Respect Citizens Right to Privacy
Give patients the power to decide who should have access to their privacy data
By Morten Boel Sigurdsson, CEO
Dear Government, please respect your citizens’ right to privacy
As of today, a new notice comes into force in Denmark – paving the way for sharing citizens’ appointments in the public health system. The notice supports the introduction of a National Patient Index in Denmark, which opens up for the sharing of individual citizens’ appointments across health sector employees such as doctors and nurses as well as relatives.
This means that tens of thousands of employees across all municipalities and regions in the country will be able to gain access to citizens’ appointments for treatments and examinations.
Apparently, according to Danish Health Minister Ellen Trane Nørby, it all has to do with solving some of the issues, which some patients with a complex process experience. She has told local media that there has for some time now been a demand for an improved collaboration, both from the patients and the relatives, which can feel insecure by not having an overview, as well as doctors and nurses, who spend significant resources on getting the overview of the individual patient’s illness and treatment process.
Giving control back to citizens
I do understand the challenge at hand, having experienced it for myself when my old grandmother some years ago needed to be transferred between two public health institutions. They had significant challenges transferring her health record data to the receiving institution. In fact, no one knew she was arriving at the new institution and we had to provide her basic data on a piece of paper (once again). There was certainly room for improvement.
Although I understand the greater purpose, I encourage our government not to use good intentions and arguments about the greater good to compromise personal privacy by choosing the easy way, which is to provide broad access to thousands of people.
Whilst it’s convenient just to provide broad access to thousands of health employees, it is in direct conflict with the core principles of protecting the individual’s right to privacy. It is defined by the (upcoming) law in the EU General Data Protection Regulation (EUGDPR), which EU imposes on businesses across the globe. The core objective is giving control back to citizens over their personal data.
Obviously, appointments in the health system are deeply sensitive and represent highly private data for the individual. Personally, I would prefer that consent is only given to a limited number of named people in the health system, as opposed to being shared with thousands of health employees. It is absolutely possible to implement IT that can support that the patient remains in control and must provide consent to who can access his or her deeply personal health data.
Equal playing rules
There should not be one set of playing rules for private organizations and another for the Government. It is the Government which handles the most sensitive privacy data, so why should it not abide by the same rules, rules made to protect its citizens?
Private companies everywhere are right now spending billions of dollars to be in compliance with the EUGDPR, to protect citizens’ right to privacy, implementing the ‘right to be forgotten’ and ensuring citizens’ consent to access to privacy data. It is a key principle that only personnel needing access to the specific data should have access, and access only be granted based on consent from the individual.
So, dear Government, please be a role model and take a dose of your own medicine. How about giving patients the power to decide who should have access to their privacy data? Convenience is no excuse for doing the right thing.
Omada Founder and President (NA) Morten Boel Sigurdsson has more than 25 years of experience providing innovative IT related services and solutions for large global organizations. He has a background from SAP and A.P. Moller Maersk.
Identity Governance and Administration (IGA) Best Practice Process Framework
The Omada IdentityPROCESS+ e-book is a comprehensive, best practice process framework, which describes the most important processes needed to ensure a successful IGA deployment. The framework has been developed with the goal of supporting successful IGA projects and has been created to help organizations implement well proven best practice processes.