The outsourcing of medical record transcription and storage has the potential to violate patient-physician confidentiality by possibly allowing unaccountable persons access to patient data.
- A woman goes to the doctor …
- Ownership of medical records
- Electronic medical record myths
- Connecting dots
- Integration with other systems
- Cross border legitimacy
- Data breaches
A woman goes to the doctor …
… and doctors start keeping records. Medical practitioners seem to have begun keeping written records early in written history:
- The most rudimentary were lists of the names of clients and their payments for treatments or prescriptions. These are account books.
- Narratives of cures — what we might think of as case histories — were recorded in ancient Greek medical works and the practice was revived in the fourteenth and fifteenth centuries. Some of these recorded advice to patients about diet and recipes, others were framed as testimonials of successful or remarkable cures, autopsies or lessons for surgeons.
- Fuelled by a growing interest amongst scholars in focusing on natural particulars and using observation to obtain knowledge of the natural world, medical practitioners began publishing collections of cases that they called ‘observations’.
Like other medical records, whether account books or full case histories, they were designed to collect information. All of these records document a process that involved conversation, observation, judgment, and the collection of this material in a written form.[linkview show_cat_name=”0″ cat_name=”History of medical record-keeping”]
Ownership of medical records
Ownership and keeping of patient’s records varies from country to country.
In some countries, like the US for example, the data contained within the medical record belongs to the patient, but the physical form the data takes belongs to the entity responsible for maintaining the record, per the Health Insurance Portability and Accountability Act of 1996. That latter phrasing is important as it could mean that when medical data is kept in a database by some company, that company maintains the records, and they could be considered owners of that physical form of your data.
In most European countries the data has already been arrogated and appropriated and belongs to the state. For example in the UK, the ownership of the NHS’s medical records has generally been described as belonging to the Secretary of State for Health. The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law. On 25 January 2012, the European Commission unveiled a draft European General Data Protection Regulation that will supersede the Data Protection Directive.
Feel the clouds gathering …
+++ Pilots closed, contact your National Contact Point for more information +++
You may have never heard of epSOS, we surely hadn’t, but the formal documented decision process to create an interoperable Electronic Health records (EHR) system goes back as far as 2003. EpSOS is being sold to the public as a wonderful structure for all Europeans travelling in need of medical care abroad. By logging on to a portal a doctor on your holiday in Greece can enter your unique identifying code (EU wide code implemented by the EC used for all EU communication). This will trigger the system to collect data from all hooked up medical systems and dump it into a document as a summary or as a document containing your data.[linkview show_cat_name=”0″ cat_name=”epSoS”]
Electronic medical record myths
Supposedly the quality of healthcare improves when medical workers have access to patient’s medical records. We’ve been searching for weeks in 2012, and now in 2015 again, and haven’t been able to come up with one methodologically sound piece of research that proves beneficial health of epSOS. It’s based on some sort of logic thought or gut feeling. It may well be that expected benefits are outweighed by three other major effects, namely standardization effects, tunnel vision and self censorship.[linkview show_cat_name=”0″ cat_name=”Electronic medical record myths”]
- If you visit a shrink, a social care worker, and your MD, one can extract all that info through the EpSOS infrastructure. Needless to say it will be easy to integrate with bank records and then they’ll have it all by entering 1 code.
- All input can be marked ‘not to be seen by patient’. Objection to our objections will likely be that only what the law allows will be clicked, and that multiple countries with different laws must be “served”, but that is a far cry from being a valid justification of withholding patient information from same patient.
- File inspection is also, it seems, just a pilot exercise. Just look under patient data status.
By far the largest patient groups that could possibly benefit from interoperable EHR’s are the chronically ill and the elderly. These groups however travel the least. This scheme will be based on textual data, and will not be organised around patient clinical issues. Patients do not benefit, not really. Then who does?
Why would the EU and all the corporations involved spend a huge amount of money on an interoperable infrastructure that won’t be used all that often?
To answer that question we had to do some serious digging since the system is being sold as this fantastic infrastructure benefiting EU citizens. What we found is data mining, integration with other systems for predictive medicine and surveillance, usage of the data for clinical research purposes and risk modeling.
Apparently one of the major reasons for rigorous standardisation as stated in page 4 of the EC SemanticHEALTH Report of January 2009, is to … Ensure the necessary data quality and consistency to enable rigorous secondary uses of longitudinal and heterogeneous data: public health, research, health service management …
In eHealth for Safety Impact of ICT on Patient Safety and Risk Management (pdf) some digging can be done into all the benefits which could mount from all sorts of data mining and risk management activities, plus … eHealth, the beneficial application of ICT-based systems and solutions, has been identified as potentially the key enabler to fundamentally improve patient safety in clinical contexts. This is why the European Commission launched the eHealth for Safety study at the beginning of 2006 …
Tenderers for the study were Symbion with partner empirica Communication & Technology Research from Bonn, Germany. The first no longer exists, but the other led us to an eHealth for Safety list of relevant organisations, eleven of which have “Safety” (with a capital S) in their name.
Integration with other systems
A first example of an EU wide project which marks the end of medical data confidentiality is the “Active and healthy aging project”. All old people’s relevant medical, social, environmental, cultural and economical data will be used in order to save costs, prolong their lives and boost industry profits. The plan uses offensive terminology about our elderly like ‘from burden to asset’. It also strips them from their patient’s rights by using a loophole from article 14 of the EU directive on patient’s rights cross border.
For example, it took the Dutch police less than 24 hours after introduction of the public transportation chip to demand the personal data of all travelers on a certain tram to catch a suspect of a crime and the Danish were forced to give the US access to their DNA database. The US?!?
Cross border legitimacy
American companies are involved in building the infrastructure and software which puts them under the Patriot Act. This means effectively that companies who get served with a gag order aren’t even allowed to inform the European union if data has been requested or seized.
The Patriot Act, enacted in 2001 as a response to the events of September 11, 2001, expanded the power of US law enforcement officials to obtain personal information records stored within the US. It permits law enforcement officials, for the purpose of an anti-terrorism investigation, to seek a court order that allows access to the personal records of any person without that person’s knowledge, as long as the relevant records are stored in the US.
While the data contained in an EHR may be collected in a country in Europe, the seamless movement of information across borders facilitates the disclosure of such information outside of the country the data was gathered in. Meanwhile EHR data may be transferred of its jurisdiction for processing, for long term storage, ancillary to a commercial transaction involving health services, or for patient treatment outside of the jurisdiction. The laws of the country to which the information has been transferred will apply. Some of the data may be in information banks located in the US.
Will your medical data be secure from unauthorized access and hacking? Is your data Safe, with a capital S?
Major threats to health care information can be categorized under three headings:
- Human threats, such as employees or hackers.
- Natural and environmental threats, such as earthquakes, hurricanes and fires.
- Technology failures, such as a system crashing.
So, no it is not. Even though entering the system by medical workers who have no business accessing your files leaves a digital trace, you can’t block it upfront. You are not needed to access your data. Having a hold of your E-identification code will do.
As for hacking, surely the system will be better secured than the average doctor’s computer files, but on the other hand the enormous scale of the possible loot will attract the best hacking criminals in the world. More code, more vulnerabilities. Medical files are even stolen for ransom money. Medical and healthcare providers have experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006-2012.
Oh, and let’s not have servers near fracking sites. And then there is the accelerating risks of climate change. Insurance companies are having a field day![linkview show_cat_name=”0″ cat_name=”Medical data breaches”]
A woman goes to the doctor … what a joke!