Health data protection

from Wikipedia, the free encyclopedia

The health data protection includes the data protection and data security of health data. The data protection officer in Rhineland-Palatinate and chairman of the data protection conference (DSK), the body of the independent German data protection supervisory authorities of the federal and state governments, Dieter Kugelmann , explains that “the protection of patient data is non-negotiable”. Politicians and self-government should set the framework for "data protection-compliant digital health care" and should not leave this to Google or Facebook .

Health data

Health data includes all data on the physical or mental state of a person that can arise (even to a limited extent) in connection with a medical context. This also includes information about accidents, eyesight, intellectual or mental abilities, but also behaviors such as drinking or smoking behavior, allergies or participation in a self-help group ( Weight Watchers , Alcoholics Anonymous, etc.). Health data includes information about the past, present and future physical or mental health of the respective person. This also includes the examination or examination of a body part or an endogenous substance, biological samples ( biopsies ) and information about diseases, disabilities , disease risks, previous illnesses and clinical treatments. Genetic data are personal data on the inherited or acquired genetic characteristics of a natural person, which result from the analysis of a biological sample of the person concerned, in particular by means of a chromosome , deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis or the analysis of a other element through which equivalent information can be obtained.

Legal bases

The protection of natural persons in the processing of personal data is a fundamental right according to Article 8, Paragraph 1 of the Charter of Fundamental Rights of the European Union . The term "health data protection" is not anchored in the Federal Data Protection Act (BDSG). According to Art. 9 Para. 1 General Data Protection Regulation (GDPR), which came into force on May 25, 2018, it concerns "special categories of personal data" that are subject to the highest level of data protection. As a result of Article 8 (1) of Directive 95/46 / EC (Data Protection Directive) , the processing of “special categories of personal data” is generally prohibited.

This prohibition is broken by individual legal permissions , for example if the processing is necessary for the purpose of health care or medical diagnostics and the processing is carried out by medical staff. Due to various opening clauses of the GDPR, Art. 9 Para. 4 GDPR is particularly important for the health sector. Additional conditions and restrictions are made possible by national regulations in this area.

Health data development

For a long time, health data was protected from unauthorized access solely by medical confidentiality . Due to the increase in the storage and processing of health data in the IT age, the desirability of institutions and commercial companies and the increase in Internet-based applications, the risk of this sensitive data falling into unauthorized hands or being misused is continuously increasing. Health data protection wants to counteract this.

Admissibility of processing

Although the processing of health data is only permitted in exceptional cases of Art. 9 Para. 2 GDPR, there are possibilities for companies to circumvent the protection. Specifically, through consent in accordance with Art. 9 para. 2a GDPR, processing by a company is permitted. Such can also be permissible if it according to Art. 9 Para. 2j GDPR is required for the purpose of scientific research .

In accordance with Section 22 (1) No. 1 b) of the Federal Data Protection Act (BDSG new version), the processing of special categories of personal data is permitted if they are for purposes

be collected.

Consent to data processing

According to the GDPR, the processing of health data , if it is not already permitted for other reasons, is also possible with the express consent of the patient. The effectiveness of such consent for the storage and processing of health data is subject to high requirements, in particular with a view to the voluntariness and the extent to which the consent is informed ( English informed consent ), i.e. consent after clarification. The consent requires the ability to consent . Data protectionists criticize the fact that consent is often given lightly without being clear about the possible consequences.

Coupling ban

Article 7 (4) GDPR introduces a new coupling ban in this form . According to this, "when assessing whether the consent was given voluntarily, the circumstance must be taken into account as far as possible, whether, among other things, the performance of a contract, including the provision of a service, is dependent on the consent to the processing of personal data that are not necessary for the fulfillment of the contract. "This applies, for example, to the conclusion of health insurance , which would be made dependent on the consent to the processing of personal data, the processing of which is not necessary for the fulfillment of the contract , i.e. here for the conclusion of the contract.

