentioned in the Senate Committee on the Judiciary hearing, which is referenced further later in this piece, the reality for most consumers is that they fail to read or even notice both contracts and privacy policies in the online world. In 2016, the Norwegian Consumer Council estimated that the average smartphone contained 250,000 words of terms and conditions.[5] In another example, CHOICE in Australia found that it would take 9 hours just to read Kindle’s terms and conditions.[6] More recently, in 2023, Nord Security estimated that it would take “46.6 hours … to read the privacy policies of the 96 websites Americans typically visit monthly.”[7] Unfortunately, even where consumers do choose to read contracts and policies, it is likely that they may face challenges in understanding the meaning of the terms contained in these documents. Becher and Benoliel’s study of the readability of the 500 most popular US website terms and conditions found that most of these contracts were written at the same level as academic journal articles and would generally require “more than 14 years of education” to understand.[8] And in my work with Becher, we found that it was possible to get through to the payment screen on several DTC websites, without ever viewing the contract or privacy policy.[9]

This piece is linked to two previous blog posts for this series: In safe hands? The protection of privacy in consumer genomics; and Hacking your DNA? Some things to consider before buying a DNA test online. In this follow up, I consider recent developments related to 23andMe’s bankruptcy proceedings and impending sale of the company. Previously, the winning bidder on the company was pharma giant Regeneron[10] and the backup bidder[11] TTAM Research Institute. TTAM is a nonprofit medical research organisation founded by 23andMe’s former CEO and co-founder Anne Wojcicki.[12] More recently, in a second auction, TTAM has won the auction for $305 million US dollars, with the company announcing “that it has entered into a definitive agreement with former CEO Anne Wojcicki’s TTAM Research Institute for the sale of substantially all the company’s assets…”[13] This new agreement includes provision that TTAM will abide by the company’s existing privacy policies and allow for account deletion. However, the previous history of the company, including its data breach, the subsequent class actions, the Bankruptcy proceedings, and the US Senate Committee on the Judiciary hearing which commenced in the last week (mentioned further below[14]), together with the lawsuit brought by 27 state attorneys-general and the District of Columbia,[15] means that many things for 23andMe and their consumers are in a state of flux. The sale to TTAM will still require approval from the Bankruptcy Court, and the hearing and lawsuit by the attorneys-general, and a newly proposed Bill for the Don’t Sell My DNA Act[16] could impact this sale. I also believe that if the purchase goes ahead, consumers should still be concerned.

I wish to highlight why selling the company to pharma or another entity should not come as a surprise and make a renewed call for improved oversight of this industry. This is an industry which from its beginnings has had sharing and reuse of data at its heart, rather than a focus on protecting the security and privacy of consumers’ data. This sharing comes in many forms. It is not only about partnerships and mergers that a company might enter into, it is also about encouraging consumers to connect with unknown relatives and share other forms of data through a company’s platform. There is value in having a large database and it is not just the digital genetic data that has value, but also the physical samples of spit collected from consumers. More attention also needs to be paid to what is happening to physical samples of saliva that have been stored by the company. As proceedings in the US are ongoing, I am planning further work on this.

23andMe is a market leading DTC genetics company, possessing one of the largest consumer databases with approximately 15 million consumers’ data. Since its beginnings in 2006,[17] it has been one of the best-known companies in this space. A once unicorn company, valued at a market cap of more than $1 billion USD in 2015[18] and later being valued at $6 billion USD.[19] It has also had links with Big Tech since its inception. Its co-founder Anne Wojcicki and former CEO was formerly married to Sergei Brin who was the co-founder of Google and Google has invested in the company (with investments of $3.9 million USD in 2007 and $2.6 million USD in 2009).[20] Wojcicki resigned from her position as CEO in March 2025.[21] It should also be noted that Wojcicki’s sister is also the former CEO of YouTube.[22] This is also not the only player in the DTC space that Google has had links with. Another example is Google’s subsidiary Calico’s collaboration with AncestryDNA.[23] I plan to explore more of the competition law issues raised by this industry in future work.

The 23andMe data breach

The earlier blogs mentioned the massive data breach experienced by 23andMe in 2023, which has impacted almost half of its consumers – some 6.9 million people, including children, and the subsequent class actions that have followed this breach. Unfortunately, since the provisional approval of a $30 million (USD) settlement in December 2024, the situation has deteriorated further.[24] In March of 2025, the company filed for Chapter 11 Bankruptcy protection.[25] Then in May 2025, an agreement was reached to sell the company, including consumers’ data to Regeneron,[26] which is a leading pharmaceutical company. More recently in the second auction, the agreement 23andMe has reached with TTAM nullifies the earlier deal with Regeneron.[27] In the aftermath of the earlier data breach and the more recent news of the bankruptcy, many consumers have tried to delete their data, but there have been problems with doing this. This has led to the US House Committee on Energy and Commerce launching an investigation of how the bankruptcy will impact consumers’ data.[28] This has in turn led to a US Senate Committee on the Judiciary hearing commencing on 11^th June 2025 – more on this below.

Key points to keep in mind:

Before continuing, there are four points that should be emphasized. Firstly, the breach that impacted 23andMe should not be viewed as limited to impacting the 6.9 million people whose data was compromised, but also their wider family group. This is because of the shared nature of DNA – it means that many more millions of people could be impacted over the longer term by this breach.

Secondly, while a settlement had been provisionally approved for the US class actions, it is now likely that consumers may not end up receiving any compensation from this settlement. Compensation at an individual level was always going to be limited under the terms of the settlement, but now the settlement itself has been put on hold and is being challenged by 23andMe’s lawyers.[29] This should further highlight the reality that victims of data breaches often are left in the cold with very limited options for redress and this is something that needs to change. While most peoples’ lives have moved increasingly online in the last two decades, the future risks that many services collecting our most sensitive data pose need to be taken more seriously.

Thirdly, a sale of 23andMe including its entire database will pose risks not only for all its 15 million consumers, but the millions of people whom they are related to.

Finally, it is common for the contracts and privacy policies to contain problematic clauses, which could be challengeable as unfair terms and raise questions about the validity of consent in the context of consumer genomics, but also other HealthTech industries. It is particularly common for companies to allow themselves broad power to change their terms. This is not unique to 23andMe, but common practice in this industry and it is an area in need of reform.

Recent developments in the USA

Now turning to recent developments, the future of 23andMe’s database and how its consumers’ data will be used is currently hanging in the balance. The company is based in the US and in light of the publicity around the breach and 23andMe’s financial problems, the US Senate and Congress are now taking an interest in 23andMe’s future. The Bankruptcy Court has also appointed a privacy ombudsman to 23andMe, who “will investigate and report to the court on the security program of the buyer, the potential costs and benefits of the sale to customers, and whether the sale is consistent with 23andMe’s privacy policies and applicable laws.”[30]

This was followed by a number of very recent developments. On the 9^th of June attorneys-general from 27 US States together with the District of Columbia sued the company in order to prevent the sale of their States’ consumers’ data without consumers’ consent.[31] This is a bipartisan initiative. Then on 10^th June 2025, the US House Committee on Oversight and Government Reform held a hearing entitled ‘Securing Americans’ Genetic Information: Privacy and National Security Concerns Surrounding 23andMe’s Bankruptcy Sale’.[32]

Subsequently, on the 11^th June of 2025, a US Senate Committee on the Judiciary hearing entitled ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ began.[33] In these proceedings, concerns have been raised by a range of people from different sides of the political spectrum with testimony from Professor I Glenn Cohen and Professor Brook Gotberg.

Senator and Ranking Member Richard Durbin expressed his concerns about future uses of consumers’ data not being in line with its current policies to Joseph Selsavage (the Interim Chief Executive Officer and Chief Financial and Accounting Officer of 23andMe), in these words:

“2 or 3 buyers removed – your best intentions don’t mean much”

and that “unless we had a federal law relative to this issue that applies to future transactions your best intentions don’t mean much.”[34]

Senator Durbin also mentioned the example of the HeLa cell line developed because of samples of a tumour from Henrietta Lacks and emphasized the lack of consent or compensation provided to her and her family and made this comment:

“Part of what’s being sold by 23andMe is a collection of biological samples submitted by consumers who wanted their DNA examined. They may have consented to some use of those samples, but I question how informed it actually was. And there’s no guarantee a new owner won’t change how those samples are used…”[35]

In response to this, Professor Cohen in his testimony also emphasized that 23andMe has not explained why they are not recontacting their consumers to provide consent to the transfer of their data, asking “why aren’t they doing it?”[36]

Senator Josh Hawley also raised concerns about 23andMe’s Privacy Policy referencing specific sections of the policy. It was noted that the Policy indicates that data can be retained by the company even after a consumer has asked for it to be deleted. This is not surprising. This is in line with my own research on the industry’s contractual terms over the last decade. In my review of 71 companies’ contracts, I found it very common for companies to leave themselves broad power to change terms, often without notice.[37] Furthermore, 23andMe’s policies have for years allowed sharing data with affiliates, which could include all their previous partners.[38]

A point to remember here is that while the concerns raised in the USA can be seen as positive steps for widening the debate about the protection of privacy in relation to genetic data specifically and sensitive data more generally, this is not a matter that only impacts American consumers. 23andMe has sold its tests internationally and there are privacy risks for its international consumers on a global scale. It should also be understood that even though it appears the majority of 23andMe’s customers are American this should not encourage complacency, as many Americans have close relatives in other countries. Likewise, if 23andMe’s bankruptcy and data breach raises national security concerns for Americans, it also raises national security concerns for citizens of other nations.

One further development, which could lead to positive regulatory reform in the USA, is a new bipartisan Bill for a Don’t Sell My DNA Act.[39] This legislation, if enacted, would reform the US Bankruptcy Code. It would improve protection for consumers’ privacy in the USA in three main ways:[40]

“Modernizing the Bankruptcy Code to include genetic information in the definition of “personally identifiable information”;
Requiring written notice and affirmative consumer consent prior to the use, sale or lease of genetic information during bankruptcy proceedings; and
Requiring the trustee or debtor in possession of genetic information to permanently delete any data not subject to a sale or lease.”

I have previously suggested the need for industry specific legislation and I believe other amendments to existing law are necessary, but this Bill could lead to reform at least in the context of businesses that do have financial difficulties and face the prospect of being sold on. Given that much of this industry is based in the USA as well, there is a vital need for real reform in the USA.

Conclusion

Now is the time for reform! As has been mentioned in the ‘23 and You’ hearing genetic information can be used for a wide range of purposes, which may be against the interests of consumers. This is of course an area of future risk, but some of this unidentified future risk has already become a reality for some of 23andMe’s customers, who have been victims of identity theft or had their health information compromised. Other potential risks which were highlighted in the hearing are the ability to track and locate individuals and their relatives and the potential to use data to train AI models. Such uses are not far fetched. The use of Generative AI is expanding in all fields and there is growing interest in Generative Biology projects together with legitimate concerns about its risks.[41] Consumers need and deserve better protection.

I have previously written about the need for improved regulation of this industry both independently and jointly with others[42]. I am hopeful that these proceedings and the Bill will lead to some substantive reforms, but this is very much a case of too little, too late. We need new legislation in the US to regulate the industry and we need existing regulators to contribute to reform in this area. We need international collaboration to improve industry standards and specifically to improve cyber security practices in relation to genetic data and other forms of sensitive data more generally.

Mandatory codes of conduct, as well as user friendly model privacy policies and contracts for the industry would also be beneficial. Model privacy policies and contracts could be developed by existing regulators (both in the consumer protection and data protection spheres) which limit the ways that data can be used and allow consumers more control over their most sensitive data. In the US, the Federal Trade Commission (FTC) and the Food and Drug Administration (FDA) could contribute to reform and the scope of legislation such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) could be expanded. I do believe that specific legislation applicable to all forms of consumer genomics would be beneficial though, as at present ancestry testing and other so-called ‘recreational’ testing often sits outside existing legislation.

Particularly problematic clauses that have been deemed unfair in jurisdictions including the European Union, the United Kingdom, New Zealand and Australia, should not be included in contracts targeting consumers in those jurisdictions. Furthermore, such clauses should be removed from American consumer contracts if we are to improve the protection of consumers’ rights in this context. Enhancing consumers’ rights to their data in this context, such as with a consumer data right would also be welcome, but it is vital that we move towards allowing consumers opportunities to understand risks and benefits in this context and the ability to make informed choices. We need companies to be held accountable, so that consumers are not left without recourse when a data breach occurs. I will end with a final point. While medical research has brought us many benefits, it, like technology itself is not neutral. Finally, not all research ventures will be beneficial to our most vulnerable communities, who have in fact often been exploited with no recompense.

As this article goes live, the news has also broken that the UK’s Information Commissioner’s Office (ICO) has announced that it is fining 23andMe “£2.31 million for failing to implement appropriate security measures to protect the personal information of UK users” in the attack it experienced in 2023, which led to the data breach.[43] This follows a joint probe by the ICO and the Canadian Office of the Privacy Commissioner (OPC). In the News statement they have released, the ICO states that “23andMe revealed serious security failings at the time of the 2023 data breach.”[44] This lends support to the need for reform of security infrastructure and practices throughout the industry.

Furthermore, according to the ICO, the breach has impacted “155,592 UK residents, potentially revealing names, birth years, self-reported city or postcode-level location, profile images, race, ethnicity, family trees and health reports.” Again, as previously noted the number of people impacted is likely to substantially exceed this figure, given that this information can link to a larger number of family members. The ICO highlights that the impacts on consumers could include surveillance, discrimination or financial loss and that they “received 12 complaints from consumers”.[45] I plan to write further about this together with the US developments, but am adding this here for the benefit of readers to keep this as current as possible.

* Dr Andelka M. Phillips is an Academic Affiliate, Centre for Health, Law and Emerging Technologies (HeLEX), University of Oxford and Affiliate with the Bioethics Institute Ghent (BIG), Ghent University. https://www.andelkamphillips.com, https://www.law.ox.ac.uk/people/andelka-phillips, https://www.bioethics.ugent.be/our-people/andelkamphillips/

[1] US Senate Committee on the Judiciary, ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ – full committee hearing recording available here https://www.judiciary.senate.gov/committee-activity/hearings/23-and-you-the-privacy-and-national-security-implications-of-the-23andme-bankruptcy.

[2] US Senate Committee on the Judiciary, ‘Grassley Opens Judiciary Hearing on the Privacy and National Security Implications of 23andMe Bankruptcy’ Prepared Opening Statement by Senator Chuck Grassley of Iowa, Chairman, Senate Judiciary Committee, ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ (11 June, 2025) https://www.judiciary.senate.gov/press/rep/releases/grassley-opens-judiciary-hearing-on-the-privacy-and-national-security-implications-of-23andme-bankruptcy.

[3] AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press 2019); AM Phillips, ‘Reading the Fine Print When Buying Your Genetic Self Online: Direct-to-Consumer Genetic Testing Terms and Conditions’ (2017) New Genetics and Society 36(3) 273-295. http://dx.doi.org/10.1080/14636778.2017.1352468; AM Phillips, ‘Only a Click Away – DTC Genetics for Ancestry, Health, Love… and More: A View of the Business and Regulatory Landscape’ (2016) 8 Applied & Translational Genomics 16-22; and SI Becher and AM Phillips, ‘Data Rights and Consumer Contracts: The Case of Personal Genomic Services’ in D Clifford, KH Lau, JM Paterson (eds), Data Rights and Private Law (Hart Publishing, 14 December 2023). Earlier draft available at SSRN: https://ssrn.com/abstract=4180967; and forthcoming AM Phillips, ‘Owning me, owning you – How private companies acquire rights in our most intimate data’ in for G Reynolds, A Mogyoros, and T Dagne (eds),Intellectual Property Futures – Exploring the Global Landscape of IP Law and Policy (University of Ottawa Press 2025).

[4] AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press 2019) p28.

[5] Norwegian Consumer Council, ‘250,000 words of app terms and conditions’ (24 May 2016) https://www.forbrukerradet.no/side/250000-words-of-app-terms-and-conditions/; and see the AppFail campaign page https://www.forbrukerradet.no/appfail-en/.

[6] Consumers’ Federation of Australia, ‘Nine Hours of Conditions Apply *’ (16 March 2017) https://consumersfederation.org.au/nine-hours-of-conditions-apply/.

[7] Nord Security, ‘Reading the privacy policies they encounter monthly would take almost 47 hours’ (13 December 2023) https://nordsecurity.com/press-area/research-americans-would-waste-a-whole-workweek-every-month-if-they-were-to-read-privacy-policies – this is referenced in the Senate Committee on the Judiciary hearing.

[8] S Becher, ‘Research shows most online consumer contracts are incomprehensible, but still legally binding’ The Conversation (4 February 2019) https://theconversation.com/research-shows-most-online-consumer-contracts-are-incomprehensible-but-still-legally-binding-110793; and U Benoliel and SI Becher, ‘The Duty to Read the Unreadable’ (January 11, 2019) 60 Boston College Law Review 2255 (2019), Available at SSRN: https://ssrn.com/abstract=3313837 or http://dx.doi.org/10.2139/ssrn.3313837.

[9] SI Becher and AM Phillips, ‘Data Rights and Consumer Contracts: The Case of Personal Genomic Services’ in D Clifford, KH Lau, JM Paterson (eds), Data Rights and Private Law (Hart Publishing, 14 December 2023).

[10] Regeneron https://www.regeneron.com/ ; M Liebergall, ‘Pharma co. buys 23andMe and its DNA vault for $256 million’ Morning Brew (20 May 2025) https://www.morningbrew.com/stories/2025/05/20/pharma-co-buys-23andme-for-256-million ; R Winkler, ‘23andMe’s Fall From $6 Billion to Nearly $0’ The Wall Street Journal (31 January 2024). https://www.wsj.com/health/healthcare/23andme-anne-wojcicki-healthcare-stock-913468f4.

[11] Rylee Kirk, ‘23andMe Customers Did Not Expect Their DNA Data Would Be Sold, Lawsuit Claims’ The New York Times (10^th June 2025) https://www.nytimes.com/2025/06/10/business/23andme-data-lawsuit.html#:~:text=The%20genetic%2Dtesting%20company%2C%20which,the%20data%20without%20express%20consent; NAAG Client States et al v. 23andMe Holding Co. et al, Case No. 25-04035, United States Bankruptcy Court for the Eastern District of Missouri, Eastern Division https://www.doj.state.or.us/wp-content/uploads/2025/06/Dkt-1-Complaint.pdf

[12] TTAM Research Institute https://ttamresearchinstitute.org/.

[13] Staff Reporter, ‘Wojcicki, TTAM Research Institute’s $305M Offer Wins Bidding for 23andMe in Second Auction’ GenomeWeb (13 June 2025) https://www.genomeweb.com/business-news/wojcicki-ttam-research-institutes-305m-offer-wins-bidding-23andme-second-auction.

[14] US Senate Committee on the Judiciary, ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ – full committee hearing recording available here https://www.judiciary.senate.gov/committee-activity/hearings/23-and-you-the-privacy-and-national-security-implications-of-the-23andme-bankruptcy.

[15] Rylee Kirk, ‘23andMe Customers Did Not Expect Their DNA Data Would Be Sold, Lawsuit Claims’ The New York Times (10 June 2025) https://www.nytimes.com/2025/06/10/business/23andme-data-lawsuit.html#:~:text=The%20genetic%2Dtesting%20company%2C%20which,the%20data%20without%20express%20consent. ; Case 25-04035 https://www.doj.state.or.us/wp-content/uploads/2025/06/Dkt-1-Complaint.pdf ; and NAAG Client States et al v. 23andMe Holding Co. et 9 June 2025 al – https://www.pacermonitor.com/public/case/58476865/NAAG_Client_States_et_al_v_23andMe_Holding_Co_et_al

[16] US Senate Committee on the Judiciary, ‘Grassley, Cornyn Introduce Bipartisan Bill to Safeguard Consumers’ Genetic Data After 23andMe Bankruptcy Sparks Privacy Concerns’ (27 May 2025) https://www.judiciary.senate.gov/press/rep/releases/grassley-cornyn-introduce-bipartisan-bill-to-safeguard-consumers-genetic-data-after-23andme-bankruptcy-sparks-privacy-concerns; and see S.1916 – Don’t Sell My DNA Act, S.1916 — 119th Congress (2025-2026) https://www.congress.gov/bill/119th-congress/senate-bill/1916/text/is.

