maandag 7 maart 2011

To EPD or is it me?

The sorry story of how a well meant government project in The Netherlands goes awry. Just this month a letter from the national government, ministry of Public Health, Well-being and Sport (Ministerie van VWS) came with the mail.
In fact it were several letters, for members of my household.

Each one read (translated in short): “Your personal health records have been uploaded to the Electronic Patient Dossier (EPD) by your pharmacy XYZ because they (they, not we!) take part in the national infrastructure (read here database) for information exchange in the care sector”. This national database, the EPD, has cost an enormous amount (over 100M€ up to 2011), is not tested to its limits and is designed to host all medical information of everyone, from dentist to psychologist. The national data protection commissioners express formal doubts on its security and validity in view of the European data protection guidelines. Can you guess what health insurance companies are willing to pay for that wealth of information?

In short: I do not understand why the government sends me this letter. I would expect my pharmacy to inform me or ask my permission, at least, before uploading my personal medical information to any database. Well, in fact I do understand now. My general practitioner, like many medical professionals, has great doubts and suggests his patients to object to uploading any medical information.

The letter also notes that you may raise objections to this central storage of everything you want to keep secret from prying eyes. It does not do so directly but refers to the accompanying folder that expresses unconditional certainty that this will save your life. After reading all that is supposed to be good for you, you will find a web address where you may object.

To secure your interactions with governmental websites, a national identity structure has been built and used for several years now. This system, called DigiD, ensures that you can identify yourself to any government webservice. It is trusted on many transactional levels – and that is important for the rest of this story.

So, having every reason to doubt the intentions and the security of large government projects, you decide to raise objections to the central storage of your medical files. You use your DigiD to identify yourself to the website of the EPD and proceed to object. Many times the system tries to lure you into saying to yourself “I will not object; this can only be good”. All arguments are thrown at you not to object to the storage. Ah, why? Why indeed?

After a short period you do receive an email from the EPD system, stating in short: “we did receive your objections in good and proper order and we will take four (!) weeks to send you further information”. What? Further information? For what? You know that I object. And why not within 0.001 second? Why after four whole weeks? What do you do in the meantime? Copy my medical info, just to make sure?

Snail mail is the next step. After a full week you will receive a letter by mail, statingWell, since you have provided us with your formal digital credentials and ID, and you object to having your medical information stored in our national central database, we want you again to object, again, in writing, again, on paper, again, by snail mail. This agreement is printed on the backside of the letter so we hope you will not see it. Why oh why?

My wife made a very good point: any objection thus entails several printed letters, plus a set of envelopes which all cost paper (=trees) and transport (=oil). This is time and money (government time and thus our money!). Why oh why?

And you did use an identity structure, DigiD, set up by government (tax office, census office, …) to ensure proper identification. Why then a, even less secure, paper trail as well? Why does government go through all this trouble? Why oh why?

Well, it is just a guess of course. We use a national system of medical insurance, so if we can give the insurers insight in your medical records, we might save a dime here and there. The major problem is that there is no way back. Once the system is set up, you are suspect if your data is not readily available.

Major political figures show up on the Board of the health insurance trade, such as Hans Wiegel and Roger van Boxtel. They all promote the use of the EPD and Roger even pays practitioners in the field to store data in the database. Now why's that? I wonder if their medical data is available in the EPD infrastructure. Prove it.....

UPDATE - The Dutch Senate (Eerste Kamer) of the Dutch Parliament (the States General) has rejected the proposed law on the EPD. It has an extensive set of public files on the subject.

Geen opmerkingen:

Een reactie plaatsen