Anger Over EU Medical Data-Sharing

ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"

Advantages and disadvantages

[Z00L00K]

This may be used both to an advantage and a disadvantage. Unfortunately it is first necessary to create a common semantic directory like UMLS.

The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.

The disadvantage is that it may be used for privacy invasion. There are certainly other risks involved too not to forget the cost that may arise to unify all countries.

Anyway - one way to provide some patient security would be that identification of data and access control to personal data has to be restricted. A multi-level approach has to be in place for the best security. One way may be to use smartcard-equipped health-cards. The card will then hold the key to access of the data. Of course there has to be security measures involved too to handle lost cards etc.

Not an IT disaster, but a political disaster.

[Sub+Zero+992]

Its always the IT guys who get blamed for cock-ups on a colossal scale. Occasionally, yes, bad decisions are made or poor execution is to blame. But at the supra-national level, the big mistakes are political ones.

Only governments can waste billions of Euros trying to achieve some kind of "Harmony" across political, linguistic, cultural and privacy borders. This usually fails miserably. The only success governments have at cross-border enterprises is in killing their citizens in wars.

A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years. Then a common data-medium (chip cards, whatever) could be issued to those citizens who desire one. Everything else need not be regulated, everything else should be firmly in the control of the people.

Giving out contracts

[denoir]

The biggest problem in my experience is not in the theoretical vulnerabilities of the technology but the fact that the decision makers that hand out the contracts do not have the technological know-how to give the contract to the 'right' company.

As a case in point, a few years ago in Sweden they harmonized the medical IT systems in the whole country. The politicians in charge awarded the contract to a company that offered a relatively cheap solution and that had a great marketing department. Unfortunately, they were incapable of delivering an adequate system. The huge amount of work and complete lack of proper requirement specifications led to a buggy and deeply flawed system. A quite common case is where a physician asks for the record of one patient and gets the record of somebody else. The user interface was also horrific - to register a new patient something of the order of magnitude of 100 clicks is required.

Once the problems became apparent, it was too late to do anything about it as the budget for the whole thing was already used up. Now, it is easy to blame the developer of the system - and to a large degree it is their fault - but the first cause of the problem were politicians who had no clue about neither IT nor medicine.