The Gesellschaft für Informatik (GI), the largest IT specialist representation in the German-speaking region, supports the controversial digitization strategy of Federal Health Minister Karl Lauterbach (SPD). However, the GI calls for corrections to ensure that patients’ privacy is preserved and the trust in the digital healthcare system is strengthened.
The minister wants to convert the electronic patient record (ePA) to an opt-out principle to give doctors and scientists broad access to the digital archive. The GI agrees that filling the ePA with basic data no longer requires the express consent of the patient, but access to health data by service providers outside of a current treatment must “continue to be linked to informed consent.” The GI believes that the “all or nothing” approach would be the wrong approach here.
To preserve the patients’ informational self-determination and strengthen their trust in the digital healthcare system, the GI suggests designing the opt-out principle to be simple and intuitive and ensuring that patients who are not IT-savvy can easily exercise their rights. The GI also advocates critically examining the telematics infrastructure (TI) based on central storage and processing structures and revising it with regard to the current state of the art.
The association is in favor of “an opportunity-oriented handling of data” that “takes into account the potential of use and the risk of not using the possibilities of digitization for research and care in the individual and public interest.” However, the necessary protection of sensitive, personal data must be addressed with equal priority.
In the context of the research data center and the evaluation of health data, the GI pointed out that “pseudonymization is not the same as anonymization” and that anyone who has legal or illegal access to pseudonymised data can combine information from various sources and thus facilitate the identification of those affected. Effective use of medical data from care also requires binding standards for their storage and exchange as well as interfaces.
In conclusion, the GI believes that the conception and introduction of a research pseudonym should be closely monitored in terms of data protection law and IT security, and that analyzes of the risks and safety measures according to the state of the art are absolutely essential to ensure patients’ privacy is protected.
