Re Ownership
Gunnar, As a summary of my e-mail: - Ownership is irrelevant, - Authorship is relevant, - Authors that commit information to a record can NEVER remove the information; they can add; - Patients can NEVER remove the information; They can add/annotate; Access control list can be changed by them, only, - There are different types/classes of data/information, - Each with possibly different acces control lists and rights, - Patients need a proxy to exercise all their rights; Proxies can have mandates, - My position isn't according to Dutch law. It is a personal one. Gerard On 2002-06-12 10:58, Gunnar Klein gunnar at klein.se wrote: Dear EHR friends, I agree very much with David Guest's opinion that it less fruitful to speak about ownership of information though it is done a lot in the debate in many countries. It is clearly different from access rights which Gerard is speaking about and like David is saying for Australia, in Sweden there is usually very little point in trying to distinguishing differnt parts of records as less relevant for the patient. i certainly think the classification suggested by Gerard in four types of data does not hold. Different from the access rights themselves are the rights to decide access rights which is quite complicated and varies in different situations. In many countries today, the patient concerned always has an overriding right of deciding that his/her record should be released for reading to a specific person or any person. We have an interesting debate in Sweden right now on the issue if it is possible to ask the patient to give consent to access to records not yet recorded. Some very official legal experts claim it is not allowed according to the secrecy act to give a permission to an unknown piece of information for the future whereas other legal advisors to healthcare organisations are de facto supporting what is built in some cases where the patient gives the consent to future relaeases of information to be recorded in the future. One example being a centralised list of all currrent medication. For standards we have to accept that this type of serrvice will be required by some user groups whereas in other legal contexts it will not be possible. Yet another aspect of ownership is the issue of destruction of the whole or parts of an EHR. In our legislation as I believe in many others no healthcare provider has that right by itself, only a special national body, in our case the National Board of Health working directly under the ministry of Health can make a decision that allows it and in fact mandate that it shall be done usually based on a request by a patient that find that errors have been made or harmful opinions expressed by less careful professionals. Since many EHR systems installed do not really have a function to do a removal of data, these rare situations cause special consultancy services by the EHR manufacturer often at high costs 5-15000 EUR. Of course a standard requirement shoudl allow for deletion but it is not a matter for EHR communication. However, the important thing to note is that when records actually shall be deleted it shlould be all copies also sent to other providers. Thus, the record need to store logs of record transfers and there may be a need to communicate electronically the instruction to the recieveing end to delete. However, from a Swedish point of view these deletion issues are so rare that it is not an important requirement that this should be communicated electronically, one reason is that the instruction to another system need to convey also the proof (a paper decision for now and a long time to come) of the Authority decision that the record can/shall be deleted. Best regards Gunnar Klein - Original Message - From: David Guest dguest at bigfoot.com To: Gerard Freriks gfrer at luna.nl Cc: openehr-technical at openehr.org Sent: Wednesday, June 12, 2002 7:44 AM Subject: Re: The concept of contribution - first post :-) Hi Gerard I have been sitting here in the OpenEHR since February and all of sudden last month someone put through a cyberhighway and the din from traffic has increased enormously. For those who have transferred from other lists I apologise if my ponderings are too facile or have already been covered ad nauseam. I have never understood the concept of data ownership. I can understand the ownership of things, like hard drives and CD-ROMs, but not data. Data seems to me like a mathematical algorithm or poetry. You can create it, you can interpret it and you can store it. You can also send it on to someone else and these days the electronic copy you send is the same as the original. Medical data is collected from patients by health care professionals. Each of them has specified read / write permissions but, at least in Australia, not deletion rights. If you introduce third parties (HMOs, governments, employers) you also
The concept of contribution
Hi, After analysis done by the Smartcard people in the Netherlands they came to the conclusion that Smartcards with significant medical information on it need special safety procedures and back-up facilities. These extra's necessitate a full back-up centrally and create synchronisation problems. Everything is technically feasable. But was to expensive. They concluded: the smartcard must be used in the process of identification, only. And even that was very expensive. With regards, Gerard On 2002-06-12 04:18, Tony Grivell tony.grivell at flinders.edu.au wrote: At 11:34 +1000 12/6/02, Thomas Beale wrote: Li, Henry wrote: This is the process A patient visits a care provider and presents his e-card as a proof of consent to treatment The health care provider loads up the health record into the browser and download the info into whatever system he is using (this applies to Hospital as well), the