Development of a MyData Platform Based on the Personal Health Record Data Sharing System in Korea

: Objectives : recently, there has been a government-level movement to guarantee the rights of individual entities regarding the use of their personal data worldwide. This movement has been speciﬁcally named as ‘MyData’ in South Korea and has variants such as ‘Self data’, ‘Midata’, ‘MesInfos’, ‘Personal Information Management Services’, ‘Personal Data Economy’ and ‘Internet of Me’ in other countries. This research project aimed to establish and demonstrate a system called ‘HiMD’, which allows individuals to select data sharing institutions and control a range of data utilization parameters under the MyData ecosystem. Method: we developed the MyData Platform, a personal health record data sharing system. The HiMD included several user-empowerment functions such as self-determination for data sharing. Actual platform users were recruited from three university-level hospitals for system assessment. Result: females comprised the majority of users with 991 participants (78.1%). Additionally, data consensus results revealed a decrease in given user permissions (from 94.9% to 79.4%) as the range and depth of permissions increased. Most users agreed to open their medical data for commercial uses ( n = 1007, 79.4%) and most of those users were interested in DNA analysis ( n = 888, 81.2%). Finally, all results for the ﬁve questions presented positive answers. All average values on the ﬁve questions scored above three on the Likert scale. In other words, over 50% participants gave point 4 and point 5. Conclusion: the contribution of this study is that it developed and demonstrated a MyData system that reﬂects the right to data portability. It means that the users can proactively make decisions regarding sharing and transferring their own data. These results are expected to contribute to developing future personal health record (PHR) systems of user-oriented and utilization of personal health data.


Introduction
In the Fourth Industrial Revolution, the importance of data-based industries has increased significantly. Many countries are making efforts to construct high-quality data and develop efficient data distribution systems. Additionally, they have expanded the use of accumulated personal data and promoted data distribution. Recently, there has been a government-level movement to guarantee the rights of individual entities regarding the use of personal data. This movement has been specifically named as 'MyData' in South Korea and there are variants such as 'Self data', 'Midata', 'MesInfos', 'Personal Information Management Services', 'Personal Data Economy', 'MyHealthBank' and 'Internet of Me' in other countries [1][2][3]. A government-led MyData project in South Korea has been undertaken in eight fields (medical, finance, public, distribution/logistics, culture, communication/media, education and energy) for both the quantitative and qualitative use of personal data since 2019.
The right to data portability is one of the most important properties of this project because it warrants control rights to data subjects. The term of data portability appears in various fields, such as data protection, competition law, intellectual property rights and consumer protection [4]. In other words, individuals should be able to exercise integrated and practical rights regarding their own data distributed across multiple services based on the defined data portability rights.
The General Data Protection Regulation is a regulation in European Union (EU) law related to data protection and privacy in EU and European Economic Area (EEA). It includes rights associated with the transfer of personal data outside the EU and EEA areas [5]. Additionally, data portability related to healthcare in the United States is based on the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act [6].
South Korea passed three data-related bills, namely the Individual Privacy Protection Act, Telecommunications Network Act and Credit Protection Act, in 2020. The free portability of personal data in the MyData project facilitates the interoperability of platforms and has become a powerful tool for data subjects. In this sense, each country's data portability rights share commonalities in terms of pursuing an open and decentralised personal data ecosystem focusing on data subjects by giving them control over their own data [7].

