MedMij: providing agreements for controlled patient data exchange
In the Netherlands, healthcare providers and patients can share data with each other by means of a personal health environment (PHE, PGO in Dutch). For patients, this environment offers the possibility to view, manage and share all their health data in one place. To ensure this all takes place in a safe and reliable manner, more and more PHEs are using the data sharing framework our participant MedMij developed. We spoke with Johan Hobelman, Architect at Medmij, about the challenges MedMij experienced in establishing their framework.
Why agreements about the exchange of patient data are necessary
Easy exchange of health data via a PHE is very valuable, according to Johan. “On the one hand for the patient to gain more insight into his or her treatment, results, medication and vaccinations. On the other hand, for the healthcare professional to be able to view more health data from other data sources to gain more insight and set up a better treatment.” MedMij was established in 2016 after the Dutch Government decided it would not facilitate a central national patient file. Johan: “That implied that agreements were necessary to facilitate the exchange of data that is stored locally and often difficult to reach in a safe and reliable manner. That was the challenge we faced with MedMij: making agreements by means of a framework to create a network of all those decentralised authentic data sources.”
Legislation as the starting point
Legislation has served as the starting point for this framework, Johan explains. “The healthcare domain has to deal with very specific legislation to protect the interests of a patient. A good example is the use of a citizen service number (BSN). Where healthcare providers are obliged to use a BSN as an identifier of a person, suppliers of PGOs however are faced with legislation that prescribes that they are not allowed to use a BSN because of the risk of identity fraud. It is therefore very important to first have a clear picture of legislation of all the domains involved in a data sharing initiative, before you map out how to technically realise data exchange.”
Also policies about when the exchange of patient data is in the interest of the patient affect the technical set up, Johan explains. ““In the Netherlands, because of GDPR-legislation, patients are the owners of all health data relating to them. This also means that a patient must be in control of what may be done with that data and that healthcare providers’ systems must be set up accordingly. Data exchange may never take place without the patient’s consent.” However, this does not mean that healthcare providers have no say what data they themselves share with patients. Johan: “Healthcare providers must have the option of providing information in a controlled manner. After all, it is not always in the patient’s interest that all information is accessible to him or her, for example when a doctor examines a patient’s mental illness and wants to keep medical notes secret. This sort of information can be harmful to a patient. Before you set up authorisation rules, you must take note of policies that are drawn up on cases like this.”
A lack of unity of data language
Technical aspects also complicate the realisation of data exchange in the healthcare domain, mainly caused by the several taxonomies that are still in use. Johan: “It goes without saying that data that comes from different data sources must be displayed in a PGO in a uniformed way. Although a lot of work has already been done to standardise data languages in the healthcare domain, one cannot speak of a unity. With MedMij we build on the latest web-based protocol that allows scalability and supports new techniques. This is forcing healthcare providers that probably still work with outdated systems and yet want to get the MedMij-label to transform. Of course, this is easier for large hospitals than for the local general practice or pharmacy. That is why it is good that these digital transformations are largely financed by the government.”
In addition to contributions made by experts, cross-sectoral data sharing use cases and analysis of existing data sharing initiatives, MedMij’s lessson’s learned were of great value to our Data Sharing Canvas. This document describes what agreements on topics such as security, metadata and identification, authentication and authorisation are needed to facilitate mutual trust and interoperability across domains.
On May 27th, MedMij will give a presentation at our community meeting in which it will further elaborate on their lessons learned while developing the MedMij framework. Do you want to attend this community meeting? Do not hesitate to contact us.