Secondary Use of Electronic Health Information – the Way to Guard Patient Secrecy
-
Upload
plan-de-calidad-para-el-sns -
Category
Health & Medicine
-
view
1.258 -
download
0
description
Transcript of Secondary Use of Electronic Health Information – the Way to Guard Patient Secrecy
Secondary use of electronic
health information
– the way to guard patient
secrecyPekka Ruotsalainen, Research professor
National Institute for Health and Welfare
Helsinki, Finland
General starting points
People access health services to receive care
and treatment – not to become objects of
research (excluding clinical trials)
Research using digitalised health information can lead
to great improvements on care, prevention and medication.
People have high willingness to disclose their health
history for research purposes if the information
secrecy is proven.
Things making difficult to guarantee patient’s
information secrecy
• It is not self-evident when we are patients
• Research takes many forms
• Ongoing transition from EHR to the PHR
• The ubiquitous computing environment
• The information content of the EHR/PHR
It is not self-evident are we patients or persons
• Early warning health care systems
• Continuously monitoring
• The management of chronically diseases
• Pro-active prevention
• Patients using portable personal health devices
• Connected personal health models
Research has many faces and environments
Different kind of applied research, settlements and analysis
are called “research”.
Researcher society has been expanded outside clinical
settings. It is multi-organisational and cross-border.
Researchers as a profession are not as tightly regulated as
health care providers (i.e. researcher working for insurers
and industry). Their ethics can remain unknown.
The content of the legal EHR is not sufficient for modern
health research.
EHR
LPWR
PHR
Copyof theLEHR
EHR
Lifelong EHR
The transition from legal EHR to PHR and LPWR
Legal EHR
The Lifelong Personal Wellness Record (LPWR) includes the
personal health record (PHR) and pervasive wellness information
Presentresearchtarget
The information content of the PHR/LPWR
From birth to grave all kind of information:• The content of legal EHR,• Data about personal health behaviours• Genealogical and genomic data• Social and psychological functionality• Lifestyle, smell, • Vital signs from BAN, sleeping data, • Communication data,• Context data,• Signals received by implanted nano-sensors,• Emotions etc.
We are moving to the pervasive health
- Health information is stored in PHRs or LPWRs
- Enables pervasive access to PHRs and lifelong EHRs
- Uses services of the ubiquitous computing
Challenges of the ubiquitous computing
- Context information is widely collected and used
- Different data sources can easily be linked
- Large number of heterogeneous users and purposes
- Nearly impossible to guarantee privacy and security using
present safeguards and services
Data banks
Sensors
Primary andSecondary users
Present principles guaranteeing patient’s information secrecy
are based on paternalistic tradition where public purposes
override patients personal preferences and obligations.
To day the patient has to blindly trust that:
- Researchers are processing his/her data lawful and ethically
- ICT-systems and databases are secure and privacy is
protected
In most of cases the patient even do not know that his/her
EHR has been used for research purposes.
Where we are now ?
Two roads to guarantee patient secrecy
1. No new principles and rules are used but the uptake
of new security services will improve security and privacy.
2. A new model Personal Data Under Personal Control
is accepted and implemented using opportunities of
already existing context- and policy-aware IC-technology
We are between Scylla and Charybdis
Risks caused by
insecure research
environments,
ubiquitous
computing and
the rich data
content of the PHR
Present paternalistic rules
Present IC-technology
Source: Google
Benefits for research
It is time to define new rules !
Present paternalistic model can be improved using
1. Encryption together with the Trusted Third Partner
architecture for encryption key management
- It is costly, technically complicated and static solution
2. Anonymisation or de-identification
- Some research requires correct identification of
patients (i.e. cohort based research, risk prediction)
and also knowledge of individual's normal functions.
- Makes data linking complicated (a TTP is still needed)
- Makes PHR sharing complicated
- Difficult to manage in large scale
Personal health data under personal control is the most
sustainable and generic solution because we can use solutions
developed for trusted ubiquitous Web.
For it we have to accept
and to develop
New rights for the patient or data subject
A new interoperable data model with rich
meta-data for the PHR/LPWR
A dynamic context-aware and policy enabled
information infrastructure
Personal Health Data Under Personal Control
- new rules
The data subject/patient should have the right to define
dynamically personal policies (i.e. privileges and obligations)
ruling who, where, in what context and for what purposes
his/her health data can be used.
The patient should be aware of the context and security
policies of users and organisations using his/her data.
The patient should have tools to trigger de-identification
on-the-fly based on his/her preferences.
• Standardisation organisations and the industry should
implement necessary standards and interoperable data
models.
•Software vendors and network operators should
implement the future proof, dynamic and policy enabled
infrastructure.
How this can be done and by whom ?
• Policy makers, research society and administrators
should accept new principles and make them mandatory.