Legal frameworks for patient information

management – a Nordic overview

Leif Erik NohrLegal advisor

Common Nordic features• High quality health care services• ”Massive” legal frameworks• Patients’ Rights• Extensive and growing use of information

technology in health care• Developed infrastructure – Dedicated Health

Networks• eHealth strategies• Facing the same demographic challenges• Focus on continous provision of health care

Challenges

• Fully utilize the potentials of information technology in the provision of health care

• Provide a legal framework that considers– Quality– Patients’ rights– Professional duties– Efficiency– Information security– Etc

Iceland

• National strategy for use of information technology in all sectors

• Information security and protection of personal privacy as guiding principles

• eHealth regulated by health care- and data protection legislation

• No specific eHealth legislation• The DeCode database…

Finland

• Decentralised health care system• Principle of citizen-centred seamless

service structures• National Electronic Health Record by

end of 2007• Legislation on seamless service chains• National standards, national EHR

structure, security and safety guidelines

Sweden

• National strategy since 2006.– Includes social care

• Aim at bringing laws and regulations in line with extended use of ICT

• Information- and infrastructure

• Bill for a new Patient Data Act

Sweden (cont.)• The Patient Data Act:

– Cohesive regulation of processing of personal data in health care

– Framework legislation– Facilitate both enhanced patient security and

strong privacy protection– Care providers can – subject to conditions – have

direct access to other’s e-records– Patient’s get a right to be informed about access

to own medical records.– Possible for patient’s to have direct access to own

medical records

Denmark

• Government strategy for information technology in the Health Care systems (2003 – 2007)

• Focus on interoperability and standards (incl. SnoMed)

• One Patient – one EHR within each region• Awareness on legal prerequisites • Issuing of legal guidelines (information

security, consent)

Denmark (cont.)

National IT Strategy 2003 – 2007 for the Danish Health Care Service

“A number of initiatives in the strategy will over a very short period of time challenge some of the regulations in the Law on Patients’ Legal Status. For instance, it will be imperative to clarify whether the existing legislation presents any barriers to displaying information originating from various registries, with the purpose of giving the health care professional a more holistic view of a patient’s state of health.”

Norway

• National, strategic initiative – ”Te@mwork 2007”

• Continuity of care – on all levels

• Focus on the importance of information flow

• National health network

• Widespread use of EHR

Norway (cont.)

• Guidelines on telemedicine and responsibility• Guidelines on access to an sharing of

information in electronic health records• Telemedicine and ehealth provided under

existing legislation• Health Register Act• Limited possibilities to direct access• Legislation (or interpretation of it) being

discussed

To conlude

• Good national strategies (good intentions)• Strong focus on infrastructure• Changing Health Records • Legal aspects of ehealth is widely

acknowledged• Differences in the approach to legal issues• A need to rethink the legal framework to a

new – electronic - reality