Slashdot Mirror
Anger Over EU Medical Data-Sharing
ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"
Could this be another huge IT project disaster on the horizon? Yes. Next question.
Once the state 'owns' your body they can, apparently, do whatever they like with the 'maintenance' records.
Not something I would like to sign up for, but seems europeans don't have an "opt out" choice here.
Eve Fairbanks says I drive a hybrid!LOL
Yes, but only if it gets pushed out before its ready. Proper planning and recources could make the transistion easy. But, most likely the deadlines will be unrealisted, the funding will be inadaqate and it will cause issues. Go figure...
If sharing a song makes you a pirate, what do I have to share to be a ninja?
The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.
The disadvantage is that it may be used for privacy invasion. There are certainly other risks involved too not to forget the cost that may arise to unify all countries.
Anyway - one way to provide some patient security would be that identification of data and access control to personal data has to be restricted. A multi-level approach has to be in place for the best security. One way may be to use smartcard-equipped health-cards. The card will then hold the key to access of the data. Of course there has to be security measures involved too to handle lost cards etc.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Some paper saying your government will lie more for some things than others. All it is. Every government does what it will and justifies it afterwards.
From my point of view, carrying a patientcard, with some kind of memory chip, that carries your journals seem to be the best solution in many of the questions that can be raised on this topic.
i find your lack of faith in science disturbing!
What I find ridiculously in this whole affair is that the most important question is never asked. Do you want to join and be entered in our system?. I've worked in a similar project where some twenty-ish GP offices were joined in one network, in the Netherlands. Were the patients ever asked? Noooo, the GP just signed a paper where he agreed for all his patients who could then opt out. But most of the time, they wouldn't know about it.
And there comes the whole point: these medical data-sharing networks are useless if there isn't enough data. So nobody (the IT supplier, the medical organizations) has any incentive to keep patient data from being shared.
8 of 13 people found this answer helpful. Did you?
Doctor to nurse: "Alright, give the patient anesthesia for patient for the vasectomy, but be careful he is a 98 year old pregnant woman."
Patient:"What!? I just came in to get a flu shot! I dont want to.....zzzzzzzzzz"
Its always the IT guys who get blamed for cock-ups on a colossal scale. Occasionally, yes, bad decisions are made or poor execution is to blame. But at the supra-national level, the big mistakes are political ones.
Only governments can waste billions of Euros trying to achieve some kind of "Harmony" across political, linguistic, cultural and privacy borders. This usually fails miserably. The only success governments have at cross-border enterprises is in killing their citizens in wars.
A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years. Then a common data-medium (chip cards, whatever) could be issued to those citizens who desire one. Everything else need not be regulated, everything else should be firmly in the control of the people.
They who would give up an essential liberty for temporary security, deserve neither liberty or security - Ben Franklin
In Capitalist west Microsoft find profit with medical interoperability.
In Soviet Russia kgb and gru interoperability find you!
Domestic spying is now "Benign Information Gathering"
Got some pics? Video?
For those of you/us in the UK there is the ability to opt-out of the central NHS records system currently being developed. This is probably a good thing if you don't want civil servants to have the ability to look at your medical records or if you don't want a 3rd party, private, company to process them (as happens now). Simply fill in the form on the site and it will generate a letter for you to post to your GP.
As a UK resident, I'm sadly all too aware of the NHS's woeful record when it comes to IT. So I understand why people are concerned that this will end up in a cock-up to end all cock-ups. But I also detect a sense of general resistance to the idea per se which I really don't get. As someone who lives in Europe and travels a lot it seems transparently obvious to me that a doctor in Spain (for example) having instant access to my medical records should I fall ill and need his help would be a good thing. I don't get the whole "this is big brother" attitude about this at all.
IT combined with bureaucracy, be it in government or corporations, is a recipe for disaster. IT is about information, and information wants to be free, and we all know that information can't flow in bureaucracies.
As a case in point, a few years ago in Sweden they harmonized the medical IT systems in the whole country. The politicians in charge awarded the contract to a company that offered a relatively cheap solution and that had a great marketing department. Unfortunately, they were incapable of delivering an adequate system. The huge amount of work and complete lack of proper requirement specifications led to a buggy and deeply flawed system. A quite common case is where a physician asks for the record of one patient and gets the record of somebody else. The user interface was also horrific - to register a new patient something of the order of magnitude of 100 clicks is required.
