The organisation of information systems should focus on the patient. A proper information system is of vital importance for the effective and efficient provision of healthcare. This applies not only at the micro level to patients and care providers but equally at the meso level, where health insurers, institutions and municipalities, for instance, require information to ensure accessible and affordable good-quality care for patients, clients and residents respectively. At the meso level healthcare providers also require reflective information against which to benchmark themselves and improve their services. At the macro level the government requires information to safeguard the quality, accessibility and affordability of healthcare provided in the Netherlands. Information is additionally required for policy, implementation and research purposes.
Several problem areas currently exist. Patients lack the information to enable them to participate actively in the healthcare process. It takes patients a great deal of time and effort to gain access to their medical records, for instance. Care providers waste a lot of time in supplying – often partly the same – information for a range of registrations. Insufficient interoperability exists between healthcare information systems due to the poor level of standardisation. In addition, insufficient information is available about the outcome of care. Many of these problem areas are attributable to the fragmented, incomplete method of collecting data and the different requirements care providers must comply with for registration and reporting purposes. This is partly due to compartmentalisation in the healthcare sector and the diverging interests of the relevant parties. The Netherlands scores low on the registration and use of outcome indicators compared with other countries, such as Sweden, Singapore, Canada and United Kingdom.
In the Council’s view, patients should be able to manage their own information in the form of a Personal Health Record (PHR), if they wish to.
Over 60% of all the Dutch respondents are in favour of a PHR. The majority of this group, 53%, would like a care provider to manage their PHR while 21% would prefer to manage their PHR themselves. Twenty-one percent would entrust their PHR to companies, such as Google and Microsoft. For 62% of those in favour of a PHR, privacy is a main concern. (Source: CentERdata survey, Appendix 4).
According to the definition applied by the Federation of Patients and Consumer Organisations in the Netherlands (NPCF), the PHR is a universally accessible – anytime, anywhere – layperson comprehensible, user-friendly lifelong tool for collecting, managing and sharing relevant health information, for managing health and care, and for supporting self-management based on the standardised collection of data for the purpose of health information and integrated digital healthcare services.
The PHR does not supersede the care provider’s medical records. The PHR contains (digital) copies of the existing (electronic) medical records held by care providers and information added to the file by patients themselves. This means that the PHR serves to supplement the care provider’s existing medical records. A patient who has no desire to maintain a PHR will receive care on the basis of the care provider’s existing medical records. The extent to which patients have a need for information and control over the care procedure can differ between patient types and the stage of the illness. In addition to the medical professional confidentiality regarding medical records, a law of ‘patient confidentiality’ is required for the PHR. The option to refuse access insufficiently protects the patient against commercial or non-commercial parties who could exert power to gain access to the contents of the PHR, such as the police and investigative services, life and non-life insurers, financial institutions and ICT companies. The Council is aware that it has not responded to the question of who should finance the PHR. Currently there does not seem to be a clear business model for the PHR. It must be further developed. The motto ‘Information also is a care service’ might be useful for a business model.
To alleviate the administrative burden on care providers, patient data should be registered once only, in a uniform and standardised manner in the care process. In many cases this will be the patient’s medical record. These data can subsequently be used for several purposes. They could, for instance, be reused by other care providers and by knowledge institutes at the macro level. Patient privacy must be guaranteed. This can be ensured from the outset by incorporating privacy in information and communication systems (Privacy by Design) with a key role reserved for Trusted Third Parties who will ensure that the data provided for registration purposes cannot be traced back to individual patients.
In the Council’s opinion all health information should be disclosed, provided it cannot be traced back to the patient on the basis of Privacy by Design.
The disclosure requirement should not only be limited to the health insurance required by law. Ensuring transparency within the system of regulated competition is so vitally important that it should apply throughout the entire healthcare sector, including supplementary insurances.
The Council furthermore recommends that good examples of patient information systems in other countries should be adopted. Reinventing the wheel should be avoided.
For research and policy purposes and to promote interoperability between PHRs and care systems, all parties must work in accordance with the same, open international standards.
The Information Consultation was recently launched on the initiative of the Ministry of Health, Welfare and Sport. The Council wishes to point out that the requisite changes can only be made to the provision of information in the healthcare sector if the Ministry takes charge and proceeds to take binding decisions in the Information Consultation. The Institute for Health Care Quality must take a pro-active approach in creating and implementing a coherent, internationally comparable single set of quality standards, registrations and tools for measuring the quality of healthcare.
Based on the views stated above, the Council has formulated the following recommendations:
- With a view to the future, a PHR should be made available to patients on a voluntary basis and with freedom of choice.
- In addition to the medical professional confidentiality of medical records, a law of ‘patient confidentiality’ should be instituted for the PHR to protect patients against improper pressure from parties, such as the police and investigative services, the Ministry of Security and Justice, life and non-life insurers, financial institutions and ICT companies.
- Ensure that the patient’s privacy is guaranteed in the technical and organisational design of all healthcare information systems (Privacy by Design). Trusted Third Parties (TTPs) must ensure that the patient’s privacy is guaranteed.
- All care providers should register their data, once only, in a uniform and standardised manner at the source, from where data can be reused multiple times for healthcare purposes. Non-identifiable health data must be transparent for public purposes, such as policy, implementation and research purposes.
- Ensure that the information system is properly set up from the outset on the impending decentralisation of healthcare tasks to the municipalities. Stipulate conditions for the measurement tools to be deployed and for the secure management of client data. Ensure that the provision of information can still be facilitated beyond the limits of the Health Insurance Act (Zvw), the Social Support Act (Wmo) and the Exception Medical Expenses Act (AWBZ, which will be superseded by the Long-Term Care Act (WLZ) effective 1 January 2015) to, for instance, monitor substitution in healthcare. Apply international open standards. Be mindful of care avoiders who could fall through the cracks due to the decentralisation of healthcare tasks. The decentralisation of healthcare tasks to the municipalities could pose additional privacy risks which can largely be removed through Privacy by Design.
- The Institute for Health Care Quality must act proactively by determining which (international) measurement tools should be incorporated in the healthcare standards and quality registrations on the recommendation of scientific and patient organisations. The registration data should be derived directly from reporting on the primary process. Healthcare professionals must be compelled to cooperate with the current registrations in their discipline approved by the Institute for Health Care Quality. Health insurers should include this in their conditions of purchase based on the motto: ‘information also is a care service’.
- The requisite changes can only be made to the provision of information in the healthcare sector if the Ministry takes charge and the Information Consultation proceeds to take binding decisions.