The electronic patient record (ePA/elektronische Patientenakte) will be introduced on January 15, 2025. The purpose of the electronic patient record (ePA/elektronische Patientenakte) is to function as a digital health folder for those with statutory health insurance. It stores health data such as doctor's letters, medical findings, medication plans, laboratory findings, X-rays and possibly self-entered documents. The use or non-use of the electronic patient record (ePA/elektronische Patientenakte) must officially have no negative impact on healthcare. However there are considerable doubts about it and this promise.
As a result of the Corona pandemic the perception and public discourse about health measures changed. The willingness to provide information about one's own health and to accept measures has increased significantly.
Measures to provide information about one's own health are presented as a solution or at least as an aid to maintaining health. The Corona vaccination certificate that was introduced was in fact a necessity for many people and many things. This created the conditions for widespread distribution. But the RKI files show that the vaccination certificate is intended to enable the recording of vaccination effects and long-term side effects.
- Das Impfzertifikat soll die Erfassung von Impfwirkung, Spätfolgen etc. ermöglichen, nicht Grundlage für Kategorien und Vorrechte sein.
- WHO befürwortet die Zertifikate nicht: Lack of data, keine Fälschungssicherheit, ethische Gründe (Diskriminierung).
- The vaccination certificate should enable the recording of vaccination effects, long-term side effects, etc., and should not be the basis for categories and privileges.
- WHO does not support the certificates: lack of data, no protection against forgery, ethical reasons (discrimination). [1, Ergebnisprotokoll 05.03.2021, P.7]
According to the Federal Commissioner for Data Protection and Freedom of Information, the design of the electronic patient file (ePA/elektronische Patientenakte) violates the General Data Protection Regulation (GDPR). On the one hand health insurance holders who do not have their own suitable device or do not want to use it have only limited access to their electronic patient file (ePA/elektronische Patientenakte). The sovereignty of these health insurance holders over their data is restricted because they cannot determine who can see which of their data. In addition these health insurance holders do not have direct access to their own electronic patient file (ePA/elektronische Patientenakte) which they have to maintain themselves. Due to this disadvantage of these health insurance holders a two-class society was created with the electronic patient file (ePA/elektronische Patientenakte). [2] [3]
The potential damage is proportional to the amount of data stored. And the danger is misuse and theft. In fact there are clear examples of unauthorized access to stored data.
In Finland an attack on the psychotherapy data system took place in March 2019. Confidential notes from psychotherapy sessions of tens of thousands of patients were stolen. As a result patients have reported being blackmailed directly by the hackers via E-Mail. [4]
In Ireland an attack on the local health data system took place in May 2021. The IT infrastructure was disrupted and the health data was encrypted by the attackers. As a result access to the health data was initially lost and up to 80% of patient appointments were canceled. The restoration of the health data and the IT infrastructure took about four months and cost at least 500 million Euros. After the extortion attempt failed the attackers published 700 GB of unencrypted health data. [5] [6] [7] [8]
In November 2022 an attack took place on the IT infrastructure of a local health insurance company in Australia. The attackers blackmailed the insurance company with the stolen data. After this blackmail failed unencrypted health data of 9.7 million insured people was published. This included names, dates of birth, addresses, passport numbers and information on medical findings and therapies of those affected. [9]
[Domestic Politics] Electronic Patient Record - Content 2024-11-20[Domestic Politics] Electronic Patient Record - Background 2024-11-27
[Domestic Politics] Electronic Patient Record - Options for Action 2024-12-11
Src:
[1] RKI Files
https://www.rki.de/DE/Content/InfAZ/C/COVID-19-Pandemie/COVID-19-Krisenstabsprotokolle_Download.pdf?__blob=publicationFile
https://my.hidrive.com/share/2-hpbu3.3u
[2] Die elektronische Patientenakte
https://www.bfdi.bund.de/DE/Buerger/Inhalte/GesundheitSoziales/eHealth/elektronischePatientenakte.html
[3] Art. 18 DSGVO - Recht auf Einschränkung der Verarbeitung
https://dsgvo-gesetz.de/art-18-dsgvo/
[4] Vertrauliche Psychotherapiedaten in Finnland gehackt 2020-10-27
https://www.aerzteblatt.de/nachrichten/117742/Vertrauliche-Psychotherapiedaten-in-Finnland-gehackt
[5] Irish health cyber-attack could have been even worse, report says 2021-12-10
https://www.bbc.com/news/technology-59612917
[6] Cyber-attack on Irish health service 'catastrophic' 2021-05-21
https://www.bbc.com/news/world-europe-57184977
[7] HHS to providers: Learn from mistakes made in cyberattack that shut down Ireland health system 2022-02-04
https://www.scmagazine.com/analysis/incident-response/hhs-to-providers-learn-from-mistakes-made-in-cyberattack-that-shut-down-ireland-health-system
[8] Ireland HSE Cyberattack is a Cautionary Tale For US Healthcare Orgs 2022-02-07
https://healthitsecurity.com/news/ireland-hse-cyberattack-is-a-cautionary-tale-for-us-healthcare-orgs
[9] Cyberangriff auf Krankenversicherung - Patientendaten im Darknet gelandet 2020-11-11
https://taz.de/Cyberangriff-auf-Krankenversicherung/!5894511/
Kommentare
Kommentar veröffentlichen