Anger Over EU Medical Data-Sharing 85
ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?"
Yes. (Score:1)
Re: (Score:1)
waste of money ? certainly not
Right now, hundreds if not thousands of institutions have medical records containing private informations. Making each of these system secure individually is the real waste of money and resources. Given the technological background of the average doctor, I consider that the first one to scam him will be able to get to my infos. These data are already insecured, I see this initiative as a step in the right direction.
Re: (Score:3, Insightful)
Not when viewed with the proper perspective. The problem with massive network-aware projects is that they make data widely available even when it doesn't need to be. The records your doctor maintains are accessible only to a few individuals, and then only on a physical basis: an effective means of security through obscurity. If someone else needs to see them, he can fax or mail them. However, once said records are re
Re: (Score:2)
That statemeent made me think of medical records being hosted on Usenet. They'll probably call it 'mednet' and use a similar push/pull system, and be just as secure.
Re: (Score:1)
a potential disaster? (Score:2, Insightful)
Re:a potential disaster? (Score:5, Funny)
This is government we're talking about. You must be new here. And by "here", I mean the world in which we live.
Re:a potential disaster? (Score:5, Interesting)
Mine was not for general patients though, it was for people with learning disabilities, so their care needs could be available should they be hospitalised whilst on holiday or on some other excursion from home.
In my system, records were temporarily made available to the region that the client was visiting, but only able to be accessed if a nominated individual requested them. By therefore involving a human in the process I sought to reduce the chances of sensitive medical data being released to the wrong people. This was pre interweb, so the method of making available was arcane, but effective.
Sadly the project failed because of monumentally crap management. In that way at least the project was ahead of it's time....
Re: (Score:1)
It rather sounds like you are blaming others for what was likely partly your fault.
Re: (Score:2)
As I got close to finishing management saw the amount of money that could be made by going commercial with the system, but instead of talking to me about it, they took the software and tried to get a deal with a software company to further develop it, leaving me out of the loop.
Since I was the designer of the system, and had the required domain knowledge, I was possibly a good choice to lead or at least take part in the
Re: (Score:1)
Additionally, there is the Data Protection Act 1998, which is quite clear on what can and cannot be done with personal data.
if you really want to annoy the gov, subject access request yr personal data
instead of sulking in the corner with yr [cute little] teddy bear, get up and do something!
its fun and l
Re: (Score:1)
Data protection Act http://en.wikipedia.org/wiki/Data_Protection_Act [wikipedia.org]
Subject access Request http://www.ico.gov.uk/upload/documents/library/dat a_protection/practical_application/subject_access_ -_guide_for_data_subjects.pdf [ico.gov.uk]
Advantages and disadvantages (Score:5, Insightful)
The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.
The disadvantage is that it may be used for privacy invasion. There are certainly other risks involved too not to forget the cost that may arise to unify all countries.
Anyway - one way to provide some patient security would be that identification of data and access control to personal data has to be restricted. A multi-level approach has to be in place for the best security. One way may be to use smartcard-equipped health-cards. The card will then hold the key to access of the data. Of course there has to be security measures involved too to handle lost cards etc.
Re: (Score:1)
http://www.medicalert.org/Main/AboutUs.aspx [medicalert.org]
KFG
Re: (Score:1)
Medicalert can deal with avoiding medical hazards, but it doesn't deal with the "get the correct medication" part. I've been unable to get my hay fever prescription when in a different part of the UK, and unable to get my gout medication when abroad for an extended period. If I had any confidence that the government(s) would get this right then I would welcome it enthusiastically: it is very much needed.
Unfortunately that's a big "if".
Re: (Score:1)
Unfortunately that's a big "if".
No it isn't, they will fuck it up, but at least at great expense, so you'll have that going for you. And enjoy the roundup of hayfever sufferers.