Data acquisition

Both in the hospital and in clinics and in medical practices sensitive personal data are collected, processed and used. Mostly it is information about the state of health of patients, which is not only protected by medical confidentiality , but also by the GDPR. Since hospitals and clinics also act as service providers within the meaning of SGB ​​V , take on employer functions for the staff employed there and not only become contractual partners of patients , but also of health insurance companies and external service providers - often within the framework of order data processing - the provisions of the GDPR apply in addition various binding special legal data protection regulations and documentation obligations . According to Section 203 of the Criminal Code, a violation of professional secrecy can be punished with a prison sentence of up to three years or a fine. Handling and use of personal data to such a large extent regularly requires the appointment of a data protection officer . This person is responsible for checking processes, training courses and violations in the hospital with regard to data protection. In addition, other data protection principles such as the purpose limitation principle and the requirement of data avoidance and data minimization would have to be observed.

When billing with statutory health insurance companies, only permissible information in accordance with Section 301 SGB ​​V may be sent; billing with private health insurance companies may only be made with the express consent of the patient. Doctors are only allowed to pass on information to relatives if the patient has consented to this. Data should only be collected and processed for defined purposes. In addition, the data collected must be necessary for the intended use. Information on marital status, number of children, occupation, nationality or passport number is not required. The data processing must also be proportionate. This means that the benefits of data processing must be in an appropriate relationship to the associated impairment of personal rights . Should the doctor wish to use the patient's health data for studies, this is only permitted with the patient's express written consent, whereby precise information must be given about the study, for example what purpose it serves, who is responsible for the study, who is responsible for the data and how and where to evaluate and whether biomaterial (e.g. blood or tissue ) is stored permanently. The patient can withdraw his consent at any time.

Data protection with the electronic health card

Sample of an electronic health card (generation G1) from Gematik
Back of a European health insurance card; here: German version

In addition to a photo, the electronic health card (eGK) has so far contained the same administrative data as the health insurance card , the so-called patient master data - therefore not yet health data - on the basis of Section 291a, Paragraph 2, Clause 1 of SGB ​​V and Section 291, Section 2 of SGB V:

  1. The name of the issuing health insurance company,
  2. an identifier for the Association of Statutory Health Insurance Physicians in whose district the insured person is domiciled,
  3. Surname and first name of the insured person,
  4. Date of birth,
  5. Gender,
  6. Address,
  7. Health insurance number ,
  8. Insured status , for groups of insured persons according to § 267 Abs. 2 Satz 4 SGB V in an encrypted form,
  9. Day of the start of insurance cover,
  10. if the card is only valid for a limited period, the expiry date,
  11. Information on gender,
  12. Information on the copayment status.

European Health Insurance Card

Since June 1, 2004, the European Health Insurance Card (EHIC) has been issued in most of the member states of the European Union as well as Switzerland, Iceland, Liechtenstein and Norway . In the medium term, health data sets, such as emergency data or drug documentation, should also be made available throughout Europe as voluntary applications of the health card, so that doctors can access patient health data anywhere in Europe in the event of treatment.

Connection to the telematics infrastructure

In the next stage, practices and hospitals are to be connected to the telematics infrastructure . The system is initially only profitable for the statutory health insurances , who, when an insured person moves, can rewrite the data on the card online using the soon-to-be-activated insurance master data service and thus do not have to print a new card. So far, this has cost up to 3.50 euros per card for small health insurers.

Gematik logo

The society for telematics applications of the health card mbH "( gematik ) points out the high security level of the electronic health card:

“The telematics infrastructure is about to become the most secure electronic communication network that has ever existed in the German healthcare system. As a uniform cross-sector platform for electronic communication in the healthcare system, the telematics infrastructure facilitates the exchange of information between doctors, dentists, psychotherapists and members of other healthcare professions. Everyone involved in patient care benefits equally from this. Data protection and data security in the healthcare system will be strengthened. "

- gematik

Encryption

The health data are encrypted with two keys. The medical data can only be activated using a health card and a PIN. The doctor needs a second key for access, his electronic health professional ID . For every medical application - be it for the emergency data , the electronic medication plan or the electronic patient file - the patient can decide at any time whether their health data can be accessed. Access to the medical data is only permitted for the purpose of care by authorized service providers, such as doctors or dentists. Third parties, such as insurance companies, have no access authorization. Abuse is punishable. For reasons of traceability, the last 50 accesses are saved on the card.

