Ramon Sagarra Rius - Municipal active involvement in deploying passive teleco...
Ehip3 caring through sharing legislation and-its-practical-implications kirsten van gossum jose verguts
1. Caring through Sharing
eHIP: Health Information Platform
Legislation and its practical implications
Kirsten Van Gossum,
former researcher KULeuven-ICRI-IBBT
Ir. José Verguts, Agfa HealthCare
Agenda
Some definitions regarding the processing
of health data
Case: local collaboration of GP’s
In practice…
The written consent
Conditions and safeguards
Right of access
Documents needed to start
Conclusion
2
2. Definitions
Scope of Belgian privacy law= the processing of personal data
wholly or partly by automatic means, and to the processing otherwise
than by automatic means of personal data which form part of a filing
system or are intended to form part of a filing system;
Personal data= any information relating to an identified or identifiable
natural person. An identifiable person is one who can be identified
directly or indirectly, in particular by reference to an identification
number or to one or more factors specific to his physical,
physiological, mental, economic, cultural or social identity;
Processing= any operation or set of operations which performed
upon personal data, whether or not by automatic means, such as
collection, recording, organization, storage, adaptation or alteration,
erasure or destruction,…
3
Health data
The processing of health data is, in principle, prohibited
(art. 7 DPA)
This prohibition does, however, not apply for EHRs in the
following instances
written patient consent
the processing is rendered mandatory by a law
the processing is necessary to protect the vital interests of the
patient
processing of the data is required for the purposes of preventive
medicine, medical diagnosis, the provision of care or treatment to
the data subject or a relative, or the management of health-care
services;
the processing is necessary for scientific research
4
3. Case: local collaboration of GP’s
How do GP’s look at sharing of Health Data?
Survey conducted summer 2007*
135 GP responded
28 questions including
Current and future collaboration issues
Information classification: nice2know, need2know
Privacy issues
* Survey conducted as part of a Master thesis “EMD samenwerking tussen huisartsen”,
José Verguts, VUB UA Ugent, September 2007 in collaboration with Domus Medica and
related to a project funded by the FOD
5
Health data essential to share
Which data is seen as essential to share?
Allergies and intolerances
Current and chronic medication
Vaccinations
Chronic diseases
Actual problem
Personal antecedents
6
4. Health data classification
Some survey results
Results of the survey
Post survey Is On patient On patient No formal
GROUP classification essential consent request opinion
“ESSENTIAL” 75 20
“ON CONSENT” 25 40 20
“ON REQUEST” 27.5 25 25 22.5
“NO FORMAL OPINION” 30 20 20 30
No universal consensus
7
Health data classification
Which data is not seen as essential to share?
Three categories & some examples
On patient consent
Desired pregnancy / Abortion
On patient request
Appointments and full medical history file
No formal opinion
Information received from relatives and others patients
Personal judgments
8
5. In practice...
The written consent as a general rule…
A prior, freely given, specific, informed
consent
The drafting of an “informed consent” (multi-
layered)
Art. 9 DPA: minimum requirements
Possibility to withdraw his consent
9
Case: GP’s & informed consent
Prior informed consent
To whom may the patient give his prior consent ?
To any of the GP’s (valid for all GP’s)
To the GP holding the global medical file
To every GP (only valid for the GP involved)
Is an ad-hoc consent allowed instead of a prior
consent?
10
6. Case: GP’s & informed consent
Some survey results
Results of the survey
When? To whom? Required Is OK No No formal
opinion
PRIOR Consent to GMD-GP 30 35 10 25
AD HOC Consulted GP 15 35 20 30
No universal consensus, but a significant difference
11
Conditions and safeguards
The processing of health data has to
comply with the rules set out in the Royal
decree of February 13th, 2001
Health data can only be processed under
the responsibility / supervision of a
healthcare professional
The health data have to be gathered at the
data subject himself
12
7. Right of access
Of the data subject (the patient)
With or without the help of a healthcare professional
Exception: medical research
Therapeutic exception
Of the healthcare professionals
Free choice of the patient
RBAC as a security measure
13
Documents needed to start
External
Privacy policy regarding the patient
-> the informed consent
Internal / External
Privacy policy regarding the healthcare professionals
-> the privacy policy on the website of the application
Internal
The security policy (technical and organisational
measures)
-> internal documents
14
8. Conclusion & open questions
A specific informed prior consent is important
Is this realistic in daily medical practice?
Self-regulation based on health data classification?
Empowerment of the patient?
Proportionality – informed consent
Role based access
Necessity principle
15
At your service
[José Verguts]
jose.verguts@agfa.com
Agfa HealthCare
[Kirsten Van Gossum]
k.vangossum@lorenz-law.com
Lorenz
[Joris Ballet]
joris.ballet@law.kuleuven.be
ICRI K.U.Leuven – IBBT
16