Yesterday, the EU Commission presented a draft law to create a “European Health Data Space” (EHDS). The proposal aims to connect patients‘ health data across Europe. For example, patients’ medical histories, test results or prescriptions are to be shared with hospitals and doctors treating a patient throughout the EU, unless the patient restricts access. Industry, research and authorities would also be given access to personal health data with only the name removed („pseudonomised“).
MEP Patrick Breyer (Pirate Party) comments:
“Information revealing my physical and mental health is extremely sensitive. If I can’t rely on this information being treated confidentially by my attending physicians, then I may no longer seek treatment. This puts sick people and their family at risk. That’s why the digitization of the healthcare system must meet the following requirements:
- Only the attending physician may have access to their own treatment information without the patient’s free consent. This includes the fact that a person is being treated by a particular doctor in the first place. There are good reasons, for example, to obtain a second opinion without the doctors involved knowing about each other.
- Without the free consent of the patient, treatment information may only be stored locally by the chosen doctor and not automatically in central systems, where there is no longer any control over it. There is a risk that in the event of a loss of data, the data of the entire population will suddenly be lost.
- If there is ever to be access by industry, by research or even by politics, then only anonymised and aggregated together. It is not enough to simply remove the names of the patients. After all, treatment histories are so unique making it is easy to reassign them to the person in question.
After a preliminary review of the EU Commission’s legislative proposal, none of these requirements are met. Obviously, the proposal was not designed in the interest of the patients, but of industry. There is a lot of work ahead to ensure that patients can continue to trust in the confidentiality and security of their highly sensitive health information and that their right to self-determination over their data is respected!”