Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Descriptive analysis
Profiling practices and medical data: what is the issue?
Currently in health care, a lot of attention is being paid to develop tools to capture, monitor and store bio-medical and insurance social data as well as to integrate these data to construct ‘health identities’, for different purposes. Now it is believed that ‘time is right’ to reach the ‘necessities’ of guaranteeing ‘quick and easy access to health and insurance data’ and of creating more interoperability between the health care (delivery) systems (Directorate General for Research, 2001). This vision enables profiling of health data.
Medical data is understood as ‘all personal data concerning the health of an individual. It refers also to data which have a clear and close link with health as well as to genetic data’ (Council of Europe, 1997). The EU published a recommendation for the protection of medical data and in 2007, the Article 29 Data Protection Working Party made efforts to develop a draft framework for the processing of personal data relating to health in electronic health records (Article 29 WP 2007). The Article 29 Data Protection Working Party argued that all data in the electronic patient records must be considered to be sensitive data (Article 29 Data Protection Working Party, 2007). This brings about the duty to foresee additional safeguards when processing the data.
The development of electronic health record systems has ‘the potential not only to process more personal data (e.g. in new contexts, or through aggregation) but also to make a patient’s data more readily available to a wider circle of recipients than before’ (Article 29 Data Protection Working Party, 2007). In sum, we can not ignore that eHealth creates a major bearing surface to (further) process medical (personal) data.
Profiling of health data is a new topic for the NoE FIDIS. As a frame of reference we use the definition of the FIDIS Work Package 7:
“Profiling is ‘the process of constructing profiles (correlated data), that identify and represent either a person or a group/category/cluster, and/or the application of profiles (correlated data) to identify and represent a person as a specific person or as member of a specific group/category/cluster;’ (Hildebrandt and Backhouse (eds.), 2005, 17).
Following this definition, it could be argued that electronic health records and cards are profiling practices. At least, they are important enablers for profiling. The electronic tools become bearers and new handling techniques of data, which can be used for profiling practices. These are facilitating tools to construct profiles (knowledge) that could be applied onto specific patients or groups/clusters of patients / citizens.
Profiling is thus becoming a mere result than the initial purposes of new ICT initiatives in the area. But within eHealth developments the issue of profiling is seldom explicitly tackled. For instance the debate in eHealth is seldom coupled to debates on e.g. privacy enhancing technologies or debates on the actors gaining access to information. This is particularly striking as eHealth tools such as the electronic health card and the electronic health records smooth the way to process health data enabling profiling practices. For example, practices like risk selection procedures, quality analysis, evidence based health care, and other less innocent health care data related practices such as health (care) behaviour, profit from the collecting and storing of health data (e.g. in records and cards). Some stakeholders (within and outside the health care sector, such as governmental policy makers, research agencies, (health) insurance companies and employers) have clear interests in the availability and use of health related data. Moreover, issues such as integrating health (care) data across a wider range of disparate databases can lead to particular issues such as accidental disclosure or improper use of data.
Whenever personally identifiable information is collected and stored, improper analysis and disclosure can be the root cause for privacy issues, as is clearly discussed in article 8 of the European Convention on Human Rights. The European Commission has therefore proposed a Directive on the protection of personal data in 1998 containing eight key principles that any actor processing personal data must comply with: (1) Fairly and lawfully processed, (2) Processed for limited purposes (3) Adequate, relevant and not excessive (4) Accurate (5) Not kept longer than necessary (6) Processed in accordance with the data subject’s rights (7) Secure (8) Not transferred to countries without adequate protection.
The European Data Protection Directive clearly incorporates the concepts of ‘obtaining’, ‘holding’ and ‘disclosing’ information. All EU member states adopted legislation pursuant this Directive or adapted their existing laws, and each country is expected to have its own supervisory authority to monitor the level of protection; and this policy is also clearly related to medical and health (care) data
The issue of handling health care data is a complex one, that cannot be discussed in general “black” or “white” terms of moral justifications for justifying data handling and protection regimes. Some clear work has to be developed on identifying the “field”, specifying which parties and stakeholders are involved, within which normative rules the question of data handling and access to information is developing, on which domains within (medical issues, coordination and collaboration of parties, administrative purposes, insurance aspects) and outside the health care sector (insurance, marketing, justice, …) and for what purposes health care data are handled, including the question of information exchange within and outside health related sectors.
Profiling health data brings about opportunities and risks at the same time. Some of these opportunities and risks will be addressed hereafter.
Opportunities:
Under limited and specific conditions, the processing of data from electronic health records is allowed in the context of medical scientific research and government statistics. The Article 29 Data Protection Working Party stresses that, when possible, these data should be anonymized (or pseudonomynized).
