RESOLUTION YHC 311

FORUM: YOUTH & HEALTH COMMITTEE

QUESTION OF: The question of the use and supervision of digital tools and platforms to respond to a health crisis

SUBMITTED BY: Luxembourg

CO-SUBMITTERS:Afghanistan, Bolivia, Cuba, DR Congo, Estonia, Greenpeace, Latvia, Namibia, Romania, Ukraine, United Arab Emirates, United Kingdom, UNICEF, United States of America, Venezuela, Zimbabwe.

STATUSSubmitted

QUESTION OF: The question of the use and supervision of digital tools and platforms to respond to a health crisis 

MAIN SUBMITTER: Luxembourg

CO-SUBMITTERS: Afghanistan, Bolivia, Cuba, Democratic Republic of Congo, Estonia, Greenpeace, Latvia, Namibia, Romania, Ukraine, United Arab Emirates, United Kingdom, UNICEF, United States of America, Venezuela, Zimbabwe

 

THE YOUTH AND HEALTH COMMITTEE,

Deeply concerned about the current state of the international community during the COVID-19 pandemic – in particular the rate of which medical professionals are dying or becoming ill due to in-person care,

Noting that, especially during a pandemic, digital healthcare can reduce visits to physical offices and thus reduce the spread of disease,

Acknowledging the economic recessions currently affecting many nation-states and economic blocs and how this can impact technological advancements and the ability to establish widespread usage of technology,

Emphasizing the benefits that could come from using technology for telemedicine and digital healthcare,

Further acknowledging the fear of cyber-attacks due to the specific incident that hit the UK’s NHS in 2017 and the devastation and disruption it caused,

Taking into consideration the creation of law enforcement authorities in cyberwarfare and the developments in cybersecurity, 

 

Drawing attention to the potential risks and dangers imposed by the development of digital healthcare platforms,

 

Supporting the progress of digital tools, while ensuring the maintenance of the security of the population, 

 

Recalling that the Universal Declaration of Human Rights, specifically article 12, declaring that no one shall be subject to arbitrary interference of their privacy, and the right of the intervention of the law in the event of such attacks,

 

Recognizing that a profiled person is a better-protected patient

 

  1. Calls upon member states to develop a comprehensive and modern system/framework specialized to limit the risk and magnitude of data breaches and theft within the medical industry, by ensuring that corporations and firms leading the development of health apps and platforms utilize a modern and robust cybersecurity system entailing the use of:
    1. Predictive technology, which identifies and details possible upcoming cybersecurity threats as quickly as possible to the owner, allowing them the possibility to prevent data breaches and leaks ahead of time
    2. Through the implementation of Intrusion prevention (IPS) and Intrusion detection (IDS) systems in order to appropriately protect a network from cybersecurity attacks and abuse, and proper monitoring and identification to alert the owner of a breach should it have already broken through the prevention system,
    3. Ensuring the use of modern data encryption tools and technologies,
    4. Quickly and efficiently implementing the use of new cyber defense technologies as they may arise, in order to bypass new potential cybersecurity threats;
  2. Urges nations to establish stricter privacy laws, which entail:
    1. placing digital healthcare information on the same legal level as tangible medical records, from a privacy standpoint, and enacting equal penalties for the physical and digital theft of medical records;
    2. placing liability on digital healthcare providers if a patient’s information is stolen due to a missing security feature that was mandated by government standards, and due to no fault or error on the patient’s part; 
    3. training healthcare employees to guarantee they can properly safeguard patients’ private information, such as:
      1. accessing patient information only on secure networks,
      2. using a separate work device for any accessing of patient records and data
      3. using a strong password on work devices and preventing access by anyone other than the healthcare provider
  1. Recommends member states to work in collaboration with corporations and firms leading the development of health apps and platforms to ensure that the cause of a data breach, leak or other data privacy issue does not come from the side of the user, and that users are well aware that terms and conditions for respective apps can be found on a trusted and fact-checked database through means such as, but not limited to:
    1. Requiring users to utilize a strong password and multi-factor authentication, in order to prevent a user from getting their account hacked or stolen and/or losing sensitive digital health data,
    2. Ensuring that users are well aware of currently applicable digital data privacy regulations before beginning the use of a digital health platform, in order to avoid possible complaints that may manifest themselves in the form of a lawsuit and/or negative publicity towards the healthcare platform provider using the means of:
      1. Terms and conditions that would simply state the privacy regulations and give information about the digital health platform,
      2. Transparency among the health firm that owns the app to inform its users on the information that is being taken.
    3. Implementing websites in collaboration with the UN and other relevant organizations, allowing citizens to be better informed about the software, with easy to read summaries of terms and conditions, which is processing their private healthcare information, by:
      1. Authentication by qualified lawyers, programmers, and security experts who analyze popular digital healthcare services and study their terms, conditions, and privacy policies
      2. Rating apps and services according to their level of privacy, with justification of rating provided,
      3. Highlighting important privacy-related clauses from the terms, conditions, and privacy policies that individuals may not notice or read
  1. Strongly urges the creation of education campaigns, in collaboration with professionals and specialists in the cybersecurity education sector, on developing healthcare platforms that will be applied to both public and private sectors, funded by the UN, entailing:
    1. Encouraging the education of digital literacy and ethics, by implementing said topics into:   
      1. Middle and high school computer science and cybersecurity curriculums
      2. After-school workshops and programs in public spaces such as library study rooms will be developed and deployed to low-income and lesser developed member states 
      3. Internship opportunities for college students
    2. Public awareness campaigns as a way to inform the public of possible scam tactics who steal medical information by: 
      1. Informing citizens about tactics used by scammers to get them to surrender their personal data
      2. Presenting the privacy laws and individual rights of each citizen when it comes to their healthcare information
      3. Staying up to date on common scams and tailoring awareness campaigns on popular scams in each country
      4. Beginning the #ehealthedu on social media platforms to spread the information availability of e-health options 
    3. The creation of an advisory committee for people who are not specialized in technology (elderly people, people living in rural areas) that will:
      1. Provide them with study guides to help them find the proper information on cyber literacy that would otherwise be overlooked
      2. Organize online meetings and webinars that will be conducted by specialists and will explain how the individuals will be keeping their records private.