KFG
Re:Advantages and disadvantages (Score:5, Interesting)
A friend of mine, a doctor, has claimed a standardized health history system that is easily retrievable would save him about 20-50% of the time he spends on a typical patient (depending on the type of patient). This would increase efficiency and reduce costs in the already over-priced health field.
Security is essential but, to the typical person, the benefits far out-way the off-chance that:
A. someone cares about your medical history
B. has some way of accessing it
C. is willing to risk the likely punishment for doing so
Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.
Re: (Score:3, Interesting)
Modern medical science is all about statistics. We should be collecting information about medical illness from people's medical histories in order to formulate new treatments and improve existing treatments. I actually think it would be a good thing for everyone's medical records to be available in some form for medical researchers, providing the records were anonymous and free of personal details.
A persons medical history is very important especially when dealing with
Re: (Score:3, Insightful)
B. has some way of accessing it
C. is willing to risk the likely punishment for doing so
In other words, just about every employer out there who wants to see if the promising new candidate has any mental health issues or is likely to suddenly drop dead. They care, they have the money to get what they want, and what are you going to do, throw a company in jail?
Re: (Score:3, Insightful)
This might increase efficiency (yet to be proven) but if it does it will only increase profits in the already bloated health field. This is the medical industry we're talking about. When did you last know a medical operation to lower prices because their own costs went down?
Besides, social engineering (eg. calling a person's doctor and asking for medical history) is probably possible as it is.
Sure
Re: (Score:2)
"yet to be proven"
Did you go out and actually find this out? My friend has told me, and I have no reason to not believe him, that he spends 20-50% of his or his staff's time handling medical history. I am sure many doctors feel the same way.
"Sure
Re: (Score:2)
I beg your pardon?
Did you go out and actually find this out?
Did you?
My friend has told me, and I have no reason to not believe him, that he spends 20-50% of his or his staff's time handling medical history.
That's nice. Really. However, I don't know your friend and have every rea
Re: (Score:2)
Anyway, I want to avoid this turning into a pointless argument. My evidence may be anecdotal, but it is not necessarily weak, and strongly indicates (to me) that doctors waste an incredible amount of money on paperwork. I actually learned about all this from my doctor friend when he approached me about building a very similar system to the one discussed in the article. A quick chat with some other doctors co
Re: (Score:2)
Re: (Score:3, Insightful)
The advantage is that it is possible to get your medical journal when you are visiting a different country, which in turn can improve the ability to get the correct medication and avoid medical hazards.
If you have some disease or allergy that doctors should be aware of, you should wear a medical necklace [medicalidtags.com]. But of course such a simple low-tech solution won't pour billions into the IT contracting industry, the likes of EDS etc.
Rich
alternative (Score:2, Insightful)
Re: (Score:2)
Re:alternative (Score:4, Informative)
- In the UK, all medical information will be put into one huge central database ('the Spine'). All pharmacists, phycisians and GPs can choose between about 4 programs, all government mandated. The project is suffering from huge delays, widespread criticism and is already considered a failure.
- In Germany, all medical information will also be stored in a central database. Everyone will get a smartcard which will be needed to access this information. This will ensure patient control over their information.
- In the Netherlands, the main idea is that the care provider will retain control over the patient data. A central directory will know the whereabouts of this information and serve as an information broker between Healthcare Information Systems. Eventually, all software will have to support certain interaction with this central directory. The interactions will be based on HL7v3, an international standard.
Since I am involved in implementing the dutch system, that's the one I know most about. I believe it's a good idea and a good compromise between availability of data and privacy. That being said, the system (called AORTA) does have some issues which will need to be resolved before widespreak adoption can take place.
Re: (Score:1)
From my point of view, carrying a patientcard, with some kind of memory chip, that carries your journals seem to be the best solution in many of the questions that can be raised on this topic.
This is a good idea, and one that's easily implementable. British people who are visiting other EU countries are entitled to an E1/11 card that grants certain medical coverage in the countries you are in, paid for by the NHS. Such cards could easily be implemented with a RFID chip, or small memory card as suggested.
