Secondary use of electronic
     health information
 – the way to guard patient
          secrecy
  Pekka Ruotsalainen, Re...
General starting points

   People access health services to receive care
   and treatment – not to become objects of
   r...
Things making difficult to guarantee patient’s
information secrecy

• It is not self-evident when we are patients

• Resea...
It is not self-evident are we patients or persons

  • Early warning health care systems
  • Continuously monitoring
  • T...
Research has many faces and environments

Different kind of applied research, settlements and analysis
are called “researc...
The transition from legal EHR to PHR and LPWR
                        LPWR


              PHR                            ...
The information content of the PHR/LPWR


From birth to grave all kind of information:
• The content of legal EHR,
• Data ...
We are moving to the pervasive health

- Health information is stored in PHRs or LPWRs
- Enables pervasive access to PHRs ...
Where we are now ?


Present principles guaranteeing patient’s information secrecy
are based on paternalistic tradition wh...
Two roads to guarantee patient secrecy

1. No new principles and rules are used but the uptake
   of new security services...
We are between Scylla and Charybdis

Present paternalistic rules
Present IC-technology                     Benefits for re...
Present paternalistic model can be improved using

1. Encryption together with the Trusted Third Partner
   architecture f...
Personal health data under personal control is the most
sustainable and generic solution because we can use solutions
deve...
Personal Health Data Under Personal Control
               - new rules

The data subject/patient should have the right to ...
How this can be done and by whom ?


• Policy makers, research society and administrators
should accept new principles and...
Thank you for listening !

Questions and comments
   are welcome.

pekka.ruotsalainen@THL.fi
Upcoming SlideShare
Loading in …5
×

Secondary Use of Electronic Health Information – the Way to Guard Patient Secrecy

914 views

Published on

Secondary Use of Electronic Health Information – the Way to Guard Patient Secrecy. Ruotsalainen P. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)

Published in: Health & Medicine
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
914
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Secondary Use of Electronic Health Information – the Way to Guard Patient Secrecy

  1. 1. Secondary use of electronic health information – the way to guard patient secrecy Pekka Ruotsalainen, Research professor National Institute for Health and Welfare Helsinki, Finland
  2. 2. General starting points People access health services to receive care and treatment – not to become objects of research (excluding clinical trials) Research using digitalised health information can lead to great improvements on care, prevention and medication. People have high willingness to disclose their health history for research purposes if the information secrecy is proven.
  3. 3. Things making difficult to guarantee patient’s information secrecy • It is not self-evident when we are patients • Research takes many forms • Ongoing transition from EHR to the PHR • The ubiquitous computing environment • The information content of the EHR/PHR
  4. 4. It is not self-evident are we patients or persons • Early warning health care systems • Continuously monitoring • The management of chronically diseases • Pro-active prevention • Patients using portable personal health devices • Connected personal health models
  5. 5. Research has many faces and environments Different kind of applied research, settlements and analysis are called “research”. Researcher society has been expanded outside clinical settings. It is multi-organisational and cross-border. Researchers as a profession are not as tightly regulated as health care providers (i.e. researcher working for insurers and industry). Their ethics can remain unknown. The content of the legal EHR is not sufficient for modern health research.
  6. 6. The transition from legal EHR to PHR and LPWR LPWR PHR Legal EHR Lifelong EHR Copy EHR of the LEHR EHR Present research target The Lifelong Personal Wellness Record (LPWR) includes the personal health record (PHR) and pervasive wellness information
  7. 7. The information content of the PHR/LPWR From birth to grave all kind of information: • The content of legal EHR, • Data about personal health behaviours • Genealogical and genomic data • Social and psychological functionality • Lifestyle, smell, • Vital signs from BAN, sleeping data, • Communication data, • Context data, • Signals received by implanted nano-sensors, • Emotions etc.
  8. 8. We are moving to the pervasive health - Health information is stored in PHRs or LPWRs - Enables pervasive access to PHRs and lifelong EHRs - Uses services of the ubiquitous computing Challenges of the ubiquitous computing - Context information is widely collected and used - Different data sources can easily be linked - Large number of heterogeneous users and purposes - Nearly impossible to guarantee privacy and security using present safeguards and services Data Primary and Secondary users banks Sensors
  9. 9. Where we are now ? Present principles guaranteeing patient’s information secrecy are based on paternalistic tradition where public purposes override patients personal preferences and obligations. To day the patient has to blindly trust that: - Researchers are processing his/her data lawful and ethically - ICT-systems and databases are secure and privacy is protected In most of cases the patient even do not know that his/her EHR has been used for research purposes.
  10. 10. Two roads to guarantee patient secrecy 1. No new principles and rules are used but the uptake of new security services will improve security and privacy. 2. A new model Personal Data Under Personal Control is accepted and implemented using opportunities of already existing context- and policy-aware IC-technology
  11. 11. We are between Scylla and Charybdis Present paternalistic rules Present IC-technology Benefits for research Risks caused by insecure research environments, ubiquitous computing and Source: Google the rich data content of the PHR It is time to define new rules !
  12. 12. Present paternalistic model can be improved using 1. Encryption together with the Trusted Third Partner architecture for encryption key management - It is costly, technically complicated and static solution 2. Anonymisation or de-identification - Some research requires correct identification of patients (i.e. cohort based research, risk prediction) and also knowledge of individual's normal functions. - Makes data linking complicated (a TTP is still needed) - Makes PHR sharing complicated - Difficult to manage in large scale
  13. 13. Personal health data under personal control is the most sustainable and generic solution because we can use solutions developed for trusted ubiquitous Web. For it we have to accept New rights for the patient or data subject and to develop A new interoperable data model with rich meta-data for the PHR/LPWR A dynamic context-aware and policy enabled information infrastructure
  14. 14. Personal Health Data Under Personal Control - new rules The data subject/patient should have the right to define dynamically personal policies (i.e. privileges and obligations) ruling who, where, in what context and for what purposes his/her health data can be used. The patient should be aware of the context and security policies of users and organisations using his/her data. The patient should have tools to trigger de-identification on-the-fly based on his/her preferences.
  15. 15. How this can be done and by whom ? • Policy makers, research society and administrators should accept new principles and make them mandatory. • Standardisation organisations and the industry should implement necessary standards and interoperable data models. •Software vendors and network operators should implement the future proof, dynamic and policy enabled infrastructure.
  16. 16. Thank you for listening ! Questions and comments are welcome. pekka.ruotsalainen@THL.fi

×