New technologies have flooded our lives: many day-to-day products and activities now begin with the prefixes i-, e-, cyber-, info-, techno-, m-, net-, tele-, and the list goes on. It’s easy to get lost in this carrousel of innovation! Digitalisation is advancing so quickly that even our health is becoming electronic.
E-health is changing the way diseases are diagnosed, treated and managed. It also enables consumers to improve their well-being by supporting healthier lifestyles and encouraging the development of new habits. While e-health offers seemingly endless possibilities (including far-reaching ones like robots as medical assistants), it would not be possible without its core component: electronic health records (EHRs). These files contain every detail about your health, and are consequently one of the most important and sensitive aspects of e-health.
For consumers, having easy access to health records is important both at home and when travelling within the EU, be it for work or pleasure. The need for healthcare when abroad is often linked to emergency situations. In these urgent cases, it is crucial that health records can be shared on the spot.
From paper to screen
EHRs act as the backbone of e-health, containing a patient’s electronically stored health data. Both patients and doctors can easily access these records for important information such as medical history, diagnoses, medications, treatment plans, allergies, radiology images and test results. This is especially handy when travelling or changing residence, so that your health history can be easily accessed and transferred to your new doctor.
According to a recent EU study, although 52% of respondents would like to access their health records only a limited number of Europeans currently enjoy this privilege. With paper health records in use for nearly 2,000 years, it is most definitely a daunting task to overhaul the entire system. But change is possible, and some European countries are leading by example.
For example, France has one of the oldest EHR systems, dating back to 1998 when French patients were given a carte vitale (Vital Card) health insurance card. This card makes it unnecessary to send medical expense claim forms via mail in order to receive reimbursement, and has since been extended with a web-based system that displays medical forms, health and medication updates, educational information, government health alerts and consumer insurance information.
Another example is Estonia, which became the first country in the world to implement a nationwide ‘birth-to-death’ electronic health record system.
Every Estonian currently enjoys full access to their health records with just a few clicks.
Unequal access across Europe
In total, nine EU countries (Austria, Bulgaria, Estonia, Finland, France, Latvia, Lithuania, Malta, Spain) have implemented online systems that enable patients to access their health data. However, the use of EHR systems varies from one country to another; for example in Lithuania patients can only access their EHR if their hospital uses this system (adoption is to date limited), while Finns can only access the medical summary of key health events and conditions [1].
In comparison to these success stories, the other Member States are lagging behind. The result is a fragmented EHR landscape across the EU, and the lack of a common approach means that European consumers are not able to easily access their health records [2] across borders.
The good news, however, is that the European Commission has recently re-confirmed its willingness to support the development of a common system for the exchange of European health records.4 It is thus likely that in the years to come, European consumers will be able to access and manage their health data wherever they are in the EU.
Health privacy and security matter
Health data is particularly sensitive, as it reveals the physical and mental health of an identifiable person. Apart from medical history, EHRs may contain a lot of other lucrative data such as date of birth, insurance information, social security number, financial information, etc. Unlike credit card information, an EHR cannot be easily replaced or changed in the event of a cyber-attack. This is particularly troublesome, as you cannot simply get a new medical history or social security number.
All health data is unique, and could potentially be severely misused for a long period of time before a breach has been noticed.
GDPR, the European data protection law that entered into application in May, aims to strengthen the protection of personal data, from your email and browsing history to your health information. We have high expectations for this data protection law. Of course, its success will depend upon how well the rules are implemented. Tech companies, public health agencies, insurers and health professionals handling patients’ data will be play a crucial role in the implementation.
The EU should work to standardise the use of safeguards against any unauthorised access to or modification of online individual health data. As such, ‘privacy and security by design and by default’ are essential in preventing the misuse of personal data from step one in the development of e-health tools. A high level of security by design and by default is about having a minimum set of binding security requirements for EHR software and apps. This would also be a key condition for ensuring that the European cross-border EHR exchange is safe and beneficial for consumers.
In the end, it all boils down to consumer trust. Personal data breach incidents, or illegal acquisitions of large-scale data (as illustrated by the infamous Cambridge Analytica scandal on Facebook) may lead to a loss of trust in technologies. And once trust is broken, it is hard to regain. Integrity is vital for e-health, and we hope that companies consistently choose for consumer trust over profit.
[1] European Commission (2018), Staff Working Document on enabling the digital transformation of health and care in the Digital Single Market; empowering citizens and building a healthier society.
[2] European Commission (2018), Communication on enabling the digital transformation of health and care in the Digital Single Market; empowering citizens and building a healthier society.