Related Work
The UK government announced the MIDATA action plan along with a consumer empowerment strategy called 'Better Choices, Better Deals' [8]. The goal of the MIDATA initiative is to allow consumers to control their own data and allow them to find companies supplying the best services using specific types of data. In the field of healthcare, it has been suggested that individuals could share their health indicators such as blood pressure and blood sugar using the MIDATA platform [9]. This type of data sharing was also developed and demonstrated in 'Mi-Health', which supports long-term care and telemedicine. Mi-Health also provides various recommended services based on health data analysis [10].
Sweden provides a variety of services required for long-term care through a patientaccessible electronic health records (EHRs) system called Journalen. In this system, patients can access their EHRs and share EHRs with entities of their choice [11].
Australia has developed a personally controlled EHR system that shares EHRs as component of health services, which later evolved into the 'My Health Record' system (MHS) [12]. The MHS allows patients and medical providers to check patient health records. Australians who do not opt out can retain their health information within the MHR system and can also select medical institutes that can access their MHRs online and manage uploaded data items [13].
A wide range of medical health data can be used to prevent and manage diseases and contribute to the development of the medical industry. However, such data have not been sufficiently utilised based on legal and institutional issues. The lack of information exchange between institutions in South Korea has also hindered development. Additionally, it has been reported that there is resistance to disclosing medical data to other individuals or institutes. This difficulty in accessing medical data has prevented the effective utilization of medical health data [14].
The personal health record (PHR) is recognised as a solution for the enhanced management of individual health and as a tool for empowering patients in correlation with healthcare providers by providing accurate medical histories [15]. However, despite these expectations, there is insufficient evidence that PHRs increase patient engagement and improve clinical outcomes [16]. In South Korea, several PHR systems that allow individuals to access their medical data have been developed. However, it is still difficult to identify tangible achievements related to the utilization of PHRs [17].
Previous studies have reported that increasing the utilization of patient health data requires an interconnected architecture and patient-centric design [18,19]. It is also important to establish an efficient infrastructure to manage and share data to generate tangible value by making the most effective use of individual medical data [20]. Therefore, data utilization measures should be considered based on consent to use personal information and data usability. It is necessary to provide personalized service architecture based on individual health data in the Mydata system. This research project aimed to establish and demonstrate a system in which individuals can select data-sharing institutions and control a range of data utilization parameters under the MyData system. It was designed to identify the usage status of individual health data through PHR scenarios in the MyData system. Additionally, user satisfaction and intention-to-use analyses were performed with a focus on various benefits provided through data ownership. The presented results are expected to contribute to baseline data when developing future PHR-related systems.

Overall System Architecture
The MyData platform developed in this study is called 'HiMD', which is short for 'Hi! My Data'. The system structure is presented in Figure 1. PHRs were obtained from hospitals and records that users checked and downloaded are shared only within the group of partners on the platform under strict user consent. The proposed HiMD system can be roughly divided into three parts: (A) a part for checking and downloading PHRs from hospitals, (B) part for agreeing to the terms of use and data sharing within the platform and (C) part for defining consent to allow data access to partners who desire data sharing.
Users could check their PHRs in hospital databases and download data through the application programming interfaces (APIs) provided by hospitals in part (A). The downloaded data were shared within the platform under strict user consent. User management, data collection and service provision on the HiMD platform were contained in part (B). Data were transferred through the API to partners with which users have consented to share their data. The partners are four actual participated companies that provide services by utilising data.

System Specifications
The proposed HiMD system was implemented on a cloud platform. The processes performed in each step are outlined in Figure 2. When users request their data from a hospital using the application, PHRs can be received from hospital information systems through the connected gateway and interface access point server. The received data are then transmitted to HiMD through the gateway. The platform operator constructs an operation database to store PHRs and configure data markets. Companies can request user personal health records for which the corresponding users have provided informed consent. Users can later check records of data transfer usage history through the application. The system functions mainly rely on user mobile phone applications. The main functions are consent settings, data checks, data downloads, data sharing and data transfers ( Table 1). There are three types of consent: (1) consent to the terms of use of the platform service, (2) consent to the terms of use of partners that use data and (3) consent to share data and transfer data, as well as usage consent regarding third parties. Consent to the terms of use of the platform service includes the collection and usage of personal information. Users can also select hospitals to give permission to collect healthcare data.
Data checking refers to searching for user data at the selected hospitals. Users can search for health check-up data, drug prescription data and depression scale testing data in hospital information systems (HISs). Data downloading is a function that allows the user to download searched data. Data sharing refers to sharing data with other users on the platform. Data transferring is a function that allows the transfer of data shared on the platform among the partners that request personal health records.
The system development environment is presented in Figure 3. The software is divided into three main components: (a) application, (b) web server and (c) database. The application component is divided into the user experience and service layers. The framework is composed of Apache Cordova and Jquery-Mobile. It is implemented for use on both iOS and Android through native APIs. The web server is composed of presentation and business layers. The presentation layer is implemented in html and java based on NginX 1. 16  This platform was constructed using a verified cloud system. This cloud system meets the standards for information protection of cloud computing services with acquired certification for information protection management systems. Additionally, we have established a security system that has an information technology cloud system access control function and database access control function for platforms with acquired certification to use network section encryption.