[17] 23andMe, ‘23andMe at 16’ (28 April 2022) https://blog.23andme.com/articles/23andme-turns-16

[18] AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press 2019) p11 citing Aaron Krol, ‘What comes next for direct-to-consumer genetics?’ (Bio IT World, 2015) http://www.bio-itworld.com/2015/7/16/what-comes-next-direct-consumer-genetics.html

[19] Michael Levenson, ‘23andMe to Be Bought by Biotech Company for $256 Million’ The New York Times (19 May 2025) https://www.nytimes.com/2025/05/19/business/regeneron-pharmaceuticals-23andme-data.html

[20] BBC News, ‘Google invests in genetics firm’ (22 May 2007) http://news.bbc.co.uk/2/hi/business/6682451.stm; Larry Dignan, ‘Google goes biotech, invests in 23andMe’ ZDNET (22 May 2007) https://www.zdnet.com/article/google-goes-biotech-invests-in-23andme/ ; FIERCE Biotech, ‘Google hands $2.6M to 23andMe’ FIERCE Biotech (19 June 2009) https://www.fiercebiotech.com/biotech/google-hands-2-6m-to-23andme

[21] See 23andMe Holding Co., et al. Case No. 25-40976-357, United States Bankruptcy Court for the Eastern District of Missouri, Eastern Division https://www.moeb.uscourts.gov/23andme-holding-co-information and also see https://www.pacermonitor.com/public/case/57373210/23andMe_Holding_Co; Ashley Capoot, ‘23andMe files for bankruptcy, Anne Wojcicki steps down as CEO’ CNBC (24 March 2025) https://www.cnbc.com/2025/03/24/23andme-files-for-bankruptcy-anne-wojcicki-steps-down-as-ceo.html

[22] Shiona McCallum, ‘YouTube CEO Susan Wojcicki steps down after nine years’ BBC (18 February 2023) https://www.bbc.com/news/technology-64675997

[23]AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press 2019) p124, citing Erin Brodwin, ‘A collaboration between Google’s secretive life-extension spinoff and popular genetics company Ancestry has quietly ended’ Business Insider (1 August 2018) http://uk.businessinsider.com/google-calico-ancestry-dna-genetics-aging-partnershipended-2018-7?r=US&IR=T; GenomeWeb Staff Reporter, ‘AncestryDNA, Calico to Collaborate on Genetics of Human Longevity’ GenomeWeb (21 July 2015) https://www.genomeweb.com/business-news/ancestrydna-calico-collaborategenetics-human-longevity

[24] Alder, ‘23andMe Settles Data Breach Lawsuit for $30 Million’ The HIPAA Journal (16 September 2024) https://www.hipaajournal.com/23andme-class-action-data-breach-settlement/; A Bronstad, ‘Judge Approves 23andMe’s $30M Data Breach Settlement – With Conditions’ The Recorder (6 December 2024) https://www.law.com/therecorder/2024/12/06/judge-approves-23andmes-30m-data-breach-settlement—with-conditions/; and In re 23ANDME, Customer Data Sec. Breach Litig., 24-md-03098-EMC (N.D. Cal. Dec. 4, 2024) https://casetext.com/case/in-re-23andme-customer-data-sec-breach-litig-3/case-details.

[25] W Grantham-Philips, ‘23andMe files for Chapter 11 bankruptcy as co-founder and CEO Wojcicki resigns’ Associated Press (25 March 2025) https://apnews.com/article/23andme-chapter-11-bankruptcy-wojcicki-resigns-9827549d9171a537e76f60cb950d1823; A Zilber, ‘DNA testing pioneer 23andMe files for bankruptcy as concerns mount over data privacy of 15M customers’ The New York Post (24^th March 2025) https://nypost.com/2025/03/24/business/dna-firm-23andme-files-for-bankruptcy/ ; and Attorney General Bonta, ‘Attorney General Bonta Urgently Issues Consumer Alert for 23andMe Customers’ (Press Release 21 March 2025) https://oag.ca.gov/news/press-releases/attorney-general-bonta-urgently-issues-consumer-alert-23andme-customers.

[26] Regeneron, ‘Regeneron Enters into Asset Purchase Agreement to Acquire 23andMe® for $256 Million; Plans to Maintain Consumer Genetics Business and Advance Shared Goals of Improving Human Health and Wellness’ (Press Release, 19 May 2025) https://newsroom.regeneron.com/news-releases/news-release-details/regeneron-enters-asset-purchase-agreement-acquire-23andmer-256.

[27] Staff Reporter, ‘Wojcicki, TTAM Research Institute’s $305M Offer Wins Bidding for 23andMe in Second Auction’ GenomeWeb (13 June 2025) https://www.genomeweb.com/business-news/wojcicki-ttam-research-institutes-305m-offer-wins-bidding-23andme-second-auction.

[28] Anthony Ha, ‘Congress has questions about 23andMe bankruptcy’ TechCrunch (19 April 2025) https://techcrunch.com/2025/04/19/congress-has-questions-about-23andme-bankruptcy/; see the letter from Representatives Brett Guthrie, Gus Bilirakis, and Gary Palmer to 23andMe https://d1dth6e84htgma.cloudfront.net/04_17_2025_E_and_C_Letter_to_23and_Me_5c8d4032a7.pdf.

[29] C Loizos, ‘23andMe customers notified of bankruptcy and potential claims — deadline to file is July 14’ TechCrunch (11 May 2025) https://techcrunch.com/2025/05/11/23andme-customers-notified-of-bankruptcy-and-potential-claims-deadline-to-file-is-july-14/ ; A Raine, ‘Rule 23 And ME: The Problem With Class Action Lawsuits’ NULJ (22 February 2023) https://www.thenulj.com/nuljforum/classaction.

[30] Christi Guerrini and Amy McGuire, ‘The 23andMe Bankruptcy: Privacy Considerations and a Call to Action (Part 2)’ The Petrie Flom Centre Bill of Health (7 May 2025) https://petrieflom.law.harvard.edu/2025/05/07/the-23andme-bankruptcy-privacy-considerations-and-a-call-to-action-part-2/; and Dietrich Knauth, ‘23andMe will have court-appointed overseer for genetic data in bankruptcy’ Reuters (1 May 2025) https://www.reuters.com/sustainability/boards-policy-regulation/23andme-will-have-court-appointed-overseer-genetic-data-bankruptcy-2025-04-29/.

[31] Rylee Kirk, ‘23andMe Customers Did Not Expect Their DNA Data Would Be Sold, Lawsuit Claims’ The New York Times (10 June 2025) https://www.nytimes.com/2025/06/10/business/23andme-data-lawsuit.html#:~:text=The%20genetic%2Dtesting%20company%2C%20which,the%20data%20without%20express%20consent; Case 25-04035 https://www.doj.state.or.us/wp-content/uploads/2025/06/Dkt-1-Complaint.pdf ; and NAAG Client States et al v. 23andMe Holding Co. et 9 June 2025 al – https://www.pacermonitor.com/public/case/58476865/NAAG_Client_States_et_al_v_23andMe_Holding_Co_et_al.

[32] House Committee on Oversight and Government Reform, ‘Securing Americans’ Genetic Information: Privacy and National Security Concerns Surrounding 23andMe’s Bankruptcy Sale’ (10^th June 2025) – full committee hearing available here https://oversight.house.gov/hearing/securing-americans-genetic-information-privacy-and-national-security-concerns-surrounding-23andmes-bankruptcy-sale/ ; also see House Committee on Oversight and Government Reform, ‘Wrap Up: Congress Taking Action to Ensure the Safety of Americans’ Personal DNA Data’ (Press Release, 10 June 2025) https://oversight.house.gov/release/wrap-up-congress-taking-action-to-ensure-the-safety-of-americans-personal-dna-data/

[33] US Senate Committee on the Judiciary, ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ – full committee hearing recording available here https://www.judiciary.senate.gov/committee-activity/hearings/23-and-you-the-privacy-and-national-security-implications-of-the-23andme-bankruptcy; and see Senator Chuck Grassley, ‘Grassley Opens Judiciary Hearing On The Privacy And National Security Implications Of 23andMe Bankruptcy’ (prepared opening statement, 11^th June 2025) https://www.grassley.senate.gov/news/remarks/grassley-opens-judiciary-hearing-on-the-privacy-and-national-security-implications-of-23andme-bankruptcy.

[34] US Senate Committee on the Judiciary, ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ – this is quoted from the video recording of the full committee hearing available here https://www.judiciary.senate.gov/committee-activity/hearings/23-and-you-the-privacy-and-national-security-implications-of-the-23andme-bankruptcy.

[35] US Senate Committee on the Judiciary, ‘23 and You: The Privacy and National Security Implications of the 23andMe Bankruptcy’ – this is quoted from the video recording of the full committee hearing available here https://www.judiciary.senate.gov/committee-activity/hearings/23-and-you-the-privacy-and-national-security-implications-of-the-23andme-bankruptcy.

[36] Ibid.

[37] AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press 2019) pp182-7.

[38] M Sullivan, ‘23andMe has signed 12 other genetic data partnerships beyond Pfizer and Genentech’ (14 January 2015) VentureBeat https://venturebeat.com/2015/01/14/23andme-has-signed-12-other-genetic-data-partnerships-beyond-pfizer-and-genentech/ ; Christine Lagorio-Chafkin, ‘23andMe Exec: You Ain’t Seen Nothing Yet’ (7 January 2015) Inc http://www.inc.com/christine-lagorio/23andMe-newpartnerships.html.

[39] US Senate Committee on the Judiciary, ‘Grassley, Cornyn Introduce Bipartisan Bill to Safeguard Consumers’ Genetic Data After 23andMe Bankruptcy Sparks Privacy Concerns’ (27 May 2025). https://www.judiciary.senate.gov/press/rep/releases/grassley-cornyn-introduce-bipartisan-bill-to-safeguard-consumers-genetic-data-after-23andme-bankruptcy-sparks-privacy-concerns; and see S.1916 – Don’t Sell My DNA Act, S.1916 — 119th Congress (2025-2026) https://www.congress.gov/bill/119th-congress/senate-bill/1916/text/is.

[40] US Senate Committee on the Judiciary, ‘Grassley, Cornyn Introduce Bipartisan Bill to Safeguard Consumers’ Genetic Data After 23andMe Bankruptcy Sparks Privacy Concerns’ (27 May 2025) https://www.judiciary.senate.gov/press/rep/releases/grassley-cornyn-introduce-bipartisan-bill-to-safeguard-consumers-genetic-data-after-23andme-bankruptcy-sparks-privacy-concerns .

[41] Katrina Costa, ‘AI and the future of generative biology’ Sanger Science (17 October 2024) https://sangerinstitute.blog/2024/10/17/ai-and-the-future-of-generative-biology/ ; Jim Thomas, ‘Black Box Biotech’ Briefing Paper African Centre for Biodiversity (ACB), together with Third World Network (TWN) and ETC Group (September 2024) https://www.etcgroup.org/content/black-box-biotechnology; M Wang, et al, ‘A call for built-in biosecurity safeguards for generative AI tools’ (2025) Nat Biotechnol https://doi.org/10.1038/s41587-025-02650-8.

[42] AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press 2019); SI Becher and AM Phillips, ‘Data Rights and Consumer Contracts: The Case of Personal Genomic Services’ in D Clifford, KH Lau, JM Paterson (eds), Data Rights and Private Law (Hart Publishing, 14 December 2023). Earlier draft available at SSRN: https://ssrn.com/abstract=4180967; I jointly presented at PrivacyCon – AM Phillips and J Charbonneau, ‘Giving away more than your genome sequence?:Privacy in the Direct-to-Consumer Genetic Testing Space’ (https://www.ftc.gov/policy/public-comments/2015/10/09/comment-00057) American Federal Trade Commission’s PrivacyCon (January 2016).

[43] ICO, “23andMe fined £2.31 million for failing to protect UK users’ genetic data” (News, 17 June 2025) https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/06/23andme-fined-for-failing-to-protect-uk-users-genetic-data/; see also the ICO, Penalty Notice – 23andMe, Inc (5 June 2025) https://ico.org.uk/media2/kclbljpo/23andme-penalty-notice.pdf.

[44] ICO, “23andMe fined £2.31 million for failing to protect UK users’ genetic data”.

[45] Ibid; also see Privacy Laws & Business, “ICO fines DNA testing company 23andMe £2.31 Million”. http://xlpkz.mjt.lu/nl3/2sxB3-wx1hD9J_y4S4EAIQ?m=AV8AAHBbhp4AAc523IYAAR7sV1sAAYAyHtEAnRiUAA6KKgBoUY-i9J7fb3fNT-W-MuZPZ_dHEwAOYZc&b=bd2b381c&e=744bebfc&x=IQqvNdhRZblt2qg1LKXuRZ-FIUDAgEu6z6keowWxBJ8.

June 18, 2025

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

AI in Healthcare and the Liability Vacuum in EU Law

AI-generated image created using Microsoft Copilot, 2025

Petra Holmberg*

A Technological Crossroads

Artificial intelligence (AI) potentially poses multiple threats, and the concerns have become more visible in recent years.[1] In 2023, the Future of Life Institute issued an open letter urging a pause in AI development.[2] In 2024, the Center for AI Safety published a statement equating AI-related risks with those of pandemics and nuclear war.[3] These calls for caution gained traction largely due to the support of prominent AI researchers and industry leaders.

Amid these warnings, AI has been introduced to critical sectors, in particular, healthcare. This raises an essential question: Is the deployment of AI in healthcare a ticking time bomb or a gateway to revolutionary medical advancement? The answer is partly in how effectively legal frameworks can ensure safety, liability, and trust in AI systems.

The EU’s Regulatory Response

Recognising the risks and opportunities posed by AI, the European Commission proposed, and later adopted, the world’s first comprehensive legal framework for AI: the Artificial Intelligence Act (AI Act).[4] The Commission justified this legislative move by stressing the need for “trustworthy AI” that upholds safety, health, fundamental rights, and democratic values.[5] Although existing legislation provided some protection, it was not sufficient to address the specific challenges that AI systems can pose.[6]

Under the AI Act, systems that could significantly impact individuals’ health and safety, such as AI-powered medical devices, are classified as “high-risk.” These high-risk systems must meet the strictest safety and transparency standards, ensuring that their use aligns with the values enshrined in the EU Charter of Fundamental Rights.[7] Although the AI Act introduces strong preventive measures, questions remain about how effectively it addresses liability when AI systems malfunction.

Trust is paramount in healthcare, where errors can have life-altering consequences. Accordingly, the concept of “trustworthy AI” has been framed around safety, particularly patient safety, and legal responsibility for harm caused.[8] Given the sensitivity of AI use in healthcare to improve patient health, safety guarantees for patients are essential.

Challenge of Liability Guarantees

The European approach to liability in AI-powered medical devices is complex. It integrates traditional product liability principles based on the Directive on liability for defective products with new considerations brought by AI’s unpredictability and opacity.[9] The established model of European product liability law strives for a balanced allocation of risks between manufacturers and users.[10] However, AI challenges this equilibrium.

Medical AI systems, particularly those based on deep learning, often operate as “black boxes” to various degrees. Their decision-making processes are not totally transparent, even to their developers. As a result, the traditional concept of “defect,” typically applied to physical flaws in products, becomes difficult to define in an algorithmic context. This lack of transparency complicates efforts to establish a standard for defectiveness or to assign fault in the event of harm.[11] This situation has sparked a debate over the adequacy of existing liability frameworks and the need for a new legal paradigm. The current benchmarks for liability do not reflect AI’s evolving behaviour.[12] A reimagined liability regime is, therefore, essential to closing the gaps that AI technologies have opened.

The AI Act reflects an awareness that different AI systems pose various levels of risk. AI-powered medical devices, which may directly influence diagnoses or treatment decisions, are considered high-risk due to their potential to infringe on patients’ health and safety.[13] Importantly, safety and liability are regulated by distinct legal mechanisms. While the AI Act imposes rigorous safety standards for high-risk AI systems, it cannot completely eliminate the risk of harm. As such, a clear liability framework is needed to complement preventive regulation.[14]

Yet, enforcing liability for AI-caused harm is anything but straightforward. The black box problem is a lack of transparency in many AI algorithms. Many deep machine learning algorithms and other advanced AI algorithms are inherently non-transparent technologies.[15] The black box nature of many AI systems makes it difficult, sometimes even impossible, for patients to prove the causality link. Patients are burdened with proving not only that they were harmed but also that the AI system was defective and directly caused the harm, an often impossible task.[16]

The Withdrawn Directive – A Missed Opportunity

To address this problem, the European Commission proposed the Artificial Intelligence Liability Directive.[17] It aimed to facilitate compensation claims by introducing a presumption of a causal link in specific situations involving high-risk AI systems. Under Article 4 of the proposed directive, a presumption of causality would arise when:

The manufacturer or a person for whose behaviour is responsible failed to comply with a duty of care.
It was reasonable to assume that an error in the AI system contributed to the output (or lack thereof).
The patient could demonstrate that the AI system’s output (or failure) caused harm.[18]

Had it been enacted, the directive would have represented a landmark in AI liability for patients harmed by high-risk AI systems.

However, surprisingly, the European Commission withdrew the proposal from its 2025 work program. The rationale was a lack of foreseeable agreement.[19] This explanation was met with scepticism because it was made even before the rapporteur’s report was published. The European Parliament’s rapporteur, Axel Voss criticised the decision, stating: “Big Tech firms are terrified of a legal landscape where they could be held accountable… Instead of standing up to them, the Commission has caved.”[20]

The withdrawal of the directive does not mean patients are without protection. If harm arises from medical malpractice, national laws still apply.[21] However, when the AI system itself is defective, patients find themselves in a legal grey zone. The AI Act and existing product liability rules only offer limited recourse. The revised Directive on liability for defective products from 2024 includes provisions specific to software-based products, acknowledging the complexities of AI. Notably, Article 9 introduces a presumption of defectiveness when proving causality is difficult and the harm likely stems from a product defect. While promising on paper, this provision lacks detailed requirements. It delegates the final decision to national courts, which must determine whether an AI system is technically or scientifically complex enough to apply the presumption. This opens the door to inconsistent outcomes across the EU, where one Member State may find an AI system too complex while another does not. Manufacturers may then choose to market their products only in Member States with lower liability exposure, undermining the EU’s goal of a harmonised internal digital market. This also clearly contradicts the promise made by Ursula von der Leyen at the AI Action Summit that the AI Act would provide businesses with clearer regulatory requirements for users, but primarily for manufacturers.[22]

Conclusion

The decision to withdraw the AI Liability Directive marks a significant setback in Europe’s efforts to regulate artificial intelligence. It weakens the AI Act’s core ambition – to foster trustworthy AI – and undermines the EU’s pledge to ensure high safety standards and liability.

Patients are left vulnerable without a unified legal mechanism to address liability for harm caused by high-risk AI systems. The question of liability is left to national courts without defining the precise criteria to be applied in such cases, which creates an additional administrative burden. This move clearly contradicts the AI Act’s fundamental purpose and weakens the newly adopted legislation. In my opinion, the classification of high-risk AI loses one of the fundamental purposes of the regulation, namely, to guarantee enforceable liability on AI manufacturers. If EU leaders are serious about becoming a global leader in ethical AI, they must revisit the question of liability. Trustworthy AI cannot exist without a transparent liability mechanism. Hopefully, future legislative efforts will address this void and restore confidence for both patients and manufacturers.

* Petra Holmberg is a postdoctoral researcher at the Department of Law, Lund University.

[1] Cerf M. and Waytz A. (2023). If you worry about humanity, you should be more scared of humans than of AI. Bulletin of the Atomic Scientists, 79(5), 289–292.

[2] Future of Life. Pause Giant AI Experiments: An Open Letter. (22 March 2023). Retrieved (30 April 2025): Pause Giant AI Experiments: An Open Letter – Future of Life Institute

[3] Center for AI Safety. Statement on AI Risk. (2024). Retrieved (30 April 2025): Statement on AI Risk | CAIS

[4] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828. OJ L, 2024/1689.

