Data protection in ehealth platforms

Abstract

With the development of communication technologies, new forms of information collection, storage, and exchange have taken on a new importance in the field of health care. From a scientific point of view, the extensive sharing of medical information, along with the exchange and transfer of sensitive data and the combination of individual patient data with other available data sources, is seen as key strategy for discovering unknown factors influencing disease susceptibility and development. The merits of data sharing cannot be discussed without acknowledging the implicit dangers of misuse or unintended disclosure of health-record data. This chapter uses the concept of an eHealth platform, as an illustrative example of the potential action required to tackle the dichotomy between large-scale sharing of sensitive health data and the utmost protection of the data-subject’s privacy. An eHealth platform manages common access to electronic health records (EHR) by interdisciplinary and intersectoral health staff. Sharing is limited to each patient’s most relevant medical information and explicitly does not include all available medical details on the patient compiled in local health facilities. This chapter provides an analysis of the interdependence of public acceptance of eHealth technologies and legislation on data protection. The latter is enshrined by various international conventions as a fundamental human right. In the European Union, the protection of personal health data enjoys the very highest level of protection. Against this background, new information technologies in health care mean that the precise standards that define appropriate privacy protection, or, more specifically, what exactly the famous informed consent is good for, is still subject to ongoing disputes. Does consent remain the pivotal issue for any decision to legitimize the exceptional processing of data? Are research purposes of public interest deemed to be a sufficient justification for granting general access to an identifiable person’s sensitive data on the eHealth platform?