Accelerated implementation

Health Minister Jens Spahn wants to take control of the gematik company, which is responsible for setting up a secure health data network, and thereby accelerate the introduction of the data link. The federal government, represented by the Ministry of Health, is to hold 51 percent of the shares in gematik in the future. So far, the National Association of Health Insurance Funds holds 50 percent of the voting rights in gematik. The other half lies with the associations of doctors, dentists, hospitals and pharmacists. Your shares should now shrink accordingly. In addition, a simple majority should be sufficient for resolutions in gematik. In this way, the Ministry of Health is to set the direction in the future in society, which has been busy building a health data network for 15 years. Spahn wants to append these changes to his Appointment Service Act , which will come into force on April 1, 2019.

Medical practices that do not want to join the data network by June 30, 2019 at the latest, face a fee reduction of one percent, which on average would correspond to a "fine" of over € 3,500 (as of 2015). In addition, the cost of the connector would not be reimbursed in the same amount if the practice later decides to connect.

Electronic patient record

Example of an (English) electronic patient record

The electronic patient record is intended to improve the quality, transparency and cost-effectiveness of treatment. As a specialist application of the nationwide available telematics infrastructure, the electronic patient file is available for life across institutions and sectors, if the insured person so wishes. "The sovereignty over the data lies entirely with the insured. He alone decides who he wants to make which medical documents available to whom, who is allowed to set them or which are deleted, ”states Alexander Beyer, managing director of gematik.

The legislator maintains that statutory health insurances that do not provide their insured with an electronic patient file have to expect sanctions, as can be seen in amendments to the planned Appointment Service and Supply Act (TSVG). By January 1, 2021 at the latest, the systems must be approved and ready for use and the insured must be informed. If a health insurance company does not comply, the payments from the health fund are reduced by 2.5 percent. "The reduction will be made accordingly for the following years until the health insurance company fulfills the obligation to provide its insured with an electronic patient file approved by the Gesellschaft für Telematik (Society for Telematics) by January 1st of a year (...)" The amount of the sanction should be 7, 5 percent increase for health insurance companies that do not provide an electronic patient file on January 1, 2022.

"To ensure secure communication and the protection of sensitive information in the telematics infrastructure in the long term, the cryptographic procedures used are regularly checked by the Federal Office for Information Security (BSI) and adapted to the latest developments."

- gematik

The gematik "Computer Emergency Response Team of the Telematics Infrastructure" (gematik CERT) continuously monitors the telematics infrastructure of the German health care system with regard to weak points and threats. Gematik CERT receives security incidents, coordinates processing and supports timely and effective elimination.

European patient record

On February 6, 2019, the EU Commission recommended that the EU states set up a system for cross-border access to patient files. The official recommendation of the EU Commission is to develop common technical standards. A formal coordination process was initiated. The declared aim is the European patient record ( English European Electronic Health Records ). This goes back to an agenda of the EU Commission from May 15, 2018.

Electronic health record in Austria

In Austria, the electronic health record (ELGA) is a system for standardizing electronic communication between health service providers on the basis of Health Level 7 (HL7) and for networking health data and information on the basis of the Clinical Document Architecture . The Health Telematics Act 2012 (GTelG 2012) provides for data protection guarantees for this.

Electronic patient record in Switzerland

The electronic patient record (EPD) is a collection of personal health data in Switzerland. The EPD is stored decentrally in so-called communities and master communities (only the latter offer the possibility for patients to open an EPD and to manage their authorizations). In accordance with the federal law on electronic patient records (EPDG, SR 816.1), hospitals , rehabilitation clinics and psychiatric and psychosomatic clinics must join a core community by April 15, 2020 and thus offer an EPD. Nursing homes and birthing centers have two more years to implement the EPD.

