Blog-Layout

E-HEALTH

Health Records in a Digital Society

The current pandemic pushed health care systems to their limits. Today’s technology allows us to improve medical work in many ways, such as eTreatment and ePrescriptions. It can simplify the exchange of information between doctors, make education for doctors and nurses around the world accessible and help to transmit data to patients. Amazingly even remote surgeries had been successful.

By Pia Staudenmaier

September 13, 2020

The new digital way gives us the opportunity to collect all the necessary medical data to have the best treatment for every patient. Most of this information is, undoubtedly, very sensitive. The disclosure could lead to discrimination, professionally, by health insurances and even by society. The freedom from discrimination of any kind is set in Article 2 of the Universal Declaration of Human Rights (UDHR) and Article 12 grands freedom of arbitrary interference with privacy. Choosing what happens with your data is covered by the right to self-determination from Article 1 (2) of the Charter of the United Nations (UN Charter). Following the importance of digital privacy, the European Union passed the General Data Protection Regulation (GDPR) which builds on the idea that every information processed should be covered by consent. 


Consent is crucial for the success of digital medical solutions. In analog times few people would have the change to access medical data and these people are legally bound by medical confidentiality. Confidentiality is defined as the process of and obligation to keep a transaction, documents, private and secret aw well as the right to withhold information, e.g. medical information, from others. Today, the information is stored by third parties, private companies. Patients need reasons to trust these entities to approve eHealth solutions. 

 


Approaches


A selective overview of some eHealth solutions will depict different approaches and thus give an understanding of  why and where consent is important. Countries such as England, Estonia, Australia and Ghana all run government owned e-health systems that are centralised. Meaning the data is stored all together, which aims to have comprehensive access. Whereas in Germany so far different companies provide services, among them the insurance companies.


Also in China, two big companies that are mostly controlled by the government store medical information. There is no opportunity to opt-out of the system as it is connected to the Chinese Social Scoring System. Since the pandemic started, even public transport and stores are not accessible without it.


Other countries failed to maintain the opt-out system. Especially England’s care.data programme had to be paused several times due to massive criticism. The National Health Service had failed to properly educate the public about risks and benefits. As a consequence of the breach of sensitive data to commercial organisations the British Medical Association demanded the whole system to be opt-in. Within weeks millions of people opted out which led to the end of care.data.


Australia on the other hand started as an opt-in system (MyHealthRecord) and due to low participation rates changed to opt-out. Putting the focus on the success of MyHR, everything got forced into the centralised document store with a limited consent model. Critics question the way the Australian Government informed their citizens about MyHR and the legitimacy of the consent. Over 30% of the population already opted out of the system.


Another failed system is the virus infection tracking app Smittestopp from the Norwegian Government. Though there is consensus among health institutes, that these apps help to control transmissions, the app had to be taken down after Amnesty International rated it one of the most alarming apps worldwide. The app collects health information as well as accurate and hourly updated location data that is linked to an individual,  in doing so it became a fully functional surveillance device. While Ghana's virus tracking app is free to opt-in, it could not accumulate enough users due to security breaches.

On the contrary, Germany's tracking app with a decentralised approach, where no personal data can be linked to an individual whatsoever, was ranked one of the most secure apps in the world.

 


Balance between privacy and utility


Many factors can contribute to a trustworthy medical system. The right to self-determination (Article 1 (2) UN Charta), the right to live without arbitrary interference with privacy (Article 12 UDHR) and the protection from discrimination (Article 2 UDHR) has to be in balance with the benefits and the utility of medical programs. Which for its part is contributing to the right to life from Article 3 UDHR. 


Having mandatory programs like in Australia, England and Norway can logically help to have consistent data. But as the cases have shown, people will not use the technical capabilities if they do not have control over it.  A survey in the European Union (EU) showed that the major barriers to sharing electronic health data was the premier risk of privacy breaches.


The EU defined consent to be the fundamental reason for lawful data collection according to  Article 6 (1) (a) GDPR. Albeit, the processing of health data is prohibited under Article 9 (1) GDPR, there  are many exceptions (Article 9 (2) GDPR) such as inter alia statistical research and  defence of legal claims. 


It can be difficult to understand the complexity for some people. Critics say even the language in which the consent is framed can lead to misunderstandings. Which can be overwhelming and thereby cause loss of trust. Article 12 (1) and 32 of the GDPR require information to be in a easy accessible form and consent should be given by a clear affirmative act. Unequal power balances can lead to a feeling of duress, for decisions to be free, the controller needs to eliminate all imbalances of power and indirect externally effects. Therefore no government nor any company should have the opportunity and the legal basis to use health information to their advantage.

 

Having the control to delete information and to revoke consent gives power to the patient. The Australian legislation reacted to the above mentioned pressure on MyHR and passed a bill that allows patients to permanently delete the records.  It grants the right to be forgotten not only for health records but in any situation. No health record would be released without a court order or personal permission.


In Estonia 90% of the doctors trust and use the centralised record that is encrypted by blockchain technology. They preserve the right to determine access to the data to the patient which shows that well functioning eHealth records can be used responsibly. 




E-health can be compatible with privavy


Lawfulness, fairness and transparency are the principles of the GDPR and consent is the foundation to all data processing. This should apply for all health records. It is essential for every health care system to be trusted by citizens. Which can only be achieved through control of data and information. As some countries proved in the past months and years, it is possible to find creative and efficient solutions for a system that protects privacy and retains self-determination. Health information is intimate information, therefore digital responsibility should be treated just like patient confidentiality.


Pia Staudenmaier is studying law at Freie Universität Berlin. She has a Bachelor of Law and wrote her thesis about data privacy in e-health. While living in Sweden for one year she specialized in international law at Stockholm University. Since the beginning of 2019 she is working as a Legal Engineer at LegalOS in Berlin. She is part of the Law & Technology Team of the Institute for Internet & the Just Society. 

Read More

Twitter’s whistleblower problem vs. Elon Musk’s commitment to walk away from his $44bn Twitter deal

By Kamayani 21 Sep, 2022
Elon Musk points at Twitter's cybersecurity vulnerabilities to cancel $44 bn buyout-deal.

TikTok-ing on the National Security Defence

By Raushan Tara Jaswal 21 Sep, 2022
Time is running out on the National Security defence adopted by the Government of India for the prolonged ban on Chinese based Mobile Applications.

Australia’s ACCC taking on Google’s ad tech business

By Marco Schmidt 21 Sep, 2022
This article is a follow-up to “Showdown Down Under?” which was published here last year. As our cycle aims to explore jurisdictions outside the EU and North America, we will further dive into Australian competition law by outlining its basic structure, introducing the relevant actors and give an insight into the pursued policies in the realm of digital markets with a particular focus on “ad tech”.

Challenges and Opportunities of AI in Outer Space

By Linda Jaeck 16 Jan, 2022
How AI is enabling new frontiers in Mars exploration.

Showdown Down Under?

By Marco Schmidt 09 Aug, 2021
Regulation is gaining more traction all over the place but it is uncertain if the Australian News Media Bargain Code will become a role model for legislation in other places. There are several weaknesses to the Code and after all, it is not clear if paying publishers for their content will really alter the high levels of market concentration.

Myanmar's Keyboard Warriors

By Theint Theint Thu 09 Aug, 2021
The perseverance of Myanmar’s youth to fight for freedom is proving to be the key to the country’s democratic future.

Watch Our Episodes

Share by: