How healthcare providers perpetuate a solvable privacy problem

The core of the problem is the same as with the National EPD (National Exchange Point, LSP) from 2011. This is because the idea behind the design is the same: medical data is made available in such a way that it can be easily and directly accessed when a doctor deems it necessary. That sounds good, but it is unsafe. This is precisely why the EPD was rejected by the House of Lords in 2011.

Hacker crook

Centralised systems such as the LSP immediately raise the question: “Who will have access to your data and when?” Mitz is a kind of pre-screen that allows you to permission can give. From the research by Pointer It now appears that any healthcare provider can easily change your consent settings, even without you being present. This means that everyone's data can effectively be accessed, just like in the National EPD. A healthcare provider, hacker, Chinese or Russian national only needs to tick one box (in one place) to gain access to your data.

Alternatives

Medical confidentiality dictates that things should be done differently: you discuss your care with the doctor in the consultation room. Based on that consultation, your doctor records information. available on demand, so only to healthcare providers involved in your treatment. Systems that work in this way ensure that only the part of your medical file that is relevant to your current care pathway travels with you, as it were.

Status Quo

Mitz and the LSP were developed by healthcare providers and financed by health insurers. They believe it is important for data to be available everywhere. They also want to retain influence over the development of systems for data exchange. They therefore find it difficult to accept a system in which control over data exchange truly lies with the doctor and the patient.

Alternatives are rarely or never taken up. It takes time to develop these, and the healthcare umbrella organisations have agreed with the Department of Health, Welfare and Sport that they must proceed quickly. In addition, these parties also have agreed that this should be done as much as possible on the basis of existing technologies, such as the LSP.

This is the context in which Mitz was created. The priority lies with access to data, and the parties building the “solutions” are the same ones that developed the LSP. These are also the parties that form the “governance” for the digital exchange of medical data within the Ministry of Health, Welfare and Sport.

This means that the problem persists.

Personal Data Authority

Precisely this problem in the governance (the management), Privacy First raised the issue with the Dutch Data Protection Authority (AP) earlier this year. Despite our extensive input (see here and here), the AP's own investigation and several discussions between Privacy First and the AP on this subject, the AP does not consider it necessary to take action on this matter at this time.

In our view, this is a fallacy. When it comes to protecting fundamental civil rights such as privacy, it starts with governance: control over the design of a system. It is not without reason that the GDPR privacy by design Mandatory: it is precisely during the design phase of the system – and when determining the basic principles – that decisions are made that have a major impact on civil rights. That is why the design of systems requires a balanced assessment that directly takes civil rights such as privacy into account.

As long as the governance If nothing changes and citizens (and their privacy representatives) are not given more control, the problem will remain.