The governmental bill on the digitalization of healthcare remained almost unseen in the current uneasy legislative situation, which mostly revolves around the Covid-19 pandemic. We are participating in the commentary on this legislation, so we are actively monitoring the situation. Read carefully if you are a healthcare provider, employer of healthcare staff or supplier of medical IT systems. Sooner or later, the new legislation will affect you. The new act is trying to ease the access of patients to information maintained about them in the healthcare system.
Although this is just the first stage in the digitalization of the healthcare system, we believe it is an important step to include eHealth as (maybe one day) a fully functional part of eGovernment. The act should be fully effective in 10 years, although the result adopted by the Chamber of Deputies of the Parliament of the Czech Republic can be different. Gradually, however, this act or the principles set forth by it could clarify the structure, content and flow of the healthcare information and its transmission.
The Czech Republic has chosen a decentralized solution to digitalization. The main aim now is “merely” to set the basic legal framework for secure data sharing in healthcare via the so-called Integrated Secure Data Interface, i.e. to coordinate communication between entities in the healthcare system (healthcare providers, health insurance companies, healthcare staff and patients). The act does not currently aim to consolidate all medical data (e.g. whole medical documentation) in one digital place or radically reorganize the existing processes, but attempts to provide support and infrastructure for existing local mechanisms and for an effective and sufficiently secure data sharing system and transmission of required information.
The basis will consist of three non-public core medical registries: (i) a master register of healthcare providers; (ii) a master register of healthcare staff; and (iii) a master register of patients. The system will be available to a specified extent only to authorized, clearly identified persons for a clearly defined purpose. Master registers will serve to maintain unambiguous and correct data on healthcare providers, healthcare staff and patients, and to identify them. This will secure the correct, up-to-date data available in real time on these subjects and on the transfers in registers (traceable through electronic tracking and unique identifiers of registered persons).
A great example of why holding accurate and up-to-date data in real time is important was when a central register for hospital bed capacity needed to be created at the onset of the Covid-19 pandemic. Surprisingly, the Czech Republic did not have summary data on hospital capacities showing the state of the system at a specific point in time.
From the patient’s point of view, the new act is trying to take into account the principles of “providing the information only once”, it “reusability”, to minimalize “flow of the patient in the system” and to introduce the “the flow of data”. Nowadays, it is primarily the patient who often works as a delivery person securing the transfer of information on their medical records to different facilities, because there is no single secure system for sharing this information. Individual healthcare providers use different IT systems, which are usually unable to effectively communicate with each other and do not have a unified data standard or cybersecurity rules in place. The current situation is not only “uncomfortable” for patients, but can lead to real medical problems, lack of coordination in the provision of healthcare, and ultimately, higher costs for healthcare providers, health insurance companies and thus for patients and all citizens.
The new system should allow the patient to access all data kept about them in the Integrated Interface, by remote access via the Electronic Healthcare Portal or via Czechpoint, but always after proving their identity, e.g. using some of the electronic methods, including planned use of banking identity. The patient will easily get access to information about where their medical records are stored or have the option to request an extract of such records. By incorporating amendments to related regulations, such as the Health Services Act, in the future the new act aims at the mandatory keeping of electronic medical records, which will make it easier for these records to be audited and for the patient and persons authorized by them to access these records. This will also help in proving cases of violation of lege artis procedures.
The new act will create new obligations for healthcare providers, such as the obligation to keep the so-called standards of electronic healthcare, to actively use the master data, to abide by them, and record the activity of all authorized persons in their information system. That should lead to the elimination of duplicates in records, but for healthcare providers, this will initially mean that they will need to focus on quality settings of internal processes and training of staff. The act will come into full effect after 10 years, so providers will have plenty of time to adapt (the question remains, if this period is not too long that at the time of the full effectiveness of the act the intended modification will still technically have a chance to work).
The suppliers of the existing local IT systems for hospitals or other solutions are likely to be required to assess whether their system will be compatible with the new, centrally operated state system for data sharing. The state intends to provide certain services for free, including the services of an exchange network for the transmission of medical records or issuance of necessary certificates, which may disadvantage some entities operating on the market. On the other hand, we see some room for involvement of new private entities, which will supply the preferred systems or otherwise participate in the whole process of digitalization and eHealth through the growing demand for electronic services, communication solutions, biotechnologies, etc.
Lastly, it is necessary to think about the personal data protection of the patient, as these data are often very intimate and their misuse by and availability to unauthorized persons can have fatal consequences. Recently, cyberattacks on medical facilities have also been increasing. The use of biotechnologies and early forms of artificial intelligence in healthcare therefore makes the topic of data protection more than just a theoretical problem.
We consider the planned replacement of the birth registration number in healthcare by another ID number not linked to personal data as a good step forward. Specific information about the patient (gender, date of birth, place of birth) can be traced from the birth registration number, making it an ideal and common subject of identity theft. In response, public services are using birth registration numbers less and less nowadays. Its replacement by a different ID number will have to be secured by healthcare providers.
Demand for quality health services is enormous across Europe. This can also be seen in the effort for a Europe-wide coordinated strategy for further development in healthcare and pharmacy. The higher effectiveness of data sharing and the transfer of some services online are among the tools to move towards greater sustainability of the healthcare system, to regulate costs more efficiently and better allocate resources. Health insurance companies already expect the new regulation to reduce the costs by better “monitoring” of the patient’s journey through the system. As patients become more informed and increasingly “resist” the preferred approaches of the insurance companies, as we have recently seen, it will be interesting to observe the extent of which these insurance companies will translate their efforts into “benefits” for their clients and whether the ambitious goals discussed in the explanatory memorandum to the act will be met. Certainly, this area will be worth monitoring in the future.
Should you have any questions, wish to share your experience or expectations with us, or just want to be a part of the whole commenting process, do not hesitate to contact Veronika Chrobok or your contact person in our office.
This document is only general communication and is not a legal advice in a specific matter.