Alternative to Electronic Patient Record offers real privacy protection
PRESS RELEASE Amsterdam, 10 SEPT 2015
GPs and UvA researcher develop the Whitebox, a decentralised system that gives GPs and patients full control over the exchange of medical data.
The starting point of the system is that patient and doctor jointly decide who gets access to which data. Initiator and GP Hein Thiel: "With the Whitebox, control no longer lies with an external party such as the National Switch Point (LSP), but exclusively where it belongs: with doctor and patient." At the moment, exchange is only possible with the GP post, in a later stage also with other healthcare providers. Co-initiator and chairman of the Huisartsenkring Amsterdam-Almere Stella Zonneveld: "This system is built to protect privacy. In the national system, data of all patients in the Netherlands are fed past one central linking point. With the Whitebox, medical data goes from doctor to doctor encrypted from start to finish. No one else can see this data. Exactly what information the doctor shares with other healthcare providers is carefully determined in consultation with his patient."
First real alternative
The Whitebox is the first real alternative to the national LSP system, which the government worked on for years and cost society a lot of money. In 2011, the Senate blocked the plan to introduce the system nationwide.
The initiators see the new system as a first step towards an exchange of patient data in which patient privacy is central. They want patients to retain trust in their GP and in their duty of confidentiality, especially in times when communication is increasingly digital.
How does it work?
When doctors order the new system, a box - called the Whitebox - will be placed in the practice. The box regulates access to the patient records the GP keeps of his patients. Because the system belongs to the doctor, the exchange of data is protected (legally and technically) by professional secrecy.
The GP controls access to the Whitebox himself. So there is no central infrastructure to take this control out of his hands. If desired, the GP can give other parties access to medical data. A healthcare provider granted access can then request data from the patient for a shorter or longer period of time. "The system is simple in design" states developer Guido van 't Noordende. "It is small-scale and close to the way healthcare providers work. Patient data can therefore be better protected."
Pilot in Amsterdam
An initial field test of the system will take place this autumn by 20 GPs in Amsterdam. In the trial, GPs can make patient data retrievable for the GP post, where GPs work during evenings, nights and weekends. GP Thiel: "GPs who participate are happy to keep control over their patients' records. The system fits well with the practice and responsibility doctors feel."
Access for other healthcare providers, such as emergency physicians and the patient's own pharmacy, is under development. Patients will also soon be able to access their data, either through their GP's Whitebox or through a 'personal health record'. Who gets access is adjustable for each patient. GP Zonneveld: "There is never any need to access more data than necessary. Not everyone has data that is important in an emergency. For the vast majority of people, a small amount of data at the GP surgery is sufficient."
About the promoters:
The Huisartsen Kring Amsterdam-Almere is the regional GP association of the professional association of GPs LHV. It started the Whitebox project following a survey of Amsterdam GPs, which showed that two-thirds of doctors preferred a regional system to the LSP. Whitebox Systems is a spin-off from the University of Amsterdam, founded by security researcher Guido van 't Noordende. The company focuses on computer system security and privacy-protecting communication in healthcare. The underlying technology stems from research at the University of Amsterdam. It has worked with GPs from the outset to ensure the system fits well with practice.