This content was created by the Data Sharing Coalition, one of the founding partners of the CoE-DSC.
Thanks to the MedMij data sharing framework, healthcare providers, suppliers, and consumers can safely exchange medical data by means of a personal health environment (PHE, PGO in Dutch). Last year, we spoke with Johan Hobelman, Architect at MedMij, about the data sharing challenges in the healthcare domain and the need for the data sharing agreements that the MedMij framework provides. In this second article, we take a closer look at new insights MedMij gained after the further adoption of the MedMij framework by a large group of healthcare providers.
Correctly interpreting agreements about information standards
Over the past year, almost 5,000 general practices have embraced MedMij to exchange medical data by means of a PHE. MedMij keeps a close eye on the adoption of its data sharing framework and the challenges that still need to be dealt with to improve the data exchange. Johan: “All technical connections between healthcare providers and PHE suppliers can be properly set up, but it comes down to the correct use of healthcare applications. For example, we see that there is room for improvement when it comes to correctly interpreting agreements about information standards. These specify, for example, how a healthcare provider must enter a treatment into its system, based on which validation takes place. Yet, we notice that some healthcare providers use free-text fields to provide an explanation for a certain treatment. A free-text field creates unstructured data, which means that a PHE supplier cannot properly interpret and present this data to their end users. In short, even when a connection is technically set up well, it is still important to monitor whether the information standards are interpreted correctly. This example shows that an information campaign about how to use information standards and extensive testing of all connections in a production environment is very important.”
Identification by means of a citizen service number makes testing more complex
Identification also remains an important point of attention for MedMij, because Dutch legislation and regulations for the healthcare domain entail risks when performing tests. This has to do with the the obligation of the use of associated citizen service numbers. Johan: “The identity of the person who sees or transfers medical information must be carefully established. By law, in the Netherlands this may only take place by means of a DigiD and associated citizen service number (BSN). Unfortunately, this forces us to use personal BSNs of project employees who test the production environment. Using a real BSN, however, comes with a risk that fictitious data and records we use when testing could be perceived as real data and records. This can lead to major health and financial risks for project staff, for example when data about fake allergies or medication end up in their patient files. We are talking to the Ministry of Economic Affairs and Climate Policy and the Ministry of Health, Welfare and Sport to investigate how we can solve this issue. For example, we are thinking about creating a ‘virtual village’, in which fictitious residents receive a real DigiD and BSN. This prevents project employees from having to use their own citizen service number when testing a production environment.”
Education campaigns on how to use a PHE are crucial
According to Johan, if we want to increase the adoption of PHEs, we should not forget about the end user. Johan: “The Dutch Data Protection Authority aims for the highest level of security of personal data, which includes medical data. As a result, PHE suppliers are now forced to set up multi-factor authentication for their applications. Logging in with just a password used to be tolerated, but this is not the case anymore. This increases the risk that less digitally savvy end users will find it too difficult to access a PHE themselves. It is therefore essential that, apart from information campaigns for healthcare providers and PHE suppliers, information campaigns are set up to help this group of end users in particular. MedMij is also in constant contact with the Ministry of Health, Welfare and Sport and EZK to discuss how to make authentication methods as user-friendly as possible.”
