Is this about the national electronic health record?
No, but it is related. For many years now, the Dutch government and healthcare sector have been looking for a good way to store all the health data that is accumulated about individuals – preferably in a single, person-specific digital environment – in a way that facilitates digital data sharing. In 2011, the Dutch Senate rejected the Electronic Patient Record Act because it did not sufficiently guarantee patient privacy and data security. Since then, many different information systems have emerged.
The assumption is that collecting, sharing and linking health data will benefit the health of both individuals and society. It will allow people to participate in their own care process and work on becoming or remaining healthy, and it will support personalised care and sickness prevention. The government and politicians have therefore persisted in their desire to make health data available digitally, and not just to care providers but to patients as well.
In the Act Supplementary Provisions for the Processing of Personal Data in Healthcare , adopted by the Senate in July 2017, the government established the conditions under which data may be exchanged between the various information systems in the healthcare sector. These conditions are meant to lay the groundwork for a system that provides better privacy and security safeguards. As from 1 July 2020, every person in the Netherlands must be able to access his or her own health data online and to indicate which care providers may access which data (if and when necessary); the latter is referred to as ‘specified consent’.
Specified consent is a further interpretation of specific consent. Specific consent is laid down in the Dutch General Data Protection Regulation implementation act and entails that it must be clear for patients for which processing, of which data, for what purpose the healthcare provider requests permission. With specified consent, as laid down in the Act Supplementary Provisions for the Processing of Personal Data in Healthcare the patient must also be given the opportunity to specify or distinguish which data can be provided to which healthcare provider or categories of healthcare providers.
How will the digital health data system take shape?
The Ministry of Health, Welfare and Sport and the Dutch Patient Federation are working with the healthcare sector and IT suppliers to set up a safe, properly functioning system that will allow people’s digital health data to be accessed, shared and linked online. These efforts include amending legislation, concluding agreements with the care sector, and the MedMij Programme.National agreements have been made to standardise the information; it would otherwise be impossible to link data.
Identification and authentication must be technically sound, for reasons of privacy and security. The MedMij Programme is laying down rules that will give patients a complete overview – a personal health environment or PHE – where they can access, manage and share personal health information, regardless of where it is stored, digitally and securely with a healthcare provider whenever and wherever they like.Financial incentives encourage parties to invest in the success of the system.Health data must be accessible online from 1 July 2020; as of that date, it must also be possible for people to indicate which healthcare providers may view which data.
Why and to whom is health data being made available digitally?
The basic principle is that giving people control over their health data will allow them to manage their own health.
Everyone in the Netherlands already has the right to access data about their own health and medicinal drug use. From 1 July 2020, they must also be able to do so online. They should also be able to decide for themselves which data they wish to share with which healthcare provider (‘specified consent’). They can also decide against sharing their data.
Linking and sharing data have advantages for healthcare institutions; once the relevant patient has issued his or her consent, institutions have quick and easy access to the necessary data. This means, for example, that no more unnecessary duplicate laboratory tests will be carried out for diagnostic purposes, and that patients will no longer need to repeat their medical history or medicinal drug use every time they see a new healthcare provider. Unnecessary visits to doctors and other healthcare professionals can be avoided.
This approach also reflects the nature of life today, with almost all information being provided or requested digitally, and with apps and wearables tracking more and more of our individual health data. It seems convenient for people to have all their health data stored in a single place and organised to suit their needs. Eventually, this information could then be used for other purposes, for example in digital coaching offered by the healthcare sector and private parties to the chronically ill or to those keen to alter their dietary habits and lifestyle.
What were the challenges identified by the study?
Data privacy and data security are extremely important and vigorous efforts are being made to guarantee them within the context of digital health data management in the healthcare sector. It is unclear whether enforcement will be possible, however. And there are other factors to be considered. Physicians themselves have indicated that the digital interface could well change their relationship with patients. The expectation that a physician will somehow be available 24/7 is unrealistic. How are they to deal with data, for example from apps or wearables, that patients provide themselves? Which data should be included in their health records? And who is supposed to coach patients when they come across alarming digital information about their illness without having spoken to their doctor? It is clear that these changes are imminent, but we do not yet know how they should be incorporated into the care process.
The digital health management system is geared primarily towards meeting the wishes of chronic patients who are capable of self-management; it gives little consideration to the wide variety of other (chronic) patients and (vulnerable) individuals whom lack for example required skills or do not have the desire to self-manage.
With data sharing in the healthcare sector being standardised and with some people being keen to track and monitor their health themselves, it has become possible to combine and analyse more and more accumulated data. Healthcare institutions or private parties have apps that provide coaching, and algorithms are increasingly being used to intervene in our lives. It is therefore crucial that people become aware of the implications of data sharing, that they cultivate the right decision-making skills, and that they understand how to protect themselves against profiling and manipulation.
Will everyone be able to take charge of their health this way?
Say that we succeed, both technically and in organisational terms, in setting up a system that links and shares data for health management purposes. Will making people responsible for their own data actually allow them to take charge of their health? Will people – including a wide range of different patients – be willing and able to shoulder the responsibility that they are given?
The question is to what extent those who so wish will be capable of acting on the information provided by health data or on the feedback delivered by health apps. We may be overestimating their abilities. In addition to having the necessary digital skills, they must be able to interpret the digital health data correctly and have the will to change unhealthy habits, for example. It is precisely those groups most likely to call on the healthcare system – the elderly, people with a low socio-economic status, the intellectually impaired, the illiterate, people with serious mental or complex disorders, migrants – that often lack the above skills.
This may well lead to a digital health divide in society. It is also possible that society will come to feel less solidarity with those who are unwilling or unable to manage their health based on their digital health data.
What does the RI recommend, in brief?
First of all, the Rathenau Instituut recommends that the parties involved in setting up the system for digital access to and sharing of health data should think carefully about what it will mean for our public values. So far public values have not been adequately factored into the design process, but it must be possible to implement them properly. The values include autonomy (can people in fact make choices and understand the implications?), equity and equality (is everyone capable of managing their health digitally or will a division arise between those who can and those who cannot?) and solidarity (will everyone be expected to take action based on the data?).
In the interests of data privacy and data security, we recommend abandoning the idea of integrating health and healthcare data infrastructures centrally. An integrated, centralised infrastructure would be highly vulnerable to cyberattacks.
Second, ensure that the digital health management system meets the needs not only of chronic patients, but also of other types of patients and the public in general, and especially of vulnerable, less assertive individuals.
We further recommend setting additional requirements for all government and commercial parties that use data from the personal health environment, even if people have given their consent. A healthcare professional must always be involved in interpreting health data. Finally, people must be ‘digitally literate’ and understand the consequences of sharing data.