Why privacy-by-design in healthcare is a utopia

GDPR introduces the principles of “privacy by default” and privacy by design”, on the base of which all company processes have to be re-designed; a change that deeply impact the healthcare information systems. Easy to say but very hard to realise.

The regulation imposes a collection (census) of data treatment the organizations make, being an accessory to administrative, care and clinic processes. Those processes are rarely documented and formalised, with few exceptions as the oncology, where a specific certification is required.

The healthcare organisations have thousands of non-formalised processes which often vary inside the same structures – at ward level or among different hospital wards belonging to one healthcare organisation. The first great difficulty is then to define and list the processes which treat sensitive data, which are the most.

The actual information systems inside the healthcare organisations were designed in a pre-privacy era and after adapted at technological level (cryptography, separation of personal data from sensitive ones) and at functional level in terms of accessibility lied to user’s role.

Healthcare information systems can treat information and manage processes either in implicit and explicit mode. A data treatment can be cross to many information systems and one of these can manage more data treatments. The consensus the patient express is referred to the treatment.

The traditional implementation approach of the healthcare information systems for the access control to funtions and data is not enough any longer, except if single treatments are unified in macro-treatments. To respect the privacy by design principle, a system design should consider all treatments and organize forms, functions and data access in a coherent way, so as to have that granularity necessary to grant patient’s rights at single treatment level and respect the pertinence/non excess principles.

In the clinic sector, and not only, there are systems used for different helpful fields and processes. Todays systems foresee the user profile per role, and more rarely per field/process. At day surgery level there are visits, consultancies, follow-ups, extemporaneous meetings with patients, chronic diseases management; all these operations often require several information systems which provide users with generic functions to access or input data (rather than formalise the entire process).

Rispettare il principio della privacy by design implica quindi un cambio di paradigma nella progettazione dei sistemi informativi sanitari che devono essere fortemente orientati ai processi. Tutto ciò in un contesto operativo ed organizzativo in cui mancano la cultura e le risorse per modellare e formalizzare i processi sanitari. Il vero ostacolo all’affermazione di un approccio privacy by design non è quindi tecnico, ma sta a monte, nel modo stesso in cui sono organizzate ed operano oggi le aziende sanitarie.

The respect of privacy by design principle implies a change of paradigm in the designing of healthcare information systems: they shall be strongly process-oriented. All that in an operative and organizational context which lacks the culture and resources needed to model and formalize the clinic processes. The real obstacle to the affirmation of a process by design approach is not the technical one but comes before, residing in the actual operating mode of healthcare organisations.

Will the GDPR be able to induct this change in the healthcare system?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s