State of play after three years of campaign against new EHR law: still work to be done

The Specific Consent campaign by Privacy First and the Civil Rights Protection Platform takes stock after three years of action.

After almost three years of campaigning against Minister Schippers' new EPD law, our campaign may Specific Consent celebrate a modest but important success. The law we lobbied against was passed, to our regret. However, there are a number of important bright spots, and even more reasons to keep a very critical eye on this law and its consequences in the coming period. We start with the bright spots:

Our campaign mission received broad support from civil society organisations and academics

A large number of civil society organisations and academics in the fields of privacy, ICT and healthcare endorses the mission of our campaign since its launch. That broad support shows that many organisations and individuals with expertise and stature share our concerns. Consequently, our position is far from controversial: we are fighting to ensure that the rights that patients have traditionally had in healthcare are also guaranteed in the digital sharing of medical data. Nevertheless, we are proud to have been able to get our message across all this time on behalf of a large and relevant group.

We have sharpened the political discussion on patient privacy and consent

From its launch, Specific Consent has made a very clear distinction between specific, lawful consent as set out in privacy laws and human rights treaties, and the broad, generic consent that Minister Schippers wanted to enable with this bill. In doing so, we had a significant impact on how this law was discussed. Our input was regularly cited in debates that Senate and Lower House members had with the minister. We were also part of the expert panel with which the Senate in April this year held a hearing organised on the privacy aspects of the new EHR law.

For the first time since the rejection of the Electronic Patient Record (EHR), a robust substantive debate on patient privacy was again held. We hope our campaign has laid a foundation for a sustained discussion on how confidentiality should be safeguarded in healthcare in the digital age.

Thanks to a crucial motion, privacy-friendly alternative systems remain possible

With the adoption of the Teunissen motion, which we lobbied hard for in the final days of the legislative process, alternative systems can continue to exist alongside the National Switch Point (LSP). The government is asked in the motion to "ensure that access to the medical record will remain not only centralised, but also decentralised."

There are major risks in a central access system such as the LSP, professors warned during expert meetings in the Senate. With the Teunissen motion, it remains possible to be able to indicate separately to each healthcare provider which data it is allowed to share with which other healthcare providers - without being linked to a central system such as the LSP. This way, as a patient, you avoid having your consents (and therefore information about which healthcare providers you visit) stored in a national register and remain only with the healthcare provider.

There will, of course, need to be vigorous monitoring to ensure that the motion actually takes shape and is implemented.

Unfortunately, there are few real bright spots to report:

Overall, this law is a privacy dragon that undermines patient privacy and medical confidentiality. Below, we explain why, and what we should pay tight attention to in the coming period.

The 'specified consent' that patients will soon have to give is incomprehensible

This law introduces a problematic form of consent: specified consent. Unlike its name suggests, this form of consent is not very specific. It can mean anything from undirected consent to allow tens of thousands of healthcare providers in the Netherlands to see your file, to making a doctor's prescription available to the pharmacist around the corner.

Specified consent creates the possibility of asking patients a vague consent question with unclear consequences. An example of this can already be found in the leaflets distributed by VZVZ for participation in the LSP. People are regularly shoved an opt-in form under their noses with the request to sign because otherwise medication safety could not be guaranteed. We foresee similar risks for the yet-to-be-introduced online patient portal, which would soon allow patients to be in control of who can view their medical data. How informed is the consent that patients give? How does one avoid giving only broad, undirected consent out of ignorance or "just to be sure"? The practice of "specified consent" will have to be closely monitored.

Incidentally, it is not even certain yet whether patients will really be able to make such a specific choice in practice. The minister himself mainly talks about being able to give permission for categories of healthcare providers. The current systems (read: the LSP) are not equipped to provide anything other than generic consent, and ICT parties and healthcare umbrella organisations must shape and implement "specified consent" over the next three years - so far, these parties always seem to want to make consent as broad as possible. We therefore strongly recommend that the Lower House critically monitor this trajectory. To comply with the Bredenoord motion (D66) both the legal elaboration of "specified consent" and its implementation should be subject to Privacy Impact Assessments and the requirements formulated in the Franken motion (2011).

For the next three years, the Generic Consent deleted from the law will be tolerated

In the three years that "specified consent" has to be worked out and implemented, the minister wants patients to be able to give generic consent: the very form of consent that the House of Representatives deleted from the bill. Minister Schippers herself still submitted this plan during the Senate debate. A bad thing against which Specific Consent fiercely opposed agitated.

This will give wide berth to the LSP, which is implementing just about everything that Specific Consent campaigns against. Also, generic consents given over the next three years will remain valid afterwards. In practice, therefore, this plan will mean that VZVZ can use this period to get as many patients as possible to join the LSP with broad generic consent. The monopoly position of this system will then be a fait accompli in not too long.

However, specific consent remains a fundamental right, enshrined in Article 8 of the ECHR. The introduction of broader forms of consent does not change that. That is why it is so objectionable that the LSP, a system that only works with generic consent, is now given free passage. Care must be taken to ensure that even after the introduction of this bill, it remains possible to give specific consent. In order to claim that right, it is still possible from the Specific Consent website send a letter of authority to your healthcare provider.

Digital access and copy right declares patient privacy outlawed

Finally, we have major reservations about the patient's new right to download a copy of the medical record online or upload it to the cloud at once. Without the file-keeping doctor (who has professional secrecy) as an intermediary, patients are at great risk of handing over their medical data without much thought, at the touch of a button, to parties not bound by professional secrecy. Both the LHV and the KNMG have already indicated that they see great risks in such a backdoor to the medical record.

The House of Representatives should therefore also monitor the implementation of the online patient portal, which will also provide access to the digital copy of the medical record, very critically.

Other things to keep an eye on in the coming period:

VP General Practitioners is litigating against the national roll-out of the LSP. Ground proceedings started in 2014 and currently the cassation case before the Supreme Court. This case also involves the consent that patients can give in the LSP.

Bill 33980 gives health insurers the power to demand medical records from healthcare providers in case of suspected fraud. All this without the patient's prior consent. An unnecessary and disproportionate breach of patient privacy. PrivacyBarometer has a letter campaign which everyone should participate in.

The Personal Data Authority (AP) should intensify its oversight of medical data sharing, according to a motion of the Senate. However, we are very concerned about how the regulator will perceive the content of this task. In recent years, the AP has actually facilitated the LSP, by approving the private rollout of the system.