Implementation
The overall data flow and service flow implementation of the proposed HiMD platform are presented in Figure 4. We recruited actual platform users from three universitylevel hospitals. All participants who were recruited for using the HiMD system wrote informed consent. Then, a survey was conducted for users who used the system for more than 2 weeks. Users were able to download data from an actual HIS. Users could also share the downloaded data within the platform and the data could be transferred under strict user consent settings to be shared safely with partners. Four companies participated as data utilization partners and these companies provided customised services based on the provided data. The four companies provided genome analysis services for cancer, chronic disease management services, customised meal kit services and mental health management services each. The application implementation screen from the user vantage point is presented in Figure 5. We implemented the functions of checking and downloading user data stored at hospitals. Part (a) shows the first screen of the application, where the user can see the provided services below the icon for HiMD. A user can check for hospitals storing their data. Data that the user has downloaded and shared with HiMD can be checked in part (b). Part (c) shows an example screen for when a user approves sharing their data within the platform. Implementation tests for functions that display company service terms of use, allow consent for data sharing and verify the history of data usage (checking, downloading, sharing and transferring) are presented in Figure 6. Part (a) shows services provided by the companies participating in HiMD. If users press the button at the bottom of this screen, then they can manage their service consent settings in part (b). Consent settings consist of terms of service for companies, data sharing with third parties, data transferring and data use. Part (c) shows a data usage receipt referring to data log records, which allow users to check the flow of data within the application. We utilised 13 APIs to implement the system functions. An actual server monitoring screen for service-stability monitoring is presented in Figure 7. The system administrator can check the system load, CPU, network traffic, disk space, memory, etc. on the system monitoring screen. We continuously monitored the stability of the system and provided support for the convenience of using HiMD.

Usage Results
The developed HiMD platform was adopted by participants at three university hospital (Seoul St. Mary's Hospital, Incheon St. Mary's Hospital and Kyung Hee University Hospital in Korea) health examination centres to analyse the usage results of participants. The usage results are presented in four categories: demographic characteristics, data consent analysis, transferred data company category analysis and satisfaction and intention-to-use analysis.
A survey was conducted with 2533 actual system users. Among these users, those who did not agree to participate (n = 1264) were excluded. Therefore, 1269 users participated in the survey. The demographic characteristics are presented in Table 2. The results reveal that among the 1269 participants, females accounted for the vast majority with only 278 males (21.9%) and 991 females (78.1%). The age group with the highest usage was 30 to 39 year (n = 465, 36.6%), followed by 20 to 29 year (n = 359, 28.3%), 40 to 49 t (n = 267, 21.0%) and over 50 year (n = 178, 14.0%). Among the three participating hospitals, most of the participants who agreed were from Hospital A (n = 835, 65.8%), followed by Hospital B (n = 318, 25.1%) and Hospital C (n = 116, 9.1%).
The data consent results are presented in Table 3. These results refer to the categories for which the participants granted permission to use their data. The results revealed that 1204 users agreed to give permission to use the search service for their data within the HiMD platform (94.9%). Additionally, 1161 participants agreed that their data could be downloaded (91.5%) and 1066 participants agreed that their data could be shared. Only 1007 participants allowed private companies to use their data commercially (79.4%). The results of the analysis of the data company categories are presented in Table 4. These results represent how many participants allowed various companies to use their data. Only the participants who agreed to data use allowance for companies in Table 3 were analysed (total n = 1007). 888 participants (81.2%) gave data permission for gene sequencing to cancer-related companies (A). Additionally, 707 users (70.2%), 357 users (35.5%) and 240 participants (23.8%) gave permission to chronic disease management companies, home meal replacement service companies and mental healthcare companies, respectively. The satisfaction and intention-to-use analysis results for all participants who provided informed consent (n = 1269) are presented. According to Flavián et al. [21,22], satisfaction refers to a user's positive reaction to a system, which influences their long-term consistent impressions of the system. Intention to use refers to the attitude and subjective opinion of an individual regarding the use of a particular system. Venketash found that people with a high intention to use have a strong tendency to adopt a certain technology positively [23,24]. Survey questions 1 to 4 were referenced from research by Flavián [21] and question 5 was referenced from Shahbaz's research [25]. A five-point Likert scale was used for all five questions. The questionnaires are represented in Table 5. Table 5. Questionnaire of satisfaction and intention-to-use.

