Data portability in the eHealth sector – #DFD2013

Keynote delivered at the European Parliament, Brussels, 2013-03-27

Document Freedom Day is an annual campaign to build awareness for Open Standards and interoperability. Over 50 events are taking place today around the world around this date, from Nicaragua to Taiwan to Ghana.

Open Standards and interoperability help to put us in control of the technology we use. When it comes to electronic health systems, some questions have already been answered for us.  It’s clear that healthcare in future will rely ever more heavily on computers and databases.

But other questions don’t have an answer yet. What will these computers do, exactly? What data will these databases contain? And who will control them?  These are the questions that policy makers need to answer. The shape of tomorrow’s world will depend on the answers they give.

Healthcare is a key service that citizens expect a modern, civilised state to provide. As we’re discussing data protection and data portability, healthcare is perhaps the most difficult field. That’s because electronic medical records hold information on you that is very personal, even intimate.

Your patient record can tell others how long you are likely to live; whether you can have children; and how productive you’re likely to be as a worker.

This information greatly influences how others relate to you, and the choices you can make. Medical confidentiality is like privacy, only more so.  Will an insurance company take you on if you have a pre-existing condition?  Will your bank ask you to submit a copy of your medical record before processing your mortgage application?

How does an eHealth system have to be designed so that it protects such sensitive information, and yet makes it available to the right people at the right time?  Here are some fundamental considerations as we’re setting out to answer this question.

The fundamental design principle of an eHealth system must be that individuals have ultimate control over their data. Not the state, not health insurers, not other intermediaries. This will be challenging. But without this basic principle, it’s impossible to design an eHealth system that respects people’s freedom.

Second, individuals must be able to choose who they trust with their data. They must be able to freely choose between data service providers, just like today we choose an email provider whom we trust, and who provides the sort of service that we like.

They must be able to switch between services, and take their data with them.  Making data portable like this will only be possible with Open Standards – standards that anyone can implement without restrictions.

Third, the system needs to be open and transparent. Anyone with the appropriate certification should be able to set up a data service provider.  For this to work, the system must rely on Free Software and open interfaces.

Free Software allows everyone to understand how the system works, and make sure it’s secure. Open interfaces enable healthy competition within the system. Incidentally, OpenMRS, a widely used Free Software medical record system already in use in many countries, received a Free Software award yesterday.

This is a very different approach from the centralised model that some states have used.  Large collections of data always attract unwelcome attention. It is impossible to guarantee that they will not be abused in future.  The solution is not to create them in the first place. Instead, let’s create a decentralised system of service providers, flanked by strong regulation and supervision.

As we discuss how to build electronic health systems, let’s keep some fundamental considerations in mind: Privacy, data portability and transparency will be crucial to building systems that work for European citizens rather than against them.