[5] Article 1(1) AI Act.

[6] European Commission. Shaping Europe´s digital future – AI Act. Retrieved (30 April 2025): AI Act | Shaping Europe’s digital future

[7] European Union. “Charter of Fundamental Rights of the European Union.” Official Journal of the European Union C83, vol. 53, European Union, 2010, p. 380.

[8] World Health Organization. (2021). Ethics and governance of artificial intelligence for health: WHO guidance Executive summary. ISBN 978-92-4-003740-3.

[9] Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products and repealing Council Directive 85/374/EEC. OJ L, 2024/2853.

[10] Haftenberger A. and Dierks C. (2023). Legal integration of artificial intelligence into internal medicine: Data protection, regulatory, reimbursement and liability questions. Med (Heidelb), 64(11),1044-1050.

[11] Schneeberger D., Stöger, K. and Holzinger, A. (2020). The European Legal Framework for Medical AI. In: Holzinger, A., Kieseberg, P., Tjoa, A., Weippl, E. (eds) Machine Learning and Knowledge Extraction. CD-MAKE 2020. Lecture Notes in Computer Science, vol 12279. Springer.

[12] Duffourc MN. and Gerke S. (2023). The proposed EU Directives for AI liability leave worrying gaps likely to impact medical AI. NPJ Digit Med, 6(1):77.

[13] Article 6 AI Act.

[14] Shavell S. (1984). Liability for harm versus regulation of safety. Journal of Legal Studies. 13(2), 209-414.

[15] Statens Medicinsk-Etiska Råd. Kort om Artificiell intelligens i hälso- och sjukvården. (2022). Retrieved (30 April 2025): smer-2020-2-kort-om-artificiell-intelligens-i-halso-och-sjukvarden.pdf

[16] Article 10 Directive on liability for defective products.

[17] Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive). COM/2022/496 final.

[18] Article 4(1) AI Liability Directive.

[19] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. Commission work programme 2025 Moving forward together: A Bolder, Simpler, Faster Union. COM/2025/45 final.

[20] IAPP. European Commission withdraws AI Liability Directive from consideration. (12 February 2025). Retrieved (30 April 2025): European Commission withdraws AI Liability Directive from consideration | IAPP

[21] Article 168(7) TFEU.

[22] IAPP. European Commission withdraws AI Liability Directive from consideration. (12 February 2025). Retrieved (30 April 2025): European Commission withdraws AI Liability Directive from consideration | IAPP

May 5, 2025

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

What is the current status of drug addicts in South Korea, and what are the policy issues for social rehabilitation?

Song-Hee Lee*

1. The need for social rehabilitation services for drug addicts in South Korea

Recently, the number of drug users has been increasing rapidly in many countries, including South Korea and Sweden, and the issue of drugs has become a major social issue, with the South Korean government declaring a ‘war on drugs.’ According to the Ministry of Justice of South Korea, the number of drug offenders reached 9,984 in 2014 and increased to 27,611 as of December 2023.[1]

Drug-related crimes, especially among the younger generation, are on the rise in South Korea. According to a survey conducted by the Ministry of Food and Drug Safety on the public’s perception of the seriousness of drug-related crimes in 2020, the 20-something generation has the lowest level of awareness of the seriousness of drug-related crimes.[2] In addition, the side effects of illegal, excessive, and redundant prescription of medical drugs in Korea were also found to be serious, with one in 2.7 Koreans reporting that they had used anesthetics, painkillers, and appetite suppressants.[3] This phenomenon indicates that the level of recidivism among drug users in Korea has reached a point where criminal punishment alone is no longer sufficient and suggests the need to strengthen policies on prevention, treatment, and social rehabilitation for drug addicts.

This study aims to examine the current status and reality of drug addicts in South Korea, which has been increasing recently, and to suggest relevant policies and social rehabilitation services for drug addicts in Korea, as well as some implications for drug addiction prevention and social rehabilitation in Sweden in the future.

2. Current Status of Drug Addicts in Korea

Current Status of Drug Addicts

According to the “2023 White Paper on Narcotics Crime” by the Supreme Prosecutors’ Office of Korea, the number of drug offenders in Korea was about 10,000 from 1999 to 2002, during the IMF crisis in Korea. However, the number of people who have used drugs has increased to 11,916 since 2015 and has continued to increase since then. The main reason for this increase is believed to be the creation of an environment in which not only people with a history of drug use but also the general public who have never used drugs can easily purchase drugs using the Internet and social media.

For this reason, the number of young South Korean drug offenders in their 20s and 30s has been increasing recently, and as of December 2023, they accounted for 54.5% of all drug offenders. Moreover, the number of drug criminals is on the rise as the supply of drugs through illegal online platforms is becoming more active, with South Korean teenagers also easily purchasing drugs through the darknet.[4]

Drug Offenders’ Recidivism and Causes of Crime

Drug addiction is highly likely to recur after a single drug use, and as of 2021, the recidivism rate for drug offenders in South Korea was 36%, 35.0% in 2022, and 32.8% in 2023. The reason for this high recidivism rate is that opportunities for treatment and rehabilitation are not provided adequately and are not sufficient.[5] Looking at the status of drug-related crimes in South Korea in 2023 by cause, the highest percentage of cases of cannabis were caused by addiction (18.4%) and curiosity (15.6%), excluding other causes, and the highest percentage of cases of drugs were caused by curiosity (19.2%) and unknown reasons (11.0%). Therefore, it is expected that depending on the type of drug, the content of education and the approach to education will need to be organized according to the cause when designing future prevention education and programs.

3. Drug-related policies and social rehabilitation services in South Korea

Drug-related laws and policies in South Korea

Until the 1990s, the South Korean government mainly focused on supply control policies and promoted policies emphasising strong punishment. As a result, South Korea has enacted the Narcotics Control Act, the Special Act on Prevention of Illegal Trade in Narcotics, the Criminal Act, and the Act on Aggravated Punishment, etc. for Specific Crimes, which are representative of the laws and regulations related to narcotics in South Korea. And since the late 1990s, when the problem of drug addiction in South Korea emerged as a serious social issue, the government has been trying to come up with comprehensive measures, including demand suppression policies, at the government level, such as forming the “Drug Countermeasures Council,” a council under the Prime Minister (Prime Minister’s Decree No. 739, April 25, 2019).

However, medical institutions for drug addicts in Korea are inadequate. Although the number of drug treatment and protection institutions has expanded to 24 as of 2023, the number of designated beds has only reached 292.

Case of drug addiction rehabilitation service support^[6]

Currently, the representative organization in Korea that helps drug addicts in their social rehabilitation is the Korea Anti-Drug Movement Headquarters. The Korea Anti-Drug Movement Foundation was established on April 22, 1992, by the Korean Pharmaceutical Association in the form of a foundation.

The foundation is based on Article 51-2 of the Narcotics Control Act, and in accordance with this, it carries out activities such as public relations, enlightenment, and education for the prevention of narcotics and drug abuse, research and studies, treatment and rehabilitation, social welfare for reintegration, international exchanges with international non-governmental organizations and groups, establishment and operation of counseling centers for narcotics and drug abuse, operation by experts and volunteers. The main projects include the healthy development and protection of children and adolescents, education programs for the professionalization of women’s workforce, and other tasks delegated by the Minister of Food and Drug Safety regarding the management of narcotics. In particular, since 2024, the organization has been playing various roles to expand the Korea Anti-Drug Movement Headquarters’ Addiction Rehabilitation Center nationwide.

As drug abuse has been on the rise recently, the Korea Anti-Drug Movement Headquarters has established 17 addiction rehabilitation treatment centers (Together One Step Centers) across the country by 2024. These centers were established to implement a “judicial-treatment-rehabilitation linkage model” that supports the reintegration of drug offenders into society. The center provides psychological support programs such as recovery support programs and recovery experience counseling for all those in need of help with drug addiction. It also provides a customized social rehabilitation program for addicts and offers a monitoring service for drug-free management after the program. In addition, it offers a program for the families of drug addicts. It also provides services in cooperation with treatment hospitals, residential facilities, and related organizations in the region. The organization operates a 24-hour drug helpline to help people experiencing drug problems receive support.

4. Recommendations

Currently, South Korea’s drug policy is in the introduction stage. Until now, South Korea’s drug policy has been focused on crackdowns and arrests, and although some policies for rehabilitation have been put in place, they are still insufficient. However, based on South Korea’s efforts to address the growing drug problem in the country, I would like to reflect on some lessons learned from Korean experience.

First, intensive drug prevention education is needed for the younger generation, especially high-risk youth, in various ways, including online and offline. And for those who have experience with drug use, social rehabilitation programs need to be established so that treatment and rehabilitation services can be provided early. As drug abuse is on the rise in South Korea, the Ministry of Health and Welfare and the Ministry of Food and Drug Safety are focusing on training drug addiction treatment specialists, which is yet another step towards better education and training of specialists, necessary all over the world.

Second, for drug users, multidimensional policies should be established to help them with treatment, rehabilitation, and social adaptation. In South Korea, treatment, education, and rehabilitation counseling for drug users are provided at centers across the country, but educational and counseling programs for their families are still lacking. In addition, although the focus is on training experts in narcotics, it has been pointed out that there are no additional support measures for the treatment or working environment of professional personnel.

In the case of Sweden, it is understood that drug-related information and prevention education are provided by various organizations, including the Public Health Agency and local governments. Treatment and social rehabilitation services for drug addicts should be provided to drug users, their families, experts, and community service providers to prevent recidivism and promote social integration. Therefore, policies should be promoted and services should be provided in cooperation with various authorities, local governments, and private institutions. To this end, support policies such as improved treatment and incentives for multidisciplinary professionals should also be put in place.

* Song-Hee Lee is a Research Fellow and Ph.D. in Social Welfare Policy Research Center at Seoul Welfare Foundation.

[1] Supreme Prosecutors Office. 2023 Drug Control in Korea; Supreme Prosecutors Office: Seoul, Republic of Korea, 2024.

[2] Lee, S.H., Baik, H. and Kim, J. W. Comparison of Seoul’s Drug Addiction Policy and Social Rehabilitation Service Development with Overseas Cases; Seoul Metropolitan City Seoul Welfare Foundation: Seoul, Republic of Korea, 2023.

[3] Baik, H., Kim, S., Hong, H., Lee, J., Shin, Y. J. Exploring the Influencing Factors of Entry into Social Rehabilitation Services through the Recovery Support Experience of Recovery Counselors Working in the Area of Drug Rehabilitation Services : Using Focus Group Interview. J. Korea Contents Assoc. 2023, 23, 610–620.

[4] Ibid.

[5] Lee, S. H., Baik, H., Kim, J. W. Comparison of Seoul’s Drug Addiction Policy and Social Rehabilitation Service Development with Overseas Cases; Seoul Metropolitan City Seoul Welfare Foundation : Seoul,Republic of Korea, 2023

^[6] Korean Drug Prevention Headquarters homepage (2025), https://www.drugfree.or.kr/

March 17, 2025

Health Law Sweden Blog

This entry was posted in

Posts

Comments

0 Comments Leave a comment

In safe hands? The protection of privacy in consumer genomics

Andelka Phillips* and Jan Charbonneau+

Would you give your banking password to a stranger? Obviously not … imagine what they could do with it! But thousands of consumers willingly give their most personal information – their DNA – to consumer genomics companies, trusting they will protect it. Whether consumers are buying tests because they are interested in learning about their ancestry or their health, their DNA and related personal data are likely to be used in ways that they will not anticipate and which pose privacy risks to them as individuals and to their wider family groups. This industry, however, has rarely taken privacy and security seriously, hiding behind extensive privacy policies & contracts full of legalese that consumers seldom read and, if they did, would understand.

An earlier blog,[1] encouraged readers to consider the risks of direct-to-consumer genetics testing (aka DTC or personal/consumer genomics), highlighting issues consumers should consider before purchasing these tests.

In this follow-up, we want to raise awareness about the very real threat to privacy that data breaches by this industry pose. We highlight the consequences of the 23andMe data breach and draw on findings from our online public survey (we are planning a further article for this Blog series about our survey later in 2025).

In 2023, the genetic data of almost 7 million 23andMe customers[2] was breached. Since the data breach, 23andMe has been faced with some 40 class actions filed in the USA,[3] and another in the Canadian province of British Columbia. In June 2024, a joint probe into the 23andMe breach was announced by the UK’s Information Commissioner’s Office (ICO) and the Privacy Commissioner of Canada (OPC), with investigations ongoing.[4] A $30 million settlement has recently been reached and approved in the US. However, consumers impacted by the breach may be eligible to claim up to $10,000 where they experienced ‘significant losses, such as identity theft’,[5] but may only receive $100 if their ‘health information was compromised.’ [6] There is also a strong possibility the company and its extensive genetic databases will be sold to another entity.

While the settlement figure is not insignificant overall, the amount that consumers can claim, including those who have been victims of identity theft, seems minimal. Remember, too, that the data released included genetic information, home addresses, dates of birth and photographs.[7] It is also important to recognise that for US consumers, having their health information compromised could impact their insurance coverage. Such a settlement highlights the reality that often victims of a data breach will have little recourse, even where they suffer substantial loss. The fact that this breach was facilitated by credential stuffing is also problematic. Credential stuffing occurs where an attacker obtains login details of users from other platforms[8] (eg. Google) and then uses those details to log on to another website.

This really highlights the need for businesses to pay more attention to their security practices and the design of their platforms if they are committed to protecting their consumers’ privacy. While allowing consumers to create accounts by linking them to larger platforms such as Google and Apple offers efficiency for consumers, it is a practice that ought to be banned in the context of services like these that handle sensitive information. While no system can be completely secure, using the same password and username for multiple websites is really not good security practice.

The aftermath of this breach has seen 23andMe’s financial position rapidly deteriorate with the company announcing plans to fire 40% of its employees in November 2024.[9] Unfortunately for consumers concerned about privacy, their data is included in the assets which could be sold on to another entity.[10]

Let’s be clear this is not the first time this has happened. It is not the first time the industry has experienced a data breach. Other prominent examples include MyHeritage, Vitagene, and Veritas Genetics.[11] MyHeritage was informed of the breach by a researcher who found a file on a private external server, which contained ‘email addresses and hashed passwords of 92,283,889 users,’[12] although according to the company, this did not involve disclosure of genetic data as this was stored on a separate system. It is still a very serious occurrence given the number of people involved and the fact that the company only learnt of the breach after being notified by an external researcher.

The Vitagene example (now 1Health) involved the exposure of genetic health data and information on medical conditions, as well as full names and dates of birth.[13] They have since been fined by the US Federal Trade Commission (FTC) (although the fine was only $75,000) and the FTC has also issued refunds to their customers.[14]

Furthermore, it is not the first time that a DTC company has been acquired by another entity. A good early example is that of Navigenics’ acquisition by Life Technologies in 2012.[15] Yet, the size of 23andMe’s database, which has reached 15 million and its previous partnerships with GenTech, Pfizer, and GlaxoSmithKline (the partnership with Glaxo was extended in October 2023)[16] does mean that the range of ways that consumers’ data could be used and shared is significantly increased. Given the number of consumers’ data that 23andMe has accumulated data sharing and data use has the potential to impact a much larger group of people who are related to the consumers and may not wish to have their data included in these systems. This creates a variety of unknown future risks for consumers and their wider family groups, which require further scrutiny and there is a real need for regulators to step in.

In 2022, we conducted an online public survey of 1000 New Zealanders and 1000 Australians exploring privacy perceptions in the context of DTC.[17] The Genepri survey included questions related to participants’ engagement with privacy policies using examples based on clauses from real policies. Genepri results showed high levels of support for governments to have laws in place to protect consumers’ genetic privacy (80% agreement) and for corporations to take responsibility for protecting their genetic data (77%).

Respondents also believed these companies would only share their data with consent – ‘I am confident my personal genetic results will only be shared with other people with my permission’ (54% agreement). They also believed that companies would keep their genetic samples and data secure (50% agreement). Respondents also expressed discomfort with a privacy policy which would allow sharing of data with ‘companies under common ownership, our partners and affiliates’ (60%). And they were also uncomfortable with clauses that would allow companies broad discretion to change their policies ‘at any time or from time to time’ (59%).

This trust and support for regulation is at odds with how the industry in fact operates. This is an industry that operates internationally and has primarily relied on self-regulation. It is also generally characterized by partnerships and mergers predominantly with the pharmaceutical industry, but also with Big Tech and the insurance industry, as well as examples of data sharing with law enforcement (eg. FamilyTreeDNA). The true range of uses of data and data sharing policies are often buried in lengthy contracts or privacy policies which consumers do not read. This means that the validity of consumers’ consent both in relation to how their genetic data and other forms of personal data are collected and used could be challenged. Several terms commonly included in these contracts are also challengeable on the basis of unfairness in the EU, the UK, Australia, and New Zealand, as these jurisdictions have very similar legislative control of unfair terms in consumer contracts. A broad variation clause allowing the company to change terms at its discretion is one particularly problematic example of a term that may be challengeable on this basis.[18]

In earlier work,[19] it was found that it was common for companies to deem consent to the use of their services through visiting the website, which is extremely problematic given the sensitive nature of these services. And this is a practice that continues. In our GenePri survey, 46% of participants agreed that they tended to ‘just click agree rather than reading changes to terms and conditions.’

This is of course not unique to this industry, but the sheer volume of contracts and privacy policies that consumers engage with mean that it is reasonable that a consumer may fail to read these documents. As with many other online services, the design of websites may also nudge consumers towards purchase rather than sufficiently highlighting the need to read the company’s terms. In other work, it was found that it was common for DTC companies to allow people to access their payment screens without ever viewing their contractual terms [20].

Unfortunately, those who have been impacted by the 23andMe data breach may have little real remedy. What is really needed quite urgently is better oversight of the industry by data protection and consumer regulators, together with better enforcement of existing laws, and improvement in business practices in relation to how consumers’ data is collected, shared, and protected. Given the sensitive nature of the data the industry relies on, reform of the privacy policies and contracts is also needed. This should include improving how these documents are presented to consumers. Privacy and security by design should not just be nice expressions, but mantras that businesses handling sensitive data take to the heart of their operations.

* Andelka Phillips is an academic affiliate at the Centre for Health, Law and Emerging Technologies (HeLEX), University of Oxford and Affiliate with the Bioethics Institute Ghent (BIG), Ghent University.

https://www.law.ox.ac.uk/people/andelka-phillips

+ Jan Charbonneau is an adjunct researcher at the Centre for Law & Genetics, Faculty of Law, University of Tasmania.

[1] Andelka M Phillips, ‘Hacking your DNA? Some things to consider before buying a DNA test online’ Health Law Blog Sweden (2 March 2024) https://healthlawsweden.blogg.lu.se/2024/03/02/hacking-your-dna-some-things-to-consider-before-buying-a-dna-test-online/ – this also mentioned an animated video that had been made as part of a Borrin Foundation funded project, this is available here https://youtu.be/wy5NILzn8ZE?si=xv68gNDV8Riu1Djj

[2] 23andMe and Ancestry.com represent the major players in consumer genomics. Other significant companies in this space are MyHeritage, FamilyTreeDNA, LivingDNA, as well as Orig3n. The industry has been characterised by frequent partnerships and mergers and for more on the wide variety of companies operating please see AM Phillips, ‘Data on Direct-to-Consumer Genetic Testing and DNA testing companies’ (Version 1.3) (2018) [Data set]. Zenodo. https://doi.org/10.5281/zenodo.1183565

[3] A Jewett, ‘$30M 23andMe settlement resolves data breach multidistrict litigation’ Top Class Actions (20 September 2024) https://topclassactions.com/lawsuit-settlements/privacy/data-breach/30m-23andme-settlement-resolves-data-breach-multidistrict-litigation/

[4] ICO, “ICO to investigate 23andMe data breach with Canadian counterpart” ICO Statement (10 June 2024) <https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/06/ico-to-investigate-23andme-data-breach-with-canadian-counterpart/>.