Digital services

Digital services such as fitness apps, activity trackers (fitness trackers) and similar offers are very popular. Startups and other companies that collect relevant data from their customers must carefully check whether they are obliged to this highest level of data protection. The trade in health products is also affected. Even if no drugs are sold at all, but only medical supplies , for example , personal customer data is often recorded that is also related to health. In addition, there are numerous associations closely related to the topic of health because, for example, sick people or relatives of sick people come together and organize in this way, for example as self-help groups . Depending on the scope of data collection, strict data protection requirements may also apply here. 45% of German smartphone owners are said to also use health apps . The use of smartphones in medicine, however, raises numerous unanswered questions, such as the validity of the data and the benefit for the patient. Innovations such as " intelligent plasters ", for example , which monitor wound healing using temperature measurement and report irregularities via an app, or digital image data from computed tomography or magnetic resonance tomography systems that can detect tumors , are currently unaffordable for German hospitals, but will become wider sooner or later can be used.

These positive effects of digitization are countered by increased risks. 43 percent of those surveyed report that they have already been the target of a hacker attack . Almost a third (31 percent) cannot rule out that they have already become a victim of a cyber criminal without being noticed. According to a study by the consulting firm Roland Berger , two out of three German clinics have already been victims of cyber criminals. Experts warn that trading in stolen patient data, for example, makes high-ranking politicians open to blackmail. This could make diseases politically instrumental.

However, according to the Minister of Health, the ability to access patient data via smartphone or tablet is not the last expansion in this area. In addition, the existing access and authentication procedures are to be expanded within the framework of the electronic patient record. A comparable access as with online banking is conceivable via the use of transaction numbers ( TAN) and personal identification numbers (PIN).

Benefits of health computing

Electronic patient files would prevent dangerous drug interactions, telemedicine would connect doctor and patient wherever they are, and health apps would strengthen the chronically ill. All of this would be possible in Germany, but the digital progress would not be sufficiently received by patients, according to the Bertelsmann Foundation , which criticizes that digital progress is only slowly reaching patients in Germany. In 2018, the Bertelsmann Foundation had digitalization in the healthcare system examined in 17 countries; according to the Foundation, Germany was in penultimate place. The foundation believes that users - such as patients and doctors - should be involved in the development of partial strategies as well as digital applications and processes. It is about the end users themselves, not their professional representatives . In order to promote acceptance, the benefits of applications should be visible early on.

In principle, the digital storage of all relevant health data at a central point makes it easier for the respective patient to be able to access his health data, including X-rays, CT or MRT data, or to the doctor, dentist, pharmacist or the respective treating doctor, compared to keeping a written patient file to enable access to other health care providers.

Doctors and computer scientists, however, see great dangers that health data protection would correspond to “Swiss cheese”.

criticism

Criticism, both of the practice-external storage of health data, as well as the connection of practices and hospitals to a telematics infrastructure, is based on numerous data leaks and increasing misuse and feared misuse of health data. It is also aimed at the careless handling of the majority of the population with this sensitive data. The criticism of the electronic health card and the associated connection to the telematics infrastructure is primarily directed against the fact that it will be a gateway for the storage of health data on central servers of the health insurance companies.

Dangers of electronic health records

Poster for strengthening civil rights and against the expansion of surveillance using health data

So far, three approaches to electronic files have emerged:

  • AOK model: The patient data remains with the doctor, but copies should also be stored with the responsible Kassenärztliche Vereinigung (KV) or on servers of doctors' networks , of which there are around 400 such health associations in Germany. A search algorithm merges the data if necessary. There are comparable solutions in Austria and Estonia, for example.
  • TK model: The TK Safe model was developed together with IBM . Involved Generali and Signal Iduna . The data should be on servers in Germany, European data protection regulations should apply.
  • Vivy model: Vivy is an app. The main shareholder is Allianz . The DAK-Gesundheit as well as 90 other health insurance companies and private insurers are involved. The data should be stored centrally.

The Chaos Computer Club in Leipzig pointed out the dangers of health data storage in its lecture "All Your Health Files Are Belong To Us". The employee of the IT security company modzero had already found security gaps in the health insurance app Vivy , which had only just gone live at the time, in October 2018 . The application is one of the potentially largest customer base because it is supported by health insurers such as Allianz, Gothaer or Barmenia , which together look after 13.5 million patients.

