Digital Privacy

Last week I was invited to chair the panel discussion at the Digital Health Forum of the Berlin Institute of Health. The keynote was a joint presentation by Michelle Livne, the CTO of recently founded ai4health, and Kerstin Ritter, a junior professor at Charité Berlin.

During the panel discussion we got into one of the more common topics here in German tech circles. When will regulations allow us to deliver a product? In this case the electronic health record.

There is a plan, supported by many, which would oblige all doctors to use interoperable electronic health records. Moreover, access to this EHR would be controlled by the patient. So if you have an accident while on holidays, then the local emergency room will have access to your health records (should you grant them that access). And, when you get back home, the images, diagnoses and treatments, which you received following your accident will be immediately available to your personal doctors.

I asked the question, of Prof Sylvia Thun, “When will we finally have this system?” The response was more dispiriting than I could ever have imagined. Let me paraphrase it as follows; my understanding, now, is that 10 years from now we can expect that we will at least have a working internal system, within individual hospitals, etc.

I am not in the mood to explore why this is so disappointing. Nor do I wish to weigh in on how this means we will ultimately be buyers of a complete solution from outside the country, once a meaningful system becomes dominant elsewhere. I don’t even want to discuss how much this will hold back worthwhile medical research.

There is a very good reason why Germans do not want centralised medical health records. Britain is rushing towards such a system at present. But Germany has the experience of the 1930s, when the equivalent records of the time were used to compile lists of people of Jewish, or similarly unacceptable, origin.

I think it’s great that Germans don’t want to repeat the mistakes of the past. But what about a bit of creative thinking? No, I’m not advocating doing an end-run around the rules. I’m suggesting seeing the German perspective as a strength rather than a limitation.

Why is Germany not pouring money and effort into attempts to develop a privacy preserving electronic health record?

I believe that the record will happen. Furthermore, I believe that it will be a huge boon to public health. It will aid in medical research. And, having read recently Black Box Thinking, which advocates an airline accident investigation approach to error, it will improve individual medical outcomes.

So what’s the problem? We don’t want it to be easy to compile a central list of citizens and their underlying medical data. Let’s start with encryption. Let’s look at approaches to encryption where there are two alternative decryption keys (tough on a mathematical level – but interesting research – but just having two copies would work just as well, and provide a bonus of preventing post-hoc tampering). The doctor has his copy, which is encrypted using his key, and has full access to it. The patient has their key, they can use this to authorise decryption of a copy of their data on a case-by-case basis.

The biggest complaint about my suggestion will be that you can always force people to hand over their keys and thus compile the central database. I’m sorry, but you can force all of the doctors to send in their data right now anyway!

Feel free to comment below about the company, that I haven’t heard about, which is currently developing this solution. Great, I applaud them! But seriously, that’s not the point of this post. There is always a company, that I haven’t heard about, which is developing a solution which has the potential to solve all of the world’s problems. My point is that this should be the national strategy. Rather than going in circles politically, trying to overcome a very reasonable national trait, there is a more entrepreneurial approach which could deliver a technology that most of the world doesn’t know yet that it needs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.