A new nationwide system for sharing medical data is currently being introduced in the healthcare sector: Mitz. Recent research by Pointer shows that this system allows large-scale access to patient files, in violation of the right to privacy and medical confidentiality. There is no way to block this.
The core of the problem is the same as with the National EPD (National Exchange Point, LSP) from 2011. This is because the idea behind the design is the same: medical data is made available in such a way that it can be easily and directly accessed when a doctor deems it necessary. That sounds good, but it is unsafe. This is precisely why the EPD was rejected by the Senate in 2011.
Centralized systems such as the LSP immediately raise the question: "Who will have access to your data and when?" Mitz is a kind of pre-screen that allows you to giveyour consent.Pointer's researchnow shows that any healthcare provider can easily change your consent, even without you being present. This effectively makes everyone's data accessible, just like in the National EPD. A healthcare provider, hacker, Chinese or Russian only needs to tick one box (in one place) to gain access to your data.
Medical confidentiality dictates that things should be done differently: you discuss your care with the doctor in the consultation room. Based on that consultation, your doctor makesspecific informationavailable, i.e. only to healthcare providers involved in your treatment. Systems that work in this way ensure that only the part of your medical file that is relevant to your current care pathway travels with you, as it were.
Mitz and the LSP were developed by healthcare providers and financed by health insurers. They believe it is important for data to be available everywhere. They also want to retain influence over the development of systems for data exchange. They therefore find it difficult to accept a system in which control over data exchange truly lies with the doctor and the patient.
Alternatives are rarely or never considered. It takes time to develop these, and the healthcare umbrella organizations have agreed with the Ministry of Health, Welfare, and Sport that they must proceed quickly. These parties have alsoagreedthat this should be done as much as possible on the basis of existing technologies, such as the LSP.
This is the context in which Mitz was created. The priority lies with access to data, and the parties building the "solutions" are the same ones that developed the LSP. These are also the parties that form the "governance" for the digital exchange of medical data within the Ministry of Health, Welfare and Sport.
This means that the problem persists.
Privacy First raised this very issue of governance (management) with the Autoriteit Persoonsgegevens AP) earlier this year. Despite our extensive input (seehereandhere), the AP's own investigation, and several discussions between Privacy First and the AP on this subject, the AP does not yet consider it necessary to take action.
In our opinion, this is a fallacy. When it comes to protecting fundamental civil rights such as privacy, it starts with governance: the control over the design of a system. It is not without reason that the GDPR mandatesprivacy by design: it is precisely during the design phase of the system—and when determining the basic principles—that decisions are made that have a major impact on civil rights. That is why the design of systems requires a balanced assessment that directly takes civil rights such as privacy into account.
As long as governance does not change and citizens (and their privacy representatives) are not given greater control, the problem will remain.