[5] L Daniel, ‘23andMe To Pay Up To $10,000 To Data Breach Victims—Are You Eligible?’ Forbes (16 October 2024) https://www.forbes.com/sites/larsdaniel/2024/10/15/23andme-to-pay-up-to-10000-to-data-breach-victims-are-you-eligible/ ; see also S Alder, ‘23andMe Settles Data Breach Lawsuit for $30 Million’ The HIPAA Journal (16 September 2024) https://www.hipaajournal.com/23andme-class-action-data-breach-settlement/

[6] Alder, ‘23andMe Settles Data Breach Lawsuit for $30 Million’ The HIPAA Journal (16 September 2024) https://www.hipaajournal.com/23andme-class-action-data-breach-settlement/

[7] A Bronstad, ‘Judge Approves 23andMe’s $30M Data Breach Settlement – With Conditions’ The Recorder (6 December 2024) https://www.law.com/therecorder/2024/12/06/judge-approves-23andmes-30m-data-breach-settlement—with-conditions/ ; T Kika, ‘Could You Get $10,000 From 23andMe’s Data Breach Settlement? Here’s What to Know’ CNET (19 November 2024) https://www.cnet.com/personal-finance/could-you-get-10000-from-23andmes-data-breach-settlement-heres-what-to-know/

[8] For more on this, please see N Mueller, ‘Credential stuffing’ OWASP https://owasp.org/www-community/attacks/Credential_stuffing

[9] ‘23andMe announces layoffs totalling 40% of workforce, discontinues therapeutics division’ (12 November 2024) CBS News https://www.cbsnews.com/sanfrancisco/news/23andme-layoffs-job-cuts/

[10] James Purtill, ‘23andMe is on the verge of bankruptcy. It may be too late to delete your genetic data’ ABC News (17 October 2024) https://www.abc.net.au/news/science/2024-10-17/23andme-genetic-data-privacy-bankrupt-dna-test-ancestry/104455816

[11] S Ferguson, ‘MyHeritage Data Breach of 92M Accounts Raises Many Questions’ Dark Reading (6 June 2018) https://www.darkreading.com/cloud-security/myheritage-data-breach-of-92m-accounts-raises-many-questions ; Norton, ‘MyHeritage data breach exposes info of more than 92 million users’ Norton Security (8 August 2018) https://us.norton.com/blog/emerging-threats/myheritage-data-breach-exposes-info-of-more-than-92-million-user ; Arthur, ‘Lessons from the 23andMe Data Breach: Data Privacy in an Interconnected World’ heyData (19 December 2023) https://heydata.eu/en/magazine/lessons-from-the-23and-me-data-breach-data-privacy-in-an-interconnected-world

[12] Norton, ‘MyHeritage data breach exposes info of more than 92 million users’ (8 August 2026)

[13] Arthur, ‘Lessons from the 23andMe Data Breach: Data Privacy in an Interconnected World’ heyData (19 December 2023) https://heydata.eu/en/magazine/lessons-from-the-23and-me-data-breach-data-privacy-in-an-interconnected-world

[14] S Alder, ‘FTC Fines Genetic Testing Company for Data Privacy and Security Failures’ The HIPAA Journal (20 June 2023) https://www.hipaajournal.com/ftc-fines-genetic-testing-company-for-data-privacy-and-security-failures/ ; FTC, ‘FTC Sends Refunds to Consumers Deceived by Genetic Testing Firm 1Health …’ https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-sends-refunds-consumers-deceived-genetic-testing-firm-1healthio-over-data-deletion-security.

[15]AM Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics (Edinburgh University Press, 2019), online: https://www.jstor.org/stable/10.3366/j.ctvnjbgvb p.120 and see Life Technologies Corporation, ‘Acquisition of Navigenics Expands Life Technologies’ Capabilities in Diagnostics’, PR News Wire (16 July 2012) https://www.prnewswire.com/news-releases/acquisition-of-navigenics-expands-life-technologies-capabilities-in-diagnostics-162631986.html.

[16] 23andMe, ‘23andMe Announces Collaboration Extension with a New Data Licensing Agreement with GSK’ (30 October 2023) https://investors.23andme.com/news-releases/news-release-details/23andme-announces-collaboration-extension-new-data-licensing

[17] We are grateful to Genomics Aotearoa and the University of Waikato for funding this project. The survey was hosted by Qualtrics who also provided respondents.

[18] Earlier work found that such clauses were quite common amongst DTC companies. 72% of the contracts in a review of 71 contracts from DTC companies marketing tests for health purposes included such a clause. See Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics 182-3.

[19] Phillips, Buying Your Self on the Internet: Wrap Contracts and Personal Genomics 203, 204, 207.

[20] Samuel I Becher and Andelka M Phillips, ‘Data Rights and Consumer Contracts: The Case of Personal Genomic Services’ in Damian Clifford, Kwan Ho Lau, Jeannie M. Paterson (eds), Data Rights and Private Law (Hart Publishing, 2023) 83-101, 99.

January 23, 2025

Health Law Sweden Blog

This entry was posted in

Posts

Comments

0 Comments Leave a comment

Glidningar i arbetsförmågebegreppet påverkar sjukskrivnas liv

av Clara Bergstrand*

I centrum för bedömningen av rätten till sjukpenning står rekvisitet arbetsförmåga.[1] Den här texten handlar om gränsdragningen mellan den enskildes arbetsförmåga och andra aktiviteter som den enskilde företar under sin sjukskrivning, exempelvis fritids- eller hobbyaktiviteter. Syftet är att öppna upp för frågor som rör vilket liv som är möjligt att leva inom ramarna för sjukskrivningen och arbetsförmågebegreppets definition.

Arbetsförmåga är inte definierat i lag och beskrivs i förarbeten som ett tillstånd som inte är ”statiskt, objektivt påvisbart […] utan måste bedömas i förhållande till ett visst arbete eller vissa arbetsuppgifter.”[2] Arbetsförmåga måste därför förstås som ett begrepp som behöver bedömas i det enskilda fallet, och denna bedömning görs idag i relation till den enskildes anställning eller förvärvsarbete i en sådan angiven yrkesgrupp som innehåller arbeten som är normalt förekommande på arbetsmarknaden.[3] Begreppet rör sig mellan flera bedömningsgrunder och kan konceptualiseras ur ett individ- och samhällsperspektiv liksom utifrån fysiska, psykiska och sociala aspekter.[4] Att bedömningen sker i skärningspunkten mellan medicin och juridik gör inte saken mindre komplex. Svårigheten i bedömningen kan kanske enklast sammanfattas med: ”Att beskriva och bedöma ett begrepp som arbetsförmåga är svårt. Det är komplext, föränderligt och uppfattas på många olika sätt.”[5]

Rättstillämpande myndigheter står alltså inför en svår uppgift, i vilken flera gränsdragningsproblem aktualiseras. Den här texten avgränsar sig dock till frågan om fritidssysslornas betydelse för arbetsförmågebedömningen. Försäkringskassan konstaterar i sin interna vägledning att ”[e]n person kan få sjukpenning även om hen kan utföra uppdrag på fritiden eller, delta i olika fritidsaktiviteter. […] Men vid bedömningen av arbetsförmågan ska förmågan att utföra sådana aktiviteter vägas in.”[6] Huruvida dessa aktiviteter, som myndigheten skriver, ska vägas in är en tolkningsfråga men det kan konstateras att i praktiken inkluderas dessa aktiviteter rent faktiskt vid bedömningen av rätten till sjukpenning idag.

I Försäkringskassans vägledning avgränsas vilken typ av aktiviteter som kan omfattas och att bedömningen påverkas ”när aktiviteterna kan jämställas med ett förvärvsarbete, eller visar att den försäkrade har en arbetsförmåga som kan användas i förvärvsarbete […] Om aktiviteterna är sådana att arbetsgivaren skulle kunna tänka sig att betala lön för dem, talar det för att det är fråga om förvärvsarbete.”[7] I myndighetens beskrivning görs därmed tydliga kopplingar till förvärvsarbete och arbetsgivarens intresse för aktiviteten, vilket överensstämmer både med arbetsförmågebegreppets utformning och tidigare praxis.[8] Försäkringskassan exemplifierar sedan detta med tre domar där personerna har varit kontaktperson eller god man och ett fall där den enskilde utöver sin arbetstid vistats på arbetsplatsen under fika- och lunchpauser.[9] I de två första fallen förekommer ekonomisk kompensation för uppdragen men bara i fallet där den enskilde varit god man åt fyra personer ansågs aktiviteten påverka bedömningen av arbetsförmågan.

Frågan uppkommer inte bara vid ansökan om sjukpenning utan aktualiseras även i ärenden om återkrav av densamma.[10] I dessa fall har den enskilde under en viss period beviljats sjukpenning, för att vid ett senare tillfälle få ett nytt beslut där ersättningen återkrävs då den tidigare bedömningen har ansetts felaktig. Den enskilde behöver därmed betala tillbaka det felaktigt utbetalda beloppet. Inom mitt avhandlingsprojekt arbetar jag med ett material av domar från förvaltningsrätterna gällande återkrav av sjukpenning, vilket också är underlaget för den här texten. En av frågorna som jag undersöker i projektet behandlar vad som utgör felaktigheten i dessa ärenden och i knappt hälften av domarna beror återkravet på arbetsförmågebedömningen. I min bearbetning av materialet har jag därefter kategoriserat dessa återkrav i två underkategorier där bedömningarna i den ena berör förvärvsarbete medan de i den andra berör annat än förvärvsarbete.[11] Den här texten behandlar den senare kategorin, i vilken jag samlat de fall där den enskilde inte har förvärvsarbetat utan företagit andra aktiviteter som beroende på art eller omfattning inte klart kan ses som förvärvsarbete. I detta material rör återbetalningsskyldigheten summor mellan 12 352 och 1 340 385 kronor.

I domstolsmaterialet framträder en tillämpning gällande fritidssysslor som skiljer sig från både praxis och Försäkringskassans vägledning. I domarna förekommer det att den enskilde exempelvis har varit på offentliga platser, konsumerat eller utfört aktiviteter som inbringat marginell ekonomisk kompensation. I majoriteten av fallen samspelar dessa olika aktiviteter, och det görs i mångt och mycket en helhetsbedömning av den enskildes situation. Det går alltså inte generellt att säga att en enskild aktivitet orsakar krav på återbetalning, även om sådana fall förekommer. Samtliga personer i materialet har psykiatriska diagnoser. Även om dessa i vissa fall samspelar med somatiska diagnoser, är den arbetsförmågenedsättning som behandlas i domarna huvudsakligen baserad på den psykiska hälsan.

Vilka är då de aktiviteter som bedömts påverka den enskildes arbetsförmåga i studien? I ett fall tar domstolen fasta på att den enskilde ”regelbundet och frekvent besökt olika affärer och restauranger, ibland flera affärer på en dag.” Mannen har också regelbundet använt sin bil och bland annat besökt en stadsdelskarneval. Av domen framgår att hans behandlande läkare hade uppmanat honom att ”försöka komma utanför lägenheten och delta i olika former av samhällsliv för att vänja sig vid att möta människor och på så sätt övervinna de svårigheter han har”. De aktiviteter som han har företagit beskrivs därför av mannen själv som en del i hans egen rehabilitering, men domstolen tolkar dem i stället som bevis på arbetsförmåga. I anslutning till bedömningen skriver domstolen: ”Självklart har man även vid sjukskrivning rätt att röra sig utanför sin bostad i viss mån”. Vilken typ av aktivitet som kan anses som en godkänd aktivitet är dock oklart. Domstolen konstaterar vidare att aktiviteterna ”inte kan jämställas med ett förvärvsarbete” men menar likväl att de visar att mannen inte har någon nedsättning av arbetsförmågan. [12] Arbetsförmågan ses alltså i det här fallet kunna inkludera en lång rad aktiviteter som inte bedöms anknyta till arbetsmarknaden. En liknande bedömning görs i ett fall då en kvinna blivit återbetalningsskyldig på grund av att hon under en tiomånadersperiod vid tre tillfällen à en timme ”spelat som DJ”, ”rest både utomlands och inom Sverige samt haft många besök på restauranger och caféer.” Domstolen konstaterar även här att ”aktiviteterna i sig inte kan jämställas med ett förvärvsarbete” men att hon ändock inte har rätt till någon sjukpenning.[13]

I en annan dom beskrivs hur den enskilde ”i stor omfattning, och många gånger även under efterföljande dag, handlade varor för emellanåt stora belopp i olika butiker. […] [Hon] vistades även i stora butiker där många människor normalt rör sig”. Kvinnan hade också på uppmuntran av sin psykolog deltagit som statist vid åtta eller nio filminspelningstillfällen under en tvåmånadersperiod. Olika uppgifter förekommer gällande längden på inspelningarna men som mest skulle den sammanräknade tiden ha kunnat uppgå till 72 timmar. I sammanhanget diskuterar domstolen inte eventuell ersättning för hennes insatser som statist, men utifrån aktiviteterna bedöms det föreligga ”en avsevärd diskrepans mellan den arbetsoförmåga som beskrivits i det medicinska underlaget och de aktiviteter som hon utfört enligt Försäkringskassans utredning.”[14] Inte heller i det här fallet görs en koppling till arbetsmarknaden och arbetsförmågan tolkas som en generell förmåga.

I materialet förekommer vidare ett antal fall där den enskilde – liksom i praxis – erhållit viss ekonomisk kompensation för en aktivitet. I ett fall har personen som fritidspolitiker i sin kommun deltagit vid 15 möten som ledamot och ersättare i ett antal olika nämnder under en niomånadersperiod. Mötestiden varierade mellan 45 minuter och närmare åtta timmar, vilket motsvarade ungefär sex timmar i månaden. Arvodet för perioden var sammanlagt 43 204 kronor och omfattade även gruppsammanträden, inläsning och förberedelser men vad tidsåtgången för dessa var definieras inte. Det senare menar kvinnan att hon inte själv har genomfört, utan att hon fått hjälp av sina partikollegor. Domstolen konstaterar att ”aktiviteter som politiska uppdrag av denna karaktär kräver får anses jämförbara med arbetsuppgifter i normalt förekommande arbeten.”[15] Samtidigt använder domstolen sig av begreppen ”aktivitetsförmågor” och ”aktivitetsbegränsningar” för att beskriva diskrepansen mellan det politiska uppdraget och det medicinska underlaget vilket, trots den tidigare referensen till arbetsuppgifter, vittnar om en oklarhet i tillämpningen. Domen ger upphov till frågor om sjukskrivnas möjligheter att delta i samhällets demokratiska institutioner.

De beskrivna domarna visar att den enskildes aktiviteter inte nödvändigtvis relateras till förvärvsarbete, arbetsmarknad och frågan om huruvida en arbetsgivare skulle kunna tänka sig att betala lön för arbetsinsatsen. I stället för en bedömning av den enskildes arbetsförmåga görs snarare en bedömning av den enskildes aktivitetsförmåga. Denna förskjutning har tidigare diskuterats av Ruth Mannelqvist som betonar att det

är en tydlig skillnad mellan en allmän funktions- eller aktivitetsförmåga, vilka omfattar olika livsområden, och arbetsförmåga, som avser en särskild aktivitet i ett specifikt sammanhang, nämligen de krav som återfinns i arbete eller på arbetsmarknaden. […] en generell aktivitetsförmåga vid sjukpenning [innebär] att myndigheten infört ytterligare ett pseudo-rekvisit som saknar motsvarighet i den rättsliga regleringen. Rätten till sjukpenning ska bedömas i relation till den försäkrades förmåga att arbeta, och inte i relation till andra aktiviteter.[16]

I de domar som jag studerat är domstolen i lejonparten av fallen instämmande i Försäkringskassans bedömning av arbetsförmågebegreppet, vilket gör att glidningarna mot ett pseudo-rekvisit inte bara sker inom myndigheten utan också i domstolen. Att denna tolkning av arbetsförmågebegreppet rent faktiskt görs i tillämpningen riskerar att krympa den enskildes livsutrymme. Nuvarande rättstillämpning verkar utifrån min studie ge upphov till en rad frågor såsom: Vilka fritidssysslor kan man ägna sig åt under sin sjukskrivning? Vågar den enskilde testa aktiviteter – särskilt i de fall då behandlande läkare har föreslagit dem – för att kunna förbättra sin livssituation utan att riskera att dessa aktiviteter tolkas som arbetsförmåga? Vilket typ av socialt, politiskt och demokratiskt liv kan den enskilde ha under en sjukskrivning? Hur vi väljer att svara på dessa frågor – och därmed definiera arbetsförmåga – handlar inte bara om den enskildes situation utan också om vilken sjukförsäkring vi vill ha nu och framöver.

* Clara Bergstrand är doktorand i offentlig rätt vid Juridiska institutionen, Göteborgs universitet.

[1] 27 kap. 2 § socialförsäkringsbalk, SFB.

[2] prop. 1996/97:28, Kriterier för rätt till ersättning i form av sjukpenning och förtidspension, s. 13.

[3] 27 kap. 46-49 §§ SFB; HFD 2018 ref. 51.

[4] Ruth Mannelqvist, Arbetsförmåga i sjukförsäkringen: rätt och tillämpning, (Uppsala: Iustus, 2012), s. 12.

[5] SOU 2008:66, Arbetsförmåga? En översikt av bedömningsmetoder i Sverige och andra länder, s. 13.

[6] Försäkringskassan, Sjukpenning, rehabilitering och rehabiliteringsersättning, Vägledning 2015:1 version 19, (2024), s. 29.

[7] Ibid.

[8] Jämför HFD 2019 ref. 48.

[9] RÅ 2006 ref. 56; Kammarrätten i Sundsvall, dom 2014-02-26, mål nr 1414-13; Kammarrätten i Jönköping, dom 2015-11-19, mål nr 2553-14.

[10] 108 kap. 2 § SFB.

[11] Förvärvsarbete behandlar de situationer där den enskilde på olika sätt har varit tillbaka på en arbetsplats, arbetat och fått lön. I en vissa fall har den enskilde helt återgått till att arbetat i sin ordinarie anställning.

[12] Förvaltningsrätten i Göteborg, (SP), dom 2023-02-09 i mål nr 11383-21.

[13] Förvaltningsrätten i Göteborg, (SP), dom 2023-02-02 i mål nr 8915-21.

[14] Förvaltningsrätten i Göteborg, (SP), dom 2023-04-28 i mål nr 14015-21 och 3364-22. Se liknande fall Förvaltningsrätten i Linköping, (SP), dom 2023-06-09 mål nr 768-23 och 1066-23. Förvaltningsrätten i Stockholm, (SP), dom 2023-03-09 mål nr 14923-22. Förvaltningsrätten i Linköping, (SP), dom 2023-02-08 mål nr 8651-22.

[15] Förvaltningsrätten i Göteborg, (SP), dom 2023-03-17 mål nr 7624-22.

[16] Ruth Mannelqvist, “Kraven på läkarintyg för sjukpenning : en lagstridig begränsning av den allmänna sjukförsäkringen?”, i Mannelqvist, Ingmanson, & Ulander-Wänman (red.), Festskrift till Örjan Edström (Umeå: Juridiska institutionen, Umeå universitet, 2019), s. 343.

November 24, 2024

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

Tolkavgifter i hälso- och sjukvården – reflektioner och framåtblick efter förvaltningsrättens upphävande av Region Blekinges beslut

av Tim Holappa och Tella Liinason*

Regionfullmäktige i Blekinge beslutade den 14 februari 2024 att införa avgifter för anlitande av tolk i samband med läkarbesök för individer som haft uppehållstillstånd i Sverige i mer än två år.[1] Beslutet överklagades till Förvaltningsrätten i Växjö som efter en laglighetsprövning upphävde regionens beslut. Enligt förvaltningsrätten saknas det nödvändigt lagstöd för att ta ut avgifter för anlitande av tolk. Utöver att tolkavgifter i hälso- och sjukvården strider mot lag på det sätt som förvaltningsrätten kommit fram till menar vi att de är problematiska av flera andra skäl. Med det här blogginlägget vill vi därför problematisera tolkavgifter i hälso- och sjukvården utifrån såväl gällande nationell lagstiftning som de konsekvenser tolkavgifter i hälso- och sjukvården riskerar att få om det skulle införas på nationell nivå. Hur avgifterna förhåller sig till internationell rätt behandlas dock inte i detta blogginlägg.