Once the problems became apparent, it was too late to do anything about it as the budget for the whole thing was already used up. Now, it is easy to blame the developer of the system - and to a large degree it is their fault - but the first cause of the problem were politicians who had no clue about neither IT nor medicine.
It seems to be the larger projects that are more likely to fail. You're probably not aware of this due to our Anglo-centric media, but Scotland already has a national patient database up and running and has not had the problems that the NHS has faced south of the border. I suspect that this is largely due to the fact that it was run as a centralised project with a few partners, whereas in England there are a lot more patients and NHS trusts to deal with.
(I'm sure a lot of Scots are unaware that the system is successfully in place here... too often news that is not nationally relevant makes its way onto the national news, and shapes opinions in a way that undermines some of the good work that's being done. </rant>)
Scaling things up to a European level is going to be a nightmare, but I agree that it should be done. The whole idea of the EU is freedom of movement, and I don't want to feel less safe when I cross borders.
It seems to me you'd WANT your medical info available. Who are these "wrong" people you speak of?
*shouldnt* we be able to check if a potential partner has HIV (or as the chick told me "I used to have herpes")? Or you can find out that your daughter was treated for gonnorhea. [Oh you think kids have the 'right' to abortion without parental consent?] What happens if you're incapacitated? (not everyone in a auto accident is awake and lucid). Now UPS won't hire you because they see you have a herniated disc. SO FUCKING WHAT? You don't have a "right" to any job of your choosing.
The whole issue-raising is ridiculous. If the system gets intrinsic security mechanisms from day 1 everything will be ok as if the medical records had never left their home country.
We Europeans have to accept the fact we live in a big unified community and many patients want to get treated in the best available centers, regardless they are in their own country or a neighbor one. Is this bad? C'mon, be realistic. Only advantages will come from this scheme.
And I there is also money to save by the logistics advantages of a unified record system in the long term regarding patient mobility, clinical trials, organ transplants matching, etc.
"Sum Ergo Cogito"
Whether creating a database or carrying a memory card, the IT issues can be solved. However, that still leaves human problems.
Most especially language. While (if I understand correctly) most medical journals are published in English, and most doctors should thus be able to understand English, in practice this is not always the case.
Where I live in former East Berlin, there are many doctors and ancillary staff who can't speak a word of English. Since the database is most useful in an emergency, there's an even money chance of the patient being dead before someone has translated their notes for the doctor. Or alternatively, the records would need to be kept in all 25+ languages of the EU, or have some means of the database itself translating these automatically - and I think we all know how well translation software works to date. Would you risk your life on it? Not every medical term can be succinctly summed up in one standard word or phrase.
This requires doctors to have a consistent and international standard practice of notation - and be diligent in using it. Yep, good luck with that. I used to work with doctors, and I've often spent hours trying to decipher what they meant to say in their notes - assuming they actually noted everything in the first place. The nature of illness means there will also always be rare occasions where no standard terminology will exist - what do you do then?
I see carrying a card to be the most viable short term option. Certainly the cheapest way of solving the issues above before they're universally applied. Not everyone travels, in fact probably the majority of EU citizens don't. Cards are already available, it just means adding more to that program. An international database is potentially a good idea, but only once the language and notation issues are resolved, medical records from 1953 or whatever are rewritten in the standard notation, and everyone retrained. Which would be expensive, and likely take years, if not decades. With a phased approach and good long term planning it may be possible.
Only 22 states? What about the other five? I presume UK would be one of them, as UK opt out of everything that has something to do with the world around the islands. And the two new ones, Bulgaria and Romania, might also still not be technically ready enough for something like this. But what are the other two?
Where have your banknotes been?!
Although I can certainly see the point of privacy, it would seem to have costs beyond administrative inefficiencies in healthcare. Better aggregation, analysis, and utilization of patient data would save lives through:
1. Evidence-Based Medicine: As much a medicine does know, it's also ignorant of the true outcomes of many practices and true cost/benefits of many so-called best practices. Different regions, different hospitals, and different doctors all have their preferred practices based on beliefs that lack a basis in evidence. By pooling all data on all patients on all conditions, treatments, and outcomes, then medical science could learn what really works. This would save lives.