Practices as evidence based medicine, managed care and disease management - profit from the use of eHealth tools. These profiling practices are enabled by ‘automatic data extraction from electronic health systems that operate according to Europe’s legal requirements on data protection and privacy’ (COM (2004) 356 final). In general, recorded health data can be used for ‘quality assurance, benchmarking, reimbursement, better management and control; disease surveillance and emergency preparedness, decision support, public health monitoring, knowledge generation and research (Unit ICT for Health in collaboration with the i2010sub-group on eHealth and the eHealth stakeholders’ group, 2006). According to several authors, the use of personal health data is fundamental to perform quality research of health (services) (Gostin, Hadley, 1988; Chamberlayne et al., 1998).
The use of health care data is also seen as an opportunity for health services and epidemiological purposes. “Data about the use of medical services in the files and databases of health-insurance companies, or data from medical files or electronic care records maintained by health-care providers, could be merged and analysed. These analyses can result in the description and prediction of the incidence and prevalence of diseases. They also enable epidemiologists to ascertain and find high-risk groups, and to determine relations between chances of recovery from diseases and other – until now as yet unknown – influencing factors, etc.’ (Vedder, 2000).
Similarly, data can offer added value for evidence based management & evidence based health care. The EU itself is very active in the domain of Public Health programmes. There are lots of European activities in the domain of health reporting, which is perceived to enable evidence-based health policy. Health risks and necessary treatments of individual patients are based
Disease management has been described as ‘a strategy of delivering health care services using interdisciplinary clinical teams, continuous analysis of relevant data, and cost-effective technology to improve the health outcomes of patients with specific diseases. It includes self-care management techniques, patient education, and provider training. Disease management provides individualized care plans based on clinical guidelines to manage individuals with treatable chronic diseases.’ (National Pharmaceutical Council). Disease management is closely related to the development of managed care. Managed care plans are health care delivery models that integrate the financing and delivery of health care. It is an especially American approach to control the use of health care services. It assesses medical necessity of interventions, makes (financial) incentives to use certain providers, and uses the principles of case management. Managed care techniques are most often practised by organizations and professionals that assume risk for a defined population, which implies that managed care organizations generally negotiate agreements with providers to offer packaged health care benefits to covered individuals. Managed Care ‘implies the provision of information to or by a third party with the objective of creating equilibrium between the need for and the supply of care.’ (Hooghiemstra, 1998, 38).
Risks:
Risks of the use of health data for profiling practices relate especially to privacy, individual autonomy and freedom of choice of citizens. In particular when health information is combined with other sources of (medical) information, much more knowledge about the citizens is known (Redigor, 2004). In relation to EHR systems, the Article 29 data Protacction Working Party speaks of a ‘new risk scenario’ for privacy protection. Even if ‘this new risk scenario will be fully realized by most projects only in a future state of full-scale implementation’ (Article 29 Data Protection Working Party, 2007, 5), we should already take into account this new risk scenario when designing EHR systems.
eHealth tools can enable easy and widespread access to sensitive information. In the context of information management, third parties have more and more access to this sensitive information. E.g. in most cases of managed care, information management (based on individual patient data) is done by a third party. Managed care can be privacy friendly, but it has to be guided by the rationales of medical secrecy and in accordance with article 6, 1, b of the Data Protection Directive, and in line with the provisions on sensitive data described in article 8 of the Data Protection Directive. PET’s can help to ‘inscribe’ the juridical safeguards into the architecture of databases (Hooghiemstra (ed.), 1998). At least in theory, anonymization and pseudonymization of citizens’ data guarantees the privacy of citizens’ in profiling practices. Although pseudonymization bears the risk of re-recognition (surveillance of a citizen without actually knowing his or her identity).
It has been argued that profiling of health data not in function of individual or public health issues should be prohibited. For example, when medical practitioners access electronic health records this should be in function of the treatment of a specific patient and not as ‘expert for private insurance companies, in litigations, for granting retirement aid, for employers of the data subject etc.’ (Article 29 Data Protection Working Party, 2007). However, the secondary use of health (care) data would allow for useful policy issues and support taks to improve health care policies (performance management, evidence based health care, quality monitoring, etc.) There is thus necessarily need for a reflection of the secondary use of the (often fragmented) databases of health care data, including the potential purposes of these forms of secondary use of data. Especially the debate on who is getting access to health care data, under what form, for what purposes has to be discussed more profoundly and embedded in a framework of (legal) guidelines.
8 / 19 |