Anger Over EU Medical Data-Sharing

ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"

a potential disaster?

[Aranykai]

Yes, but only if it gets pushed out before its ready. Proper planning and recources could make the transistion easy. But, most likely the deadlines will be unrealisted, the funding will be inadaqate and it will cause issues. Go figure...

Re:a potential disaster?

[neuro.slug]

Proper planning and recources could make the transistion easy.

This is government we're talking about. You must be new here. And by "here", I mean the world in which we live.

Re:a potential disaster?

[rucs_hack]

I designed a similer system for the NHS in oxfordshire, england, way back in the 1980's. Such was the lack of understanding about IT at the time that the project floundered and failed, in spite of the year I spent coding the darn thing.

Mine was not for general patients though, it was for people with learning disabilities, so their care needs could be available should they be hospitalised whilst on holiday or on some other excursion from home.

In my system, records were temporarily made available to the region that the client was visiting, but only able to be accessed if a nominated individual requested them. By therefore involving a human in the process I sought to reduce the chances of sensitive medical data being released to the wrong people. This was pre interweb, so the method of making available was arcane, but effective.

Sadly the project failed because of monumentally crap management. In that way at least the project was ahead of it's time....

Advantages and disadvantages

[Z00L00K]

This may be used both to an advantage and a disadvantage. Unfortunately it is first necessary to create a common semantic directory like UMLS.

The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.

The disadvantage is that it may be used for privacy invasion. There are certainly other risks involved too not to forget the cost that may arise to unify all countries.

Anyway - one way to provide some patient security would be that identification of data and access control to personal data has to be restricted. A multi-level approach has to be in place for the best security. One way may be to use smartcard-equipped health-cards. The card will then hold the key to access of the data. Of course there has to be security measures involved too to handle lost cards etc.

Re:Advantages and disadvantages

[rm999]

Another advantage: a common standard will eliminate the need to fill out medical history every time you go to the doctor (or have the doctor get it himself). Besides being a huge time saver, it will reduce the chances of human error.

A friend of mine, a doctor, has claimed a standardized health history system that is easily retrievable would save him about 20-50% of the time he spends on a typical patient (depending on the type of patient). This would increase efficiency and reduce costs in the already over-priced health field.

Security is essential but, to the typical person, the benefits far out-way the off-chance that:
A. someone cares about your medical history
B. has some way of accessing it
C. is willing to risk the likely punishment for doing so

Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.

Re:Advantages and disadvantages

[Richard+W.M.+Jones]

The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.

If you have some disease or allergy that doctors should be aware of, you should wear a medical necklace. But of course such a simple low-tech solution won't pour billions into the IT contracting industry, the likes of EDS etc.

Rich

Re:Advantages and disadvantages

[MickDownUnder]

There are absolutely huge advantages.

Modern medical science is all about statistics. We should be collecting information about medical illness from people's medical histories in order to formulate new treatments and improve existing treatments. I actually think it would be a good thing for everyone's medical records to be available in some form for medical researchers, providing the records were anonymous and free of personal details.

A persons medical history is very important especially when dealing with chronic illnesses. Being able to track and graph medical results is a crucial means for a patient to analyse the effects of diet, treatments, therapies etc.

With a standardized system for keeping medical records, you could create computer systems that help doctors monitor their patients help and alert them to possible problems that should be checked upon.

The list goes on and on. Medical industry seem to have been one of the last to be evolved by the information revolution, but it's definitely one that is most in need of information systems.

Privacy issues are a concern, however, there is absolutely no question that a persons medical records should be in a standardized format and that this format should be open to enable the software development community to deliver the systems many people desperately need.

Re:Advantages and disadvantages

[Qzukk]

A. someone cares about your medical history
B. has some way of accessing it
C. is willing to risk the likely punishment for doing so

In other words, just about every employer out there who wants to see if the promising new candidate has any mental health issues or is likely to suddenly drop dead. They care, they have the money to get what they want, and what are you going to do, throw a company in jail?

Re:Advantages and disadvantages

[ScrewMaster]

This would increase efficiency and reduce costs in the already over-priced health field.

This might increase efficiency (yet to be proven) but if it does it will only increase profits in the already bloated health field. This is the medical industry we're talking about. When did you last know a medical operation to lower prices because their own costs went down?

Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.

Sure ... but so what. We are talking oodles and oodles of orders of magnitude difference here. The danger in storing hundreds of millions of medical records on a multi-national distributed database is that, when security is eventually compromised (and it will be, you know that, since this stuff is worth money), confidential data on millions of people will suddenly find itself on the open market. You're fooling yourself if you think otherwise, given that this happens to data concentrators in the financial sector with monotonous regularity (e.g. Choicepoint, among others.)

