> >>> > ... >>> > For my own part, I've been thinking about the ownership of health >>> > information, and have reached the conclusion in my own mind that the >>> > information must belong to the patient. Which implies that the >>> > patient must have overall responsibility for who accesses what and >>> > when (and the systems that succeed in the long term will have this >>> > builtin as a design requirement from the start). >>> > >> >>These considerations are out of date in France, since a law just stated >>that medical informations belong to the patient, and that he can claim >>access and modification rights to any of them. > >isn't this what the quote above says?
Yes it is. What is out of date is "[I] have reached the conclusion in my own mind...". It now has been stated collectivly by a law (at least in France). It may be considered as a good news, but we now face a genuine challenge : how can we build systems that health professionnals can trust when that system belongs to the patient in such a way that he can alter it ? You can imagine a "system owned by the patient" in many way : 1) You own the system, but let an administrator manage it, and get used by health professionals only (owner with no rights) 2) like 1), plus a "view" specially elaborated for the patient (owner with limited read rights) 3) enter datas, read documents (owner and member of the team) 4) legally entitled to control whatever can be put on the system (that thing is too serious to let health professionals play with it without my control) From my point of view, level 3 is the good level (patient as a member of the team) ; we now must face level 4 (patient can censor health professionals). >>The access rights we are putting at work for the Ligne de vie are based >>upon the "position" of any people among patient's "health team" : >> >>We call Mr Smith's "health team" the group of persons that have been >>granted access rights to Mr Smith's Ligne de vie. >> >>Among these persons, we created 5 groups : Mr Smith himself, MDs, other >>health professionnals, social professionals, and family. >>Each health team member has a "position" (usual MDs vs occasional MDs for >>example). >>MD and other health professionals can have a personal position as well as >>a domain position (for example as a member of an emergency unit). > >what about: government/public health (anonymised data), researchers, the >public, emergency access... You can separate the system with 3 level of datas : 1) Description : nominative datas ; only available for health team members, with rigths depending on the position among that patient health team. Emergency access is a good example of "domain rights" 2) Classification : semi-anonymised data (anonymised, but with risk of un-anonymisation through data mining) ; for public health and researchers use 3) Published datas : result of statistical studies of the classified datas : for health professionals and/or the public. That's the reason why we are currently working on 2 servers : a Ligne de vie server for point 1) and the Prometheus server for points 2) and 3) ( see http://www.prometheusmedica.net ) We are currently working hard to allow MD choose classification datas (ICPC or ICD, for example) that well fit a given description. It is not an easy job and people have to get trained in order to do it properly. For example, Episodus has the ability to pick up informations on any other software screen, quite automatically find the proper code, and elaborate SOAP "baskets" to be sent through email to Prometheus. Philippe AMELINE Odyssee project www.nautilus-info.com