1. Region Blekinges beslut och förvaltningsrättens avgörande

Region Blekinges beslut att införa tolkavgifter i hälso- och sjukvården innebar i korthet att den som har behov av tolk två år efter att ha beviljats uppehållstillstånd i Sverige (efter den så kallade etableringstiden) skulle behöva betala en avgift för att anlita tolk vid läkarbesök. Beslutet överklagades för laglighetsprövning av flera kommunmedlemmar som ansåg att beslutet stred mot lag. Förvaltningsrätten anför i sin dom att regioner enligt 3 kap. 1–2 och 6 §§ patientlagen (2014:821) och 13 § förvaltningslagen (2017:900) är skyldiga att tillhandahålla tolk i vissa situationer. Kommuner behöver enligt 2 kap. 5 § kommunallagen (2017:725) vidare lagstöd för att ta ut avgift för tjänster som de är skyldiga att tillhandahålla. Regionens beslut bestämdes med stöd av 17 kap. 1 § hälso- och sjukvårdslagen (2017:30), där det framgår att regioner får ta ut vårdavgifter. Av förarbetena till hälso- och sjukvårdslagen framgår att med vårdavgifter avses avgifter för hälso- och sjukvård, något som i 2 kap. 1 § hälso- och sjukvårdslagen definieras som åtgärder för att medicinskt förebygga, utreda och behandla sjukdomar och skador, sjuktransporter och omhändertagande av avlidna. Att anlita tolk omfattas enligt förvaltningsrätten inte av vad som är hälso- och sjukvård i hälso- och sjukvårdslagens mening. Något lagstöd för att ta ut avgifter för tolk finns inte i någon annan lag. Enligt förvaltningsrätten saknas därmed nödvändigt lagstöd för att ta ut avgifter för anlitande av tolk i hälso- och sjukvården.

2. Ett nationellt förslag om tolkavgifter har presenterats

I Tidöavtalet framgår att rätten till offentligt finansierad tolk ska begränsas och att utgångspunkten ska vara att den enskilda i första hand ska betala för tolktjänster. Om riksdagen skulle rösta för ett lagförslag med innebörden att tolkavgifter i vården ska eller får tas ut, hade inte de skäl som förvaltningsrätten lägger till grund för sin dom utgjort ett hinder för införande av tolkavgifter.

Det finns dock andra skäl till att en nationell reglering om tolkavgifter i vården skulle vara problematisk, med hänsyn till grundläggande regler och principer för hälso- och sjukvården samt skyddet mot diskriminering.

3. Tolkavgifter i hälso- och sjukvården begränsar tillgången till god vård

Enligt 3 kap. 1 § hälso- och sjukvårdslagen är målet med hälso- och sjukvården en god hälsa och en vård på lika villkor för hela befolkningen. Vården ska vidare ges med respekt för alla människors lika värde och för den enskilda människans värdighet och den som har det största behovet av hälso- och sjukvård ska ges företräde till vården. Därtill framgår av 5 kap. 1 § hälso- och sjukvårdslagen att hälso- och sjukvårdsverksamheten ska bedrivas så att kraven på en god vård uppfylls. Det innebär bland annat att vården ska vara av god kvalitet, tillgodose patientens behov av trygghet, kontinuitet och säkerhet, bygga på respekt för patientens självbestämmande och integritet, främja goda kontakter mellan patienten och vårdpersonalen samt vara lätt tillgänglig.

Att ta ut avgift för användningen av tolk begränsar tillgången till god vård på flera sätt. Studier från Danmark, där avgift för tolk i hälso- och sjukvården tagits ut sedan 2018, visar att införandet av tolkavgifter minskade användandet av tolk.[2] Detta kan bero på flera orsaker, exempelvis att personer med behov av tolk sökt vård i mindre utsträckning, sökt vård utan tolk eller låtit nära anhöriga tolka. Oavsett skäl innebär det att tillgången till god vård begränsas. Att söka vård utan att anlita tolk trots att det behövs innebär patientsäkerhetsrisker genom att patienten riskerar att inte kunna tillgodogöra sig nödvändig information. Att använda sig av anhöriga, såsom föräldrar, syskon eller barn, innebär vidare att patientens integritet inskränks, genom att information om patienten delas med den anhörige. När barn används som tolkar för sina föräldrar riskerar det dessutom att leda till negativa effekter för barnets psykiska hälsa, ökade konflikter mellan föräldrar och barn samt ökad skolfrånvaro.[3]

Tolkavgifter är också förenat med en risk för att människor kommer dra sig från att söka vård på grund av den extra kostnad som det innebär att behöva anlita tolk. Detta riskerar i sin tur att leda till att behovet av vård ökar längre fram i tiden. Om en person exempelvis undviker att söka vård hos primärvården för ett behov som skulle kunna tillgodoses där, ökar risken för att patienten behöver akutvård eller specialiserad vård senare. Ett av motiven till att ha avgifter i vården är att styra patienter till rätt vårdnivå.[4] Tolkavgifter framstår därmed även som kontraproduktiva i förhållande till syftet med avgifter i vården generellt. Sammantaget finns en överhängande risk för att tillgången till god vård, i rätt tid, begränsas genom införandet av tolkavgifter.

4. Rätten till information och informerat samtycke

Utöver kraven på god vård ska patienter enligt 3 kap. 1 och 2 §§ patientlagen bland annat få information om sitt hälsotillstånd och den vård som erbjuds. Av 3 kap. 6 § patientlagen framgår vidare att informationen ska anpassas till mottagarens ålder, mognad, erfarenhet, språkliga bakgrund och andra individuella förutsättningar, vilket enligt förarbetena innebär att tolk vid behov ska anlitas.[5] Den som lämnar informationen ska enligt 3 kap. 7 § patientlagen så långt som möjligt försäkra sig om att patienten förstår innehållet i den information som lämnas. Att patienten förstår innehållet i den information som lämnas av vårdpersonalen är också en grundbult i att patienten ska kunna samtycka till vården (4 kap. 1 och 2 §§ patientlagen).

Att vid behov anlita en tolk är därmed en förutsättning för vårdpersonal att fullgöra sina skyldigheter enligt gällande lagstiftning Att inte anlita tolk trots att det behövs för att patienten ska kunna tillgodogöra sig information innebär att vårdpersonalen inte kan fullgöra sitt ansvar att informera och inhämta samtycke. Bristen på tillräcklig information kan också ha allvarliga konsekvenser för kvaliteten på vården. Studier visar att danska läkare uppgett att tolkavgifterna försämrat kommunikationen mellan läkare och patient, vilket lett till högre risk för felaktiga eller otillräckliga diagnoser och behandlingar samt ökad förekomst av misstag i vården.[6]

5. Utgör tolkavgifter i hälso- och sjukvården diskriminering?

Regionfullmäktige i Blekinges beslut att införa tolkavgifter i vården motiverades av en vilja att öka incitamenten för personer i regionen att lära sig svenska.[7] Liknande motiv har även lyfts av Sverigedemokraterna på nationell nivå.[8] Detta syfte är problematiskt av flera skäl. För det första eftersom det antyder att tillgång till hälso- och sjukvård ska villkoras av hur väl en individ har “integrerats”. Tolk används i hälso- och sjukvården för att vårdpersonal ska ha möjlighet att ge en god vård. Vårdpersonalens möjlighet att fullgöra sitt uppdrag bör inte begränsas av politiska mål om hur snart en individ anses ska ha lärt sig svenska. Det tar heller inte hänsyn till de individuella skäl som kan ligga bakom det faktum att individen är i behov av tolk.

För det andra saknas det stöd för att språkkunskaper skulle öka som ett resultat av tolkavgifter. Oavsett om syftet i sig skulle anses lämpligt finns det därmed inget som talar för att åtgärden är ändamålsenlig.

Det forskning däremot visar är dock, som nämnt ovan, att tolkavgifter leder till sämre tillgång till vård, sämre vårdkvalitet och att patienter som behöver tolk i högre grad söker sig till fel vårdnivå. Även i de fall patienter skulle välja att betala för tolk och uppsöka vård i samma utsträckning som tidigare innebär det ofrånkomligen en ytterligare kostnad för denna grupp av patienter. Oavsett hur en enskild patient väljer att förhålla sig till tolkavgiften får det således till följd att de som behöver tillgång till tolk för att tillgodogöra sig vård hamnar i en jämförbart sämre position än patienter som inte behöver tolk.

Att utsättas för särbehandling på grund av sin språkliga förmåga är att anse som indirekt diskriminering som har samband med etnicitet, förutsatt att övriga rekvisit i diskrimineringslagen är tillämpliga. Typiskt sätt är det nämligen vissa etniska grupper som skulle drabbas av avgiften, även om beslutet i och för sig kan anses neutralt i förhållande till diskrimineringsgrunderna.[9]

Diskriminering är förbjuden inom hälso- och sjukvård och annan medicinsk verksamhet. Om en patient i det enskilda fallet drabbas av sämre vård eller särskilda avgifter på grund av sin tillhörighet till en viss diskrimineringsgrund, träffas detta av förbudet.[10] Att en patient som behöver tolk åläggs en avgift framstår därmed kunna utgöra indirekt diskriminering i ett enskilt fall.

Utöver diskrimineringslagen finns det även ett skydd mot diskriminering i grundlagen. Bestämmelsen syftar till att förbjuda stiftandet av lag eller annan föreskrift som innebär att någon missgynnas därför att han eller hon tillhör en minoritet med hänsyn till bland annat etniskt ursprung. Om ett lagförslag om tolkavgifter i vården skulle anses strida mot stadgandet i regeringsformen hade det därmed ytterst kunnat bli en fråga om lagprövning.

* Tim Holappa är jur. dr i offentlig rätt och postdoktor vid KTH, Kungliga Tekniska Högskolan och Tella Liinason är jur. kand. och jurist vid Civil Rights Defenders. Tim har i egenskap av kommunmedlem i Region Blekinge överklagat det aktuella beslutet för laglighetsprövning. Tim har utöver detta inga ekonomiska eller personliga intressen i tvisten. Tella är i egenskap av jurist vid Civil Rights Defenders ombud för en av de kommunmedlemmar som överklagat beslutet. Inte heller Tella har några ekonomiska eller personliga intressen i tvisten.

[1] Beslutet har kommenterats tidigare på denna blogg av Moa Engstam, se https://healthlawsweden.blogg.lu.se/2024/08/29/tolkavgifter-i-varden-satter-normgivningsmakten-stopp/

[2] Camilla Michaëlis, Allan Krasnik, Marie Norredam, Introduction of user fee for language interpretation: effects on use of interpreters in Danish health care, European Journal of Public Health, Volume 31, Issue 4, August 2021, Pages 705–707, https://doi.org/10.1093/eurpub/ckaa254

[3] Charles Hui, Access to appropriate interpretation is essential for the health of children, Paediatrics & Child Health, Volume 29, Issue 1, February 2024, Pages 43–45, https://doi.org/10.1093/pch/pxad054

[4] Prop. 1996/97:1, s. 11.

[5] Prop. 2013/14:106, s. 118.

[6] Danish Medical Association and The Danish Institute for Human Rights. Egenbetaling for tolkebistand – Laegers erfaringar med ordningen (User Fee for interpreter services in the Danish Health service – Doctors’ experiences with the scheme). The Danish Institute for Human Rights, 2019, s. 32. Tillgänglig: Egenbetaling for tolkebistand (menneskeret.dk).

[7] SVT Nyheter (14 februari 2024). Beslut i dag: Region Blekinge kan bli först med tolkavgifter | SVT Nyheter

[8] Läkartidningen (27 juni 2024). Läkare och SD:s gruppledare möttes i debatt om tolkavgifter inom vården (lakartidningen.se)

[9] Se DO:s beslut 2022-05-10, dnr TIL 2020/53 samt Arbetsdomstolens domar i målen AD 2002 nr. 128, AD 2005 nr. 98, AD 2007 nr. 45 och AD 2008 nr. 47 och prop. 2007/08:95 s. 492 f.

[10] Prop. 2007/08:95 s. 522.

October 26, 2024

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

New Abortion Regulation on the Horizon in Denmark

Janne Rothmar Herrmann*

As the right to autonomy has been rolled back with the overturn of Roe v. Wade in the US, a societal and political discourse on liberty and the basic freedom of women to decide over their own bodies sparked new debate on the issue of abortion in Denmark. The fact that rights could be rolled back in this way raised concern across the political spectrum, and especially two political parties[1] urged the Danish Council of Ethics to consider an amended week limit for access to on-demand abortion.[2] Furthermore, a legal research project has presented to the Danish Parliament’s Health Committee a number of identified concerns in the administrative practice of late-term abortions.[3] At the same time, compared to the other Nordic countries, the Danish regulation increasingly stood out as conservative and outdated. Sweden already had a limit of 18 weeks, Iceland had raised it to 22 weeks, and Norway had just appointed an expert group to consider new regulation of late-term abortion as well as a possible change of the abortion limit.

While Denmark was one of the first countries in the Western world to adopt free, on-demand abortion as an entitlement, Danish abortion legislation is very rarely amended, and it is the first time in more than 50 years that major changes will happen.

As the Danish Parliament opens the new parliamentary year in October, it is expected that a revision of the Health Act’s provisions on abortion will feature on the government’s agenda of Bills to be put to Parliament this season. The expected Bill will, once adopted, put into law the political agreement finalized in May 2024.[4] What legal changes are expected?

A new 18-week limit for on-demand abortion

In line with the limit in Sweden and the newly proposed limit in Norway,[5] Denmark will adopt an 18-week limit for on-demand abortions. The political agreement states that ever since 1973 the right to abortion has been regarded as a basic women’s right. This in itself marks a more explicit focus on women’s autonomy as the basis for a right to abortion.

While the right to autonomy certainly featured in the public debate leading up to the adoption of the 1973 liberalization of the abortion act, the preparatory remarks of the time had a predominant focus on women’s lives and safety. Recognizing that abortions took place irrespective of their legality, it was better to make abortion legal and safe, sparing husbands and children from losing their wife and mother to clandestine, unsafe, illegal abortions performed by back street abortionists on kitchen tables. The coming amendment of the abortion limit is thus founded on the desire to modernize the regulation. This also applies to the underlying scientific basis, which featured heavily in the original reasoning for the 12-week limit. There is no longer scientific evidence for increased risks associated with abortions after week 12 compared to week 18. The regulation will also be modernized in terms of the woman’s age. Currently, a woman must be 18 years old to have competency for autonomy in relation to abortion, which is in contrast to the Health Act’s general 15-year limit for autonomy in health care. The new regulation will lower the age limit to 15 years for abortion.

A more transparent and uniform administration of abortion cases

Whereas women must currently apply to a regional abortion council to be permitted an abortion after week 12, the political agreement leaves the regional system behind in recognition that there were considerable regional differences in the administrative practice.[6] A new national abortion council will be competent to authorize abortions after week 18 based on the indications in the law, which remain unchanged. However, it is the clear intention of the agreement that the rule of law in this area be strengthened, which also coincides with a relatively new practice of publishing anonymized decisions,[7] something that had been criticized in legal literature for not being in compliance with human rights obligations.[8]

The bigger picture

The expected Bill is based on three political agreements between the government and a number of political parties. The agreement has been split into three separate documents reflecting that some parties, for example, could agree to a raised week limit but not to lower the age limit to 15 years. Nonetheless, it is important that the week limit is broadly supported across different political parties, which was also the express intention of those governmental parties that were perhaps in favour of an even higher limit to secure that going forward, the abortion limit would have political stability and not face changes every time the balance of parliamentary power tipped.

The new and more explicit positioning of autonomy as the main reason for updating abortion regulation mirrors that autonomy in health care is increasingly the motive behind regulatory changes. In a few months, a working group appointed by the government to consider a more dignified death will offer reflections on a possible increased scope for autonomy in dying, while political parties have hinted that increased access to fertility treatment is also expected to be a focal point. Both reflect on the fact that autonomy in health care is an argument that has received increased traction both in society and in the Danish Parliament.

* Janne Rothmar Herrmann is Professor at the Faculty of Law, University of Copenhagen.

[1] https://jyllands-posten.dk/politik/ECE14274012/enhedslisten-og-venstre-aabner-nu-for-foelelsesladet-diskussion-om-hoejere-graense-for-abort-vi-oplever-en-antiwoke-og-ultrakonservativ-bevaegelse/

[2] https://www.ft.dk/samling/20061/almdel/uer/bilag/12/359392.pdf

[3] https://www.ft.dk/samling/20211/almdel/SUU/bilag/329/2593993.pdf and Annika Frida Petersen & Janne Rothmar Herrmann: Abortsamrådenes hemmelige liv: Praksisanalyse af en Black Box forvaltning, Ugeskrift for Retsvæsen U.2021B.190.

[4] https://www.regeringen.dk/nyheder/2024/nye-politiske-aftaler-om-abort-styrker-kvinders-selvbestemmelse/

[5] https://www.regjeringen.no/no/aktuelt/regjeringen-legger-fram-forslag-til-ny-abortlov/id3051033/

[6] See Annika Frida Petersen & Janne Rothmar Herrmann: Abortsamrådenes hemmelige liv: Praksisanalyse af en Black Box forvaltning, Ugeskrift for Retsvæsen U.2021B.190.

[7] https://stpk.dk/afgorelser-og-domme/resumeer-af-afgorelser-fra-abortankenaevnet/

[8] Annika Frida Petersen & Janne Rothmar Herrmann: Abortsamrådenes hemmelige liv: Praksisanalyse af en Black Box forvaltning, Ugeskrift for Retsvæsen U.2021B.190.

September 4, 2024

Health Law Sweden Blog

This entry was posted in

Posts

Comments

0 Comments Leave a comment

Tolkavgifter i vården – sätter normgivningsmakten stopp?

av Moa Engstam*

Tolkavgifter: En uppmärksammad fråga

De senaste åren har tolkavgifter i svensk vård varit föremål för debatt. Diskussionerna tog fart efter offentliggörandet av Tidöavtalet. I avtalet återfinns nämligen en plan för att begränsa rätten till offentligt finansierad tolk för personer med uppehållstillstånd eller svenskt medborgarskap.^[1] Utgångspunkten är att den enskilde ska bekosta sin egen tolk.^[2] Syftet med förslaget uppges vara att sänka kostnaderna för tolkanvändning och ge incitament till personer att lära sig svenska.^[3] Vårdpersonal har öppet riktat skarp kritik mot förslaget, vilket de menar riskerar att försämra liv och hälsa för patienter och leda till att patientsäkerheten försämras.^[4]

I februari 2024 röstade Region Blekinge genom ett beslut som innebar att en tolkavgift skulle införas vid läkarbesök, och att avgiften skulle tas ut som ett tillägg på patientavgiften.^[5] Beslutet har överklagats och inhiberats av förvaltningsrätten i Växjö i avvaktan på en slutlig dom.^[6] Detta innebär att beslutet inte har kunnat verkställas.

Den grundläggande frågan är hur väl beslutet respektive förslaget överensstämmer med nuvarande svensk lagstiftning. I detta blogginlägg analyseras denna frågat med hänsyn till den svenska normgivningsmakten.

Tolkavgiften: En betungande offentligrättslig avgift?

I 8 kap. regeringsformen (1974:52, RF) står att läsa om normgivningsmakten i svensk rätt, det vill säga hur föreskrifter får utfärdas, samt vem som får utfärda dem. Anledningen till att det finns en fördelning av normgivningsmakten har enligt lagstiftaren varit en strävan efter att normgivning inom de för medborgarna viktigaste områdena endast ska utövas av riksdagen. Därutöver har den offentliga debatten kring lagförslag framhävts. Argumentet är att särskilt viktiga frågor måste kunna vara föremål för debatt.^[7]

Områden där föreskrifter behöver meddelas enligt lag, men andra ord av riksdagen, räknas upp i 8 kap. 2 § RF: detta utgör det primära lagområdet. Ett sådant område är betungande offentligrättsliga föreskrifter, se 8 kap. 2 § punkt 2 RF. Det gäller med andra ord föreskrifter som avser förhållandet mellan enskilda och det allmänna och som innebär skyldigheter för enskilda eller i övrigt avser ingrepp i enskildas personliga eller ekonomiska förhållanden. I förarbetena beskrivs att om

den enskilde ”rättsligt eller faktiskt kan anses vara tvingad att erlägga avgiften”^[8] tyder detta på att det rör sig om en betungande offentligrättslig avgift.