Few kinds of records are more important to us than our health histories: accuracy and confidentiality are crucial to their continued utility. The problem is that concentrated data stores are dangerous as Hell, if they contain highly-confidential or vital information. So far as accuracy is concerned, you only have to look at the major credit bureaus in the United States to see how badly that can go.

No doubt this will get rammed down our throats with laws that require records to be uploaded by our physicians, whether we want them to or not.

No thanks. I'd rather my doctor walk over to a filing cabinet and pull my history. Much safer that way.

alternative

[Markspark]

From my point of view, carrying a patientcard, with some kind of memory chip, that carries your journals seem to be the best solution in many of the questions that can be raised on this topic.

Re:alternative

[Da+Fokka]

In the Netherlands, about 60000 hospital admissions can be attributed to avoidable problems with medication (e.g. taking penicilin whilst being allergic to it). The information is there, it's just not accessible. Yes, this is a serieus problem and IT can make a difference. In different countries there are different approaches:
  - In the UK, all medical information will be put into one huge central database ('the Spine'). All pharmacists, phycisians and GPs can choose between about 4 programs, all government mandated. The project is suffering from huge delays, widespread criticism and is already considered a failure.
  - In Germany, all medical information will also be stored in a central database. Everyone will get a smartcard which will be needed to access this information. This will ensure patient control over their information.
  - In the Netherlands, the main idea is that the care provider will retain control over the patient data. A central directory will know the whereabouts of this information and serve as an information broker between Healthcare Information Systems. Eventually, all software will have to support certain interaction with this central directory. The interactions will be based on HL7v3, an international standard.

Since I am involved in implementing the dutch system, that's the one I know most about. I believe it's a good idea and a good compromise between availability of data and privacy. That being said, the system (called AORTA) does have some issues which will need to be resolved before widespreak adoption can take place.

Why not opt-in?

[cerberusss]

What I find ridiculously in this whole affair is that the most important question is never asked. Do you want to join and be entered in our system?. I've worked in a similar project where some twenty-ish GP offices were joined in one network, in the Netherlands. Were the patients ever asked? Noooo, the GP just signed a paper where he agreed for all his patients who could then opt out. But most of the time, they wouldn't know about it.

And there comes the whole point: these medical data-sharing networks are useless if there isn't enough data. So nobody (the IT supplier, the medical organizations) has any incentive to keep patient data from being shared.

Re:Why not opt-in?

[rucs_hack]

The patients in the system I designed (described in the reply to "a potential disaster?" above) were unable to give consent for such a system. Thus the responsibility was assigned to key workers who took the role of advocate for those individuals.

This is also the means that should be used for patients who may, at the time of need for such information, be unable to provide informed consent.

In the case of the general population of a given country, there is no way that everyone could give explicit consent in advance. Not many people know when they will become ill, so cannot be assumed as providing informed consent as individuals.

The solution therefore is for a body to be established whose responsibility it is to act as advocate in advance for these unknown individuals. Such a body would require strong ethical guidelines so as to assure the correct treatment of information. Not being in the medical field any more I am unaware if such bodies exist, though the need should be apparent to any government defining the requirement for such a system.

It should be noted that, by the laws in the UK and the US at least (unsure regarding other countries), informed consent regarding medical treatment is not required if no source of consent is available in those critical periods when consent is normally sought, although it is sought as a first resort should the time for retreival of consent exist.
A practitioner may retreive any and all medical information regarding an identified but unresponsive individual that is available, and make medical decisions on behalf of the unresponsive individual without such information should it not be available, or too late in arriving.

The issue then is the level of ease by which such information is available, since rapid delivery is more likely to ensure the corect medical response. In the medical world time is paramount, so information that may mean the difference between life and death, or even the allowing of the death of a patient in accordance to patient instruction as previously recorded, should ideally be available by some method which minimises he delay between request and delivery.

Not an IT disaster, but a political disaster.

[Sub+Zero+992]

Its always the IT guys who get blamed for cock-ups on a colossal scale. Occasionally, yes, bad decisions are made or poor execution is to blame. But at the supra-national level, the big mistakes are political ones.

Only governments can waste billions of Euros trying to achieve some kind of "Harmony" across political, linguistic, cultural and privacy borders. This usually fails miserably. The only success governments have at cross-border enterprises is in killing their citizens in wars.

A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years. Then a common data-medium (chip cards, whatever) could be issued to those citizens who desire one. Everything else need not be regulated, everything else should be firmly in the control of the people.

Re:Not an IT disaster, but a political disaster.

[cerberusss]

A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years.

