Gunnar, As a summary of my e-mail: - Ownership is irrelevant, - Authorship is relevant, - Authors that commit information to a record can NEVER remove the information; they can add; - Patients can NEVER remove the information; They can add/annotate; Access control list can be changed by them, only, - There are different types/classes of data/information, - Each with possibly different acces control lists and rights, - Patients need a proxy to exercise all their rights; Proxies can have mandates, - My position isn't according to Dutch law. It is a personal one.
Gerard On 2002-06-12 10:58, "Gunnar Klein" <gunnar at klein.se> wrote: > Dear EHR friends, > > I agree very much with David Guest's opinion that it less fruitful to speak > about ownership of information though it is done a lot in the debate in many > countries. It is clearly different from access rights which Gerard is > speaking about and like David is saying for Australia, in Sweden there is > usually very little point in trying to distinguishing differnt parts of > records as less relevant for the patient. i certainly think the > classification suggested by Gerard in four types of data does not hold. > > Different from the access rights themselves are the rights to decide access > rights which is quite complicated and varies in different situations. In > many countries today, the patient concerned always has an overriding right > of deciding that "his/her" record should be released for reading to a > specific person or any person. We have an interesting debate in Sweden right > now on the issue if it is possible to ask the patient to give consent to > access to records not yet recorded. Some very official legal experts claim > it is not allowed according to the secrecy act to give a permission to an > unknown piece of information for the future whereas other legal advisors to > healthcare organisations are de facto supporting what is built in some cases > where the patient gives the consent to future relaeases of information to be > recorded in the future. One example being a centralised list of all currrent > medication. For standards we have to accept that this type of serrvice will > be required by some user groups whereas in other legal contexts it will not > be possible. > > Yet another aspect of "ownership" is the issue of destruction of the whole > or parts of an EHR. In our legislation as I believe in many others no > healthcare provider has that right by itself, only a special national body, > in our case the National Board of Health working directly under the ministry > of Health can make a decision that allows it and in fact mandate that it > shall be done usually based on a request by a patient that find that errors > have been made or harmful opinions expressed by less careful professionals. > Since many EHR systems installed do not really have a function to do a > removal of data, these rare situations cause special consultancy services by > the EHR manufacturer often at high costs 5-15000 EUR. > > Of course a standard requirement shoudl allow for deletion but it is not a > matter for EHR communication. However, the important thing to note is that > when records actually shall be deleted it shlould be all copies also sent to > other providers. Thus, the record need to store logs of record transfers and > there may be a need to communicate electronically the instruction to the > recieveing end to delete. However, from a Swedish point of view these > deletion issues are so rare that it is not an important requirement that > this should be communicated electronically, one reason is that the > instruction to another system need to convey also the proof (a paper > decision for now and a long time to come) of the Authority decision that the > record can/shall be deleted. > > Best regards > > Gunnar Klein > ----- Original Message ----- > From: "David Guest" <dguest at bigfoot.com> > To: "Gerard Freriks" <gfrer at luna.nl> > Cc: <openehr-technical at openehr.org> > Sent: Wednesday, June 12, 2002 7:44 AM > Subject: Re: The concept of contribution - first post :-) > > >> Hi Gerard >> >> I have been sitting here in the OpenEHR since February and all of sudden >> last month someone put through a cyberhighway and the din from traffic >> has increased enormously. For those who have transferred from other >> lists I apologise if my ponderings are too facile or have already been >> covered ad nauseam. >> >> I have never understood the concept of data ownership. I can understand >> the ownership of things, like hard drives and CD-ROMs, but not data. >> Data seems to me like a mathematical algorithm or poetry. You can create >> it, you can interpret it and you can store it. You can also send it on >> to someone else and these days the electronic copy you send is the same >> as the original. >> >> Medical data is collected from patients by health care professionals. >> Each of them has specified read / write permissions but, at least in >> Australia, not deletion rights. If you introduce third parties (HMOs, >> governments, employers) you also need to define their rights. >> >> Having worked under the Australian "open system" since a change to the >> Privacy Act six months ago, I find that there are hardly any times when >> you need to withhold information from the patient. I cannot see the >> point in restricting access to "private" opinions. My letters of >> referral, which the patient can read in full, contain a copy of my >> clinic notes. The consultant pyschiatrist soon fathoms out my diagnosis >> of "voices for investigation" and the patient is painfully aware of the >> symptom. >> >> I do agree that any appendings to the record requested by the patient >> have to be made by the health professional. After all, it is "your" >> record. :-) >> >> David >> >> >> >> Gerard Freriks wrote: >> >>> Agreed. But ... >>> >>> "data ownership by the pati?nt" will need some consideration. >>> I know that most laws in most countries are politically correct and give >>> rights to patients. But never ownership. Most often a right to inspect, >>> review, remove, and add information. >>> In my way of thinking, the author is the owner and one responsible. The >>> pati?nt has the right to see his information and under certain conditions > is >>> able to remove it or change it. >>> But what is "Information"? >>> I think that there are levels or types of information: >>> >>> "Private Opinions" consisting of personal interpretations of raw data; >>> "Official Statements/opinions" consisting of professional interpretations > of >>> raw data; >>> "Raw uninterpreted data" admitted to the EHR; >>> "Raw interpreted data" not admitted to the EHR, (yet) >>> >>> Pati?nt have rights towards the last two, but none with the first. >>> Healthcare providers must have the facility record private unripe > thoughts >>> about the pati?nt and its disease process. >>> The author os the information is acting as the proxy of the pati?nt. >>> Patients should have no direct access to all the information. Only to >>> selected portions of the " Official opinions". The preferred way to > inspect >>> and change is via the responsible proxy. >>> >>> >> >> >> - >> If you have any questions about using this list, >> please send a message to d.lloyd at openehr.org > > - > If you have any questions about using this list, > please send a message to d.lloyd at openehr.org -- <private> -- Gerard Freriks, arts Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands +31 252 544896 +31 654 792800 - If you have any questions about using this list, please send a message to d.lloyd at openehr.org