The IT security analyst expanded his research and also examined the company's competitors: Vitabook , CGM Life , TK-Safe and the telemedicine providers Teleclinic and meinarztdirekt.de . With these offers, too, he found dubious security problems : with Vitabook , the patient data was partly unencrypted, with meinarztdirekt.de he could view invoices via an obvious detour (the print function), with Teleclinic change other people's passwords via the HTTP address. In the case of the company CGM Life , which offers a white label solution for insurance companies, the two-factor authentication worked on the Axa platform, but not on that of CompuGroup Medical (CGM) itself. Health data are still relevant years later says the IT expert. If, for example, a hereditary disease is recorded somewhere, this information could still be disadvantageous for the children or grandchildren. If the information gets into criminal hands, long-term damage could result.

Hacker attacks

The graduate psychologist and psychotherapist Dieter Adler fears that "the storage of all health data on a central server can be an invitation for hackers ". In Norway, for example, there were successful hacker attacks on the Norwegian health authority "Helse sørøst", and in Great Britain on a large number of hospitals belonging to the British National Health Service (NHS). In May 2017, the “ WannaCry ” hacker attack hit hospitals there. The cyber criminals blocked all patient data in the affected British clinics, operations had to be canceled and patients had to be redirected to other hospitals. In the US, a third of all health data - data on over 120 million patients - has been hacked.

The personalized medicine will allow statements to individual disease risk increased. Strictly speaking, therefore, no informed consent can be given.

“The knowledge of individual disease risks that emerges from genetic examinations can also affect blood relatives . The right not to know also applies to them. ”Genetic test results should not be carelessly published on the Internet or disseminated via social media, as this greatly increases the risk of personal injury to blood relatives.

Critics assume that the data on access to "research" will very quickly find their way to the pharmaceutical industry , because, as is well known, these companies finance a large part of medical research.

Data leaks

According to media reports, there is a data leak at Germany's second largest health insurance company, Barmer GEK . By faking a false identity, unauthorized persons could request details on diagnoses, prescribed medicines, hospital stays and other intimate information with just a few phone calls and a few clicks of the mouse. In July 2018, unknown access to health data of 1.5 million people in Singapore from the Integrated Health Information System (IHiS) database between May 2015 and July 2018 was revealed, including information on prescribed medication, including information from the Prime Minister, for around 160,000 patients Lee Hsien Loong . After the password collection Collection # 1, the huge Collections # 2–5 are now also circulating online, where password leaks affect a total of 2.2 billion accounts. Such incidents slowly increase the population's awareness of the dangers that could result from hacked health data. In the United States, healthcare data breaches cost $ 6.2 billion in 2017.

Vulnerabilities in hospitals

At their 67th General Assembly in Taipei, on the initiative of the German Medical Association (BÄK), the delegates of the World Medical Association (WMA) warned against cyber attacks on health facilities. According to the WMA, the current security standards are not sufficient to counter cybercrime. The WMA therefore called on governments and competent authorities to develop suitable protective measures. Doctors must also be aware of the danger of cyber attacks.

According to the Bavarian Health Minister Melanie Huml, "technical malfunctions and failures that are triggered by IT security incidents can delay important medical interventions or even lead to life-threatening situations for patients". In addition, high costs could arise and the data protection of patients could be at risk. In terms of data protection, there is a risk of unlawful appropriation of highly sensitive data about patients and internal company matters by unauthorized third parties. That is why IT security in hospitals must be further improved. The security of information technology (IT) in Bavarian hospitals is to be improved with the help of a large-scale project. 533,000 euros are available for the “Smart Hospital” project at the University of the Federal Armed Forces in Munich . In the clinics, those in charge are skeptical as to whether the results are not already out of date at the moment they appear, given the rapid development in the IT sector.

Dangers in neurotechnology

According to scientists from the Albert-Ludwigs-Universität Freiburg , new challenges for data protection law will arise due to the rapid progress of neurotechnology . The reason given for this is new technologies in connection with the measurement and evaluation and the resulting data collection of brain activities. According to the scientists at the Freiburg University Medical Center, the measurement and evaluation of this data should in turn allow conclusions to be drawn about diseases. They should also be useful for general behavior.