health care provider can also choose to discuss the patient with other health profession on line through the web. When the patient leave the care provider, it is the responsibility of the care provider to upload whatever he has done to the patient back to the e-card and the patient goes away. Any subsequent test results etc, it is the responsibility of the health care provider to contact the patient to have the data put into the patient's e-card. (the patient can choose not to do so - but it is of course to the patients benefit to do so) So now there are copies of the EHR a) on the patient's card, and b) on the system. Over time there will be many copies of the EHR, some more up to date than the copy on the patient's card. What's the point of having a copy of the EHR on the patient's card? The benefit of this is at any one time, the patient is the only person that has a complete health history of himself and he owns it. (Solve the This won't be true - over time I doubt that anyone will have a complete history of the patient - they will all have partial histories, which admittedly is the curret situation, but I don't see any utility in having yet another copy of part of the EHR on the card. Re: the fear of big brother - I agree this is real; but the solutions in my opinion lie in: - distributed computing systems - data management by clinical and/or public bodies (non profit enterprises in other words) - strict governance of information and enforcement of consent - data ownership by the patient - thomas beale One attractive option that goes some way to satisfy the above ideals is to have any particular data exist in only one primary location (backed up, of course), and therefore the total record scattered potentially around the world. The patient-held e-card (also backed up somewhere?) carries the _index_ to these locations/data, as well as being the physical part of a key that allows access to this data, and maybe also carrying some portion of the data (at least a summary of key events and critical information such as serious allergies, medication etc) tony grivell - If you have any questions about using this list, please send a message to d.lloyd at openehr.org -- private -- Gerard Freriks, arts Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands +31 252 544896 +31 654 792800 - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
The concept of contribution
On 2002-06-12 03:34, Thomas Beale thomas at deepthought.com.au wrote: Li, Henry wrote: This is the process A patient visits a care provider and presents his e-card as a proof of consent to treatment The health care provider loads up the health record into the browser and download the info into whatever system he is using (this applies to Hospital as well), the health care provider can also choose to discuss the patient with other health profession on line through the web. When the patient leave the care provider, it is the responsibility of the care provider to upload whatever he has done to the patient back to the e-card and the patient goes away. Any subsequent test results etc, it is the responsibility of the health care provider to contact the patient to have the data put into the patient's e-card. (the patient can choose not to do so - but it is of course to the patients benefit to do so) So now there are copies of the EHR a) on the patient's card, and b) on the system. Over time there will be many copies of the EHR, some more up to date than the copy on the patient's card. What's the point of having a copy of the EHR on the patient's card? This is the position of the Dutch Smartcard Group. The benefit of this is at any one time, the patient is the only person that has a complete health history of himself and he owns it. (Solve the This won't be true - over time I doubt that anyone will have a complete history of the patient - they will all have partial histories, which admittedly is the curret situation, but I don't see any utility in having yet another copy of part of the EHR on the card. Re: the fear of big brother - I agree this is real; but the solutions in my opinion lie in: - distributed computing systems - data management by clinical and/or public bodies (non profit enterprises in other words) - strict governance of information and enforcement of consent - data ownership by the patient Agreed. But ... data ownership by the pati?nt will need some consideration. I know that most laws in most countries are politically correct and give rights to patients. But never ownership. Most often a right to inspect, review, remove, and add information. In my way of thinking, the author is the owner and one responsible. The pati?nt has the right to see his information and under certain conditions is able to remove it or change it. But what is Information? I think that there are levels or types of information: Private Opinions consisting of personal interpretations of raw data; Official Statements/opinions consisting of professional interpretations of raw data; Raw uninterpreted data admitted to the EHR; Raw interpreted data not admitted to the EHR, (yet) Pati?nt have rights towards the last two, but none with the first. Healthcare providers must have the facility record private unripe thoughts about the pati?nt and its disease process. The author os the information is acting as the proxy of the pati?nt. Patients should have no direct access to all the information. Only to selected portions of the Official opinions. The preferred way to inspect and change is via the responsible proxy. - thomas beale - If you have any questions about using this list, please send a message to d.lloyd at openehr.org -- private -- Gerard Freriks, arts Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands +31 252 544896 +31 654 792800 - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
