Abstract
With the development of communication technologies, new forms of information collection, storage, and exchange have taken on a new importance in the field of health care. From a scientific point of view, the extensive sharing of medical information, along with the exchange and transfer of sensitive data and the combination of individual patient data with other available data sources, is seen as key strategy for discovering unknown factors influencing disease susceptibility and development. The merits of data sharing cannot be discussed without acknowledging the implicit dangers of misuse or unintended disclosure of health-record data.
This chapter uses the concept of an eHealth platform, as an illustrative example of the potential action required to tackle the dichotomy between large-scale sharing of sensitive health data and the utmost protection of the data-subject’s privacy. An eHealth platform manages common access to electronic health records (EHR) by interdisciplinary and intersectoral health staff. Sharing is limited to each patient’s most relevant medical information and explicitly does not include all available medical details on the patient compiled in local health facilities.
This chapter provides an analysis of the interdependence of public acceptance of eHealth technologies and legislation on data protection. The latter is enshrined by various international conventions as a fundamental human right. In the European Union, the protection of personal health data enjoys the very highest level of protection. Against this background, new information technologies in health care mean that the precise standards that define appropriate privacy protection, or, more specifically, what exactly the famous informed consent is good for, is still subject to ongoing disputes. Does consent remain the pivotal issue for any decision to legitimize the exceptional processing of data? Are research purposes of public interest deemed to be a sufficient justification for granting general access to an identifiable person’s sensitive data on the eHealth platform?
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Callens S. The EU legal framework on e-health. In: Mossialos E et al., editors. Health system governance in Europe: the role of EU law and policy. Cambridge: Cambridge University Press; 2010. p. 561–88.
Ferreira AD, Chadwick et al. How to securely break into RBAC: the BTG-RBAC model. In: 2009 annual computer security applications conference (ACSAC). Honolulu, Hawaii, USA: IEEE; 2009.
Wagener R. Microdata and evaluation of social policies, conference paper of the 3rd colloque luxembourgeois sur l’économie et de la connaissance dans une perspective européen “En route vers Lisbon”. Luxembourg; 2008.
Willison D. Data protection and the promotion of health research: if the laws are not the problem then what is? Healthc Pol. 2007;2(3):39–43.
De Lusignan S, et al. The role of policy and professionalism in the protection of processed clinical data: a literature review. Int J Med Inform. 2007;76:261–8.
Lowrance W. Learning from experience: privacy and the secondary use of data in health research. J Health Serv Res Pol. 2003;8(1):2–7.
Ritchie F. Secure access to confidential microdata: four years of the virtual microdata laboratory. Econ Labour Mkt Rev. 2008;2(5):29–34.
Hohmann J. The use of medical data in research and eHealth applications -can European data protection law keep pace? 18th world congress on medical law, Zagreb; 2010.
ECtHR. I v. Finland. No. 20511/03. Judgement of 17 July 2008. Strasbourg.
Cavoukian A, Alvarez RC. Embedding privacy into the design of EHRs to enable multiple functionalities – Win/Win, URL: http://www.ipc.on.ca/images/resources/pbd-ehr-e.pdf. Retrieved 26March 2012. Self-archived at webcite® on 26-Mar-2012 [http://www.webcitation.org/66S96guLP]. Ontario, Canada; March 2012.
Art. 29 WP. Opinion 4/2007 on the concept of personal data. 2007; WP 136. URL: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf. Retrieved 23 March 2012.
De Meyer F, De Moor G, Reed-Fourquet L. Privacy protection through pseudonymisation in eHealth. In: Clercq D et al., editors. Collaborative patient centred ehealth. Amsterdam: Ios Press; 2008. p. 111–8.
Die Telematik-Plattform der Kassenärztlichen Vereinigungen. URL: http://www.d2d.de/index.php?id=6. Retrieved 26 March 2012.
Prudil L. Privacy and confidentiality: old concept, new challenges. Med Law. 2006;25(3):573–80.
WHO. Legal frameworks for eHealth: based on the findings of the second global survey on eHealth. Global observatory for eHealth series. Geneva: World Health Organization; 2012. p. 5.
Sharyl J, Levit LA, Gastin LO, editors. Beyond the HIPAA privacy rule: enhancing privacy, improving health through research. Washington: National Academies Press; 2009.
