Anger Over EU Medical Data-Sharing

ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"

Why not opt-in?

[cerberusss]

What I find ridiculously in this whole affair is that the most important question is never asked. Do you want to join and be entered in our system?. I've worked in a similar project where some twenty-ish GP offices were joined in one network, in the Netherlands. Were the patients ever asked? Noooo, the GP just signed a paper where he agreed for all his patients who could then opt out. But most of the time, they wouldn't know about it.

And there comes the whole point: these medical data-sharing networks are useless if there isn't enough data. So nobody (the IT supplier, the medical organizations) has any incentive to keep patient data from being shared.

Re:Why not opt-in?

[rucs_hack]

The patients in the system I designed (described in the reply to "a potential disaster?" above) were unable to give consent for such a system. Thus the responsibility was assigned to key workers who took the role of advocate for those individuals.

This is also the means that should be used for patients who may, at the time of need for such information, be unable to provide informed consent.

In the case of the general population of a given country, there is no way that everyone could give explicit consent in advance. Not many people know when they will become ill, so cannot be assumed as providing informed consent as individuals.

The solution therefore is for a body to be established whose responsibility it is to act as advocate in advance for these unknown individuals. Such a body would require strong ethical guidelines so as to assure the correct treatment of information. Not being in the medical field any more I am unaware if such bodies exist, though the need should be apparent to any government defining the requirement for such a system.

It should be noted that, by the laws in the UK and the US at least (unsure regarding other countries), informed consent regarding medical treatment is not required if no source of consent is available in those critical periods when consent is normally sought, although it is sought as a first resort should the time for retreival of consent exist.
A practitioner may retreive any and all medical information regarding an identified but unresponsive individual that is available, and make medical decisions on behalf of the unresponsive individual without such information should it not be available, or too late in arriving.

The issue then is the level of ease by which such information is available, since rapid delivery is more likely to ensure the corect medical response. In the medical world time is paramount, so information that may mean the difference between life and death, or even the allowing of the death of a patient in accordance to patient instruction as previously recorded, should ideally be available by some method which minimises he delay between request and delivery.

Re:a potential disaster?

[rucs_hack]

I designed a similer system for the NHS in oxfordshire, england, way back in the 1980's. Such was the lack of understanding about IT at the time that the project floundered and failed, in spite of the year I spent coding the darn thing.

Mine was not for general patients though, it was for people with learning disabilities, so their care needs could be available should they be hospitalised whilst on holiday or on some other excursion from home.

In my system, records were temporarily made available to the region that the client was visiting, but only able to be accessed if a nominated individual requested them. By therefore involving a human in the process I sought to reduce the chances of sensitive medical data being released to the wrong people. This was pre interweb, so the method of making available was arcane, but effective.

Sadly the project failed because of monumentally crap management. In that way at least the project was ahead of it's time....

Equal measures of paranoia and well-placed concern

[DZR]

As a UK resident, I'm sadly all too aware of the NHS's woeful record when it comes to IT. So I understand why people are concerned that this will end up in a cock-up to end all cock-ups. But I also detect a sense of general resistance to the idea per se which I really don't get. As someone who lives in Europe and travels a lot it seems transparently obvious to me that a doctor in Spain (for example) having instant access to my medical records should I fall ill and need his help would be a good thing. I don't get the whole "this is big brother" attitude about this at all.

Re:Advantages and disadvantages

[rm999]

Another advantage: a common standard will eliminate the need to fill out medical history every time you go to the doctor (or have the doctor get it himself). Besides being a huge time saver, it will reduce the chances of human error.

A friend of mine, a doctor, has claimed a standardized health history system that is easily retrievable would save him about 20-50% of the time he spends on a typical patient (depending on the type of patient). This would increase efficiency and reduce costs in the already over-priced health field.

Security is essential but, to the typical person, the benefits far out-way the off-chance that:
A. someone cares about your medical history
B. has some way of accessing it
C. is willing to risk the likely punishment for doing so

Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.