Questionnaire
Q 1 I think this system is a good tool for health management Q 2 I am satisfied with the beta testing experience gained from using this system Q 3 I am satisfied with the way this system handles my medical data Q 4 I am satisfied with the services provided by this system Q 5 I intend to use this system in the future for my health management We considered the responses of 4 point (agree) and 5 point (strongly agree) as positive responses in the five-point Likert scale. All results for the five questions represent positive answers, with over 50% participants with point 4 and point 5 (Figure 8). In specific, participants in Question 1 showed the most positive response, with 843 participants (66.4%) giving 4 and 5 points. The next positive ranking was followed by Question 4 with802 participants (63.2%) with 4 and 5 points, Question 3 with 796 participants (62.7%), Question 5 with 778 participants (61.3%) and Question 2 with 735 participants (57.96%), respectively.

Discussion and Conclusions
Health-related data play many roles in the field of medicine in terms of data economy, prediction, prevention and personalised health care [26]. This paper proposed HiMD, which is a medical data sharing platform that allows users to manage their own data by giving them the authority to set the boundaries by which their data are used. This research was supported by the MyData governmental policy project in accordance with the South Korean government's intentions to give users rightful ownership over their own medical data. The main functions include data consensus-setting functions for hospitals and companies, data searching, data downloading and data sharing. Through this platform, users have the ability to manage and view their data. This empowers the users when they engage the system.
The system called 'HiMD' was designed to identify the usage status of individual health data through PHR scenarios in the MyData system. Three hospitals participated in platform testing. These hospitals agreed to provide health examination data, prescription data, DNA data and depression-related data. Additionally, four companies participated in platform testing by providing services for gene sequencing for cancer analysis, management of chronic disease, home meal replacement and mental healthcare. Then, user satisfaction and intention-to-use analyses were performed with a focus on various benefits provided through data ownership. All users were provided with informed consent. Then, a survey was conducted for users who used the system for more than 2 weeks. A total of 2533 real participants were recruited from the health examination centres of the participating medical institutions, although only 1269 agreed to participate in the survey.
Socio-demographic results revealed that females comprised the majority of users with 991 participants (78.1%). According to related research, this may be the result of females being more sensitive to healthcare than males [27]. Demographic results also revealed the highest participation of 36.3% among adults aged 30 to 39 year (n = 465), whereas the elderly over age 50 exhibited the lowest participation of 14.0% (n = 178). This may be because relatively young adults are highly accepting of technology, whereas the elderly have a hard time adopting modern technology [28]. Additional research is required to determine how age influences the adoption of the proposed system.
Data consensus results revealed a decrease in granted user permissions as the range and depth of permission increased. Specifically, almost all people allowed the simplest form of data allowance, which was only 'searching' (n = 1204, 94.9%). 'Downloading', which is a more in-depth form of data allowance, exhibited the next rank of agreement (n = 1161, 91.5%). 'Sharing', which is an even more in-depth form of data allowance, naturally ranked third (n = 1066, 84.0%). Users who allowed commercial usage of their data by companies exhibited the lowest allowance ranking with only 79.4% (n = 1007). This implies that although users are open to medical data sharing, they are sensitive to their data being used commercially. However, 79.4% is not a low percentage in absolute terms, which is a promising consideration.
For users who agreed to open their medical data commercially (n = 1007, 79.4%), most were interested in DNA analysis (n = 888, 81.2%). These results could be used as baseline data reflecting user interest in the field of medical data when healthcare-related companies are conducting business. Satisfaction and intention-to-use analysis results revealed positive satisfaction and intention to use among participants. This proved that the majority of participants had a positive overall attitude towards the proposed system.
The limitation of this research is that available personal health data that were utilized were limited. That is, the data provided from hospitals were restricted to health check-up data, drug prescription data and depression scale testing data. Data items should be expanded so that more data from HIS can be linked to be implemented within the platform.
In spite of this limitation, we were able to identify the flow of individual health data and the associated benefits directly by providing data access through this study. The role of health data in the data economy as the source of predictive, preventive, personalised and participatory power is very important [26] and it is very important that to expand the scope of data utilization to bulid the data ecosystem. The HiMD is an integrated system that included self-determination for data sharing which provides several user impowered functions. This research should contribute to baseline data when developing future PHR-related systems based data sharing.

Institutional Review Board Statement:
The study was conducted according to the guidelines of the Declaration of Helsinki and approved by the Institutional Review Board of the Catholic Medical Center (protocol code XC20QIDI0145K and 13th October 2020).

Informed Consent Statement:
Informed consent was obtained from all subjects involved in the study.
Data Availability Statement: Data sharing not applicable. The data are not publicly available due to It contains system usage history. Data sharing is not applicable to this article.