In this context, the existing data awareness is sometimes criticized. The lawyer Dirk Heckmann , University of Passau , member of the ethics advisory board of AOK Nordwest and member of the Bavarian Constitutional Court , thinks that a new awareness of data is necessary. The Good health is more important than the privacy of personal data . Erwin Böttinger from the Digital Health Center of the Hasso Plattner Institute argued in the same direction when he promoted networked data.

Criticism of the medical profession

Protest poster against the health data highway: "Electronic health card = transparent patient"
Pirate Party protest poster

The medical profession criticizes the unpaid additional burden and considerable costs caused by the necessary equipment and connections. For the patient, it means an attack on informational self-determination.

The independent medical profession criticizes politics, health insurance companies and the IT and health industry wanting to store the medical data of all citizens centrally in order to control the health system and generate returns.

Although all doctors who did not want to connect to the data network were threatened with a one percent fee reduction on January 1, 2019, a good 90 percent of practices in Swabia did not connect to the telematics infrastructure (TI) by August 2018 .

According to a survey by the Bavarian Medical Association (BFAV) from October 2018, 79 percent of the practices are not connected. 55 percent stated that they would like to wait some longer and, if necessary, accept the fee deduction of one percent. 18 percent stated that they would not want to be affiliated to the TI under any circumstances and, in the event that the sanctions were to be tightened further, they would like to end their work with statutory health insurance doctors earlier than originally planned.

According to a report in the Stuttgarter Zeitung , 25 percent of the practices that are already online had problems installing the connector , according to a survey by the medical association “ Medi ”. 33 percent complained of repeated system crashes after commissioning.

The Federal Ministry of Health confirms that it has postponed the connection obligation for doctors from January 1, 2019 to mid-2019, as the industry is not delivering the connectors , which means that the deadline at the end of 2018 could not be met. However, the doctors would have to order their connection and sign the contract before March 31, 2019.

The Austrian Medical Association advises patients against creating a patient file ( ELGA ) and at the same time criticizes the lack of acceptance by hospital doctors. For 70% of doctors it is without added value. There would be tons of data. It is impossible for a doctor to read them all during a patient consultation. Criticism is also made of the incomplete listing of the data in ELGA. Patients could decide which findings they want to make accessible in the system. In truth, this partial information is a catastrophe, since one does not know what the patient is suppressing. The lack of user-friendliness also means that the electronic health record costs the doctors more time than it saves. The required information is often not found and there is not enough time to read through all the documents.

Criticism from computer scientists

The Giessen-based computer scientist Thomas Friedl from the Technische Hochschule Mittelhessen warns against careless handling of health data. For example, it should not be known whether someone has already been to psychiatry or had a previous alcohol problem. He argues that the data should not be stored somewhere, but with the doctors or at home with self-determined patients. It is far too much effort to hack every single patient. It is much more “worthwhile” for hackers to attack a central database. “Everyone knows that there is no such thing as one hundred percent security,” said the scientist. A prototype for a decentralized patient record as an alternative to the central solution is about to be completed. However, the health insurance companies have not yet been interested in the decentralized storage of the data.

Anonymized data does not represent personal data and is not subject to data protection law. As a result, they can be used freely, also for medical research. When evaluating large amounts of data, however, anonymization reaches its limits. By comparing anonymized data with other data, there is a risk of re-identification of the originally anonymized data. Health data, in particular, is highly individualizing, so that effective anonymization is difficult. In addition, the genome is a personal identifier.

“The electronic health card : a flop. Extortion with stolen health data: a hit, "says Hans-Peter Bauer, Germany boss of the IT security company McAfee on the current situation of the digitization of the health care system. Online criminals have stolen diagnoses, prescriptions of drugs, treatment documents, even entire medical histories and study results from clinical tests. In addition to the intelligence services , an entire branch of organized crime has specialized in medical data. In 2017, the IT security company analyzed numerous cases in which medication data were used by politicians to put these politicians under pressure. Not only hospitals were attacked, but also day clinics, ambulances, normal doctor's offices and medical research facilities.

