Machine translations by Deepl

'Data breach by design' in healthcare

There are 500 people in the hall. Almost all of them want to know what's in your fridge. Speakers present how vegetable and cheese data can be unlocked. They announce platforms and infrastructures and discuss how the fridge at your holiday address, in your caravan and your business hotel room can also be linked.

Now that can only be done with your permission, but that too is being worked on. If it is up to the Minister of Health, the European Commission to solve that problem. At most, you get the right to object.

It sounds surreal, yet this is exactly what is intended, only with your medical data. That this data is part of a confidential relationship between you and your healthcare providers is kept quiet.

Health Data Research UK

The keynote of Andrew Morris, chief Health Data Research UK, is like a wet dream for the organiser of the congress, Health-RI. In the UK, it's all possible. The slides full of logos of participating organisations prove it. Here and there there is still an opt-out, but basically Andrew has access to all medical data, from everyone.

Of course, there is that question from Privacy First: "How do citizens decide what data can be shared and with whom?" That is not yet settled, but Andrew Morris is working on a solution. And that is indicative of HDR-UK's (and Health-RI's) approach. The primary goal is data disclosure. Privacy and citizen autonomy is an obstacle, secondary to the goal and possibly to be solved later.


"This is not a Rural SPD" begins Arjo Boendermaker his presentation. Cumuluz should be a data platform for the whole of healthcare, where all the data of every citizen will be made available, without it being determined in advance by whom, or what it will be used for. Via Mitz patients may then start recording their consents themselves.

Boendermaker will no doubt be able to explain why Cumuluz is not a new Rural EPD, but the concept is exactly the same: one big data centre for all medical data, from everyone. If anything, the problems with security and privacy are even greater.

As in 2011, we as citizens surrender autonomy, which is turned into power for the platform's developers (NFU, the Academic Hospitals). If we want oversight of data sharing, we will depend on the same centralised platform that makes the data available. However, the exposure of our data is not limited to healthcare. Research institutes, governments, health insurers and companies may also get access to our medical data.

Well, not everyone in the room is convinced of Cumuluz's monopolistic position, but opting for a single platform, or a 'federation' of linked platforms (as envisaged by the Ministry of Health) ultimately leads to the same thing: centralised access management and thus a 'single point of failure'.


With a a grant of 67 million from the Ministry of Economic Affairs Health-RI is the driving force behind the secondary use of medical data. Through (among others) Cumuluz, it will soon unlock data for research, innovation, implementation and policy development.

Health-RI wants what Andrew Morris has and privacy is a 'obstacle'. All everyone's data should be able to be precisely linked through a pseudonym of the BSN. The  "Privacy-insensitive methodology for exact data linking" which Health-RI advocates is a 'burglary trace insensitive methodology for a break-in'. But a break-in is still a break-in. The precise linking of data is almost a guarantee of traceability to individuals.

'Privacy by design' solutions get in the way of the main goal: an ocean of data that everyone can fish in. Health-RI therefore wants to create a "Compliance-by-design system for workable and optimal privacy protection". But 'compliance' is not a 'privacy' and a 'workable and optimal solution' means as much as 'privacy as long as it does not get in our way‘.

Data breach by design

For now, citizen/patient consent is required for inclusion in a platform such as Cumuluz, or Health-RI. But the question is for how long.

The Ministry of VWS wants a single 'National Coverage Network', a kind of cloud of these kinds of systems. Once you are in there, as a citizen you no longer have any idea by which systems your data can be accessed. Add to that a EHDS, or legal basis for secondary use to it and we end up in a new panopticon.

Be careful what treatment or diagnosis you agree to. You are never sure how many tech companies, AI developers, researchers, governments and pharma companies are watching and in what ways you are being influenced. That could just be seemingly innocuous personal advice in the supermarket.

Cumuluz EPD Model
Model of Cumuluz, Health-RI conference 12-10-2023
Cumuluz Health-RI model
Model of Cumuluz + Health-RI, Health-RI conference 12-10-2023