Re: (Score:1)
Why not opt-in? (Score:4, Interesting)
And there comes the whole point: these medical data-sharing networks are useless if there isn't enough data. So nobody (the IT supplier, the medical organizations) has any incentive to keep patient data from being shared.
Re:Why not opt-in? (Score:4, Interesting)
This is also the means that should be used for patients who may, at the time of need for such information, be unable to provide informed consent.
In the case of the general population of a given country, there is no way that everyone could give explicit consent in advance. Not many people know when they will become ill, so cannot be assumed as providing informed consent as individuals.
The solution therefore is for a body to be established whose responsibility it is to act as advocate in advance for these unknown individuals. Such a body would require strong ethical guidelines so as to assure the correct treatment of information. Not being in the medical field any more I am unaware if such bodies exist, though the need should be apparent to any government defining the requirement for such a system.
It should be noted that, by the laws in the UK and the US at least (unsure regarding other countries), informed consent regarding medical treatment is not required if no source of consent is available in those critical periods when consent is normally sought, although it is sought as a first resort should the time for retreival of consent exist.
A practitioner may retreive any and all medical information regarding an identified but unresponsive individual that is available, and make medical decisions on behalf of the unresponsive individual without such information should it not be available, or too late in arriving.
The issue then is the level of ease by which such information is available, since rapid delivery is more likely to ensure the corect medical response. In the medical world time is paramount, so information that may mean the difference between life and death, or even the allowing of the death of a patient in accordance to patient instruction as previously recorded, should ideally be available by some method which minimises he delay between request and delivery.
Re: (Score:2)
No, the solution is not to create more bureaucracy to prop up your business model, the solution is to reverse the flow of information. Why should the medical record ever be separated from the person? Give the person their own medical record, and one of those medalert bracelet things as the key to control access to it. The patient can then give access specifically t
Re: (Score:2)
The situation you describe, sounds to me like a solution to a rather rare case.
I can see the conversation now (Score:1, Funny)
Patient:"What!? I just came in to get a flu shot! I dont want to.....zzzzzzzzzz"
Not an IT disaster, but a political disaster. (Score:5, Insightful)
Only governments can waste billions of Euros trying to achieve some kind of "Harmony" across political, linguistic, cultural and privacy borders. This usually fails miserably. The only success governments have at cross-border enterprises is in killing their citizens in wars.
A simpler solution would be to agree on a standardized data format and data content for medical records. This alone would take years. Then a common data-medium (chip cards, whatever) could be issued to those citizens who desire one. Everything else need not be regulated, everything else should be firmly in the control of the people.
Re:Not an IT disaster, but a political disaster. (Score:4, Informative)
Re: (Score:1)
Hint: They don't truly desire interoperability. It increases competition and reduces their vendor lock-in ability.
That, and HL7 is an interface specification, not a format of what data must be present in a record or not.
Any unique health record product (X) while likely require a custom interface to unique product (Y). Brilliant!
As a (noteworthy) sidebar, EMR is in use by less than 20% of medical practices outside hospita
Re: (Score:3, Interesting)
HL7? You should put a spew alert on that! When I worked in healthcare IT, the biggest joke we heard from our software vendors was "Yes, we do standard HL7 feeds". Which was always a clue that we were going to be doing extensive tinkering to get the middleware working to ensure that their "standard HL7" would work and play well with other applications "standard HL7." That's also ignoring the poor scalability of HL7, and the difficulties in getting it to tie different aspects to the same encounter.
Now,
Re: (Score:2, Interesting)
I agree, I worked on one years ago that never took off. We thought we had the right idea, we had retained several doctors and did the use-case scenarios, prototyping, the whole nine yards. We then went around to hospitals and were immediately shot down because even though our doctors thought it was great and they could document even their hairiest cases in a few minutes, we hadn't though
Re: (Score:2)
HL7 isn't really that; OSHCA meeting May 2007 (Score:2, Informative)
OpenEHR produces the archetypes, a way of describing anything required for medicine and healthcare, and of providing inheritance and subclassing. This project which is hopefu
So much data to mine. (Score:1, Funny)
In Soviet Russia kgb and gru interoperability find you!
