E- Health Primary Care E-Health Europe E-Health Jobs (UK only) E-Health Insider Events
Welcome Guest | Login | Register | Why Register?
HOME | CONTACT | NEWS | DOCUMENT LIBRARY | FEATURES | OPINION & ANALYSIS | EVENTS | RESEARCH REPORTS | CASE STUDIES | POLLS | PODCASTS

German doctors say no to centrally stored patient records

Tags: EPR   London   Safety  

16 Jan 2008


"It is not a good idea to store information on thousands of patients in one place." Klaus Bittmann, head of NAV Virchow

Recent reports about incidents of data loss in the British healthcare system have alarmed medical doctors in other European countries.

In Germany, the national association of doctors in private practice (NAV Virchow Bund) has adopted a stance advocating the complete abandonment of all concepts of central data storage in the German national health IT project.

The doctors’ body is now calling for the German Ministry of Health to halt all plans for centrally-stored shared electronic patient records, due to the potential risks to patient confidentiality. NAV Virchow represents around 20,000 doctors in private practice.

In an exclusive interview with E-Health Europe, Klaus Bittmann, head of NAV Virchow, made reference to a series of recent incidents with lost computer discs at several NHS trusts in England. Some of the incidents were initially reported by E-Health Insider.

One particular incident that helped trigger the new NAV Virchow statement was the reported loss of 160,000 notes about patients at London City Hackney Primary Care Trust.

“We are absolutely not against using modern technology, but what we witness again and again is that it is not a good idea to store information on thousands of patients in one place. We are calling for the national ministry of health to stop all plans for server-based concepts for shared electronic patient records immediately,” said Bittmann.

Officially, though, there are no national plans for electronic patient records in Germany. But Bittmann says, in his opinion, the national smartcard project is leading towards that direction.

As an alternative, the German private doctors’ body is suggesting the use of encrypted USB-sticks. These could be handed over to patients and would carry all relevant patient data, including digital images such as radiographs or CT-scans.

“What is needed in addition is a health IT infrastructure that collects only references about the institutions where the documents were generated. In case of loss or destruction of the USB-stick, the EPR could then be re-established by contacting the individual doctors,” said Bittmann.

He criticized both the German Ministry of Health and the German national health IT organisation, gematik, for being unwilling to even consider a decentralized USB solution. “We are currently trying to bring together a number of doctors for making our own project”, said Bittmann.

He also revealed that plans are being drawn up to let professional hackers try to crack the USB system in order to prove that it can be made safe: “When you are honest about making patient data accessible for other doctors, about giving complete medication histories to improve drug safety and about avoiding unnecessary diagnostics, you will come to the conclusion that all this can be done with USB sticks as well. You do not need central data storage.”

Critics are likely to point to some inconsistencies in the arguments of NAV Virchow. There are, for instance, a number of regional care networks in Germany that already use shared electronic patient records with central data storage.

In these settings, patients rarely are made aware what is actually stored about them and where. Ironically, these networks tend to be driven by doctors in private practice. But this does not seem to be what Bittmann and his colleagues are talking about when they criticise data storage on servers.

When talking to E-Health Europe, Bittmann was not able to say under which circumstances exactly he considers data storage to be ‘central’ and thus to be condemned. Instead he gave the impression that NAV Virchow’s main objection stems not from records held on centralised servers but the fact that they will, in the future, be part of a government controlled infrastructure.

Recent years have seen Germany legalising wiretap operations as part of anti-terrorist measures and in 2007 an EU-directive on storing telecommunication data was implemented. All connectivity data on phone and internet communication have to be stored for six months by the provider, which is also true for the communication data of doctors.

“After these experiences, we simply do not trust the government any more”, said Bittmann.

However, some leading experts for data protection tend to take a less alarmist approach than the doctors when it comes to patient data on central servers. “We have a good legislation for health IT in Germany. There is a lot of irrational fear when it comes to server-based data storage”, said Thilo Weichert from the Independent Centre for Data Protection in Schleswig-Holstein recently at November’s Medica trade fair.

But he too admitted that possible changes in legislation in the future could easily make a national health-IT network become a nightmare from a data protection perspective.

 

Philipp Grätzel

© 2008 E-HEALTH-MEDIA LTD. ALL RIGHTS RESERVED.

Readers Comments
Add a comment
Readers Comments

1

What has loss of discs to do with central servers?

maryhawking@tigers.demon.co.uk

17 Jan 08 19:57

There are arguments for and against records held on central servers - and also about shared records. I'm not sure what connection loss of computer discs has to do with this argument - especially when the 160,000 records causing particular concern seem to have been encrypted to a high level. Am I missing something? Confidentiality *is* important - but lack of information can also kill you.