This already exists for many, many years. It's called HL7.

Re:Not an IT disaster, but a political disaster.

[NorbrookC]

HL7? You should put a spew alert on that! When I worked in healthcare IT, the biggest joke we heard from our software vendors was "Yes, we do standard HL7 feeds". Which was always a clue that we were going to be doing extensive tinkering to get the middleware working to ensure that their "standard HL7" would work and play well with other applications "standard HL7." That's also ignoring the poor scalability of HL7, and the difficulties in getting it to tie different aspects to the same encounter.

Now, some of that is addressed by the HL7 version 3, but you still have a lot of outstanding issues, and it's taken them several years to even get to that point.

The biggest problem is that "EMR" is a generic term. What an EMR means to a patient, to a clinician, to an administrator, or to an IT person are frequently not in agreement. Which is why there's a plethora of standards and frequently poorly-implemented software packages. What makes sense to the IT person can be a god-awful kludge to a clinician, what makes sense to a clinician doesn't make any sense to an administrator, and so on. Add in that there's no nationally or internationally recognized "standard" for an EMR framework, together with the number of standards for data messaging, and you end up with a nightmare.

Re:Not an IT disaster, but a political disaster.

What an EMR means to a patient, to a clinician, to an administrator, or to an IT person are frequently not in agreement.

I agree, I worked on one years ago that never took off. We thought we had the right idea, we had retained several doctors and did the use-case scenarios, prototyping, the whole nine yards. We then went around to hospitals and were immediately shot down because even though our doctors thought it was great and they could document even their hairiest cases in a few minutes, we hadn't thought to consult any lawyers (how are you going to deal with a malpractice suit?) any administrators (how do I see if someone isn't doing their job?) or most importantly any billing staff (how do we figure out what to bill?).

In the end, the doctors' salaries burnt through our cash (yay late 90s) and we folded up shop and went our own ways.

Opting out

[blowdart]

For those of you/us in the UK there is the ability to opt-out of the central NHS records system currently being developed. This is probably a good thing if you don't want civil servants to have the ability to look at your medical records or if you don't want a 3rd party, private, company to process them (as happens now). Simply fill in the form on the site and it will generate a letter for you to post to your GP.

Equal measures of paranoia and well-placed concern

[DZR]

As a UK resident, I'm sadly all too aware of the NHS's woeful record when it comes to IT. So I understand why people are concerned that this will end up in a cock-up to end all cock-ups. But I also detect a sense of general resistance to the idea per se which I really don't get. As someone who lives in Europe and travels a lot it seems transparently obvious to me that a doctor in Spain (for example) having instant access to my medical records should I fall ill and need his help would be a good thing. I don't get the whole "this is big brother" attitude about this at all.

lethal combinations

[wikinerd]

IT combined with bureaucracy, be it in government or corporations, is a recipe for disaster. IT is about information, and information wants to be free, and we all know that information can't flow in bureaucracies.

Giving out contracts

[denoir]

The biggest problem in my experience is not in the theoretical vulnerabilities of the technology but the fact that the decision makers that hand out the contracts do not have the technological know-how to give the contract to the 'right' company.

As a case in point, a few years ago in Sweden they harmonized the medical IT systems in the whole country. The politicians in charge awarded the contract to a company that offered a relatively cheap solution and that had a great marketing department. Unfortunately, they were incapable of delivering an adequate system. The huge amount of work and complete lack of proper requirement specifications led to a buggy and deeply flawed system. A quite common case is where a physician asks for the record of one patient and gets the record of somebody else. The user interface was also horrific - to register a new patient something of the order of magnitude of 100 clicks is required.

Once the problems became apparent, it was too late to do anything about it as the budget for the whole thing was already used up. Now, it is easy to blame the developer of the system - and to a large degree it is their fault - but the first cause of the problem were politicians who had no clue about neither IT nor medicine.

Re:Equal measures of paranoia and well-placed conc

[teh+kurisu]

It seems to be the larger projects that are more likely to fail. You're probably not aware of this due to our Anglo-centric media, but Scotland already has a national patient database up and running and has not had the problems that the NHS has faced south of the border. I suspect that this is largely due to the fact that it was run as a centralised project with a few partners, whereas in England there are a lot more patients and NHS trusts to deal with.

(I'm sure a lot of Scots are unaware that the system is successfully in place here... too often news that is not nationally relevant makes its way onto the national news, and shapes opinions in a way that undermines some of the good work that's being done. </rant>)

Scaling things up to a European level is going to be a nightmare, but I agree that it should be done. The whole idea of the EU is freedom of movement, and I don't want to feel less safe when I cross borders.