Hur kan det då avgöras huruvida något är en betungande offentligrättslig föreskrift? Strömberg menar att avgifter för myndigheters prestationer vid myndighetsutövning, särskilt åtgärder mot enskilda, är betungande.^[9] Myndighetsutövning innebär offentlig verksamhet där myndigheter självständigt fattar beslut som representerar samhällets inflytande över medborgarna och som medför positiva eller negativa rättsverkningar, främst gällande enskildas skyldigheter eller ingrepp i deras frihet eller egendom. Därigenom går det att uttyda att den enskilde befinner sig i ett slags beroendeförhållande gentemot myndigheten.^[10]

Det finns följaktligen goda skäl att se avgift för tolk som en betungande offentligrättslig avgift. Tolken används av vårdpersonal på grund av skyldigheter enligt hälso- och sjukvårdslagstiftningarna; det är således inte tal om någon rätt för patienten att erbjudas tolk.^[11] Detta innebär att frivillighetsaspekten kan ifrågasättas. Anta att en person som söker vård på en vårdcentral har svårt att kommunicera och att sjuksköterskan därför bestämmer sig för att ha med en telefontolk under samtalet med patienten. Har patienten i detta fall någon reell möjlighet att vägra tolk utan att det kraftigt försämrar chanserna att kunna göra sig förstådd och få lämplig behandling? Personen befinner sig snarare i ett slags beroendeförhållande till vårdpersonalen, som i sin tur är berättigad att bestämma om tolkanvändningen. Det är därför rimligt att se bedömningen som en form av myndighetsutövning som utövas mot personen.

Offentligrättsligt betungande avgifter kan tas ut av region eller kommun efter bemyndigande från riksdagen enligt 8 kap. 9 § RF. Därmed kan exempelvis region Blekinge inte bestämma om tolkavgifter självständigt utan att först ha fått ett bemyndigande, förutsatt att tolkavgiften anses vara en offentligrättslig betungande avgift.

Tolkavgiften om den inte klassificeras som en offentligrättslig betungande avgift

Vad gäller om avgiften inte ses som en offentligrättsligt betungande avgift? I och med det kommunala självstyret har regionen rätt att själv ta hand om angelägenheter av allmänt intresse som har anknytning till regionens område eller deras medlemmar enligt 2 kap. 1 § kommunallagen (2017:725, KL), och detta ger dem möjlighet att bland annat ta ut vissa avgifter. Holmberg et al. har kategoriserat de kommunala avgifterna enligt följande: ”tvångsmässiga offentligrättsliga avgifter […], frivilliga offentligrättsliga avgifter […] och övriga frivilliga avgifter”.^[12]

De tvångsmässiga (eller betungande) offentligrättsliga avgifterna kan, som beskrivits ovan, tas ut först efter bemyndigande. För de tjänster eller nyttigheter som regionerna eller kommunerna är skyldiga att tillhandahålla får avgifterna dock endast tas ut med lagstöd enligt 2 kap. 5 KL. Ett exempel på ett sådant bemyndigande återfinns i 17 kap. hälso- och sjukvårdslagen (2017:30, HSL), där regioner ges rätt att ta ut vissa avgifter inom hälso- och sjukvården (mer om detta i det följande).

2 kap. 5 § KL innebär även att föreskrifter om frivilliga offentligrättsliga avgifter, det vill säga prestationer som den enskilde frivilligt tar i anspråk men som utgör obligatorisk verksamhet för kommun/region, fortsatt behöver meddelas genom lag.^[13] Det är åligganden för regioner och kommuner som i enlighet med 8 kap. 2 § punkt 3 RF regleras i lag. I förarbetena anges avgifter inom sjukvården som ett exempel på en sådan avgift.^[14]

För övriga frivilliga avgifter kan regioner och kommuner ta ut avgifter med stöd av 2 kap. 5 § KL, utan bemyndigande eller lagstöd. Inom denna avgiftstyp faller avgifter för ”frivilliga uppgifter som tillhandahålls inom ramen för en obligatorisk verksamhet”.^[15] Detta är tjänster som tillhandahålls inom en obligatorisk verksamhet men som inte i sig ingår i eller utgör en del av den obligatoriska uppgiften. Det har dock uppmärksammats hur likställighetsprincipen, som uttryckligen specificeras i 2 kap. 3 § KL, innebär gränser för regioner och kommuners möjlighet att finansiera verksamheter genom avgifter. Principen medför att avgifter ska bestämmas till lika belopp för liknande prestationer, och att avgifter inte får införas om vissa kommunmedlemmar gynnas eller missgynnas. Undantaget är exempelvis lägre avgifter för grupper som genomsnittligt sett har begränsad betalningsförmåga, som till exempel barn och pensionärer.^[16]

Frågan är om tolkavgifter ska definieras som frivilliga offentligrättsliga avgifter eller övriga frivilliga avgifter? För att avgöra vilken typ av avgift det rör sig om måste det först fastställas om tolktjänsten är en del av den obligatoriska hälso- och sjukvårdsverksamheten som regionen tillhandahåller, eller om den är en frivillig uppgift som tillhandahålls inom hälso- och sjukvården. Det finns visserligen inte något lagstadgat krav på att använda språktolkar enligt hälso- och sjukvårdslagstiftningen. Trots detta kan vårdgivarens skyldigheter inte efterlevas utan tolkanvändning i vissa fall. Det skulle innebära bland annat att kraven på god vård inte uppfylls, att patienten inte fick individuellt anpassad information samt att patienten i många fall inte skulle kunna ge ett informerat samtycke. Enligt en enkätundersökning utförd av Litins’ka 2020 använder en majoritet av Sveriges regioner språktolkar, vilket tyder på att regionerna uppfattar att sådana krävs för att efterleva hälso- och sjukvårdslagstiftningen.^[17]

Därutöver kan en jämförelse med fallet RÅ 1984 2:61 göras. Fallet tydliggjorde att kommuner inte kan ta ut avgifter för nyttigheter eller tjänster som är en nödvändig del av och en förutsättning för att kunna ta del av en obligatorisk verksamhet. Syftet med tolktjänsten är att den ska vara ett nödvändigt komplement för att skapa en fungerande hälso- och sjukvård. Därigenom torde tolktjänsten inte kunna anses ”frivillig” på sådant sätt att avgiften utgör en frivillig uppgift som tas ut i hälso- och sjukvården; snarare är tolktjänsten en del av den obligatoriska verksamheten som behövs för att säkerställa vårdgivarens skyldigheter.

Utöver detta skulle avgiften, även om den ansågs vara en frivillig avgift, kunna anses strida mot likställighetsprincipen: en viss patientgrupp missgynnas genom att deras vårdbesök blir dyrare på grund av en omständighet som vårdpersonalen har mandat att bestämma över. Detta bör även ses i jämförelse med de kostnadsfria tolktjänster som i enlighet med 8 kap. 7 § HSL tillhandahålls för döva, dövblinda och hörselskadade. Då det rör sig om lika prestationer bör det i enlighet med likställighetsprincipen innebära liknande kostnader, det vill säga i det här fallet inga.

Huruvida tolkavgifter kan tas ut genom patientavgifter

I fallet med region Blekinge anser regionen dock att den genom bemyndigandet i 17 kap. HSL har rätt att ta ut tolkavgifter som en höjning av patientavgiften.^[18] Detta innebär att regionen uppfattar att det redan finns lagstöd för att ta ut avgiften. Patientavgifter får, i enlighet med 8 § förordning (1984:908) om vissa statsbidrag för sjukvård med mera, avse bland annat besök eller rådgivning per telefon med läkare och annan sjukvårdande behandling som ombesörjs av sjukvårdshuvudmannen. För besök omfattas samtliga åtgärder vid besöket, inräknat läkemedelsförskrivning, provtagning för klinisk laboratorieundersökning och utfärdande av läkarintyg. Närmare bestämning av vad som får omfattas av patientavgiften saknas. Det huvudsakliga syftet med patientavgifter har traditionellt sett inte varit som finansieringskälla för regionerna. De finns till för att styra patienter till rätt vårdnivå, motverka överkonsumtion och öka kostnadsmedvetenheten.^[19] Ett gemensamt drag är med andra ord att de fungerar som styrinstrument.^[20]

Inom den öppna hälso- och sjukvården i Sverige är avgiftssystemet i princip avreglerat, vilket medför att det är tillåtet att ha differentierade avgifter. Detta innebär att det bland annat är tillåtet med olika avgifter för besök på vårdcentral respektive specialistmottagning.^[21] Emellertid måste målet om vård på lika villkor för hela befolkningen, vilket ställs upp i 3 kap. 1 § HSL, beaktas vid avgiftssättningen. Möjligheten att erhålla vård ska nämligen inte påverkas av patientens betalningsförmåga.^[22] Som tidigare beskrivits ska även likställighetsprincipen tas i beaktande.

Kan tolkavgifter då tas ut genom bemyndigandet enligt 17 kap. HSL? Som beskrivits ovan omfattas i begreppet ”samtliga åtgärder” vid läkarbesök och annan sjukvårdande behandling. I uppräkningen av exempel på åtgärder som faller under begreppet går att se hur dessa är tydligt kopplade till själva vårdutövandet. Det är exempelvis åtgärder som läkare kan behöva vidta inom ramen för besöket för att kunna göra en välgrundad medicinsk bedömning. Inga sådana exempel liknar dock tolktjänsten. Tolk används istället för att vårdpersonalen ska kunna förmedla information på ett korrekt sätt och förstå patienten. Tjänsten bör därför främst ses som ett komplement eller hjälpmedel för att tillgodose de krav som återfinns i hälso- och sjukvårdslagstiftningarna för den specifika vårdsituationen.

Ett motargument vore att hävda att termen ”samtliga” är så pass bred att den trots allt innefattar tolktjänster. Därför kan en mer övergripande teleologisk tolkning göras, varvid ändamålet med patientavgifterna samt normgivningsmaktsfördelningen tas som utgångspunkt. Syftet med patientavgifter har som sagt främst varit att styra vårdkonsumtionen. Avgiftens funktion som finansieringskälla är därmed sekundär. Att ta ut en förhöjd patientavgift för språktolk uppfyller därför inte det primära syftet. Som tidigare beskrivits är tolktjänsten inget som patienter har rätt att utkräva. Det syfte som angivits för att införa tolkavgifter skulle på sin höjd kunna ses som ett styrinstrument vilket styr bort från hälso- och sjukvården.^[23] Därutöver finns andra aspekter att ta hänsyn till. Om exempelvis liknande vårdbesök blir dyrare för en del av befolkningen uppfylls inte målet om vård på lika villkor för hela befolkningen.

Därutöver kan det bakomliggande syftet med normgivningsmaktsfördelningen i Sverige vara relevant att ta upp. Poängen med att normgivningen inom vissa områden är reserverad för riksdagen är att särskilt viktiga frågor ska beslutas av de främsta företrädarna för folket och att dessa frågor får det utrymme för offentlig debatt som skapas i och med lagförslag. Typexemplet för en sådan offentlig debatt är just tolkfrågan; som tidigare nämnt har förslaget om tolkavgifter gett upphov till omfattande diskussioner i media, där bland annat vårdpersonal uttryck stark kritik och varnat för de befarade konsekvenserna av förslaget. Den offentliga debatten, och opinionen som därigenom skapas, kan förhoppningsvis påverka politikernas beslutsfattande, och i slutändan resultera i lagstiftning som bättre speglar samhällets värderingar och behov. När beslut istället fattas på regional nivå riskerar denna offentliga debatt att delvis utebli, bland annat då besluten påverkar en mindre del av befolkningen, vilket innebär att även viktiga frågor inte blir föremål för samma grad av offentlig debatt och granskning som de fått på nationell nivå.

Det förefaller mot bakgrund av en ändamålstolkning av normgivningsmakten egendomlig att klassificera en regions uttagande av tolkavgifter (som i annat fall tycks vara något inom det primära lagområdet) som en del av den redan bemyndigade patientavgiften. Det beslut som Region Blekinge tog, att införa tolkavgift genom en höjning av patientavgiften, framstår snarast som ett kringgående av RF:s bestämmelser.

Slutord

Det är svårt att se att en region självständigt skulle kunna besluta om att införa tolkavgifter med hänsyn till normgivningsmakten. Tolkavgiften bör, på grund av sitt syfte, i första hand ses som en betungande offentligrättslig avgift, vilket innebär att regionen inte får ta ut avgiften utan ett bemyndigande från riksdagen eller ett lagstöd. I annat fall bör tolkavgifter klassificeras som frivilliga offentligrättsliga avgifter. En sådan avgift behöver lagstöd, vilket innebär att regionen inte självständigt kan besluta om att ta ut en sådan avgift. Dock saknas stöd för att tolkavgiften kan klassificeras som en frivillig avgift (det vill säga en sådan avgift regionen kan ta ut utan lagstöd eller bemyndigande), bland annat med hänsyn till att tolktjänsten är en nödvändig del av och en förutsättning för att även icke-svensktalande personer ska kunna få god vård och för att sjukvårdspersonalen ska kunna uppfylla kraven i hälso- och sjukvårdslagstiftningen. Även om tolkavgiften klassificeras som en frivillig avgift kan likställighetsprincipen sätta stopp för regionens möjlighet att ta betalt för tolktjänster.

Tolkavgiften inryms inte heller inom ramen för de patientavgifter som svenska regioner redan är bemyndigade att ta ut. En ändamålstolkning av såväl patientavgifter som normgivningsmakten signalerar därför att patientavgifterna inte bör innefatta avgifter för sådana tjänster och att beslut om tolktjänster bör vara lämnade åt riksdagen snarare än enskilda regioner.

* Moa Engstam, jur. kand (Lunds universitet). Detta inlägg bygger på Moas examensarbete “God vård utan tolk? En undersökning av skyldigheterna att tillhandahålla tolk till personer som inte behärskar svenska i hälso- och sjukvården” (2024).

^[1] I Tidöavtalet står det uttryckligen “uppehållstillstånd och svenskt medborgarskap”. Dock klargörs att det ska övervägas om personer med uppehållstillstånd ska behöva betala avgift för tolk efter att en viss tid förflutit sedan personen beviljats uppehållstillstånd.

^[2] Se ”Tidöavtalet: Överenskommelse för Sverige” (2022) s. 47, Sverigedemokraterna & Moderaterna & Kristdemokraterna & Liberalerna.

^[3] Se Mellgren, Fredrik ” Tidöpartier vill införa tolkavgift” Svenska Dagbladet (2023-02-27).

^[4] Se exempelvis Ström, Marie ”Tusentals vårdanställda protesterar mot flera av förslagen i Tidöavtalet” Läkartidningen (2022-12-21) ; Torkelsson, Anna-Cajsa ”Kritik mot Tidöavtalet från politiker och läkare: »Ställer inte upp på det«” Läkartidningen (2022-10-17); Schröder, Emil ”Vårdprofessioner visar enad front mot förslag i Tidöavtalet” Dagens medicin (2023-04-18); Chamy, Christy ”Tolkförslag kritiseras: ”Riskerna oacceptabla utifrån svensk

lag”” Dagens nyheter (2022-10-25).

^[5] Region Blekinge (2024-02-15) “Pressmeddelande: Ändrade avgifter i vården införs den 28 mars”.

^[6] Förvaltningsrätten i Växjö, beslut meddelat 2024-03-14 i mål nr 578–24.

^[7] SOU 2008:42 ‘Normgivningsmakten’ s. 29

^[8] Prop. 1973:90 ‘Kungl. Maj:ts proposition med förslag till ny regeringsform och ny riksdagsordning m. m.’ s 218

^[9] Strömberg, Håkan (1999) s. 81. Normgivningsmakten enligt 1974 års regeringsform, 3 uppl., Lund: Juristförlaget i Lund.

^[10] Prop. 2016/17:180 ‘En modern och rättssäker förvaltning – ny förvaltningslag’ s. 50; von Essen, Ulrik (2022) s. 84 Förvaltningsrättens grunder, 5 uppl., Stockholm: Norstedts juridik.

Strömberg, Håkan och Lundell, Bengt (2022) s. 20 Allmän förvaltningsrätt. 28 uppl., Stockholm: Liber.

^[11] Denna aspekt kan dessvärre inte avhandlas närmare i detta inlägg av utrymmesskäl.

^[12] Holmberg, Stjernquist, Isberg, Eliason och Regner (2015). Grundlagarna: RF, SO, RO, kommentar till 8 kap. ”Introduktion” och 8 kap. 8 § RF, JUNO ver. 3.

^[13] Ibid.

^[14] Prop. 1993/94:188 ‘Lokal demokrati’ s. 80

^[15] Ibid.

^[16] Sahlin, Jan (2006) s. 247 f. Hälso- och sjukvårdslagen: med kommentarer, 7 uppl., Stockholm: Norstedts juridik.

^[17] Litins’ka, Yana (2021) ”Climbing the Tower of Babel: Obligations for Swedish Healthcare to Use Interpretation Services for Migrants” i Nordisk socialrättslig tidskrift, (27-28) 2021, s. 169 – 174.

^[18] Förvaltningsrätten i Växjö, beslut meddelat 2024-03-14 i mål nr 578–24.

^[19] Prop. 1996/97:1 ‘Förslag till statsbudget för budgetåret 1997, m.m.’ Utgiftsområde 9 s. 11; SOU 2012:2 ‘Framtidens högkostnadsskydd i vården’ s. 26; Rönnberg, Lena (2011) s. 283 Hälso- och sjukvårdsrätt, 3 uppl., Lund: Studentlitteratur.

^[20] SOU 2012:2 ‘Framtidens högkostnadsskydd i vården’ s. 24.

^[21] SOU 2019:42 ‘Digifysiskt vårdval – Tillgänglig primärvård baserad på behov och kontinuitet’ s. 152 f.; Sverne Arvill, Ebba & Printz, Anders & Johnsson, Lars-Åke (2024) s. 257 f. Hälso- och sjukvårdslagen : Med kommentarer, 12 uppl:, Stockholm: Norstedts Juridik.

^[22] Prop. 1981/82:97 ‘om hälso- och sjukvårdslag, m.m.’ s 28 ; SOU 1995:5 ‘Vårdens svåra val’ s. 90

^[23] Jämför fotnot 3.

August 29, 2024

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

A new end-of-life case before the ECtHR – Can ALS patients be excluded from legal end-of-life decisions?

by Péter Stánicz*

1. Introduction

In 2022, in Sweden, media attention was given to the case of Staffan Bergström, a medical doctor who helped a man with Amyotrophic Lateral Sclerosis (ALS) to end his life with medication and lost his licence to practice medicine as a result of such actions. Similar problems are of critical interest internationally and have recently been reviewed by the European Court of Human Rights (ECtHR) in Dániel Karsai v. Hungary.

Dániel Karsai, a well-known Hungarian human rights lawyer, was diagnosed with ALS, an incurable neurodegenerative illness. Hungarian legislation denied him the possibility of medical assistance to end his life, and Mr. Karsai alleged that the absence of end-of-life assistance for persons with disabilities should be considered discriminatory and violates the right to privacy. In its judgment from 13 June 2024, the majority of the ECtHR did not find that Hungary violated the Convention. In this blog post, I will spotlight the issues brought to the attention by the case and the judgment of the Court. At the time of writing, work is underway on a request for the Grand Chamber to reopen the hearing.

2. Diagnosis of an incurable illness: Preparing for the unthinkable

ALS is a moto-neuron disease that destroys the neurons moving the muscles and, consequently, causes the atrophy of the muscles, gradually leading to complete paralysis. In the last stage of the illness, the loss of respiratory functions inevitably leads to death because of a respiratory collapse. This final stage is preceded by a long interval of immense suffering: far before losing the ability to breathe, the patient experiences a complete loss of most of the bodily functions; they are unable to move, sit, eat or speak. ALS patients do not usually need life-sustaining (e.g. mechanical ventilation) treatment until the very final phase. As it stands, the disease is incurable.