2

re: Central servers

18 Jan 08 09:40

I suggest the fear alluded is less about discs falling into the hands of fraudsters or perverts than what the government will do with centralised data stores. There are commercial and research organisations standing in line for these data. Moreover whenever the 'public interest' dictates will all bets on confidentiality be off?

Can we expect knocks on the door from ...

- researchers asking you to participate in their study of "your little problem"?

- marketeers offering to alleviate your obesity / depression / impotence?

- the police when your medical record profile 'fits' that of a wanted terrorist / sex offender / illegal immigrant / parking ticket defaulter ?

I haven't the time now to find the stories on this site but the precedents (or promises) are there.

3

What about stolen laptops?

18 Jan 08 11:06

It's strange. How centralisation of medical records is the problem, for so many wild-eyed commentators, not digitisation. We don't worry about GPs selling our records for marketing/research but somehow, when they're centralised the risk appears. We also don't seem to notice when locally kept records dissappear out of windows from GP surgeries http://news.bbc.co.uk/1/hi/wales/7143358.stm Why don't these commentators fess-up and tell us what they really dislike about centralisation.

4

Jaundiced view?

18 Jan 08 13:14

Can we expect knocks on the door from:

- Researchers - unlikely given that the real benefit of SUS is in analysing aggragate data rather than in identifying individuals. Plus there are things called Caldicott Guardians and Research Ethics Committees.

- Marketeers - unlikely given that this would contravene the Data Protection Act

- The police - unlikely unless they can prove a legal justification, in the same way that they do now.

If you take off the filter of paranoia, these start to look suspiciously like benefits.

5

What utter rubbish........

22 Jan 08 17:03

The storing of patients’ data on a GP system or laptop is in itself a central storage of patients’ information. So the choice would seem to be between trying to secure hundreds (or thousands) of different electronic record stores spread across the country as opposed to one single or amalgamated into one where severe precautions can be taken to protect the information.

(Post edited by EHI)

6

Utter rubbish, probability and risk

colin@clinformation.com

22 Jan 08 18:08

What seems sound from a population perspective doesn't necessarily work for an individual. The more that records are pooled for storage, the greater the chance that any one individual's record might be accessible to - though not necessarily accessed by - someone who gets into the system.

Given that:

1. Breaches of security in pooled record repositories (and not just in healthcare) are coming to light with alarming frequency.

2. There's little (if any) evidence that widespread professional access to shared records - as envisaged by the CRS - will address any significant healthcare problem for the NHS.

... then I'm unconvinced.

7

Is the argument really

23 Jan 08 07:49

we dont like the fact that we have lost control...

digitisation of records is no more nor no less secure than the bits of paper that doctors seem to think are the perfect answer. There are numerous patient benefits for digitisation and secure transfer of information.

The data loss incidents in the recent past in England have shown that where the appropriate technical solutions that already exist are not utilised, there will be problems. Looking at the secure network that CFH are putting in and the smartcards required for access, there seems to be a genuine attempt to create a secure network.

Just a patient centric view

8

The Real Argument is...

23 Jan 08 12:19

What is best for the patient, not the doctor, not the Acute Trust, not the PCT, not the NHS, but the patient. Agreed that security needs to be increased and governed as a priority, but central records ensure that a patient's info is with the right health worker, at the right time, wherever they are. Patient care and safety considerations outweigh confidentiality worries.

9

Re: The real argument

colin@clinformation.com

23 Jan 08 12:56

It'll take far more than CfH is planning (or - based on progress to date - capable of delivering) to ensure that "a patient's info is with the right health worker, at the right time, wherever they are".

There are too many people being seduced by the dogma that a central record is some sort of panacea. The reality is more likely to be that - at best - it will be of limited utility in real clinical situations. At worst, given the inherent ambiguity and volatility of much personal health data, it could be downright dangerous.

10

Trust is an interesting word

24 Jan 08 03:39

Many if us work for or within a "trust". Yet I suspect very few members of the public trust "them" to look after their data. Who is "them"? The GP, The Trust, The NHS, Government? If we are honest, at times who is truly ensuring proper governance of centralised data is obscure to us professionals, even less to the public. Do we trust "them" not to disclose this in the future? Do we trust "them" to keep it secure? I trust my GP because I know him, if his computer(s) get nicked, I will understand that, I can see he does his best. If he became a "them" to me, I'm willing to bet I would lose my trust. So I guess there are 2 points here, 1. when we depersonalise a service, trust is lost. 2. When we use a word to market a service, and that service is found wanting, the word is permanantly devalued.

Search
News Features Jobs Newsletters
Most commented
Most commented
Most read
Most read
Tags
Tags
Top jobs
More
Top jobs

Featured_recruiters
Featured_recruiters
About Us | Advertise | Privacy Policy | Terms & Conditions | About RSS | RSS Feed
E-Health Insider is managed and maintained by E-Health-Media.com ©2009 E-Health-Media Limited.