Machine translations by Deepl

Large-scale system = large-scale problem in healthcare

The Ministry of Health continues, together with other healthcare parties, insist on the large-scale and ‘unfocused’ making medical data available. Recent hacks show that its risks are no fiction.

The hack at ChipSoft (healthcare ICT supplier), Odido, the Municipality of Epe and Canvas certainly have one thing in common: they are large-scale systems.

There are major risks associated with their use. If a system has a key position in a larger network of services, such as DigiD, this creates a ‘single point of failure’. For hackers, large scale is a ‘honey pot’, because a single hack gives them access to a huge amount of data, as in the case of Odido and ChipSoft. If the system is also running in a single data centre, then a fire is enough To drop a service.

For a tax authority, ministry, or a telecom provider, they are centralised organisations. Those soon rely on large-scale centralised (parts in their) automation, despite its drawbacks.

For healthcare, it is different. Providing care is a process that takes place between you and your healthcare providers. If you go from the doctor to the pharmacy, your data can follow that route, either: ‘targeted availability’ are posed. Even then, there are risks, but small-scale system = small-scale problem.

We'll do it anyway

Yet the Ministry of Health, health insurers, the Patients Federation, healthcare umbrella organisations and other healthcare parties are betting exclusively on a large-scale centralised solution, with Mitz as the main component. Complexity in interrelationships determines the course more than the actual delivery of care to patients. No one wants ‘the other’ to have too much influence.

The result: the doctor may promise you that everything in the consulting room will be kept secret, but can no longer keep that promise.

Broad call for more privacy

Privacy organisations, including Privacy First, are now doing a joint appeal to the House of Representatives: the control over data sharing should lie with patient and physician.

To deliver care, ‘data availability’ is crucial. Equally crucial is that patients and healthcare providers can jointly decide who has access. A technical infrastructure that makes that enforceable is a necessity, not a luxury.

If we do not ensure this, citizens‘ autonomy will become a paper tiger, ultimately unenforceable. Digital sovereignty is not an ’American' problem. It is a way of thinking, and it has to change: own technology first, organised around citizens and large-scale only where it really cannot be done otherwise.

This is the only way the key to the safe with medical data will be in the hands of patient and doctor, so they can decide together who to give access to.

Next Thursday there will be a House of Representatives debate on ‘digitisation in healthcare’.

Read the input from Privacy First and input from other privacy organisations here.