High time for medical privacy: SpecificAuthorisation.co.uk !

Patients, together with their doctor, should be able to decide exactly who gets access to their medical records. This is the only way to prevent, in a time of increasing digitisation, medical data of Dutch citizens from being up for grabs. On the initiative of Privacy First Foundation and Civil Rights Protection Foundation, a group of concerned citizens is therefore starting a large-scale internet campaign for medical privacy today.

Current systems by which healthcare providers share medical data are unsafe because they do not set hard limits on access to a person's medical records. When a patient gives permission to share his medical data - for example via the LSP (Landelijk Schakelpunt, the former Electronic Patient Record, EPD) - his data often becomes accessible to many (possibly tens to hundreds of thousands) of healthcare providers. These can often access the medical record without prior checking by the patient or his doctor.

Patient consent for these systems is generic, placing no restrictions on access to the medical record. Expansion of access to include additional healthcare providers in the future is possible, and often foreseen. Moreover, access to the medical record is set up in such a way that the doctor can no longer control who gets access to which data. Thus, healthcare providers can hardly personally vouch for their medical confidentiality and the confidentiality of patient data anymore.

Undermining accessibility of care

The risk of confidential data about a person's physical and mental condition coming under the eyes of unauthorised persons through carelessness or malicious intent increases as the degree of access increases. In turn, if doctors do not have direct control and visibility over what happens to medical data, patients can no longer be confident that what they discuss with their doctor will not come under the eyes of third parties. This undermines the trust relationship between doctor and patient and thus threatens the accessibility of care.

Control back where it belongs: with doctor and patient

A system that does maintain doctor and patient control over access to medical data is technically and practically feasible. The campaign argues specific consent is a necessary condition for sharing medical data. Here, the doctor and patient make proper agreements on data sharing. Fine-grained, specific consent is essential for ensuring trust in and accessibility of care. Together, doctor and patient must be able to decide exactly which data can be viewed by whom. In this way, they maintain control over the exchange of data.

A new discussion is badly needed

Politicians and administrators need to realise that even when exchanging data digitally, the patient's right to say who can view which data must and can be guaranteed. And that an efficient exchange of data between healthcare providers involved in treatment - but not with more healthcare providers than necessary - is perfectly possible. To better guarantee privacy rights in practice, the campaign asks patients to write to their doctor to enable specific consent. With systems like the LSP, this is not possible.

Via the campaign website people can send a letter of consent to their doctor, allowing them to specify the conditions that the exchange of their medical data must meet. This allows doctors to call on their interest groups and ICT suppliers to enable specific consent. As healthcare providers are legally responsible for medical confidentiality, the initiators expect healthcare providers to comply with the call in the letter.

A Mission Statement, signed by the Dutch Lawyers Committee for Human Rights, the Johannes Wier Foundation and Bits of Freedom, among others, calls on policymakers, administrators and healthcare ICT vendors to enable specific consent and make it the guiding principle in healthcare communications again.

Save your medical privacy: go to SpecificAuthorisation.co.uk!

Watch the promo of the campaign below: