The Commission of the European Union has introduced the proposal for a “European Health Data Space” EHDS. It is currently being discussed in the LIBE Committee (for Civil Liberties, Justice and Home Affairs) of the EU Parliament. A first statement about it can be found here. Last week, German association Patientenrechte und Datenschutz (Patient’s Rights and Data Protection) wrote to all members of the LIBE Committee and their staff. Here is the text of its current submission.
The proposed regulation on the European Health Data Space (EHDS) is supposed to serve patients, provide new rights and benefits. But in fact, it creates a “single market” for personal health information by technically organising it via central storage and, above all, making it available to third parties.
Patients will have to worry that their particularly sensitive medical data will fall into the hands of unauthorised persons. This undermines trust in doctors and other professional helpers – and jeopardises the basis of any medical treatment.
Central storage is unnecessary, as decentralised systems would also be possible and feasible. Moreover, the electronic health record is not in the hands of the data subject, but is managed by a third party.
From the patient’s point of view, the entire concept in its current form ist to be rejected.
Specifically, we consider the following points to be particularly critical:
Primary use: compulsory electronic health record
Art. 3 (1) of the draft regulation ostensibly creates a “right” for people in Europe “to access their personal electronic health data […] immediately […]”. Similarly, Art. 3 (8) constructs a “right” for patients to give other persons access to their health data “immediately”.
Yet, in fact, it is an obligation without alternative.
Immediate access to remote data requires technical accessibility at all times. Either this is achieved via central storage or the networking and constant (online) availability of all systems that process patient data. Both approaches enable malicious or criminal attacks or data breaches. How often medical files fall into the wrong hands in this way is something you can read about in the media every week.
The draft regulation requires all data holders to fill an electronic health record (EHR) for each patient (Art. 7 para. 1). Patients are deprived of the possibility to decide about their personal data themselves. They will not be asked.
Compulsion to the electronic patient file is to be rejected on principle.
Secondary use: for research, but also for boosting the economy
Art. 34 lists purposes for which a “secondary use” – i.e. the disclosure of data without the knowledge or consent of the data subjects – should be permitted. Many of these purposes are formulated very vaguely. This allows a wide range of interested parties to access health records.
Patients cannot block their health records from secondary use.
According to the draft regulation, electtronic health records must be anonymised or pseudonymised before secondary use. A definition of these terms, and the procedures to be applied, is missing.
Personal medical data are as unique in their combination as a fingerprint. By linking them with information from other sources (internet, address data), it is possible to identify the data subject from almost any “anonymised” data set.
Moreover, “pseudonymisation” can be reversed.
A compulsion to “secondary use” is to be opposed on principle.
According to Art. 168 (7) of the “Treaty on the Functioning of the European Union” (TFEU), “the management of health services and medical care” is the sole responsibility of the Member States.
The proposal’s provisions on primary and secondary data use interfere significantly with the management of health care and, in this form, exceed the competences of the EU by far.
- to create ways for the doctors and therapists involved in a patient’s treatment to exchange data directly in encrypted form (at the request of the patient),
- to create electronic health records only at the request of the patient concerned (opt-in),
- to allow secondary use only on the basis of the informed and voluntary consent of the data subjects (opt-in),
- to strictly limit the permissible purposes of “secondary use” to non-profit research,
- to protect the privacy particularly of ill persons by imposing severe penalties on the disclosure and/or repersonalisation of medical data,
- to introduce a liability to pay compensation for victims of data loss. The disclosure of health information can cause considerable damage to the person concerned and genetically related persons and can have an effect for generations. Therefore, all data users must be liable, regardless of fault, if health records given to them fall into the wrong hands.
- to establish a fund that will step in if the parties liable to pay compensation are insolvent or elusive. This compensation fund should be financed through the fees for secondary data use provided for in the draft (Art. 42).
We are confident that the proposed amendments will help to avert or mitigate the major risks of the EHDS project.
All things considered, we believe it would be sensible for the EU Commission to withdraw its proposal and redesign the project while safeguarding patients’ rights.
This could include established concepts for decentralised storage as well as patient- rather than industry-friendly designs of the EHR and allow for a slow convergence of the different healthcare systems.