Written answers

Tuesday, 2 May 2017

Department of Health

Electronic Health Records

Photo of Richard Boyd BarrettRichard Boyd Barrett (Dún Laoghaire, People Before Profit Alliance)
Link to this: Individually | In context | Oireachtas source

932. To ask the Minister for Health if a person's medical records are secure with the expansion of the ehealth system; if it is possible to opt out of the system; and if he will make a statement on the matter. [19685/17]

Photo of Simon HarrisSimon Harris (Wicklow, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The importance of, and the opportunity for, eHealth or digital health to support health care reform and the delivery of a modern health care system has been recognised for quite some time. In 2013, the Government approved and published a strategy for developing eHealth capability in the Irish health system called the eHealth strategy for Ireland, 2013. This strategy sets out a number of objectives and a road map for the delivery and implementation of eHealth for the benefit of patients. One of the recommendations in the strategy was the development of a system of unique identifiers for patients to underpin patient safety and efficiency.

The Health Identifiers Act 2014 gives the legal basis for the development and the deployment of health identifiers that will cover individual patients, and health care providers and professionals in the health service. The development and implementation of a system of unique patient identification for our health service is a major task and was recommended by the Health Information and Quality Authority and the Commission on Patient Safety and Quality Assurance in 2008. Each patient will be assigned a unique identifier when they engage with the health system for the purposes of better patient care and safety both of which are of paramount importance. A privacy impact assessment (PIA) has been conducted and a public consultation exercise undertaken as part of the preparation for the implementation. There has also been engagement with the Office of the Data Protection Commissioner in relation to the deployment. It should be noted that the Individual Health Identifier is only a number and is, of itself, not a medical record. Therefore the opt out from the number itself is not feasible and should not be confused with a patients right regarding the use of their medical information.  In that regard, it is important to bear in mind that the Health Identifiers Act 2014 did not change in any way the law, including data protection law, in relation to the statutory rights of patients regarding their medical records or the obligations that data controllers have for patients' personal health data.  Furthermore, patients are entitled to discuss with their health care provider what happens with their health data.  It is important to point out that the roll out of a system of health identifiers for patients, has no linkage with any eligibility for any type of health service or benefit. It is primarily a patient safety initiative and a fundamental building block for eHealth and ICT developments into the future.

The delivery of digital health care services and the roll out of an electronic health record (EHR) will need to be underpinned by a robust legal framework to ensure confidentiality and security of patient data consistent with the new EU general data protection regulation, Regulation (EU) 2016/679. The new EU regulations (General Data Protection Regulation) will, from May 2018, regulate the collecting, use, keeping and disclosing of personal data, including the purposes for which it is collected and used.  The GDPR provides a timely opportunity to examine how public confidence in the way the health system handles personal health data can be enhanced and that will involve consideration of a range of matters, including consent and the related idea of opt-out.

Accordingly, my Department is currently examining the appropriate information framework that will provide the optimum environment to support patient safety and allow for digital deployment of information systems into the future. The health care delivery system requires a robust information governance environment to ensure the right information about the right patient is available securely, in the right place and at the right time.  The confidentiality of health data and the right of citizens to privacy must always be respected while at the same time be balanced against the health needs of the individual and the use of health data for the greater good of society.  These are complex and demanding issues which must be addressed in the context of the Health Information and Patient Safety Bill, national and health sector implementation of the new General Data Protection Regulation and existing health legislation including the Health Identifiers Act 2014.

Comments

No comments

Log in or join to post a public comment.