Review of public debate "Where will your medical records be tomorrow?"

With the question "Data exchange in healthcare: why doesn't it work yet?", Privacy First board member Marc Smits heralded the central issue of the evening. Digitalisation of communication between healthcare providers has been underway in the Netherlands for almost two decades but, he noted, "it still doesn't really work". After a presentation in which Smits briefly explained the evening's problem statement, a panel of four experts at the intersection of healthcare, privacy and technology entered into a discussion on the future of data sharing in healthcare.

The panel consisted of:

Guido van 't Noordende, computer scientist who has a PhD in decentralised systems and, from that background, researcher and advocate of decentralised communication. Van 't Noordende is founder of Whitebox Systems, a decentralised healthcare communication system.

Geranne Lautenbach, lawyer and health consultant at consultancy firm MedicalPHIT. Among other things, she is involved in the national TWIN programme, an appointment system for message standardisation, and is also a privacy advisor at Radboud UMC and data protection officer for national prenatal screening.

Herman Pieterman is a retired radiologist, former secretary of the Dutch Society of Radiologists and worked at Erasmus MC. For the last 10 years, he was head of patient care there and encountered many problems in the availability of radiological images. Pieterman worked on a system that would allow radiologists to exchange images among themselves more quickly and has remained closely involved in this subject after his retirement.

Wim Jongejan is a retired general practitioner and has long published critical pieces on the website ZorgICTZorgen about (digital) developments in healthcare, with privacy and medical confidentiality being key themes.

The evening's moderator was Privacy First vice-president Nelleke Groen.

The hour-and-a-half-long panel discussion looked at the bottlenecks in current healthcare communication systems, what needs to be done to solve them and what problems were currently standing in the way of future-proof healthcare communication. This was based on propositions that touched on dilemmas in legislation, choice of technology and politics of the Dutch healthcare sector:

"Availability of data is more important than medical confidentiality."

This discussion was often settled in previous years with the scenario "if you end up under a bus in Leeuwarden, they don't know your medical records there.'' But should the GP surgery then also see what marital problems you have recently discussed with your GP? How do we deal with medical emergencies where patients cannot give consent for their data to be accessed? Currently, it is not possible to make a specific set of emergency data available in advance, but only a summary of the record. A better system should therefore be set up to specifically make certain data available in case of emergency - without sharing non-emergency data. After all, that violates professional secrecy and causes doctors disciplinary problems.

"Every doctor should always be able to access all data."

From a healthcare provider's professional practice, not having access to all the data you need for treatment can be very frustrating. Yet, from a security point of view, it is undesirable to give every healthcare provider access 'at the touch of a button'. The more widely data is made accessible, the more vulnerable a system becomes to hackers and other abuse. And how do you check whether a healthcare provider accessing your data actually has a treatment relationship? Contemporary healthcare communication systems like the National Switch Point (LSP) are not equipped to do this.

"It is unrealistic to think that we will have a nationwide healthcare communication system that meets privacy and security requirements in the foreseeable future."

Despite sky-high ambitions and ditto investments, 11 years after the first attempt at nationwide data exchange in healthcare, exchange has only been realised on a limited scale, in a limited part of healthcare. Through the current LSP, only a professional summary of the GP record is exchanged and medication information is shared with the pharmacy. Forwarding images, for example, is not possible; information outside this professional summary cannot be shared through the LSP. Even now, there are still many obstacles to nationally harmonised healthcare communication. Healthcare in the Netherlands has been privatised, is supposed to compete with each other and is therefore highly fragmented. Joint procurement has been restricted, causing many technical difficulties in linking different systems provided by different companies. Healthcare organisations often work on their own little islands, which also leads to widely varying interpretations of laws and regulations.

"Making patients themselves responsible for shielding their medical data is irresponsible."

Various ways have been and are being attempted to give patients a stronger say in managing their medical records. These range from patient portals where a copy of the record can be requested to initiatives to let patients themselves tick which healthcare providers can access which information. For several reasons, this is a risky plan; after all, do all patients understand what they are consenting to? For many people, especially those with high care needs, this is not the case and will mainly create a barrier. In addition, it is at odds with medical confidentiality, which is guaranteed not by the patient but by the doctor. It also offers third parties opportunities to pry out medical data that they would never get from a doctor, via patients themselves anyway.

"The 'corona opt-in' should become permanent for all emergencies."

Despite the fact that millions of Dutch citizens had not given their consent to have their records made available through the National Switch Point, in April 2021 the Ministry of Health overruled and employees of GP surgeries and emergency rooms could still access the professional summary of their medical records. In Parliament letters, the ministry has since indicated that it wants to make this measure permanent. In fact, therefore, it is not an 'opt-in', implying that the patient has given his or her own consent to this. It is an opt-out modelled on the national EHR that was rejected by the Senate in 2011. Here too, under a 'silence is consent' regime, patients themselves had to indicate that their data was not were allowed to be shared. Since the corona opt-in was justified by the corona pandemic emergency, it can hardly be considered tenable now. While it can certainly be useful to make certain necessary data available for emergencies, this is not possible within the architecture of the LSP.

Privacy First chairman Paul Korremans then closed the evening with a brief thank you to the attendees and panelists.

The Electronic Data Exchange in Healthcare Act (Wegiz) is currently in the House of Representatives and could be a breakthrough towards careful, efficient and secure healthcare communications. Read the comments Privacy First previously inserted on this bill.