Anger Over EU Medical Data-Sharing

ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"

Why not opt-in?

[cerberusss]

What I find ridiculously in this whole affair is that the most important question is never asked. Do you want to join and be entered in our system?. I've worked in a similar project where some twenty-ish GP offices were joined in one network, in the Netherlands. Were the patients ever asked? Noooo, the GP just signed a paper where he agreed for all his patients who could then opt out. But most of the time, they wouldn't know about it.

And there comes the whole point: these medical data-sharing networks are useless if there isn't enough data. So nobody (the IT supplier, the medical organizations) has any incentive to keep patient data from being shared.

Re:Why not opt-in?

[rucs_hack]

The patients in the system I designed (described in the reply to "a potential disaster?" above) were unable to give consent for such a system. Thus the responsibility was assigned to key workers who took the role of advocate for those individuals.

This is also the means that should be used for patients who may, at the time of need for such information, be unable to provide informed consent.

In the case of the general population of a given country, there is no way that everyone could give explicit consent in advance. Not many people know when they will become ill, so cannot be assumed as providing informed consent as individuals.

The solution therefore is for a body to be established whose responsibility it is to act as advocate in advance for these unknown individuals. Such a body would require strong ethical guidelines so as to assure the correct treatment of information. Not being in the medical field any more I am unaware if such bodies exist, though the need should be apparent to any government defining the requirement for such a system.

It should be noted that, by the laws in the UK and the US at least (unsure regarding other countries), informed consent regarding medical treatment is not required if no source of consent is available in those critical periods when consent is normally sought, although it is sought as a first resort should the time for retreival of consent exist.
A practitioner may retreive any and all medical information regarding an identified but unresponsive individual that is available, and make medical decisions on behalf of the unresponsive individual without such information should it not be available, or too late in arriving.

The issue then is the level of ease by which such information is available, since rapid delivery is more likely to ensure the corect medical response. In the medical world time is paramount, so information that may mean the difference between life and death, or even the allowing of the death of a patient in accordance to patient instruction as previously recorded, should ideally be available by some method which minimises he delay between request and delivery.

Re:a potential disaster?

[rucs_hack]

I designed a similer system for the NHS in oxfordshire, england, way back in the 1980's. Such was the lack of understanding about IT at the time that the project floundered and failed, in spite of the year I spent coding the darn thing.

Mine was not for general patients though, it was for people with learning disabilities, so their care needs could be available should they be hospitalised whilst on holiday or on some other excursion from home.

In my system, records were temporarily made available to the region that the client was visiting, but only able to be accessed if a nominated individual requested them. By therefore involving a human in the process I sought to reduce the chances of sensitive medical data being released to the wrong people. This was pre interweb, so the method of making available was arcane, but effective.

Sadly the project failed because of monumentally crap management. In that way at least the project was ahead of it's time....

Re:Advantages and disadvantages

[rm999]

Another advantage: a common standard will eliminate the need to fill out medical history every time you go to the doctor (or have the doctor get it himself). Besides being a huge time saver, it will reduce the chances of human error.

A friend of mine, a doctor, has claimed a standardized health history system that is easily retrievable would save him about 20-50% of the time he spends on a typical patient (depending on the type of patient). This would increase efficiency and reduce costs in the already over-priced health field.

Security is essential but, to the typical person, the benefits far out-way the off-chance that:
A. someone cares about your medical history
B. has some way of accessing it
C. is willing to risk the likely punishment for doing so

Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.