The Metaverse in Healthcare

As the technology develops, the way that patient data is generated and manipulated will see some significant changes. For providers, this means that there are some important legal implications that should be considered throughout the design and development process.

There is no universal definition of what is meant by the term “metaverse”, but it can be thought of as an evolution of the way that people interact with developing information technology through an immersive, 3D virtual world, where data can be exchanged and goods and services can be purchased in a way that the user experiences as being closer to in-person interactions than a simple computer screen.

The prospect of moving between virtual therapy suites offering a range of different services from a variety of skilled practitioners in a virtual treatment centre is just one example of where the healthcare sector is heading in this respect. We are already seeing extended reality being used in some therapeutic areas (such as psychotherapy), together with the use of blockchain technology for the storage and manipulation of patient data.

Extended reality is only the beginning of the next phase of development of this technology, which is on a rapid curve that promises to accelerate further. In healthcare, the future potential is quickly becoming clear. For example:

There are many more aspects of this technology that are set to transform the provider/patient relationship, but it is the final point above – the resulting patient data – that developers and regulators alike will need to consider so that the greatest benefits to patients may be delivered safely, whilst maintaining data security and achieving better outcomes.

By its very nature, the metaverse is a global phenomenon and the potential for cost savings flows naturally from this. The question arises of patient data being transmitted across borders, possibly involving the use of blockchain technology, meaning that patient health-related data might find itself in numerous countries in databases across the relevant network. The nature of blockchain being immutable itself raises the question of what a patient can do to withdraw consent regarding the use of health data, or to request that it be transferred somewhere else.

For stakeholders in the UAE, this gives rise to some tricky questions about the manipulation of health data.

Federal Law No. 2 of 2019 (the Health Data Law) and Ministerial Resolution 51/2021 (the Resolution) set out rules regarding the cross-border transfer of health-related data.

Until the Resolution came into force, the Health Data Law had previously prohibited international transfers of health-related data, and providers generally either avoided making such transfers, or took a risk-based approach that often purported not to constitute an international transfer of data (noting that the Health Data Law is deemed to apply to overseas remote access to UAE patient data).

Article 2 of the Resolution contains an important set of ten exceptions, with the two potentially most relevant for these purposes being at clauses 9 and 10.

Clause 9 contains a limited permission:

Clause 10 also allows that “The information and data related to the person who himself requests to transfer them outside the State or to receive them for use abroad, provided that the facility or entity possessing such information or data receives an official request in this regard from the concerned person or his legal representative.”

Clause 10 is, in turn, subject to the further requirements of Article 3, which requires that “The information shall only be shared with the concerned entity and persons.”

Even at a cursory glance, it seems clear that the above exceptions are unlikely to accommodate developers’ ambitions. Were the data then to be stored and managed in a blockchain, this technology would also appear to be outside the contemplation of current regulation.

There are many questions about how the relationship between users of data (insurers, clinicians, regulators, etc) and suppliers of data (patients) might best be managed and regulated in light of technological change to deliver the strategic aims of regulation.

Should a developer wait and see what others do? Or develop systems with a more modest level of functionality? Or simply wait for regulation to change? Or apply a risk-based approach that many took in pre-Resolution days? None of these are satisfactory for developers to achieve a competitive advantage.

Innovation in the metaverse and its application to healthcare is set to be a global phenomenon and has already achieved considerable momentum. Regulators worldwide face challenges in protecting the supply side of data whilst encouraging innovation in its usage.

Developers should be mindful of how regulation may affect their innovations, but regulation is also evolving worldwide in response. A large part of the key to early success lies in stakeholders and regulators communicating effectively with each other, so that innovation is nurtured in a way that respects critically important principles relating to the protection of patient data.

Meanwhile, if you haven’t experienced the metaverse, we would recommend buying or borrowing a headset and seeing what it’s all about!