On 05-09-18 11:15, GF wrote:
Thomas,
The record can stay where it was.
Only the connection of identifying patient data and the Record-ID
needs to be encrypted.
De-encryption can take place using a key owned and provided by a
notary public.
I don't think that is enough, Gerard, if the record contains DNA
material, or other identifying material.
A 1997 study showed that up to 87% of the U.S. population could be
identify with just zip code, birthdate and gender.
A researcher was able to identify William Weld (Massachusetts Gov.) from
anonymous hospital discharge records.
Today this numbers will be much higher because clinical actions will be
on cell-phones and internet-browsers, and there is much more
linked-information about individuals.
Read this, very interesting:
https://www.forbes.com/sites/adamtanner/2013/04/25/harvard-professor-re-identifies-anonymous-volunteers-in-dna-study/#41635a6892c9
An organization which has no business with your medical data should not
have access to them, not even historical clinical data.
GDPR, were we all talk about, which is the thread of this message, is
mainly build around consent, but what is consent?
There should be more discussion about to get the understanding landing
at normal people:
Click on the image, I found yesterday, to see more images:
https://twitter.com/ianmthompson/status/1037276071002038272
Bert
All must be handled by the Patient-ID server and an official
functionary that is equipped to manage keys in a trusted way.
Gerard Freriks
+31 620347088
gf...@luna.nl <mailto:gf...@luna.nl>
Kattensingel 20
2801 CA Gouda
the Netherlands
On 1 Sep 2018, at 20:28, Thomas Beale <thomas.be...@openehr.org
<mailto:thomas.be...@openehr.org>> wrote:
I continue to wonder what will happen when a cancer patient (perhaps
in a moment of depression or disaffection with care) asks for the
hard delete, gets better, then has a recurrence a few years later.
What does the health system do when/all the notes are really gone/?
I think a better solution is to create a digital locked room when
such EHRs are put, one-way encrypted with a giant key provided by the
patient. Then when they have regrets, they can ask - nicely - for
their record to come out of cold storage.
Another argument against total deletion is that a) the state has
invested in helping sick patients and b) other citizens have a
potential interest in health records belonging to those in the same
major disease cohort, i.e. diabetes, cystic fibrosis, BRCA1 cancer
etc. Numerous deletions are certainly going to compromise research
that looks at longitudinal Dx v treatments v outcomes. Perhaps
perhaps permanent anonymisation is a better solution in this case,
with the original patient being given the new EHR id.
I think GDPR has some way to go yet in healthcare...
- thomas
_______________________________________________
openEHR-technical mailing list
openEHR-technical@lists.openehr.org
http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
--
*Bert Verhees*
Software developer, architect
Twitter: https://twitter.com/VerheesBert
LinkedIn: https://www.linkedin.com/in/bertverhees/
Email: bert.verh...@rosa.nl <mailto:bert.verh...@rosa.nl>
Mobile: +31 06 28050294
_______________________________________________
openEHR-technical mailing list
openEHR-technical@lists.openehr.org
http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org