The illness does not necessarily affect cognitive capabilities. Therefore, persons affected by ALS can experience the decay of body functions with the often intact minds, being aware of what is happening to them and also of what will inevitably happen to them. This feeling of inevitable death is often characterised as ‘existential dread’ or ‘existential suffering’.[1]

3. A short summary of relevant Hungarian law

Under Hungarian law, only end-of-life decisions linked to refusal of medical treatment are available.[2] This means that a person can refuse life-saving or life-sustaining treatment and that the person’s death will take place due to treatment restriction (withdrawal of ongoing treatment or abstaining from beginning the treatment). This can be called an on-the-spot refusal, compared to an advance directive.[3]

Hungarian law also prescribes advance directives vis-a-vis medical decisions.[4] In the advance directive, life-sustaining treatment can be refused under the same conditions as the on-the-spot refusal. However, there is one additional case: in an advance directive, a person may refuse lifesaving and life-sustaining treatment if he has an incurable disease and is unable to care for himself physically as a consequence of the disease or suffers pain that cannot be eased with appropriate therapy.

An incurably ill person unable to care for himself has the right to decide about shortening his life in Hungary. This end-of-life decision can only be made if the person requires life-sustaining treatment. Physician-assisted dying (euthanasia or assisted suicide) is illegal in Hungary. Hungary also criminalises physician-assisted dying with an extraterritorial effect. This means that if a person with ALS were to travel to a country where physician-assisted dying is legally allowed, any family members or friends accompanying the person would be criminally liable for suicide assistance.[5] The healthcare professionals providing end-of-life services would also be criminally liable under Hungarian law.[6]

4. Mr. Karsai’s application to the European Court of Human Rights

Dániel Karsai concluded that under Hungarian law, he would have no control over the end of his life, including the quality of life he considers dignified.

As the description provided in the sections above indicates, ALS patients require life-sustaining treatment at a late stage of their illness when their physical capabilities have long disappeared.[7] Incurably ill persons who are unable to care for themselves have a legal option in Hungary to shorten their lives by refusing life-sustaining treatment. ALS patients, by the nature of their illness, are excluded from this option.

To provide an example, a patient with small-cell lung or pancreatic cancer can opt for chemotherapy to slow down the disease or refuse treatment and hasten the death. An ALS patient’s end-of-life phase differs from these end-of-life cases, because the option of hastening the death is not available and the period of suffering while not requiring life-sustaining treatment is usually longer than for other incurably ill persons.

The two groups of patients are in a relevantly similar situation. Both groups are suffering from similarly terminal illnesses; they are going through similar agony, yet they are treated differently: only patients requiring life-sustaining treatment are allowed to shorten their suffering.

In his application, Dániel Karsai focused on the discriminatory nature of Hungarian legislation, the unjustified distinction between incurably ill persons who require life-sustaining treatment from an early stage of their illness, and those, who do not.

In its previous case law, the Court has considered that modern medicine is able to sustain and extend vital functions and biological life until the extremes, thus, many people are concerned that they could be forced to linger on, connected to machines, without any control over their situation.[8] In the Pretty case, the Court was “not prepared to exclude” an interference with the right to respect for private life, opening the door for such applications under private life (Article 8 of the Convention).[9] In the Haas-case, the Court moved forward and acknowledged the individual’s right to decide how and at which point their life should end, if it is based on an informed, voluntary decision free of undue influence.[10]

The core of Mr. Karsai’s application is that by excluding him from all lawful end-of-life decisions, the Hungarian State condemns him to immense suffering, forcing him to be the silent observer of his own life, deprived of the opportunity to decide about the life quality he deems dignified.

5. Decision of the Chamber and dissenting opinion

The Chamber found no violation vis-à-vis Mr. Karsai’s fundamental rights by 6 to 1 votes on 13 June 2024 (Dániel Karsai v Hungary, Application no. 32312/23).

The decision’s central argument was that Mr. Karsai has not contested that high-quality palliative care is available to him in Hungary, which would be suitable to ease his suffering.

The Court upheld that everyone has the right to choose the time and manner of their death, as it falls under the right to private life. The Court also noted that a European trend can be observed towards legalising a wider range of end-of-life decisions. Nevertheless, the Court reiterated its previous opinion that the regulation of end-of-life decisions falls under the states’ margin of appreciation.

The decision cited that the right to refuse or request discontinuation of medical treatment in end-of-life situations was inherently connected to the right to free and informed consent to medical intervention, which was laid down in the Oviedo Convention, whereas physician-assisted dying (PAD) was not. The Court therefore considered that the alleged difference in treatment of the two groups was objectively and reasonably justified.

In the dissenting opinion, Judge Gilberto Felici agreed with Mr. Karsai that his plight requires a solution from the Court as well as the state. The elaborately argued dissenting opinion provides a clear critique of the majority’s decision. According to Judge Felci’s dissenting opinion:

„Even during the public hearing that the Section correctly organised, Mr Karsai presented his situation with courage, strength and vigour. He reminded the Court of its duty to rule on the specific case and in concrete terms, not merely in abstracto. The applicant’s physical weakness was a striking counterpoint to the strength of his arguments. The impression is that the applicant’s legitimate concerns were not taken into account, and that his legitimate request for help fell on deaf ears.”

Judge Felici provided criticism of the majority decision in a subtle and sensitive way. The Court clearly expressed that it cannot require states to legalise end-of-life decisions in general. However, as Judge Felici pointed out, the majority failed to provide an answer for Dániel’s specific situation: being locked-in his own body with no control over the end of his life, as opposed to other incurably ill persons in Hungary. He is a silent observer, sitting on the ruins of his human dignity.[11]

6. Conclusion

The case of Dániel Karsai has reached its first legal milestone, and the Chamber’s decision found no violation. Nonetheless, he is determined to continue.

Throughout the last year, Mr. Karsai has given the public a glimpse into his daily life, including its ups and downs. Sometimes, the videos and posts he has shared are deeply intimate, such as his struggles with daily tasks due to his illness or the way he requires personal care.

TV talk shows, roundtable discussions and conferences were held and most recently, a screenplay debuted in a theatre. His regular Facebook posts are read by thousands.

Death used to be one of the main taboos of Hungarian society. Today, it is a topic that can be heard anywhere from dining tables to bus stops. The plight of incurably ill persons and the challenges of healthcare professionals are highlighted. That is a development that few believed would ever happen. Perhaps, Dániel Karsai’s efforts may also help the topic of dying become less of a taboo in other countries as well.

Dániel Karsai and his team are currently working diligently on a request to the Grand Chamber. Until then, the author would like to cite Mr. Karsai’s motto: “To live is a right, not an obligation”.

* Péter Stánicz is a Hungarian attorney-at-law and PhD candidate at Eötvös Loránd University (Hungary). He is the head counsel of Mr. Dániel Karsai’s legal team.

[1] This was confirmed by the expert hearing in Karsai v Hungary by Prof. Régis Aubry and Prof. Judit Sándor.

[2] Act CLIV of 1997 on Health (Hungarian abbreviation: Eütv.) section 20. paragraph (3).

[3] Kussinszky Anikó – Stánicz Péter: Életvégi döntések itthon és Európában – az Emberi Jogok Európai Egyezményéből fakadó alapkövetelmények (KJSZ, 2021/2., 35-41. o.)

[4] Sections 22 (advance directive) and 16 (continuing power of attorney) of the Health Act.

[5] Section 162 of Act C of 2012 on the Criminal Code.

[6] Section 3 paragraph (2) b) of the Criminal Code.

[7] Medical literature and studies show that medical teams rarely propose invasive mechanical ventilation for ALS patients (Rousseau, MC., Pietra, S., Blaya, J. et al. Quality of life of ALS and LIS patients with and without invasive mechanical ventilation. J Neurol 258, 1801–1804 (2011).

[8] See Pretty v United Kingdom, no. 2346/22, § 65.

[9] Pretty § 67.

[10] Haas v Switzerland, no. 31322/07, §§ 51, 60; see also Koch v. Germany, no. 497/09, § 52.

[11] Footage of the Chamber hearing available: https://prd-echr.coe.int/web/echr/w/karsai-v-hungary-no-32312/23-

July 3, 2024

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

Preliminära resultat från en undersökning av Etikprövningsmyndighetens prövning av icke-medicinsk forskning

Lena Wahlberg, William Bülow, Mats Johansson och Vilhelm Persson*

1. Inledning

Det svenska etikprövningssystemet har under senare år kritiserats för att ställa alltför omfattande krav på etikprövning av forskning inom humaniora och samhällsvetenskap. För närvarande pågår en utredning som bland annat har till uppgift att bedöma om viss forskning som endast innebär behandling av känsliga personuppgifter ska undantas från kravet på etikprövning.[1] Det är i detta sammanhang relevant att ställa frågan vilken typ av forskning som idag leder till krav på komplettering, villkor eller avslag. Etikprövningsmyndighetens (EPM) egen kartläggning visar bland annat att myndigheten avslog 1 % och krävde komplettering i 37 % av de ansökningar som inkom från 1 november 2021 till och med 30 september 2023 och som avsåg enbart behandling av personuppgifter.[2]

Med detta blogginlägg vill vi bidra med ytterligare information om när krav på komplettering eller villkor uppställs, vad dessa krav består i samt vilka etiska risker etikprövningen idag fångar upp. Redogörelsen baseras på en närläsning av de drygt 200 ansökningar om etikprövning som lämnades in till EPM under november 2021 respektive november 2023 och som myndigheten kategoriserat som ”övrig” (icke medicinsk) forskning, samt av de beslut som fattats med anledning av dessa. Med ett fåtal undantag avser ansökningarna forskning som är tillståndspliktig på grund av att den innebär behandling av personuppgifter. Undersökningen är en del av vårt forskningsprojekt Sila mygg och svälja kameler? En ändamålsenlig etikprövning av humanistisk och samhällsvetenskaplig forskning.[3] Resultaten som presenteras nedan är preliminära och har inte signifikanstestats. Vi har för avsikt att ge en mer detaljerad beskrivning av resultaten i en vetenskaplig artikel och i det sammanhanget också redovisa en analys av de ansökningar som avslagits under åren 2021–2023.

En inledande observation är att en betydligt större andel (50 %) av de ansökningar som inkom i november 2021 ledde till krav på komplettering, jämfört med andelen (30 %) av dem som inkom i november 2023. Det framgår inte av EPM:s kartläggning om motsvarande tendens finns också i det mer omfattande material som ingår i myndighetens egen kartläggning men förutsatt att så är fallet väcker detta frågan i vad mån prövningen påverkats av den senare tidens kritiska diskussion om prövningens ändamålsenlighet.

2. Forskning på allmänt tillgängligt material godkändes nästan alltid utan krav på komplettering eller villkor

Ett tiotal av de granskade ansökningarna avsåg forskning på uppgifter i allmänt tillgängligt material. Hit hör bland annat forskning på offentliga domar, och på information som publicerats i olika öppna media. Med ett undantag godkändes samtliga dessa ansökningar utan krav på komplettering eller villkor.

Den avvikande ansökan avsåg en analys av domar och annat (enligt forskaren) allmänt tillgängligt material i syfte att identifiera individkarakteristika avseende bl.a. missbruk, etnicitet och psykisk ohälsa hos personer som begår brott mot staten. När resultaten publicerades skulle vissa individers verkliga namn anges. EPM krävde att forskaren kompletterade ansökan dels med vissa förtydliganden om projektets närmare utformning, dels med den information om projektet som skulle finnas på hemsidan, och dels med en etisk reflektion om risker och nytta med att publicera vissa av forskningspersonernas verkliga namn. Efter inkommen komplettering godkändes ansökan utan villkor.

3. Komplettering och villkor vanligare vid forskning med samtycke

Forskning på personuppgifter som sker med forskningspersonens samtycke kan typiskt sett uppfattas som mindre etiskt problematisk än forskning utan samtycke. Före 2008 krävdes till exempel inte etikprövning av forskning som bara innefattade behandling av personuppgifter, under förutsättning att forskningspersonernas samtycke inhämtades. Det är mot den bakgrunden intressant att konstatera att krav på komplettering och/eller villkor i vår undersökning faktiskt är vanligare vid forskning med samtycke än vid forskning utan samtycke: Knappt 30 % av de ansökningar där forskarna sade sig inhämta samtycke godkändes utan krav på vare sig komplettering eller villkor, jämfört med 70 % av de ansökningar där forskarna sade sig inte inhämta samtycke.[4]

En närmare granskning visar att den omständigheten att samtycke inhämtas i sig tenderar att generera krav på komplettering eller villkor. I ungefär 60 % av de fall där EPM krävde komplettering eller uppställde villkor för forskning med samtycke avsåg dessa krav enbart inhämtandet av samtycke. I enstaka fall framstår kraven som triviala. Det kan till exempel handla om att ta bort övertygande formuleringar av typen ”dina svar är betydelsefulla”, eller om att använda ordet ”pseudonymiseras” i stället för ”kodas”. I många fall framstår kraven dock som mer angelägna. Det kan då handla om att anpassa forskningspersonsinformationen till mottagarens ålder eller beslutsförmåga, om att barn ska ges möjlighet att själva tacka nej till att delta, att information ska ges på mottagarens modersmål, eller om att anpassa informationen till dataskyddsförordningens bestämmelser. Förhållandevis ofta utgår kraven från myndighetens på förhand utformade mallar för information och samtycke.

I resterande 40 % avser kraven inte enbart, eller inte alls, inhämtande av samtycke. Här finns i stället krav på att den sökande ska förklara varför olika register behöver samköras, varför vissa känsliga frågor eller variabler alls behöver ingå i studien, hur forskningspersonernas identitet ska skyddas, hur forskningspersoner med psykisk ohälsa ska exkluderas, liksom krav på etisk reflektion om beroendeförhållanden mellan forskare och forskningspersonerna, om risken för repressalier mot forskare och forskningspersoner, och om den omständigheten att barn ska prata om känsliga frågor med varandra. Också forskning med samtycke kan alltså föranleda krav på komplettering eller villkor avseende forskningsprojektets upplägg i övrigt.

4. Risker som inte fångas upp av EPM:s prövning

Vår närläsning av ansökningarna och besluten föranleder också några reflektioner om potentiella etiska risker som typiskt sett inte verkar fångas upp av prövningen. En sådan risk rör forskning som behandlar personuppgifter om tredje man utan dennes samtycke. Ett exempel är en intervjustudie med personer vars anhöriga led av alkohol- och drogproblem och där forskarna planerade att informera och inhämta samtycke från respondenterna men inte från de anhöriga. EPM ställde vissa villkor om informationen men kommenterade inte att samtycke inte skulle inhämtas från de anhöriga. Ett annat exempel är en studie på brevsamlingar, där forskarna planerade att inhämta samtycke från brevsamlingarnas ägare men inte från övriga avsändare. EPM ställde även i detta fall vissa villkor om informationen men kommenterade inte frånvaron av samtycke i övrigt. Det kan visserligen diskuteras om det är rimligt att kräva samtycke från tredje man men det framstår hur som helst som motsägelsefullt att ställa förhållandevis detaljerade krav på informerat samtycke från forskningspersoner vars känsliga personuppgifter inte behandlas, men inte kräva samtycke från dem vars känsliga personuppgifter faktiskt behandlas, då det är den senare behandlingen som gör forskningen tillståndspliktig.

En annan etisk risk som ofta inte fångas upp rör beroendeförhållanden och andra omständigheter som innebär att samtyckets frivillighet kan ifrågasättas. Ett exempel gäller användningen av BVC-sköterskor för rekrytering av föräldrar som forskningspersoner. Vid ett möte skulle sköterskan fråga om föräldrarna var intresserade av att delta, inhämta samtycke, och omedelbart därpå be dem besvara en enkät. EPM godkände forskningen utan att kommentera vare sig beroendeförhållandet eller bristen på betänketid. I ett annat fall planerade universitetslärare att rekrytera egna studenter, något som problematiserades av forskarna själva men som EPM förefaller ha betraktat som oproblematiskt.

En relaterad risk rör forskning som avser personer med nedsatt beslutsförmåga. Av ansökan ska det visserligen framgå om sådana forskningspersoner ingår i undersökningen men så tycks kunna vara fallet betydligt oftare än vad forskarna själva uppmärksammar, till exempel på grund av att forskningen avser äldre personer eller på grund av att forskaren inte kan kontrollera vilka personer som kommer att besvara en enkät och vilka förmågor dessa har. Möjligheten att personer med nedsatt beslutsförmåga kommer att ingå i forskningen och de risker som är förknippade därmed, uppmärksammas dock mycket sällan av EPM om forskaren inte själv angett detta.

5. Sammanfattande reflektioner

Vår undersökning tyder på att forskning på allmänt tillgängligt material sällan föranleder några invändningar vid etikprövningen. Det kan diskuteras om forskning på sådant material alls bör omfattas av kravet på tillstånd. Samtidigt illustrerar undersökningen att även forskning på allmänt tillgängligt material i vissa fall kan vara etiskt problematisk.

Undersökningen tyder också på att forskning med samtycke förhållandevis ofta väcker invändningar vid granskningen, men att många av dessa invändningar rör just inhämtandet av samtycke. I viss utsträckning torde förhandsprövningen i sådana fall kunna ersättas av generella krav på vad exempelvis ett informationsbrev ska innehålla. En sådan ordning förutsätter dock att efterlevnaden av dessa krav kan säkerställas.

Undersökningen visar dock att även forskning med samtycke kan föranleda invändningar av mer substantiell natur. När så sker fyller förhandsprövningen en tydligare funktion, och det vore därför önskvärt att kunna urskilja typer av forskning där en sådan prövning är mer motiverad. De exempel på krav och villkor som ges i avsnitt 3 ovan kan kanske ge en viss indikation om detta men förmedlar inte någon fullständig bild.

Slutligen pekar undersökningen på behovet av ytterligare diskussion och medvetenhet om de etiska riskerna vid forskning på personuppgifter från tredje man, vid beroendeförhållanden mellan forskare/rekryterare och forskningspersoner, samt vid forskning som avser personer med nedsatt beslutsförmåga.

* Lena Wahlberg är docent och universitetslektor i allmän rättslära med särskild inriktning mot medicinsk rätt vid Juridiska institutionen, Lunds universitet.

William Bülow är filosofie doktor och forskare vid Centrum för forsknings- & bioetik (CRB), Uppsala universitet.

Mats Johansson är docent och universitetslektor i medicinsk etik vid Enheten för medicinsk etik vid Institutionen för kliniska vetenskaper, Lund, Lunds universitet.

Vilhelm Persson är professor i offentlig rätt vid Juridiska institutionen, Lunds universitet.

[1]Uppdrag att utreda undantag från kravet på etikgodkännande för viss forskning och regleringen av tillsyn i etikprövningslagen (U 2023:C), RK-beslut U2022/03569 och U2023/02459, s. 2 f. Vi har i ett tidigare inlägg i denna blogg kritiserat detta uppdrag för att ha varit alltför ensidigt. (Wahlberg, L. Bülow, W., Johansson, M. och Persson, V., Två sidor av det svenska etikprövningssystemets brister https://healthlawsweden.blogg.lu.se/2024/02/16/tva-sidor-av-det-svenska-etikprovningssystemets-brister/

[2] Etikprövningsmyndigheten 2023, Kartläggning av ansökningar som enbart rör personuppgifter, Dnr 2024-00967-03, s. 30 och s. 32.

[3] https://portal.research.lu.se/sv/projects/strain-at-a-gnat-and-swallow-a-camel-ethical-review-of-humanities/publications/

[4] Skillnaden kan delvis förklaras av att forskning på allmänt tillgängligt material (se avsnitt 2 ovan) normalt ingår i den senare kategorin. Även av de tjugotal ansökningar där samtycke inte inhämtades och som inte avsåg allmänt tillgängligt material godkändes dock majoriteten utan krav på komplettering eller vilkor. Det framgår inte av EPM:s kartläggning om samma mönster finns också i det mer omfattande material som ingår i myndighetens kartläggning.

June 20, 2024

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

Navigating Challenges in Empowering Individuals through the European Health Data Space

By Petra Müllerová*

Introducing the European Health Data Space

Before summer, a game-changing European Health Data Space regulation (EHDS) that could transform how European citizens interact with their electronic health data will be launched.[1] The regulation has a two-fold mission. First, it’s designed to significantly improve access to electronic health data for individuals across all Member States. Second, it aims to streamline the provision of anonymised data from individuals to European researchers, paving the way for more comprehensive studies concerning health. But what about the safety of our electronic health data? What assurances does the EHDS provide?

