Title: STORAGE OF HEALTH DATA

Secure saving of health data is a conditio sine qua non for eHealth. Technicians, experts and commercial partners are always looking for new ways to do this. However, both paper based systems as well as highly technological systems bear the risk to loose health data. Recently, there have been several cases of losses of stored medical data in the UK (see box). 

‘NHS smartcard losses aren’t being monitored’, Tash Shifrin, Computerworld UK, 19/10/2007. 

‘Personal details of 16000 children lost in hospital data disks blunder, the Daily Mail, 12/12/2007. 

‘Boston hospital data stolen’ by Nicola Dowling, Manchester Evening News, 23/12/2007. 

‘Exclusive: Hospital Test data found in the street’, Peter Truman, Your Local Guardian, 9/01/2008. 

‘Doctors encourage patients to opt-out after NHS data losses’, SA Mathieson, Infosecurity News, 4/01/2008. 

Little correspondents indicated that countries use health cards to store health information or to provide access to patient data. Detailed health related data are seldom stored on the card itself: 

The Swiss electronic health smart card, foreseen to be introduced in 2008, can contain ‘information to improve the medical attendance’, such as: blood type, immunization and transplantation data, allergies, medication, information about an already existing living will. Here as well a PIN code can protect the data. Medical data can be put on the (future) Swiss card, but only if the patient agrees. A record of medicines is optional on the Swiss cards and mandatory on the social security card in Italy

In the Lombardian SISS system clinical data for emergencies is saved on the CRS, the smart card. The holder can block data entries with a PIN code and the card allows updating data.  

The Andalausian cards contain basic medical information but fingerprint protection of the holder. The Belgian and Spanish cards do not put information of prescribed medicines onto the record.

The European health insurance card contains the following information; code of country of membership of insurance, name and first name of holder, data of birth, registration number, identification number of the relevant institution, logic number of the card and information of the institution re the logic number, end date of card. The card has no other data on the card than the data visible on the document (except if the card is integrated in another national electronic card). 

Once the German eGesundheitskarte will be deployed, ‘patients shall be entitled to decide which of their medical data will be included on the card and which will be deleted’ (the joint declaration of 3 May 2002 announcing the introduction of the eGk the Federal Ministry of Health and the stakeholder organisations in the health sector) (Germany-16).

What data are saved on records and cards?

There is agreement on some generally categories of information (although the type of information is depending on the purposes of the record). These categories are: 1. patient contact information (administrative part – patient ID), 2. Patient medical information (non-exhaustively: information on treatments, health history or medication data…), 3. Patient’s rights information (does patient want blood transplants e.g.) and sometimes 4. A non patient related information part (supportive part: flyers related to ‘mainstream’ medical conditions, follow up rules…). According to the information provided by the countries, emergency data is included in the Norwegian hospital records, in health records of medical institutions in Switzerland (although not as a special data set), in the Belgian Electronic health file (SUMEHR), in the Andaloucian health record and in the UK health record.  

The choice between a centralized and a decentralized system to save health data in is very important. Both have pros and contras. Bourret observes a link between the way health data are stored and two common visions on electronic health records: ‘the first older one views EHR as an electronic safe, it is often connected with the idea of a standardized EHR. The second view, which is more recent and innovative, has emerged with the Internet technologies: the shared EHR’ (Bourret, 2004, 106). The latter vision, where the electronic health record ‘is made up of documents and also includes links to documents at remote site’ has the advantage that the ‘data deposits remain in the sites where they are collected’ (Bourret, 2004, 106). The shared EHR is therefore interesting for organising the health networks (e.g. between hospitals and primary care). Some countries (Germany e.g.) state very explicit that ‘no central register or data base with patients’ data shall be implemented’ (the joint declaration of 3 May 2002 announcing the introduction of the eGk the Federal Ministry of Health and the stakeholder organisations in the health sector) (Germany-16). The Belgian FLOW healthcare network (which is a voluntary and open platform to share information) wants to provide an alternative for the closed and centralised alternatives in medical dossiers. (Belgium – 9.1) According to the UK answer, ‘there is no linkage between eRecord and any social care record’ (UK-2).

Member states of the European Union have to follow the legal rules of the EU but they have some freedoms, e.g. in limiting the period of saving health data. In the Netherlands, it has long been argued that medical records should be stored for only 10 years. Contrary, specific archival legislation in Scandinavian countries, determines very long retention periods for health data for scientific research.