Re:Yes.

[ScrewMaster]

These data are already insecured, I see this initiative as a step in the right direction.

Not when viewed with the proper perspective. The problem with massive network-aware projects is that they make data widely available even when it doesn't need to be. The records your doctor maintains are accessible only to a few individuals, and then only on a physical basis: an effective means of security through obscurity. If someone else needs to see them, he can fax or mail them. However, once said records are replicated across thousands of servers on a multinational basis I don't how you can possibly consider it "secure" anymore. There's also the issue of keeping those records accurate and up to date, which is arguably even more important.

Even if these people used military-grade security (and they won't!), hired the best possible people to manage it (and they won't), once those records are online they will be effectively made public once that security is breached. And it will be. Either legally by insurance companies and/or employers wanting to know employee medical histories (even if said employees moved to another country) or by other even less-savory types. This is a bad idea, and like most government ideas creates a massive new problem in order to "solve" a much smaller problem. Then, of course the new problem requires solving, at even greater expense. It never ends.

There are plenty of other ways to spend tax dollars employing people other than posting extremely confidential information online, because that's what this amounts to doing. I have the same issues with what the U.S. and European governments are doing with antiterrorism measures involving massive amounts of data sharing with multiple law-enforcement agencies. It's very dangerous to spread that kind of data all over the place, because not all those who end up with it will use it in ways to our liking.

If you trust your government not to screw this up then by all means encourage them. Personally, I don't believe that my government can be trusted to keep my secrets. It's not their job now, and it shouldn't ever be.

Why people care about "big brother" healthcare

[Anonymous+Brave+Guy]

I don't get the whole "this is big brother" attitude about this at all.

Fair enough, but I suspect your position would be different if all your friends had found out something rather personal about you because the system leaked.

Perhaps medical issues shouldn't be regarded as embarrassing, but the fact is, for many people in today's society, they prefer not to share their ailments publicly. After all, if I told you I was HIV+, would your first reaction be "he's gay", "he sleeps around and has unsafe sex", "he's a drug abuser"? Or would it be "maybe he caught his arm on a used needle while giving life-saving first aid to a drug user"? Consider what most people's reactions might be, and the effect of the more common explanations on someone's reputation, and that'll explain why people keep things a secret. (For the avoidance of doubt, this is a hypothetical example.)

It's already a big system, which relies on the integrity of doctors and other health workers not to leak information. Generally, perhaps by their nature, this group are amongst the most ethically aware people in our society. But the bigger you make the system, the more scope there is for leaks. In cases like this, where privacy is clearly important, we should always question the need to pass data around more widely.

Fortunately for us, this will never fly in the UK. The medical profession has made is abundantly clear to government that it will not support even a UK-wide database on the suggested terms, with a high proportion of GPs stating that they would openly refuse to participate.

Privacy already gone

[WoodstockJeff]

We gave up the idea of private medical records when we accepted the idea of others paying for our health care.

In ancient times, when we took care of ourselves, no one knew our medical history.

Then we asked others to take care of us, and they wrote things down to keep track of what they'd done to/for you, and "medical records" were born. But only the "doctor" needed them, so they were still relatively private. Plus, few people cared.

"Clinics" and "hospitals" meant that more people were giving you health care, so they got access to your records, but still, few people really wanted them, anyway.

Then, the "insurance company" was born. Insurance companies insisted upon records to prove you weren't trying to defraud them. When they got into the business of paying the doctors ("health insurance"), they wanted those records, too. And people started to get concerned, but not that many.

Then people decided that the government should replace insurance companies, to "make it fair", but governments like records even more than insurance companies, so they wanted the medical records, too.

Now that "the government" is becoming "most of Europe" is not the time to decide that you object to the government having your health records.

Just don't attempt to solve it all

[Fuzuli]

