What medication does a patient take, what pre-existing conditions does he have, how did previous treatments go? The current corona crisis in particular makes it clear how important central recording and a simple exchange of patient information are. Doctors and researchers need vast amounts of data in order to investigate the causes, distribution paths and consequences of the pandemic. However, if these are spread across hundreds of hospitals and practices, a lot of time is wasted trying to find them. Time that can cost lives.
This should end in the coming year. Then all those with statutory health insurance should receive an electronic patient file (EPR) from their health insurances, in which their findings, diagnoses, therapeutic measures, treatment reports and vaccinations are saved. On this basis, clinics, practices, pharmacies and health insurance companies should be able to exchange the relevant data with one another. The prerequisite is, however, that the insured consent to their data being saved. The use of the ePA is voluntary: it is only created if the insured person gives their consent. He can also access and delete his data via a smartphone app. He can also specify who else has access besides himself.
In order to be able to save and exchange the data securely, all parties involved are connected to the so-called telematics infrastructure (TI). This is a closed network to which only people and institutions with an electronic health professional or practice ID have access. This is done via a card terminal and a “connector”, a permanently active interface between practice data and the TI. The connector creates a virtual private network (VPN) to the TI, which enables the use of modern encryption technologies. The connector and card reader must be approved by Gematik (Society for Telematics Applications of the Health Card) and certified by the BSI (Federal Office for Information Security).
However, the EPR is already struggling with a number of technical problems. Health Minister Jens Spahn recently admitted that in 2021 it will not yet be possible to individually determine which contents of the electronic patient record are released for viewing. The patient cannot decide for himself which information in the file can be viewed by which doctor, pharmacist or therapist, as planned.
But even if that works at some point, the fact that the insured does not have to allow all doctors to see the EPR means that the information may not be complete. Since doctors have to keep their documentation for at least ten years after the end of the treatment, they will continue to save their diagnoses on their own in the future – with the result that hospitals and medical practices will accumulate masses of duplicated data.
In addition, it is currently more than questionable whether the EPR can meet the required security requirements. At the end of the year, the issue of hospital and practice cards had to be stopped because of a security gap in the TI. Experts from the Chaos Computer Club (CCC) discovered a data leak at a provider of electronic chip cards, which doctors and practices can use to access the encrypted network.
In other countries, the operation of similarly complex infrastructures is already showing how vulnerable they are to cyber attacks: In Singapore, for example, at the beginning of 2019, the names of 14,000 HIV patients were made public via a central database. In England, too, there were several incidents in the past year in which health data became public. And in Norway, three million patient files were stolen in 2018. Above all, however, the planned possibility of accessing the EPR via smartphone or tablet is a matter of great concern among security experts: “Such devices run on operating systems that, experience has shown, contain vulnerabilities that can be exploited by attackers,” warns Hartmut Pohl from the Gesellschaft für Informatik (gi ).
With highly sensitive health information, such leaks can have fatal consequences. In contrast to bank data, which after ten years no longer provide any information about the creditworthiness of the account holder, information about an HIV infection or genetic previous illnesses remains up-to-date forever. If they get into the wrong hands, they can contribute to stigmatization and disadvantage for the affected patients.
Security gaps, technical problems, duplicate data storage: It is uncertain whether the EPR will bring the planned improvements. Clinics and medical practices continue to be faced with the question of how they can save their patient data securely and quickly. More and more institutions are moving to storing the information not on their in-house server but in a private cloud.
This variant offers advantages in several respects: Cloud solutions usually have multiple security levels and modern guidelines with numerous redundancy mechanisms for data protection. The servers are located away from the employees and are guarded. The data is encrypted and therefore difficult to hack and can be easily accessed and found with the right tools. Loss of data due to server failures or database fragmentation are practically impossible. The cloud also offers the possibility of analyzing data and creating models – for example, to record the spread of a virus. And finally, their operation is usually more cost-effective, since neither hardware purchases nor own personnel are required for operation and maintenance.
However, many users are not aware that the cloud provider is responsible for the secure operation of the hardware, but not for the protection and security of the data: According to a study by Vanson Bourne on behalf of Veritas, 69 percent of companies believe Your cloud provider is responsible for data protection. However, most contracts do not contain a corresponding clause. Healthcare facilities must therefore ensure that t
heir patient information is permanently protected from unauthorized access. That means: The data must be encrypted in the practice / hospital before it can flow into the cloud. Only the doctor and his authorized employees may have the key for encryption and decryption.
But the trustworthiness of the cloud service provider is also an important aspect: Are the data and applications sufficiently armed against failures and designed to be highly available? Is there a continuous backup of the information and is it easy to restore? Are all important compliance requirements observed? Such questions must be clarified in advance. The cloud provider should have IT security management and ideally be certified according to the ISO 27001 standard. It is also recommended that the servers on which the patient data are stored are located in Germany or another EU country, as the strict rules of the EU General Data Protection Regulation (EU GDPR) apply here. It is also important that the cloud provider has sophisticated data management tools to classify the health information so that it can be found quickly if necessary, and to be able to store and delete it centrally and automatically in accordance with regulations.
All of this shows that moving health data to the cloud is no walk in the park, but it is an important first step towards networked medical care. Access to the right data is not the only decisive factor, it must also be available promptly. When patient health is at stake, delays in providing critical patient information can cost lives. (Hi)