Opting out (Score:2, Informative)
Equal measures of paranoia and well-placed concern (Score:2, Interesting)
Re: (Score:3, Informative)
It seems to be the larger projects that are more likely to fail. You're probably not aware of this due to our Anglo-centric media, but Scotland already has a national patient database up and running and has not had the problems that the NHS has faced south of the border. I suspect that this is largely due to the fact that it was run as a centralised project with a few partners, whereas in England there are a lot more patients and NHS trusts to deal with.
(I'm sure a lot of Scots are unaware that the syst
Why people care about "big brother" healthcare (Score:3, Informative)
Fair enough, but I suspect your position would be different if all your friends had found out something rather personal about you because the system leaked.
Perhaps medical issues shouldn't be regarded as embarrassing, but the fact is, for many people in today's society, they prefer not to share their ailments publicly. After all, if I told you I was HIV+, would your first reaction be "he's gay", "he sleeps around and has unsafe sex
Re: (Score:2)
Your friends probably already know or suspect most of what the records would tell them.
Re: (Score:2)
Why on earth would you say that?
Re: (Score:2)
It's all down to subjective definition, of course, but food for thought.
Re: (Score:2)
OK, I can accept that, and you might reasonably argue that true friends wouldn't care about the sort of thing they might hear anyway. But as you say, a lot of people you like and spend time with won't know you as well as your best friends. Consider then what happens when someone who isn't as close to you "finds out" something about you that isn't true because someone (not necessarily that same person, of course) jumped to the wrong conclusion. Your boss, perhaps? A friend of a friend you were thinking of as
lethal combinations (Score:3, Insightful)
Giving out contracts (Score:4, Insightful)
As a case in point, a few years ago in Sweden they harmonized the medical IT systems in the whole country. The politicians in charge awarded the contract to a company that offered a relatively cheap solution and that had a great marketing department. Unfortunately, they were incapable of delivering an adequate system. The huge amount of work and complete lack of proper requirement specifications led to a buggy and deeply flawed system. A quite common case is where a physician asks for the record of one patient and gets the record of somebody else. The user interface was also horrific - to register a new patient something of the order of magnitude of 100 clicks is required.
Once the problems became apparent, it was too late to do anything about it as the budget for the whole thing was already used up. Now, it is easy to blame the developer of the system - and to a large degree it is their fault - but the first cause of the problem were politicians who had no clue about neither IT nor medicine.
Re: (Score:2)
That is of course a big problem - But the bigger problem is that the decision makers have no incentive to learn the technological know-how to give the contract to the right company.
I mean, it is not like a buisness, where if you make stupid decisions, you are losing
Re: (Score:2)
Also, your urologist called and said that if the daily Cialis/Viagra cocktail doesn't work, then you're SOL, but your cardiologist wants to write a research paper on you.
You won't mind, will you?
e-Health is needed in the EU (Score:1)
We Europeans have to accept the fact we live in a big unified community and many patients want to get treated in the best available centers, regardless they are in their own country or a neighbor one. Is this bad? C'mon, be realistic. Only advantages will come from this scheme.
And I there is also money to save by the logistics ad
The biggest problems are not IT related... (Score:2)
Most especially language. While (if I understand correctly) most medical journals are published in English, and most doctors should thus be able to understand English, in practice this is not always the case.