 

  1. Encourages the implementation of systems, overseen by the UN, for companies and public sectors regarding sensitive health data, with added stress on collaboration with member states, to have relevant regulations through methods such as, but not limited to: 
    1. Establishing overseeing bodies in member nations’ respective governments to ensure that the design and development of healthcare digital tools are created ethically by issuing that:
      1. Company and public sector policies must be cleared accessible to design and development teams in a written record that will allow for issues and conflicts to be minimized concerning responsibility and accountability,
      2. Detailed records of the design process and decision making to be transparent and reported to a subset of the United Nations Development Programme,
    2. Establishing a framework similar to the General Data Protection Regulation (GDPR) section for sensitive data in order for digital healthcare to adhere to it effectively and ensuring easier and safer communication by:
      1. Programming and monitoring an application that forbids personal data gathering without permission (made and monitored by the government)
      2. Proposing a fine or tax raise for companies who trespass privacy-related laws
      3.  Favoring companies who follow suit for long periods of time by providing easier access to licenses
    3. Stress the need to collaborate with other states that have more profound regulations on digital healthcare to be more efficient in proceeding to find solutions against negative impacts as well as promoting collaboration between industry and academia:
      1. Assess the capability and harm of existing digital healthcare institutions
      2. Permit scrutiny of digital tools in court such as holding companies responsible for the harm caused by their technologies, and developing  research spaces to advance research into digital healthcare 
    4. establishing a system where companies involved in developing healthcare digital tools would have to register for a license to develop them:
      1. as part of acquiring this license, companies have to be willing to be subjected to monthly or annual examinations ensuring that all registered facilities are in order;
      2. companies that develop should be transparent both to the government and the public in the actions that they undertake by publishing annual reports as to their use of data and granting government officials full access to documents relating to the company’s use of digital tools;

 

  1. Calls for the WHO to create a new branch called the Health Digital Security and Compliance Committee (HDSCC) which would:
    1. Manage the creation of a Universal Digital Health Security Framework  (UDHSF) which would:
      1. serve as a recommendation for privacy and security laws that countries could implement to protect patients, 
      2. serve as the laws that doctors from NGOs such as Amref Health Africa and Doctors Without Borders must operate under to provide e-healthcare in the absence of national or local laws,
    2. Establish a bi-annual certification that recognizes digital technology companies that implement heavy security and interoperability processes in their products.