And you'll be successful. Really, the problem with these kind of national health information system projects (NHS being the most famous one) it that everybody loves giant projects. Giant in the sense of both scope and functional and technical complexity. The governments want to come up with a total change in healthcare which can be seen by everyone. The vendors are much more happy about this, since the bigger the project, the larger the profit from products, and especially consultancy.
The problem is healthcare is very, very complex. I have been in software industry for over 10 years now, and I have spent the last 6 in healthcare. It is a beast that no one has ever tamed. Doctors, nurses the overall process in many levels of healthcare service makes the whole thing a nightmare. And trying to plan and implement a solution for the whole thing in the national scale is very risky. We have over 30 hospitals running on our hospital information sytem in my company, and each one of these hospitals have very different needs. You may imagine that the basic requirements for medical systems will be common, but it is not. Add financial aspects to this, and everyting becomes such a mess.
Now talk to anyone in healthcare IT, and they'll tell you that you can't provide the potential benefits without standards. HL7 has been the most common messaging standard in healhtcare, but it is a huge beast with its own problems. You need electronic healthcare records if you want to provide, patient safety, decision support, accurate reporting etc.
Now sharing these is important for the patient and the doctor, but moreover, aggregating that data is important for the government. EU countries spend and average of 8% of their gnp on health, and for policy makers, data is necessary.
To overcome this complexity, governments should come up with incremental projects, each dealing with one important aspect at a time. FIRST: deal with electronic patient records based on standards. Use CDA, openEHR, CEN 13606, whatever. But first do this. Then when you have the ability to produce data in a standardized format in your healthcare institutions, work on messaging among them. The thing that no one seems to get is; each of the founding technologies of e-health has its own complexities and problems, and it becomes impossible to deal with them when you aim for super-high goals.
Just keep it simple, and you'll see that even the simple will be hard enough. Australia seems to be doing good in their national e-health strategy, and Finland is also successful. Before going for the whole EU, national systems should be built and tested.
No matter what the people in the industry say, governments always fail to grasp the complexity of these things.

HL7 isn't really that; OSHCA meeting May 2007

[midgley]

HL7 as is said nearby is not really for that, it is for passing laboriously specified messages about specific things, most usefully laboratory results. It also has rather a lot of exceptions, and a model of licensing and publishing which I personally think adds a great deal to its difficulties in becoming a spreading general standard.

OpenEHR produces the archetypes, a way of describing anything required for medicine and healthcare, and of providing inheritance and subclassing. This project which is hopeful-looking and based in Australia nowadays seems like a good approach to describing the information in ways that make it movable and computable.

I tend to favour a model where medical notes stay where they were made, and other nodes on the network ask questions about them, thus disclosing what information they are accessing, outside their own organisation. I also suspect that FLOSS (Free (Libre) or Open Source Software) implementation is a necessary but not of itself sufficient condition for any medium-scale success.

OSHCA, the Open Source Healthcare Alliance, meets in Kuala Lumpur in May this year, 8th to 11th. Several projects, and some consideration of how to get "there" from here will be reporting and discussed. The programme will be developed on http://www.oshca.org/ but give us time please, although the organisation's first meeting was 2000 we have had a fallow period and are getting back under way.

(I'm a member of the organising ctee for the meeting.

Another tower of Babel?

[tgv]

How in the hell is a Spanish physician going to understand my Dutch GP's notes? And such a system has so little potential use and so many ways of ending up on http://www.dailywtf.com/, that the mind boggles at the thought of hundreds of millions of being wasted on another prestigious EU project.

This is just a wild guess, but it smells very French to me.

Re:Another tower of Babel?

[Fuzuli]

Well, doctors and patients using different languages, is a well known problem in this domain. That's why we have huge terminologies in almost every field. Please google for Snomed CT, UMLS, HL7 RIM and OpenEHR. In short, even if written information by the doctor is very valuable, it is not easy to use in multi lingual scenarios, and also it is a nightmare for semantic interoperability and therefore machine use.
The idea of electronic healthcare records based on these terminologies exits since people want to avoid the language problem. If you check out the mentioned standards and terminologies, you can see that they all aim to provide language independent medical data representation. Yes, an ICD code for a disease "still" has to be mapped to a set of spanish words, but in the end this is much easier than overcoming the nlp and translation problem.
In practice, your Dutch GP (by the way, 90% of Dutch GPs use computer supported information management) should use a solution that uses an electronic healhtcare record as a backend, or can export it. Instead of writing down headache, vomitting etc, he should check boxes in his own languages on a screen, and an EHR instance with codes from say Snomed CT, should be created, which would be much more interoperable for your Spanish pysician.
Believe me, a lot of people have been working on these issues, and even the smallest implementations have huge benefits. It's just that everyone likes to go for the ultimate project, the ultimate challange, which is far too complicated to achive for a single step.

Liability

[XNormal]

Ever wondered why so much medical information is still in paper form or in small, local proprietary databases? After all, we have had the technology to automate it and improve efficiency for about two decades now. I know a big supplier of medical software and they have learned to concentrate only on certain administrative aspects or things like lab tests - never on true integration of actual medical data. These project tends to mysteriously fail. Well, there's nothing mysterious about big software projects failing, right? But why is it that it's always the same kind of projects that fail?

It turns out that the medical staff doesn't really want them. Sometimes they even actively sabotage them. They are already exposed to far too many liability lawsuits. Having all that data online will make it a much easier target for court orders or even automated mining.