Re:Advantages and disadvantages

[MickDownUnder]

There are absolutely huge advantages.

Modern medical science is all about statistics. We should be collecting information about medical illness from people's medical histories in order to formulate new treatments and improve existing treatments. I actually think it would be a good thing for everyone's medical records to be available in some form for medical researchers, providing the records were anonymous and free of personal details.

A persons medical history is very important especially when dealing with chronic illnesses. Being able to track and graph medical results is a crucial means for a patient to analyse the effects of diet, treatments, therapies etc.

With a standardized system for keeping medical records, you could create computer systems that help doctors monitor their patients help and alert them to possible problems that should be checked upon.

The list goes on and on. Medical industry seem to have been one of the last to be evolved by the information revolution, but it's definitely one that is most in need of information systems.

Privacy issues are a concern, however, there is absolutely no question that a persons medical records should be in a standardized format and that this format should be open to enable the software development community to deliver the systems many people desperately need.

Re:Not an IT disaster, but a political disaster.

[NorbrookC]

HL7? You should put a spew alert on that! When I worked in healthcare IT, the biggest joke we heard from our software vendors was "Yes, we do standard HL7 feeds". Which was always a clue that we were going to be doing extensive tinkering to get the middleware working to ensure that their "standard HL7" would work and play well with other applications "standard HL7." That's also ignoring the poor scalability of HL7, and the difficulties in getting it to tie different aspects to the same encounter.

Now, some of that is addressed by the HL7 version 3, but you still have a lot of outstanding issues, and it's taken them several years to even get to that point.

The biggest problem is that "EMR" is a generic term. What an EMR means to a patient, to a clinician, to an administrator, or to an IT person are frequently not in agreement. Which is why there's a plethora of standards and frequently poorly-implemented software packages. What makes sense to the IT person can be a god-awful kludge to a clinician, what makes sense to a clinician doesn't make any sense to an administrator, and so on. Add in that there's no nationally or internationally recognized "standard" for an EMR framework, together with the number of standards for data messaging, and you end up with a nightmare.

Re:Not an IT disaster, but a political disaster.

What an EMR means to a patient, to a clinician, to an administrator, or to an IT person are frequently not in agreement.

I agree, I worked on one years ago that never took off. We thought we had the right idea, we had retained several doctors and did the use-case scenarios, prototyping, the whole nine yards. We then went around to hospitals and were immediately shot down because even though our doctors thought it was great and they could document even their hairiest cases in a few minutes, we hadn't thought to consult any lawyers (how are you going to deal with a malpractice suit?) any administrators (how do I see if someone isn't doing their job?) or most importantly any billing staff (how do we figure out what to bill?).

In the end, the doctors' salaries burnt through our cash (yay late 90s) and we folded up shop and went our own ways.

Re:Another tower of Babel?

[Fuzuli]

Well, doctors and patients using different languages, is a well known problem in this domain. That's why we have huge terminologies in almost every field. Please google for Snomed CT, UMLS, HL7 RIM and OpenEHR. In short, even if written information by the doctor is very valuable, it is not easy to use in multi lingual scenarios, and also it is a nightmare for semantic interoperability and therefore machine use.
The idea of electronic healthcare records based on these terminologies exits since people want to avoid the language problem. If you check out the mentioned standards and terminologies, you can see that they all aim to provide language independent medical data representation. Yes, an ICD code for a disease "still" has to be mapped to a set of spanish words, but in the end this is much easier than overcoming the nlp and translation problem.
In practice, your Dutch GP (by the way, 90% of Dutch GPs use computer supported information management) should use a solution that uses an electronic healhtcare record as a backend, or can export it. Instead of writing down headache, vomitting etc, he should check boxes in his own languages on a screen, and an EHR instance with codes from say Snomed CT, should be created, which would be much more interoperable for your Spanish pysician.
Believe me, a lot of people have been working on these issues, and even the smallest implementations have huge benefits. It's just that everyone likes to go for the ultimate project, the ultimate challange, which is far too complicated to achive for a single step.