Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anger Over EU Medical Data-Sharing

Posted by Zonk on from the keep-it-secret-keep-it-safe dept.

ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"

10 of 85 comments (clear)

  1. Advantages and disadvantages by Z00L00K · · Score: 4, Insightful
    This may be used both to an advantage and a disadvantage. Unfortunately it is first necessary to create a common semantic directory like UMLS.

    The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.

    The disadvantage is that it may be used for privacy invasion. There are certainly other risks involved too not to forget the cost that may arise to unify all countries.

    Anyway - one way to provide some patient security would be that identification of data and access control to personal data has to be restricted. A multi-level approach has to be in place for the best security. One way may be to use smartcard-equipped health-cards. The card will then hold the key to access of the data. Of course there has to be security measures involved too to handle lost cards etc.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Advantages and disadvantages by rm999 · · Score: 5, Interesting

      Another advantage: a common standard will eliminate the need to fill out medical history every time you go to the doctor (or have the doctor get it himself). Besides being a huge time saver, it will reduce the chances of human error.

      A friend of mine, a doctor, has claimed a standardized health history system that is easily retrievable would save him about 20-50% of the time he spends on a typical patient (depending on the type of patient). This would increase efficiency and reduce costs in the already over-priced health field.

      Security is essential but, to the typical person, the benefits far out-way the off-chance that:
      A. someone cares about your medical history
      B. has some way of accessing it
      C. is willing to risk the likely punishment for doing so

      Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.

  2. Why not opt-in? by cerberusss · · Score: 3, Interesting

    What I find ridiculously in this whole affair is that the most important question is never asked. Do you want to join and be entered in our system?. I've worked in a similar project where some twenty-ish GP offices were joined in one network, in the Netherlands. Were the patients ever asked? Noooo, the GP just signed a paper where he agreed for all his patients who could then opt out. But most of the time, they wouldn't know about it.

    And there comes the whole point: these medical data-sharing networks are useless if there isn't enough data. So nobody (the IT supplier, the medical organizations) has any incentive to keep patient data from being shared.

    --
    8 of 13 people found this answer helpful. Did you?
    1. Re:Why not opt-in? by rucs_hack · · Score: 3, Interesting

      The patients in the system I designed (described in the reply to "a potential disaster?" above) were unable to give consent for such a system. Thus the responsibility was assigned to key workers who took the role of advocate for those individuals.

      This is also the means that should be used for patients who may, at the time of need for such information, be unable to provide informed consent.

      In the case of the general population of a given country, there is no way that everyone could give explicit consent in advance. Not many people know when they will become ill, so cannot be assumed as providing informed consent as individuals.

      The solution therefore is for a body to be established whose responsibility it is to act as advocate in advance for these unknown individuals. Such a body would require strong ethical guidelines so as to assure the correct treatment of information. Not being in the medical field any more I am unaware if such bodies exist, though the need should be apparent to any government defining the requirement for such a system.

      It should be noted that, by the laws in the UK and the US at least (unsure regarding other countries), informed consent regarding medical treatment is not required if no source of consent is available in those critical periods when consent is normally sought, although it is sought as a first resort should the time for retreival of consent exist.
      A practitioner may retreive any and all medical information regarding an identified but unresponsive individual that is available, and make medical decisions on behalf of the unresponsive individual without such information should it not be available, or too late in arriving.

      The issue then is the level of ease by which such information is available, since rapid delivery is more likely to ensure the corect medical response. In the medical world time is paramount, so information that may mean the difference between life and death, or even the allowing of the death of a patient in accordance to patient instruction as previously recorded, should ideally be available by some method which minimises he delay between request and delivery.

  3. Re:a potential disaster? by neuro.slug · · Score: 4, Funny

    Proper planning and recources could make the transistion easy.

    This is government we're talking about. You must be new here. And by "here", I mean the world in which we live.

