Thomas, The record can stay where it was. Only the connection of identifying patient data and the Record-ID needs to be encrypted. De-encryption can take place using a key owned and provided by a notary public.
All must be handled by the Patient-ID server and an official functionary that is equipped to manage keys in a trusted way. Gerard Freriks +31 620347088 [email protected] Kattensingel 20 2801 CA Gouda the Netherlands > On 1 Sep 2018, at 20:28, Thomas Beale <[email protected]> wrote: > > I continue to wonder what will happen when a cancer patient (perhaps in a > moment of depression or disaffection with care) asks for the hard delete, > gets better, then has a recurrence a few years later. What does the health > system do when all the notes are really gone? > > I think a better solution is to create a digital locked room when such EHRs > are put, one-way encrypted with a giant key provided by the patient. Then > when they have regrets, they can ask - nicely - for their record to come out > of cold storage. > > Another argument against total deletion is that a) the state has invested in > helping sick patients and b) other citizens have a potential interest in > health records belonging to those in the same major disease cohort, i.e. > diabetes, cystic fibrosis, BRCA1 cancer etc. Numerous deletions are certainly > going to compromise research that looks at longitudinal Dx v treatments v > outcomes. Perhaps perhaps permanent anonymisation is a better solution in > this case, with the original patient being given the new EHR id. > > I think GDPR has some way to go yet in healthcare... > > - thomas >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ openEHR-technical mailing list [email protected] http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
