Home & Office

Anger over EC medical data-sharing scheme

Experts are outraged by a plan that would make UK citizens' medical details accessible across Europe
Written by David Meyer, Contributor

The European Commission is about to call for proposals on how patients' medical details would be shared between its member states, with the UK almost certain to be included in the scheme.

Within the next few days, an initiative called the Competitiveness and Innovation Framework Programme (CIP) will be adopted as part of Framework 7, a massive drive by the EU to fund research and development, with e-health being a major beneficiary.

One requirement of the CIP will be to establish interoperability between member states' healthcare IT systems, such as the NHS's so-called "Spine", which is the new UK database of patient care records.

This aim was outlined in a document published in September last year, entitled Connected Health: Quality and Safety for European Citizens. In this document, the Commission's ICT for Health unit called for interoperability between nations' healthcare systems, arguing that "health, social care and other providers must no longer work in isolation, but need to collaborate as a team, if necessary beyond their national and linguistic borders".

On Wednesday, Paul Timmers, the head of the Commission's eGovernment unit, told a London telehealth symposium that work was already underway on "interoperable platforms that can work… across borders".

Dr Gerard Comyn, head of the ICT for Health unit, confirmed on Thursday that the idea will shortly enter the "proposals stage", part of the competitive bidding process. This will be followed by a large-scale pilot involving six member states. According to those close to the plans, the UK is certain to be one. The pilot stage will take about three years to become operational and "real scale operations" should be in place by 2012.

"The UK is a net beneficiary of the scheme," said one source on Wednesday, explaining that member states will have to supply at least 60 percent of the funding, with the European Commission providing the rest. The UK Research Office to the EU (UKRO), which is funded by many UK research councils, is also understood to be involved.

The data that will be shared will include some kind of emergency care records and patients' medication histories. The aim of the scheme is that if, for example, a UK citizen falls ill while in Spain, doctors there will know what medication the patient cannot take or what existing conditions they already have.

But according to Ross Anderson, a Cambridge University security engineering professor and longstanding critic of the NHS's multi-billion pound centralising systems upgrade, the National Programme for IT (NPfIT), the scheme is unnecessary and could even be counterproductive.

"If you're somebody with information that should be known, at present you will carry either a bracelet or a card in your wallet to say so," Anderson told ZDNet UK on Thursday. "It is foolish to move to a computer for the simple reason that, if you have the information either on an online database or sitting on a smartcard, then the computer could be down. Human-readable information which you can carry is the most appropriate technology."

Anderson explained that a voluntary scheme along these lines has already been in place within the UK for over 10 years, and claimed that the Commission's new scheme had been proposed before, and was "not driven by healthcare concerns but by lobbying from the French smartcard industry".

Anderson also claimed that the scheme was little more than a "covert industrial subsidy" with money going "to whoever is closest to the Commission", saying: "I sincerely hope it's another round of something that's never going to happen. If it comes to the point that every one of the five million people working in healthcare in Europe, plus the CIA and hackers, can access the information, then I'll stop using the health service".

It is unclear at this stage what level of security will be built into the Commission's initiative. Comyn confirmed that "it will be up to the member states to take appropriate actions on security and make sure the level of security they choose is in line with the national levels". As there is already disquiet within the UK about the security implications of having a centralised national health database, the idea of those details being available in other countries, under those countries' home-grown security restrictions, seems sure to cause further concerns.

It is also not clear whether this interoperability was part of the original specification for the UK's NPfIT, or whether it will create new requirements and costs for the scheme. Richard Granger, the head of NPfIT, had not responded to a request for comment at the time of writing.

Murray Bywater, managing director of Silicon Bridge Research and founding chairman of the Intellect Healthcare Group, told ZDNet UK that interoperability was not yet a reality within the UK, let alone Europe. "I go to Brussels often, but when I go do I worry about my medical records being available there?" he asked. "It doesn't even cross my mind — I would love to have decent records in Basingstoke where I live, though."

Suggesting that the EC figures behind the scheme were "off their trolleys", Bywater went on to call the scheme a "colossal waste of money and energy", with only "the usual suspects" standing to gain from EC funding. He also pointed out that there are very few working agreements between member states allowing patients to be treated outside of their home countries, despite an EU directive to this effect.

"Interoperability is great, but it is nowhere near at the stage where you could envision a European solution," Bywater said on Friday. "There are better and more pragmatic ways to do it if they really wanted to."

Bywater suggested that one such approach might be to have disease-specific patients' groups, such as those specialising in diabetes or heart disease, suggest what information they would like to see made available on a secure web portal. Patient-specific URLs for this portal could then be carried by travellers and given to local health providers if necessary. In this way, he explained, doctors and patients might "get over all of the security and privacy concerns" associated with sharing confidential information.

Editorial standards