The Federal Office for Information Security reports in the management report IT security in Germany 2018 that it was possible to hack and reprogram pacemakers or ventilators under laboratory conditions . Wireless technologies make it much easier for doctors to access documented patient data and communicate with the system itself. At the same time, such devices do not have better encryption, for example to allow doctors quick access in an emergency. Since the risk situation is critical, more research must be done on special security mechanisms. Defibrillators (implantable cardioverter defibrillator, ICD), neurostimulators and cochlear implants are also affected. In principle, the risk situation should be viewed as critical.

Computer scientist Johannes Buchmann assumes that all encryption methods used today will be cracked in the next few years and decades.

Criticism from the population

A representative YouGov survey showed that 54 percent of respondents are concerned that their data could be misused through the digitization of medical records. They refuse, even if they would get part of the health insurance contributions back.

Mandatory genetic testing in the USA

As the Süddeutsche Zeitung reports, a new law on genetic tests has been introduced in the USA, in camera. According to this law, employees must submit genetic tests to their employer . The genetic tests are not based on a voluntary basis, because companies will be allowed to request genetic tests in the future. The employees must therefore have a genetic test carried out and disclose the results. This is a major invasion of privacy, since “genetic tests should be voluntary and, above all, there should be no compulsion to publish the results”, criticizes the European Society of Human Genetics (ESHG). Such mandatory templates of genetic tests are (currently) prohibited in Germany.

literature

Web links

Wiktionary: Health data protection  - explanations of meanings, word origins, synonyms, translations
  • Lecture by computer scientist Martin Tschirsich in the summer semester 2019 (framework: Technical University Berlin, lecture series Internet and privacy ): All your health data belong to us

