On Wed, 12 Jun 2002 10:58:55 +0200 "Gunnar Klein" <gunnar at klein.se> wrote:
> Different from the access rights themselves are the rights to decide access > rights which is quite complicated and varies in different situations. In > many countries today, the patient concerned always has an overriding right > of deciding that "his/her" record should be released for reading to a > specific person or any person. We have an interesting debate in Sweden right > now on the issue if it is possible to ask the patient to give consent to > access to records not yet recorded. Some very official legal experts claim > it is not allowed according to the secrecy act to give a permission to an > unknown piece of information for the future whereas other legal advisors to > healthcare organisations are de facto supporting what is built in some cases > where the patient gives the consent to future relaeases of information to be > recorded in the future. One example being a centralised list of all currrent > medication. For standards we have to accept that this type of serrvice will > be required by some user groups whereas in other legal contexts it will not > be possible. Gunnar In Australia, the argument against agreeing to list future information is that the patient cannot be fully informed about all future scenarios. The proposed on-line centralised medication database, BMMS (http://www.health.gov.au/bmms/), allows for recision of a previous agreement to participate in the scheme. This right to opt out is presented on each occasion that you interact with the system. > Yet another aspect of "ownership" is the issue of destruction of the whole > or parts of an EHR. In our legislation as I believe in many others no > healthcare provider has that right by itself, only a special national body, > in our case the National Board of Health working directly under the ministry > of Health can make a decision that allows it and in fact mandate that it > shall be done usually based on a request by a patient that find that errors > have been made or harmful opinions expressed by less careful professionals. > Since many EHR systems installed do not really have a function to do a > removal of data, these rare situations cause special consultancy services by > the EHR manufacturer often at high costs 5-15000 EUR. > > Of course a standard requirement shoudl allow for deletion but it is not a > matter for EHR communication. However, the important thing to note is that > when records actually shall be deleted it shlould be all copies also sent to > other providers. Thus, the record need to store logs of record transfers and > there may be a need to communicate electronically the instruction to the > recieveing end to delete. However, from a Swedish point of view these > deletion issues are so rare that it is not an important requirement that > this should be communicated electronically, one reason is that the > instruction to another system need to convey also the proof (a paper > decision for now and a long time to come) of the Authority decision that the > record can/shall be deleted. I cannot see how this will work in practice. The data has been burned to a hundred CDs at the clinic and possibly to a similar number at my colleagues' surgeries. Deleting the information will also cause a mismatch in the hash between that of the modified database and those that have already been filed on the gnotary servers (http://www.gnumed.net/gnotary/). Perhaps what you are really trying to achieve is removal of access rights by everyone. You still cannot rewrite history, however. David - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