2. Detecting Dangerous Drugs/Interactions: How many centuries did it take to recognize that aspirin (=willow bark) sometimes killed children? How many other drugs are killing people at too low a rate for any local doctor to notice? Every new drug, and every old drug for that matter, is still in its testing phase. Until millions of people take a drug with millions of other treatments/foods/living conditions, and those millions of patient records are analyzed, science doesn't know what will happen. A drug that kills 1 in 100,000 per year won't create a statistically significant rate of death in pre-approval clinical trials, but will kill 10,000 per year when a billion people take it. Using all the data from every patient would help doctors detect patterns of death or disease induced by pharmaceuticals new and old.
3. Detecting Bad Practitioners: Analysis of the data would also reveal patterns in practitioner competence. Variations in practitioners abilities to detect and appropriately treat patients would help identify the best and the worst of doctors and facilities.
4. Treatment Across Boundaries: Finally, privacy creates costs when people seek treatment outside their normal sphere of local healthcare providers. Having an accident on a vacation or even during a commute to a different city means suffering with the initial ignorance of first responders and hospitals that don't have ready access to your medical records
Perhaps a middle ground can be found with anonymized data approaches -- scrambling medically-irrelevant identifiers. Yet even this would create some ignorance -- without the patients' exact address, the system would be blind to studying environmental toxins (e.g., study children that grew up next to a highway or play downstream from the landfill etc.).
Inaccessible and non-interoperable patient records do kill people and if people value there privacy that much, then that's fine. But people need to understand that the true costs of absolute privacy of medical records is ignorance and that that does lead to deaths.
Two wrongs don't make a right, but three lefts do.
Britain got Bill of Rights In fact our Bill is older than yr Bill and your bill is based on our Bill just like your law was based on our Law. Divergence seems to have worked out for both of us.
:D
Additionally, there is the Data Protection Act 1998, which is quite clear on what can and cannot be done with personal data.
if you really want to annoy the gov, subject access request yr personal data
instead of sulking in the corner with yr [cute little] teddy bear, get up and do something!
its fun and liberating just like ponies
mu!
bring bak the ponies!!
Bill of Rights 1698 http://en.wikipedia.org/wiki/Bill_of_Rights_1689
t a_protection/practical_application/subject_access_ -_guide_for_data_subjects.pdf
Data protection Act http://en.wikipedia.org/wiki/Data_Protection_Act
Subject access Request http://www.ico.gov.uk/upload/documents/library/da
bring bak the ponies!!
Fair enough, but I suspect your position would be different if all your friends had found out something rather personal about you because the system leaked.
Perhaps medical issues shouldn't be regarded as embarrassing, but the fact is, for many people in today's society, they prefer not to share their ailments publicly. After all, if I told you I was HIV+, would your first reaction be "he's gay", "he sleeps around and has unsafe sex", "he's a drug abuser"? Or would it be "maybe he caught his arm on a used needle while giving life-saving first aid to a drug user"? Consider what most people's reactions might be, and the effect of the more common explanations on someone's reputation, and that'll explain why people keep things a secret. (For the avoidance of doubt, this is a hypothetical example.)
It's already a big system, which relies on the integrity of doctors and other health workers not to leak information. Generally, perhaps by their nature, this group are amongst the most ethically aware people in our society. But the bigger you make the system, the more scope there is for leaks. In cases like this, where privacy is clearly important, we should always question the need to pass data around more widely.
Fortunately for us, this will never fly in the UK. The medical profession has made is abundantly clear to government that it will not support even a UK-wide database on the suggested terms, with a high proportion of GPs stating that they would openly refuse to participate.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
In the U.S. the concern is that you will never get a job or health care again if your records show a serious chronic condition. Tell the dumb American what the problem is on the continent of socialized medicine? (Seriously. Compare and contrast.)
If you want to talk privacy vs. security, this is one area where I sway toward distribution. If I am carried into a hospital away from home bleeding out of every orifice and hallucinating, I think it would be "nice" if staff had access to my records. When I got my first flash drive, my reaction was, "Cool, a company could be built putting people's medical records on these for when they travel". To which the first person I bounced it off said, "Hell, no!" so I understand opinions vary. And, true, although it would put control of distribution into the hands of the individual, I would like something more standardized than a potentially crushed chunk of plastic around my neck that some med aide will look at and say, "What's this?" Therefore, I'm not so against a standardized distribution network.
