A system of national electronic patient records (Dutch acronym EPD) could improve the quality and efficiency of health care. A prerequisite for successful implementation is the confidence of healthcare providers in this system.

Three factors determine healthcare providers’ confidence in the EPD: (1) the quality of patient data; (2) the privacy of patients; (3) legal liability in the event of medical errors. The best way to create sufficient support for this seems to be a step-by-step, bottom-up approach, i.e. start with a few components in the region or within one healthcare component. This also makes it possible to address any start-up problems. Furthermore, legal certainty for healthcare providers must be increased through clear legislation about their responsibilities when it comes to electronic data exchange.

The project has identified and put together a clear list of the general issues and possible solutions in this area. An importance premise, both from an ethical perspective and in terms of creating support among healthcare providers, is that privacy safeguards and security measures for data exchange should be implemented. The research team has provided a number of technical recommendations to this end. This project has also resulted in a number of organisational/strategic and legal recommendations, as set out below.

Technical recommendations

1. Technical safeguards in the system should help ensure that healthcare providers comply with the rules on data access and data quality and that they can rely on the electronic information available. This means that they can be confident that the risks to their and their patients’ privacy are calculable and manageable.
2. Security experts as well as suppliers have to be involved in devising technical solutions to increase the reliability and confidentiality of electronic data exchange and the related supervision.
3. Certain categories of information should be earmarked as particularly sensitive, for example information about a person’s mental health. This information should only be retrievable through one or more additional operations in the system.
4. Ways in which the user-friendliness of the system can be increased should also be studied in further detail, for example features like “search”, “save” and “assigning permissions”. A search tool that can filter out suspicious consultations from the EPD is also desirable.
5. Another recommendation is to organise meetings, including virtual conference calls, to facilitate contact between healthcare providers.

Organisational/strategic recommendations

1. As a policy principle, healthcare providers should have a sense of control over the process. This requires transparency about what is expected of healthcare providers and what happens to the information they provide.
2. Where possible, a bottom-up approach should be adopted in which the government supports existing and new initiatives within the region, thus fulfilling the need for information exchange on a wider scale.
3. While efforts on introducing a national infrastructure should be continued, using this for data exchange at the national level is only recommended once a broad consensus has been reached among healthcare providers. In the meantime, this infrastructure can be used for regional data exchange, provided that suitable legal and other guarantees and principles are in place.
4. Healthcare providers should agree as much as possible on the requirements for registering and exchanging electronic patient information. Examples are the structure of the patient records, contents of a professional summary, codes, frequency of data updating, and standards for response times.
5. To facilitate the introduction of the system, the government should provide suitable training, information and evaluation activities.

Legal recommendations

6. Legislation should give the relevant healthcare providers as much legal certainty as possible, which means that the law must, as a minimum, clearly define the key responsibilities of healthcare providers when exchanging electronic data.
7. The legal principles should be established for the parties involved by means of self-regulation, such as codes of conduct, guidelines and standards. Quality requirements for these documents include clarity, recognisability and the broadest possible consensus. Current efforts by the parties involved to establish a code of conduct (Code of Conduct on Electronic Exchange of Healthcare Information) should be supported.
8. Appropriate arrangements should be made for monitoring compliance with the rules on electronic data exchange as laid down in legislation and subordinate legislation. Supervision and monitoring of access to particularly sensitive information (such as information about a person’s mental health) will be required, and the possibility of giving the patient a role in this should be explored.
9. The liability position of healthcare providers and other parties involved in the electronic exchange of information must be clarified through research into applicable (civil) law.
10. Research could, for instance, show that the liability of healthcare providers for damage caused by errors or shortcomings in the exchange of electronic data has not been clearly defined. In that case the legislator must make provisions for this in supplementary legislation – especially where it concerns factors beyond their immediate control.

International experience

Not only did the researchers study the Dutch situation, they also drew lessons from experiences with shared electronic patient records in England and Scotland. To this end, they involved experts from the UK in the project.

electronic patient record, privacy, informed consent, electronic medial record, electronic medial record, data quality, liability, trust, best practices, control, regulation