Hi Gerard, There are more emails on this subject, I did not yet read them all, I will within a day or so, at this moment I don't have the time. I saw in a glimpse that there was a possibility to remove data, but maybe I m wrong, it was only a glimpse. I will come back to this. The purpose of this reply is the discussion about interpretation of the Dutch law (as I saw also the Swedish law, but I am not sure about that)
Gerard Freriks schreef: > Dear Bert, > > Reading again a thick report by our Royal Dutch Medical Association > about the interpretation of this pecific Dutch law my opinion is NOT > changed. > In a separate e-mail you can read some relevant pages. I did not receive that email, maybe later. > > In summary. 'Information can be destroyed' is the text. > > There are two important conditions when it is not allowed to destroy > information: > - because of legal reasons > - because of a substantial interest for others not to destroy it. An > example is a legal process, or genetic information. You are right, these exclusions are mentioned in the law. But the fact that the law explicitly states that removal must be possible, and mentions some exclusions means that there will be cases in which the patient has the right to remove data. > What is not explicitly discussed in this report is the use case where > decisions have been made on the basis of information that the patient > wants to remove. In my opinion in this use case the information can > never be removed physically or logically in the context of these > decisions and the legal implications. But it must be removed logically > in the context of information that can be transmitted to others. > > Later in the report there is a chapter on the EHR and deletion. > They explicitly mention that deletion in the electronic sense means > destruction of the hard disk and CD-rom, etc. It is always the same old story, people creating laws and not knowing what they are talking about. Destruction of a CD ROM sounds reasonable, because you cannot remove information from a CD ROM, destruction of a hard disk is not reasonable, because it is not necessary to destruct a hard disk to remove patients data. This is the intention of the law, to give a patient the possibility to remove data (and *only* if necessary, also destruct the carrier). The law does not say logically or physically, but it is clear that the law means, there may be no way those data can be retrieved again. If data are cached, then that is a problem of the health-data-keeping organization to remove them, it is not the patients-problem > This is not possible. A pragmatic solutions in terms of a well behaved > Information system, implicating logical delete plus specific business > rules, is the optimal solution. If logically deleted means that there will be no way of retrieving the data, that would be fine, I think. In many cases it will be enough to break the connection between a person and that particular data, but one can also imagine cases that it is possible to easily deduction to whom a record belongs. E.g. if you are the only person with no legs in your town, and there is a record which is related to missing both legs in a GP-office in your town, then it will be very easy to connect that record to a person, even when the connection does not anymore exists in the database. Concluding, there may be cases where logically deleting will not be sufficient, so there may be cases that physically removal will be necessary, to be compliant with the law. Regards Bert Verhees