One way or the other it's a lot like credit reports. We should all have copies of our master records and take responsibility for them. I was precise to a fault at my dentist's office and wrote in an incident of non-hospitalized "acute liver failure". Although it was never traced to an origin, I causally suspect the 2nd world trick of antifreeze poisoning in the cheap bottle of red consumed the day before symptoms appeared. Anyway, back at the dentist's six months later, I see that the clerk had taken it upon herself to dutifully diagnose "hepatitus, yes" on the form. To which I had to explain, "hepatitus, hell no" and discuss what distribution might have been made of their records to other parties. You never know unless you keep on top of it. Sometimes openness is a good thing.
If you're really paranoid, a great solution in the U.S. might be to just quit going to your HMO for an extended period. I didn't realize there is the seven year rule. I didn't visit my HMO for something like 7-1/2 years during a running, tai chi and macrobiotics period in my life. I wasn't an active patient and they didn't get a request for records transfer from another HMO so they just tossed my history. Apparently, I simply have no medical paper trail before the age of 40 something.
We gave up the idea of private medical records when we accepted the idea of others paying for our health care.
In ancient times, when we took care of ourselves, no one knew our medical history.
Then we asked others to take care of us, and they wrote things down to keep track of what they'd done to/for you, and "medical records" were born. But only the "doctor" needed them, so they were still relatively private. Plus, few people cared.
"Clinics" and "hospitals" meant that more people were giving you health care, so they got access to your records, but still, few people really wanted them, anyway.
Then, the "insurance company" was born. Insurance companies insisted upon records to prove you weren't trying to defraud them. When they got into the business of paying the doctors ("health insurance"), they wanted those records, too. And people started to get concerned, but not that many.
Then people decided that the government should replace insurance companies, to "make it fair", but governments like records even more than insurance companies, so they wanted the medical records, too.
Now that "the government" is becoming "most of Europe" is not the time to decide that you object to the government having your health records.
"Only governments can waste billions of Euros trying to achieve some kind of "Harmony" across political, linguistic, cultural and privacy borders. This usually fails miserably. The only success governments have at cross-border enterprises is in killing their citizens in wars."
The Euro? The Channel Tunnel? CERN? Unified international telephony? The whole fucking U-S-of-A was a cross-border enterprise between independent nations when it started.
Right now emergency healthcare is free to all EU citizens in all EU states due to mutual cross-border agreements.
P.S. When matters are "firmly in the hands of the people" how are the people going to organize and administrate things? Possibly by electing some group of people to represent them...?
I moved from the UK to Netherlands.
My medical (doctor/dentist) records are currently held by my old doctors in UK.
My new doctors in Netherlands have no access to my records.
My doctors in the UK will not provide me with a copy of my records.
So a system to make them available to my Dutch doctors in ANY form would be a welcome benefit.
And you'll be successful. Really, the problem with these kind of national health information system projects (NHS being the most famous one) it that everybody loves giant projects. Giant in the sense of both scope and functional and technical complexity. The governments want to come up with a total change in healthcare which can be seen by everyone. The vendors are much more happy about this, since the bigger the project, the larger the profit from products, and especially consultancy.
The problem is healthcare is very, very complex. I have been in software industry for over 10 years now, and I have spent the last 6 in healthcare. It is a beast that no one has ever tamed. Doctors, nurses the overall process in many levels of healthcare service makes the whole thing a nightmare. And trying to plan and implement a solution for the whole thing in the national scale is very risky. We have over 30 hospitals running on our hospital information sytem in my company, and each one of these hospitals have very different needs. You may imagine that the basic requirements for medical systems will be common, but it is not. Add financial aspects to this, and everyting becomes such a mess.
Now talk to anyone in healthcare IT, and they'll tell you that you can't provide the potential benefits without standards. HL7 has been the most common messaging standard in healhtcare, but it is a huge beast with its own problems. You need electronic healthcare records if you want to provide, patient safety, decision support, accurate reporting etc.
Now sharing these is important for the patient and the doctor, but moreover, aggregating that data is important for the government. EU countries spend and average of 8% of their gnp on health, and for policy makers, data is necessary.
To overcome this complexity, governments should come up with incremental projects, each dealing with one important aspect at a time. FIRST: deal with electronic patient records based on standards. Use CDA, openEHR, CEN 13606, whatever. But first do this. Then when you have the ability to produce data in a standardized format in your healthcare institutions, work on messaging among them. The thing that no one seems to get is; each of the founding technologies of e-health has its own complexities and problems, and it becomes impossible to deal with them when you aim for super-high goals.