Individual evidence

  1. ↑ Actively design framework conditions for digital health care - the protection of patient data is non-negotiable! , The State Commissioner for Data Protection and Freedom of Information in Rhineland-Palatinate, February 14, 2019. Accessed on February 20, 2019.
  2. Checklist for data protection in hospitals , Datenschutz.org. Retrieved February 1, 2019.
  3. The Bavarian State Commissioner for Data Protection provides information on the subject of hospitals . Retrieved February 1, 2019.
  4. Decision No. 190 of June 18, 2003 regarding the technical characteristics of the European health insurance card (2003/752 / EC) . Retrieved February 6, 2019.
  5. Information on the subject of the European health insurance card , Federal Ministry of Health (Germany). Retrieved February 6, 2019.
  6. Detlef Borchers, Electronic Health Card: From VPN connectors, reading devices and missing advantages , Heise online, August 12, 2018. Retrieved on February 3, 2019.
  7. Telematics infrastructure , gematik. Retrieved January 29, 2019.
  8. Terms and regulations relating to the electronic health card , Federal Ministry of Health, September 27, 2018. Retrieved on February 6, 2019.
  9. ^ A b Gregor Waschinski: Spahn disempowered health insurers and doctors in digitization , Handelsblatt, January 31, 2019. Accessed February 1, 2019.
  10. Ranking list of practice income , Spiegel online, August 15, 2017. Accessed February 3, 2019.
  11. Uniform electronic patient file for the German health system , gematik, December 19, 2018. Accessed on February 3, 2019.
  12. Faster appointments, more office hours, better offers for those with statutory health insurance , first reading of the Appointments Service and Supply Act in the Bundestag, December 13, 2018. Accessed on February 4, 2019.
  13. BMG will determine the future direction , aend, January 29, 2019. Accessed on January 29, 2019.
  14. Telematics infrastructure - the secure network for everyone. gematik. Retrieved February 1, 2019.
  15. Competence center for the digital German healthcare system , gematik. Retrieved February 3, 2019.
  16. Commission makes it easier for citizens to access health data securely across borders , European Commission - Press release, February 6, 2019. Accessed February 6, 2019.
  17. Agenda point 1: EU strategy and activities on digital health , EU Commission, May 15, 2018. Accessed on February 6, 2019.
  18. Consolidated federal law: Entire legal regulation for the Health Telematics Act 2012 , version dated February 7, 2019, RIS, Federal Ministry for Digitization and Business Location. Retrieved February 7, 2019.
  19. Federal Act on the Electronic Patient Record (EPDG) , dated June 19, 2015 (as of April 15, 2017). Retrieved February 7, 2019.
  20. Who has to offer an EPD? , Swiss Confederation, August 4, 2017. Accessed February 7, 2019.
  21. Clinics threatened by cyber criminals , Frankfurter Allgemeine, September 6, 2018. Accessed January 30, 2019.
  22. Digital Health: Germany is lagging behind , Bertelsmann Stiftung, November 29, 2019. Accessed February 1, 2019.
  23. Anno Fricke, Electronic patient record causes unrest , Ärztezeitung, August 27, 2018. Retrieved January 29, 2019.
  24. Agency of German Medical Networks . Retrieved February 1, 2019.
  25. Serious security deficiencies in the electronic health record "Vivy" , modzero. Retrieved January 29, 2019.
  26. Vulnerabilities in the Vivy health app , October 25, 2018. Accessed January 29, 2019.
  27. Lisa Hegemann, How secure are my medical data? , ZEIT online, December 28, 2018. Retrieved January 29, 2019.
  28. Annette Hauschild, Helmut Lorscheid, Who Needs the Central Patient File? , heise, Telepolis, November 20, 2018. Retrieved January 29, 2019.
  29. a b Personalized medicine and data protection , data protection officer of the Canton of Zurich. Accessed January 31, 2019.
  30. Barmer GEK: Online access to patient data, data protection ticker , March 23, 2017. Retrieved January 29, 2019.
  31. SingHealth's IT system Target of Cyber Attack. (No longer available online.) In: moh.gov.sg. July 20, 2018, archived from the original on July 20, 2018 ; accessed on January 29, 2019 (English). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.moh.gov.sg
  32. Ronald Eikenberg, New Password Leaks: A total of 2.2 billion accounts affected , Heise online, January 25, 2019. Accessed January 30, 2019.
  33. Figures on health care costs in the United States in 2017 (in million US dollars) , statista. Accessed January 30, 2019.
  34. World Medical Association warns of cyber attacks on healthcare facilities , Ärztezeitung, October 26, 2016. Accessed February 5, 2019.
  35. Huml wants to strengthen IT security in hospitals - Bavaria's Minister of Health is funding the “Smart Hospital” project at the University of the Federal Armed Forces in Munich with more than half a million euros , press release, Bavarian State Ministry for Health and Care , December 29, 2018 February 2019.
  36. IT security program for Bavaria meets skepticism , Ärztezeitung, February 4, 2019. Retrieved on February 5, 2019.
  37. Brain data must be protected before it is too late , press release Albert-Ludwigs-Universität Freiburg, November 27, 2017. Retrieved January 29, 2019.
  38. Detlef Borchers, Big Data in Medicine: "The patient's smartphone is the stethoscope of the 21st century" , Heise online, November 14, 2017. Accessed January 29, 2019.
  39. Protection of patient data and confidentiality , free medical profession. Retrieved January 29, 2019.
  40. Karl Ebertseder, BFAV survey on TI: Two -thirds of practices refuse to use the connector despite the threat of punishment , Bayerischer Facharztverband, December 19, 2018. Accessed on February 1, 2019.
  41. Thousands of doctors in the southwest are at risk of reduced fees , Stuttgarter Zeitung, August 17, 2018. Retrieved January 29, 2019.
  42. Spahn: "We have kept our word" , press release Federal Ministry of Health, November 9, 2018. Retrieved January 29, 2019.
  43. Elga is for 70 percent of hospital doctors without added value December 6, 2018, Der Standard. Retrieved February 7, 2019.
  44. Computer scientist: Health data should be stored with the patient , Evangelical Church in Hesse and Nassau, January 9, 2019. Accessed January 31, 2019.
  45. Peter Welchering, patient data easy booty , ZDF, May 8, 2018. Accessed February 1, 2019.
  46. The situation of IT security in Germany 2018 , Federal Office for Information Security, BSI-LB18 / 507, September 2018, p. 18. Retrieved on February 4, 2019.
  47. "After 30 years at the latest, all encrypted data will be open" , aend. Retrieved January 29, 2019.
  48. The strange fear of the digital patient file, WELT, from: Statista. October 25, 2016. Retrieved February 1, 2019.
  49. New law in the USA: Workers must submit genetic tests , data protection ticker, March 14, 2016. Accessed January 29, 2019.