Questions to the Minister for Health (Mr Leo Varadkar, TD)
To ask the Minister for Health regarding data protection in the context of expanding use of ICT in the health sector, his views on whether patient’s personal information and health data should be treated differently to other data types; and if he will make a statement on the matter. – Jerry Buttimer T.D.
To ask the Minister for Health regarding data ownership, if his Department has considered the impact of different models of data ownership, for example shared or psydonemised, on the impact of research potential afforded by greater data collection with the expanding use of technology in the health sector. – Jerry Buttimer T.D.
To ask the Minister for Health in the context of the proposed Health Information Bill, if measures will be implemented to ensure the accuracy of health data collected and the interoperability of such data in order to facilitate large scale research and studies into health and related matters; and if he will make a statement on the matter. – Jerry Buttimer T.D.
To ask the Minister for Health regarding the proposed Health Information Bill, if the collection of health data by public and private sectors particularly private companies offering mobile health applications, will be treated differently; and if he will make a statement on the matter. – Jerry Buttimer T.D.
For WRITTEN answer on Wednesday, 16th July, 2014.
Ownership of personal data has been settled at common law as belonging to the person or body that created the record. However, it is the Data Protection Acts, based on the EU Data Protection Directive, which regulate the processing of personal data. Those Acts are configured on the basis of control of the personal data concerned. Accordingly, considerations concerning the collecting, use, sharing and disclosing of personal data and the anonymisaton and pseudo-anonymisation of personal health data are necessarily shaped by the principles of data protection. One of those principles is that personal health data is to be regarded as sensitive personal data and therefore deserving of enhanced care by data controllers, particularly as regards security.
As the Deputy is aware, my Department has undertaken a number of initiatives in relation to health information in recent years with a view to improving the use of information and information technology in the health service. Of particular relevance, for the future, is the eHealth strategy which was launched in December 2013. A key element of that strategy is that access to the right information in the right place and at the right time is of paramount importance in underpinning patient care and progressing efficiency and effectiveness in the health delivery system.
In that regard, my predecessor also introduced the Health Identifiers Bill last December. That Bill, which is now enacted, provides for a system of unique patient identifiers along with identifiers for healthcare organisations and health professionals. This represents not only a major patient safety initiative in terms of ensuring correct identification at the point of care but it will also assist in ensuring that the patient’s medical information will always be uniquely associated with his or her records throughout the health system thereby helping the delivery of speedier and better individual care. The identifier system will also facilitate other desirable health reform initiatives such as money follows the patient.
It is important to point out that the Data Protection Commissioner was consulted extensively on the Bill. This was to ensure privacy considerations were fully addressed and reflected in the robust governance structure underpinning the Bill, including criminal sanctions for inappropriate use of the individual health identifier.
I intend to bring forward a Health Information Bill to Government later this year. The Bill will build on existing data protection legislation which already provides that personal health data collected and kept by data controllers has to be accurate and up to date and adequate, relevant and not excessive. That will continue under the Health Information Bill. Further, as a general principle, rules on the collecting, using and disclosing of personal data under the Data Protection Acts apply equally to data controllers in the private and public sectors and this will also continue to be the case under the Health Information Bill. This includes any persons offering mobile health applications where those applications collect personal data.
It is also envisaged that the Health Information Bill will contain a number of measures designed to enhance the processing of personal data for better patient care and safety at an individual level and the achievement of broader health service goals at a more general level. In doing so, the Bill will seek to balance the benefits of moving towards a modern integrated health care system with due regard to the need to continue to value the privacy and confidentiality of patient information. Such an approach is fundamental to maintaining public support for and confidence in a reforming health system. For that reason, it is also intended that the Bill will expressly provide for an offence in relation to the buying and selling of patient identifiable information. I know there have been recent concerns about this issue.
Health research is, of course, very important to a modern health system and it is intended that the Bill will contain measures designed to promote health research in Ireland: most notably through the creation of a new streamlined national research ethics approval structure for health research not otherwise governed by EU or national law ethics structures.
In all of the above, my Department has engaged extensively with a range of stakeholders in preparing the Health Identifiers Bill and the planned Health Information Bill: including, the Health Information and Quality Authority and the Office of the Data Protection Commissioner.
Consequently, I am of the view that the recent Health Identifiers Act and the forthcoming Health Information Bill along with the eHealth strategy can underpin a governance and development model that will promote public confidence in the increased use of information technology in the health sector and allow us to take advantage of the significant opportunities that such technology can offer.