Mackenzie G, Carter H. Medico legal issues. In: Hovenga EJS et al., editors. Health informatics. Amsterdam: Ios Press; 2010. p. 176–82.
Robson B, Baek OK. The engines of Hippocrates: from the dawn of medicine to medical and pharmaceutical informatics. New Jersey: Wiley; 2009.
Lattanzi R. Protecting health care data: from medical secrecy to personal data protection. Solution found? In: Herveg J, editor. The protection of medical data: challenges of the 21st century. Anthemis: Louvain-la-Neuve; 2008. p. 21–36.
ECtHR. Gaskin v. United Kingdom. No. 10454/83. Judgment of 07 July 1989. Strasbourg.
ECtHR. Colak and Tsakiridis v. Germany, No. 35493/05. Judgment of 09 March 2009. Strasbourg.
OECD. Thirty Years After the OECD Privacy Guidelines. OECD publishing; 2011. URL: http://www.oecd.org/sti/interneteconomy/49710223.pdf. Retrieved 3 January 2013.
Council of Europe: Modernisation proposals adopted by the 29th Plenary meeting (27-03 11 2012) T-PD(2012)4Rev3. 2012. at: http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/T-PD(2012)RAP29Abr%20E%20-%20Abridged%20report%20of%20the%2029th%20T-PD%20meeting%20(Strasbourg%2027-30%2011%202012).pdf. Retrieved 3 January 2013.
ECtHR. Z v. Finland, No. 22009/93. Judgment of 25 February 1997. Strasbourg.
ECJ. Judgement C-101/01 criminal proceedings against bodil lindqvist [2003] ECR I-12971. Luxembourg; 2003..
Art. 29 WP. Working document on the processing of personal data relating to health in electronic health records (EHR). 2007;WP131. URL: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp131_en.pdf. Retrieved 23 March 2012.
Kuner C. European data protection law: corporate compliance and regulation. 2nd ed. Oxford/New York: Oxford University Press; 2007.
Herveg J. Theory of risks and processing of medical data in healthgrids in European law. In: Herveg J, editor. The protection of medical data: challenges of the 21st century. Anthemis: Louvain-la-Neuve; 2008. p. 187–210.
European Commission. Proposal for a regulation of the European parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General data protection regulation, COM (2012) 11 final, January 2012, at: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf. Retrieved 23 March 2012.
EDPS. Opinion of the European data protection supervisor on the data protection reform package. Brussels: March 2012. URL: http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-03-07_EDPS_Reform_package_EN.pdf. Retrieved 23 March 2012.
Benzschawel S, Da Silveira M. Protecting patient privacy when sharing medical data. eTELEMED 2011. In: The third international conference on eHealth, telemedicine, and social medicine. Guadeloupe; 2011.
IHE International – IHE Profiles. URL: http://www.ihe.net/profiles. Last visit 26 March 2012.
Gangan GA. The role of informed consent in econsent implementations. EAHL 2011. In: The third European conference on health law. Leuven; 2011.
Benzschawel S, Zimmermann H. Architecture and security of a national eHealth platform. Contractual work done for the luxembourgish health ministry. URL: http://www.santec.lu/_media/project/esante/efes/20110629_esante_architecture_wp7_and_wp8.pdf (retrieved 26 March 2012). Self-archived at webcite® on 26-Mar-2012 [http://www.webcitation.org/66S5ri87H]. Luxembourg; June 2011.
European Commission. The framework programme for research and innovation. 2012. URL: http://ec.europa.eu/research/horizon2020/index_en.cfm?pg=home. Retrieved 26 March 2012.
Further Reading
London Economics. Study on the economic benefits of privacy-enhancing technologies (PETs). Final report to the European commission DG justice, freedom and security, 2010. URL: http://ec.europa.eu/justice/policies/privacy/docs/studies/final_report_pets_16_07_10_en.pdf. Retrieved 20 April 2012.
WHO. Safety and security on the Internet. Challenges and advances in member states. Global observatory for eHealth series. 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this entry
Cite this entry
Hohmann, J., Benzschawel, S. (2013). Data Protection in eHealth Platforms. In: Beran, R. (eds) Legal and Forensic Medicine. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32338-6_81
Download citation
DOI: https://doi.org/10.1007/978-3-642-32338-6_81
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32337-9
Online ISBN: 978-3-642-32338-6
eBook Packages: Biomedical and Life SciencesReference Module Biomedical and Life Sciences