Where I live in former East Berlin, there are many doctors and ancillary staff who can't speak a word of English. Since the database is most useful in an emergency, there's
22? (Score:1)
Privacy = Ignorance = Death Conundrum (Score:2)
1. Evidence-Based Medicine: As much a medicine does know, it's also ignorant of the true outcomes of many practices and true cost/benefits of many so-called best practices. Different regions, different hospitals, and different doctors all have their preferred practices based on beliefs t
Presumably technically challenging. What else? (Score:2)
If you want to talk privacy vs. security, this is one area where I sway toward distribution. If I am carried into a hospital away from home bleeding out of every orifice and hallucinating, I think it would be "nice" if staff had access to my records. When I got
Privacy already gone (Score:3, Insightful)
We gave up the idea of private medical records when we accepted the idea of others paying for our health care.
In ancient times, when we took care of ourselves, no one knew our medical history.
Then we asked others to take care of us, and they wrote things down to keep track of what they'd done to/for you, and "medical records" were born. But only the "doctor" needed them, so they were still relatively private. Plus, few people cared.
"Clinics" and "hospitals" meant that more people were giving you health care, so they got access to your records, but still, few people really wanted them, anyway.
Then, the "insurance company" was born. Insurance companies insisted upon records to prove you weren't trying to defraud them. When they got into the business of paying the doctors ("health insurance"), they wanted those records, too. And people started to get concerned, but not that many.
Then people decided that the government should replace insurance companies, to "make it fair", but governments like records even more than insurance companies, so they wanted the medical records, too.
Now that "the government" is becoming "most of Europe" is not the time to decide that you object to the government having your health records.
In my experiance, it's a good idea. (Score:2)
My medical (doctor/dentist) records are currently held by my old doctors in UK.
My new doctors in Netherlands have no access to my records.
My doctors in the UK will not provide me with a copy of my records.
So a system to make them available to my Dutch doctors in ANY form would be a welcome benefit.
Just don't attempt to solve it all (Score:3, Informative)
The problem is healthcare is very, very complex. I have been in software industry for over 10 years now, and I have spent the last 6 in healthcare. It is a beast that no one has ever tamed. Doctors, nurses the overall process in many levels of healthcare service makes the whole thing a nightmare. And trying to plan and implement a solution for the whole thing in the national scale is very risky. We have over 30 hospitals running on our hospital information sytem in my company, and each one of these hospitals have very different needs. You may imagine that the basic requirements for medical systems will be common, but it is not. Add financial aspects to this, and everyting becomes such a mess.
Now talk to anyone in healthcare IT, and they'll tell you that you can't provide the potential benefits without standards. HL7 has been the most common messaging standard in healhtcare, but it is a huge beast with its own problems. You need electronic healthcare records if you want to provide, patient safety, decision support, accurate reporting etc.
Now sharing these is important for the patient and the doctor, but moreover, aggregating that data is important for the government. EU countries spend and average of 8% of their gnp on health, and for policy makers, data is necessary.
To overcome this complexity, governments should come up with incremental projects, each dealing with one important aspect at a time. FIRST: deal with electronic patient records based on standards. Use CDA, openEHR, CEN 13606, whatever. But first do this. Then when you have the ability to produce data in a standardized format in your healthcare institutions, work on messaging among them. The thing that no one seems to get is; each of the founding technologies of e-health has its own complexities and problems, and it becomes impossible to deal with them when you aim for super-high goals.
Just keep it simple, and you'll see that even the simple will be hard enough. Australia seems to be doing good in their national e-health strategy, and Finland is also successful. Before going for the whole EU, national systems should be built and tested.
No matter what the people in the industry say, governments always fail to grasp the complexity of these things.
What is the big deal in the end? (Score:1)
A
Another tower of Babel? (Score:3, Insightful)
This is just a wild guess, but it smells very French to me.
Re: (Score:3, Interesting)
The idea of electronic healthcare records based on these terminologies exits since people want to
Re: (Score:2)
But what exactly is the great advantage of such a system (this particular one)?
We are The Borg (Score:1)
Liability (Score:3, Insightful)
It turns out that the medical staff doesn't really want them. Sometimes they even actively sabotage them. They are already exposed to far too many liability lawsuits. Having all that data online will make it a much easier target for court orders or even automated mining.