Shared access to electronic health data in all Member States is not new. The 2011 directive encouraged Member States to establish interoperability between their national patient summaries.[2] At that time, except for the Nordic countries, most Member States lacked the legislative and technical expertise in this field. However, the situation has evolved over the past decade, accelerated by the COVID-19 pandemic. By 2022, already twenty-six Member States legally provided their citizens with EHR data access.[3]

The EHDS is dedicated to reinforcing individuals’ right to immediate, simple, user-friendly and free-of-charge access to their electronic health data while maintaining the highest data privacy standards. Individuals should be able to obtain an electronic copy of the EHR whenever needed. This implies that the European Union (EU) strives to ensure that individuals across the EU can access their data instantly through the MyHealth@EU platform. In practical terms, if, for example, persons are injured in another Member State, medical professionals should be able to access their health data from the home country with their consent. This could lead to enhanced care, as medical professionals will have a comprehensive medical history of the patient. The EHDS stipulates that individuals should have access to their patient summaries, electronic prescriptions, medical images and image reports, laboratory results or discharge reports.

The revolution in the accessibility of individual health data across the EU also brings challenges. The main challenge is to create a single interoperable system between 27 Member States that reliably protects individual data. Under European law, what guarantees do individuals have that their data will be reliably protected?

Protecting health data in the framework of EHDS

The processing of the electronic health data of individuals within the EHDS is subject to Regulation 2016/679, known as GDPR.[4] This means that manufacturers, distributors, and medical professionals must comply with all rules regarding health data processing in the GDPR. In the framework of the EHDS, the legislator wants to increase the powers of individuals and thus underlines that individuals gain complete control over their health data. They will dispose of the right to decide which data will be shared in the EHR and which will be excluded. Individuals must be guaranteed access to the system, where they can check what data is there and add data themselves. To avoid confusion between data entered by the medical professional and the patient, the EHR will indicate which data has been entered by the patient. The most important feature with the system is that the patients shall determine who can access their electronic health data. Thus, each individual will have the ability to grant access to a specific medical professional or facility, as well as the ability to deny access in the same way. Access will however always be granted to a particular medical intervention but only the necessary data will be shared, not all EHR. The medical professional will need to pass secure authentication to obtain further data. In addition to protecting the data in the system, this also enables the patient to check who, when, and what data has been accessed.

Thus, EHDS increases an individual’s control over their data. Given the already existing European legislation on the protection of health data (GDPR) and its application within the framework of national laws, the rules for processing the data are clearly given. The individuals’ electronic health data will continue to be highly protected.

However, it is necessary to consider the technical side of the EHR setup. Setting up this system in Europe requires extreme cooperation concerning the technical background to ensure patient summaries’ interoperability from all 27 Member States. According to data from 2022, eighteen Member States have a legislative framework that allows the sharing of EHR data across national borders. However, for technical reasons, currently, only the Czech Republic, Lithuania, Latvia, Poland and Slovakia can send or receive patient record summaries from other countries.[5] A substantial part of the new regulation is devoted to EHR interoperability. Each Member State will designate one or more national contact points responsible for sharing an individual’s data with other national contact points through an interoperable platform.

Due to the national healthcare organisation, this system may be complicated for some countries, such as Sweden. Since the Swedish healthcare system is decentralised, it is managed and run by the local self-governments responsible for maintaining the EHR. For this reason, it will be essential to ensure interoperability between all regions within Sweden so that the national contact point can receive health data in a uniform format. This may be the most significant challenge in protecting individual health data. Unlike some other Member States, Sweden has already been able to implement the patient summary record into the healthcare system. This experience means that Sweden is already familiar with some challenges of introducing patient summary records.

Wellness apps as a source of health data or the potential risk of losing control?

EHDS brings a new source of electronic health data: wellness applications. These applications include both special applications designed for monitoring or diagnosing a patient in this group, as well as commonly used sleep monitoring applications, mental or meditation applications, or fitness applications recording physiological values during exercise. This wide range of apps can collect data about the individual that may be important for medical professionals, such as blood pressure, heart rate, or sleep disorders. As the tendency to use these apps is increasing in the Member States, this resource can be an essential data source for both patient treatment and European research, and its incorporation into the EHDS is a look into the future.[6]

The EHDS established a mandatory labelling of these applications within the framework of a European platform and made them available to users. Each user will thus be able to verify whether the application is interoperable with the EHR. Regarding the protection of personal data, the application’s manufacturer is obliged to comply with all the obligations laid down for the processing of health data obtained based on the user’s consent. However, the research shows that the application of data protection is not necessarily very efficient. 40% of apps pose a high risk to user privacy, 32% pose a moderate to high risk, and 28% pose a low to moderate risk.[7]

Does EHDS guarantee to individuals that only data-safe applications will receive this label? This question has no easy answer. On the one hand, the regulation sets out the requirements, which state that the actual sharing of data with the EHR must follow a secure format. Transferring health data from wellness applications to the EHR is not automatic. Data sharing requires user consent. On the other hand, the regulation does not control how the manufacturer obtains the user’s data. This means that in the context of using the application, the manufacturer may violate the rules on data processing. Therefore, the labelling can mislead users and make them feel that the application is fully secure for their data. It is essential that users are vigilant and do not rely solely on the labelling but verify that the application complies with all GDPR rules.

Conclusion

EHDS represents an excellent opportunity for users; it will significantly simplify medical data sharing for individuals while travelling between Member States. The GDPR will protect their data, and there is no need to be more concerned. However, the integration of wellness applications deserves vigilance. Even if their inclusion is a vision for the future, closer attention is needed to see which apps get labelled as interoperable with EHR. For this reason, educating users to recognise and use only safe wellness applications is essential.

* Petra Müllerová is a postdoctoral researcher at the Department of Law, Lund University.

[1] Proposal for a Regulation of the European Parliament and of the Council on the European Health Data Space [2022] COM/2022/197 final.

[2] Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare [2011] OJ L 88, 4.4.2011, p. 45–65.

[3] Thiel R., Lupiáñez-Villanueva F., Deimel L., Gunderson L. et Sokolyanskaya A., eHealth, Interoperability of Health Data and Artificial Intelligence for Health and Care in the EU (2020) Study on eHealth, interoperability of health data and artificial intelligence for health and care in the European Union – Publications Office of the EU (europa.eu) accessed 14 April 2024.

[4] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC [2016] OJ L 119/1.

[5] López A., The electronic health record is not yet in force in the European Union (2022) https://www.uoc.edu/en/news/2022/096-electronic-health-record-europe accessed 13 April 2024.

[6] ORCHA, ‘Digital Health in The UK National Attitudes and Behaviour Research‘ (2022) <Digital Health in the UK National Attitudes and Behaviour Research 2022.pdf (hubspotusercontent-eu1.net) > accessed 13 April 2024.

[7] Papageorgiou A., Strigkos M., Politou E., Alepis E., Solanas A., Patsakis C., Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice (2018) IEEE Access.

April 17, 2024

Health Law Sweden Blog

This entry was posted in

Posts Swedish Health Law

Comments

0 Comments Leave a comment

Hacking your DNA? Some things to consider before buying a DNA test online

by Dr Andelka M. Phillips*

You can now buy almost anything online and this includes DNA tests. The direct-to-consumer genetic testing industry (aka DTC or personal genomics) has created a market for DNA tests as commercial services taking them outside of the healthcare system and into people’s homes.

Now an individual can buy a test with just a few clicks of a mouse. It is easy. You pay for the test online and the company sends a test kit in the mail. This normally requires the user to either give a saliva sample or a cheek swab. The consumer then sends the sample to the company and the company processes and analyses the sample and normally provides results through their web platform. This can include risk estimates for your likelihood of developing particular diseases, other traits, and several companies will also link people with potential relatives. The industry offers a diverse range of tests, but the most popular offerings are tests for ancestry and health. However, the tests offered are generally not standardised, which has led to consumers receiving contradictory results from different companies, which has in turn led to questions about the utility of such tests for individuals.

In this blog post, I hope to encourage you to think about some of the risks that these services pose and to highlight some of the issues to consider before you or a family member purchases a test. This is linked to the joint project with Professor Samuel Becher entitled ‘Fairness and Transparency in Emerging Health Markets: Protecting New Zealanders from the Risks of Personal Genomics’. We are extremely grateful to the Borrin Foundation for funding this project and the research was carried out in New Zealand. One of our outputs is an animated video aimed at the general public and in creating this, we have attempted to make something that will be relevant also to an international audience. You can watch the video here Before you buy DNA tests – things to consider and we do want to share this widely.

To begin with, we all share much of our DNA with our family members, which means that when one person has their data processed and stored by a personal genomics company, this does pose risks for family members. Although we share a lot of our DNA with our family, when a person undergoes genetic testing, this also reveals their unique genetic code. As your genetic data can be stored digitally and indefinitely, it means that this information can always be linked back to you and may be used in the future in ways that we cannot yet anticipate. An important point to note here is that you cannot change your genetic data, so when this data is leaked, it is much more problematic than when something goes wrong with a bank account. You can change your bank PIN number, but you cannot change your genetic data.

Many of the risks we mention in the video and accompanying papers relate to privacy and how personal and genetic data can be used, but we also highlight the problems relating to the reliance by the industry on their online contracts and privacy policies to govern relationships with consumers. This is particularly problematic in this specific context, because people often disregard these documents and treat them in the same manner as they would treat them in other online contexts. Other scholars and entities have also expressed concern about the DTC industry’s terms with one example being the Norwegian Consumer Council’s complaint about MyHeritage’s Terms and Conditions to both the Norwegian Consumer Authority and the Norwegian Data Protection Authority.[1]

While Sweden does have free health insurance and consequently the concern we mention about this potentially impacting health insurance may be less problematic, there are other possibilities for how this data may be used that could still be concerning for Swedish consumers and also European consumers more generally.

It is also important to recognise the international nature of this industry. Some of the most prominent market leaders in this space are based in the US and although companies may have European offices, often samples will be sent across national borders and personal data including sensitive genetic data may be stored in countries other than where the consumer is based. Much of the value for businesses operating in this space can be found in the accumulation of data from a large number of consumers and using that data in secondary research. The industry has been characterised by partnerships and mergers, with 23andMe entering at least 14 partnerships with the pharmaceutical industry[2] before it merged with Virgin[3], while competitor Ancestry was purchased by Blackstone.[4]

It is hoped that one recent example will show why this post is timely and raise awareness of the need to give more consideration to how these businesses operate. The example is the recent data breach at 23andMe, which has demonstrated the scale at which consumers’ privacy may be impacted. While 23andMe did make an announcement in October 2023 they were slow to reveal what had happened. They also attempted soon after the announcement to limit customers’ opportunities for redress by altering their terms.[5]

It has since emerged (in December 2023) that 6.9 million of 23andMe’s customers have been impacted, which represents almost half of its total number of customers.[6] This breach is concerning for a number of reasons, but one element that should be highlighted is that it did involve racial targeting, with customers with Chinese and Ashkenazi Jewish ancestry being specifically targeted[7] and it has also emerged that one hacker offered to sell the ‘names, addresses, and genetic heritage’ of 1 million consumers through the dark web.[8] As a consequence of this breach, 23andMe is now facing ‘more than 30 lawsuits’.[9] This includes class actions now pending in both the USA and Canada.[10] The recent US filing states that sensitive information of 23andMe’s customers was accessed and leaked and this included ‘users’ genetic heritage, ancestral origin, full names, home addresses, profile pictures, and birth dates.’[11]

The variety of personal information which has been accessed here poses real risks not just for privacy, but for the physical safety of individuals and their families. It also means that those impacted could be vulnerable to identity theft and other crimes. As these cases are ongoing, we cannot know what the outcome will be, but at the very least, perhaps it will increase awareness of the risks posed by this industry and it is hoped that it will force the industry to improve its cyber security and its behaviour.

As we have recommended previously, there is a real need for improved governance and oversight of this industry at national and international levels. In light of the recent data breach, it is vital to improve cyber security & data protection practices across the industry and also to improve contracts and privacy policies in this context. Please see our related papers for more policy recommendations.

Project details:

This blog is linked to the project: ‘Fairness and Transparency in Emerging Health Markets: Protecting New Zealanders from the Risks of Personal Genomics’, which has two recent op-eds and a book chapter linked to it. Please watch our video Before you buy DNA tests – things to consider (https://youtu.be/wy5NILzn8ZE)

Researchers:

Dr Andelka M. Phillips is an academic and writer currently based in New Zealand and an Academic Affiliate, Centre for Health, Law and Emerging Technologies (HeLEX), University of Oxford and Affiliate with the Bioethics Institute Ghent (BIG), Ghent University. Links: https://www.andelkamphillips.com; https://www.law.ox.ac.uk/people/andelka-phillips; https://www.bioethics.ugent.be/our-people/andelkamphillips/

Professor Samuel Becher is a Professor of Law at Victoria University of Wellington, New Zealand. Link: https://people.wgtn.ac.nz/samuel.becher

Publications:

Samuel I Becher and Andelka M. Phillips, ‘Data Rights and Consumer Contracts: The Case of Personal Genomic Services’ in Damian Clifford, Jeannie Paterson & Kwan Ho Lau (eds), Data Rights and Private Law (Hart Publishing, 14 December 2023)

Andelka M. Phillips and Samuel Becher, ‘At-home DNA tests just aren’t that reliable – and the risks may outweigh the benefits’ (https://theconversation.com/at-home-dna-tests-just-arent-that-reliable- and-the-risks-may-outweigh-the-benefits-194349) The Conversation (29 November 2022)

Samuel Becher and Andelka M. Phillips, ‘DNA Testing is Not “Just Saliva”’ https://www.theregreview.org/2023/01/09/becher-phillips-dna-testing-is- not-just-saliva/The Regulatory Review (9 January 2023)

* Academic Affiliate, Centre for Health, Law and Emerging Technologies (HeLEX), University of Oxford and Affiliate with the Bioethics Institute Ghent (BIG), Ghent University.

[1] Forbrukerrådet – Norwegian Consumer Council, ‘The Norwegian Consumer Council reports MyHeritage for unlawful terms and conditions’ (11 March 2020) https://www.forbrukerradet.no/side/the-norwegian-consumer-council-reports-myheritage-for-unlawful-terms-and-conditions/ ; see also Order to provide information – Complaint against MyHeritage Ltd – Unclear Privacy Policy https://www.datatilsynet.no/contentassets/dfec2e3e993843f396c5dff4849145dc/order-to-provide-information—myheritage-ltd.pdf

[2] Andelka M. Phillips and Samuel Becher, ‘At-home DNA tests just aren’t that reliable – and the risks may outweigh the benefits’ (https://theconversation.com/at-home-dna-tests-just-arent-that-reliable- and-the-risks-may-outweigh-the-benefits-194349) The Conversation (29 November 2022)

[3] 23andMe, ‘23andMe to Merge with Virgin Group’s VG Acquisition Corp. to Become Publicly-Traded Company Set to Revolutionize Personalized Healthcare and Therapeutic Development through Human Genetics’ Press Release (4 February 2021) https://investors.23andme.com/news-releases/news-release-details/23andme-merge-virgin-groups-vg-acquisition-corp-become-publicly

[4] Blackstone, ‘Blackstone Completes Acquisition of Ancestry®, Leading Online Family History Business, for $4.7 Billion’ (4 December 2020) https://www.blackstone.com/news/press/blackstone-completes-acquisition-of-ancestry-leading-online-family-history-business-for-4-7-billion/

[5] Jacob Knutson, ‘23andMe changes terms of service amid legal fallout from data breach’ AXIOS (updated 6 December 2023) https://www.axios.com/2023/12/07/23andme-terms-of-service-update-data-breach#

[6] M DeGuerin, ‘Hackers got nearly 7 million people’s data from 23andMe. The firm blamed users in ‘very dumb’ move’ The Guardian (15 February 2024)

https://www.theguardian.com/technology/2024/feb/15/23andme-hack-data-genetic-data-selling-response

[7] Rebecca Carballo, Emily Schmall and Remy Tumin, ‘23andMe Breach Targeted Jewish and Chinese Customers, Lawsuit Says’ The New York Times (26 January 2024) https://www.nytimes.com/2024/01/26/business/23andme-hack-data.html

[8] Rebecca Carballo, Emily Schmall and Remy Tumin, ‘23andMe Breach Targeted Jewish and Chinese Customers, Lawsuit Says’ The New York Times (26 January 2024) https://www.nytimes.com/2024/01/26/business/23andme-hack-data.html

[9] Lorenzo Franceschi-Bicchierai, ‘23andMe tells victims it’s their fault that their data was breached’ TechCrunch (4 January 2024) https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/?guccounter=1&guce_referrer=aHR0cHM6Ly9kdWNrZHVja2dvLmNvbS8&guce_referrer_sig=AQAAAMpE3ccoyxFVV9HMj948CohNU-tbGmY4KqSgQcdru91-ZPG5_uGXKoBF1h-PhPklHnox1zp43INWBI-tFna2QsU6brg_t_0V_hUu93Baf3RuIB2q4LgJv_aj_7NQCYLV2iyE6SVUH4vKoAmhUC1GVfYVvlMHVxANdAfum_sJ2FrZ

[10] Alison Frankel, ‘As 23andMe goes to mediation in hacked DNA case, plaintiffs’ firm warns of collusion’ Reuters (31 January 2024) https://www.reuters.com/legal/legalindustry/column-23andme-goes-mediation-hacked-dna-case-plaintiffs-firm-warns-collusion-2024-01-30/ ; see filing Motion to Appoint Interim Leadership – David Melvin and J.L v 23andMe Inc Case No. 24-cv-00487-SK – hearing date set at 4^th March 2024 https://fingfx.thomsonreuters.com/gfx/legaldocs/gkvlddmwnvb/frankel-23andMedatabreach–Edelsonleadcounsel.pdf ; KND Complex Litigation, ‘23andME CANADIAN CONSUMER DATA BREACH CLASS ACTION’ CISION (20 December 2023) – case J. R. v 23andMe Holding Co et al, Vancouver Registry, S-237147 https://www.newswire.ca/news-releases/23andme-canadian-consumer-data-breach-class-action-843706435.html

[11] filing Motion to Appoint Interim Leadership – David Melvin and J.L v 23andMe Inc Case No. 24-cv-00487-SK at 4.

Introduction

The 23andMe data breach

Key points to keep in mind:

Recent developments in the USA

Conclusion

1. The need for social rehabilitation services for drug addicts in South Korea

2. Current Status of Drug Addicts in Korea

Current Status of Drug Addicts

Drug Offenders’ Recidivism and Causes of Crime

3. Drug-related policies and social rehabilitation services in South Korea

Drug-related laws and policies in South Korea

Case of drug addiction rehabilitation service support[6]

4. Recommendations

1. Region Blekinges beslut och förvaltningsrättens avgörande

2. Ett nationellt förslag om tolkavgifter har presenterats

3. Tolkavgifter i hälso- och sjukvården begränsar tillgången till god vård

4. Rätten till information och informerat samtycke

5. Utgör tolkavgifter i hälso- och sjukvården diskriminering?

A new 18-week limit for on-demand abortion

A more transparent and uniform administration of abortion cases

The bigger picture

Tolkavgifter: En uppmärksammad fråga

Tolkavgiften: En betungande offentligrättslig avgift?

Tolkavgiften om den inte klassificeras som en offentligrättslig betungande avgift

Huruvida tolkavgifter kan tas ut genom patientavgifter

Slutord

1. Introduction

2. Diagnosis of an incurable illness: Preparing for the unthinkable

3. A short summary of relevant Hungarian law

4. Mr. Karsai’s application to the European Court of Human Rights

5. Decision of the Chamber and dissenting opinion

6. Conclusion

1. Inledning

2. Forskning på allmänt tillgängligt material godkändes nästan alltid utan krav på komplettering eller villkor

3. Komplettering och villkor vanligare vid forskning med samtycke

4. Risker som inte fångas upp av EPM:s prövning

5. Sammanfattande reflektioner

Case of drug addiction rehabilitation service support^[6]