  4. Not an IT disaster, but a political disaster. by Sub+Zero+992 · · Score: 4, Insightful

    Its always the IT guys who get blamed for cock-ups on a colossal scale. Occasionally, yes, bad decisions are made or poor execution is to blame. But at the supra-national level, the big mistakes are political ones.

    Only governments can waste billions of Euros trying to achieve some kind of "Harmony" across political, linguistic, cultural and privacy borders. This usually fails miserably. The only success governments have at cross-border enterprises is in killing their citizens in wars.

    A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years. Then a common data-medium (chip cards, whatever) could be issued to those citizens who desire one. Everything else need not be regulated, everything else should be firmly in the control of the people.

    --
    They who would give up an essential liberty for temporary security, deserve neither liberty or security - Ben Franklin
    1. Re:Not an IT disaster, but a political disaster. by cerberusss · · Score: 3, Informative

      A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years.
      This already exists for many, many years. It's called HL7.
      --
      8 of 13 people found this answer helpful. Did you?
  5. Re:a potential disaster? by rucs_hack · · Score: 4, Interesting

    I designed a similer system for the NHS in oxfordshire, england, way back in the 1980's. Such was the lack of understanding about IT at the time that the project floundered and failed, in spite of the year I spent coding the darn thing.

    Mine was not for general patients though, it was for people with learning disabilities, so their care needs could be available should they be hospitalised whilst on holiday or on some other excursion from home.

    In my system, records were temporarily made available to the region that the client was visiting, but only able to be accessed if a nominated individual requested them. By therefore involving a human in the process I sought to reduce the chances of sensitive medical data being released to the wrong people. This was pre interweb, so the method of making available was arcane, but effective.

    Sadly the project failed because of monumentally crap management. In that way at least the project was ahead of it's time....

  6. Giving out contracts by denoir · · Score: 3, Insightful
    The biggest problem in my experience is not in the theoretical vulnerabilities of the technology but the fact that the decision makers that hand out the contracts do not have the technological know-how to give the contract to the 'right' company.

    As a case in point, a few years ago in Sweden they harmonized the medical IT systems in the whole country. The politicians in charge awarded the contract to a company that offered a relatively cheap solution and that had a great marketing department. Unfortunately, they were incapable of delivering an adequate system. The huge amount of work and complete lack of proper requirement specifications led to a buggy and deeply flawed system. A quite common case is where a physician asks for the record of one patient and gets the record of somebody else. The user interface was also horrific - to register a new patient something of the order of magnitude of 100 clicks is required.

    Once the problems became apparent, it was too late to do anything about it as the budget for the whole thing was already used up. Now, it is easy to blame the developer of the system - and to a large degree it is their fault - but the first cause of the problem were politicians who had no clue about neither IT nor medicine.

  7. Re:alternative by Da+Fokka · · Score: 3, Informative

    In the Netherlands, about 60000 hospital admissions can be attributed to avoidable problems with medication (e.g. taking penicilin whilst being allergic to it). The information is there, it's just not accessible. Yes, this is a serieus problem and IT can make a difference. In different countries there are different approaches:
      - In the UK, all medical information will be put into one huge central database ('the Spine'). All pharmacists, phycisians and GPs can choose between about 4 programs, all government mandated. The project is suffering from huge delays, widespread criticism and is already considered a failure.
      - In Germany, all medical information will also be stored in a central database. Everyone will get a smartcard which will be needed to access this information. This will ensure patient control over their information.
      - In the Netherlands, the main idea is that the care provider will retain control over the patient data. A central directory will know the whereabouts of this information and serve as an information broker between Healthcare Information Systems. Eventually, all software will have to support certain interaction with this central directory. The interactions will be based on HL7v3, an international standard.

    Since I am involved in implementing the dutch system, that's the one I know most about. I believe it's a good idea and a good compromise between availability of data and privacy. That being said, the system (called AORTA) does have some issues which will need to be resolved before widespreak adoption can take place.