Just keep it simple, and you'll see that even the simple will be hard enough. Australia seems to be doing good in their national e-health strategy, and Finland is also successful. Before going for the whole EU, national systems should be built and tested.
No matter what the people in the industry say, governments always fail to grasp the complexity of these things.
Yes, global sharing of personal records such as medical information is a risk, as is any form of sharing. While controls can and will be put in place, there is always a risk that something is going to get messed up. On the other hand, is the risk really any greater than it already is at national levels? So, they should protect things better on the national level first? Sure, but that can equally well be done by a major overhaul of the entire system, making it more global as part of the "better" design.
And besides, judging by the various scandals that have emerged in recent years in the US concerning medical records (e.g. finding a whole bunch of them in a dumpster behind a clinic, etc...) it isn't as if most laws and regulations that are meant to protect this data are implemented well. So, why not allow for a decent attempt to redesign how things are done, and put effort in supporting proper protections in said new system rather than spending time and effort on fighting against a redesign?
In the end, sharing of medical information on a more global level is largely used for statistical investigation of things, such as immunization side effects, medication interactions, effectiveness of treatments, etc...
I fully understand people's privacy concerns, etc... but let's be realistic. E.g. people have been fighting against a national ID card in the US for a long time now, and yet, there is an enormous wealth of information available on virtually any individual (US citizen or resident), mostly gathered by *private* companies. From my interpretation of laws, it seems dubious that private companies can collect so much information in a legal way, but I guess they manage to do it. And from what I've heard and read, it seems that the US government is definitely allowed to purchase this information at will. So, what privacy are we talking about again?
Really... I do believe privacy is very important. But I also believe that progress is possible without breaking down that privacy. In fact, I do believe that progress can be made by providing sufficient oversight and spending effort and time on pushing for the implementation of sufficient protections.
HL7 as is said nearby is not really for that, it is for passing laboriously specified messages about specific things, most usefully laboratory results. It also has rather a lot of exceptions, and a model of licensing and publishing which I personally think adds a great deal to its difficulties in becoming a spreading general standard.
OpenEHR produces the archetypes, a way of describing anything required for medicine and healthcare, and of providing inheritance and subclassing. This project which is hopeful-looking and based in Australia nowadays seems like a good approach to describing the information in ways that make it movable and computable.
I tend to favour a model where medical notes stay where they were made, and other nodes on the network ask questions about them, thus disclosing what information they are accessing, outside their own organisation. I also suspect that FLOSS (Free (Libre) or Open Source Software) implementation is a necessary but not of itself sufficient condition for any medium-scale success.
OSHCA, the Open Source Healthcare Alliance, meets in Kuala Lumpur in May this year, 8th to 11th. Several projects, and some consideration of how to get "there" from here will be reporting and discussed. The programme will be developed on http://www.oshca.org/ but give us time please, although the organisation's first meeting was 2000 we have had a fallow period and are getting back under way.
(I'm a member of the organising ctee for the meeting.
How in the hell is a Spanish physician going to understand my Dutch GP's notes? And such a system has so little potential use and so many ways of ending up on http://www.dailywtf.com/, that the mind boggles at the thought of hundreds of millions of being wasted on another prestigious EU project.
This is just a wild guess, but it smells very French to me.
"Resistance is Futile. EU will become one with The Borg.."
Ever wondered why so much medical information is still in paper form or in small, local proprietary databases? After all, we have had the technology to automate it and improve efficiency for about two decades now. I know a big supplier of medical software and they have learned to concentrate only on certain administrative aspects or things like lab tests - never on true integration of actual medical data. These project tends to mysteriously fail. Well, there's nothing mysterious about big software projects failing, right? But why is it that it's always the same kind of projects that fail?
It turns out that the medical staff doesn't really want them. Sometimes they even actively sabotage them. They are already exposed to far too many liability lawsuits. Having all that data online will make it a much easier target for court orders or even automated mining.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Except that liver failure due to toxins is hepatitis - so liver failure/disturbance due to antifreeze is, by definition, hepatitis.
The form didn't ask specifically about viral hepatitis, it only asked about hepatitis - the correct answer would have been 'yes'. With the proviso that no cause was identified.