Together with the advancement of digital technologies a number of key issues of the healthcare sector, such as the right to confidentiality of patient’s data and introduction of the e-Health system, have grown into issues of high social importance and need oversight by the society. In particular, the protection of the right to confidentiality of patients’ data is highly imperative but not fully safeguarded due to the lack of explicit legislative regulation. The issue becomes even more urgent in the light of introducing the e-Health system which is aimed at improving the level of public healthcare.
With the support of “Open Society Foundations – Armenia” the Committee to Protect Freedom of Expression organized a public discussion on 30 August 2016 concerning the “Protection of Patients’ Personal Data in Medical Institutions and Introduction of E-Health System in Armenia” for the purpose of addressing the above-mentioned issues and making clear about the progress achieved in introducing the e-Health system.
In his opening speech Ashot Melikyan, Chairman of CPFE, noted that this was the second round-table meeting concerning personal data protection and digital rights, and for covering the issue specialists were invited both from the healthcare and information technologies sectors, independent experts, and representatives of non-governmental organizations, international institutions and journalists.
Greeting the participants David Amiryan, Deputy Director for Programs in Open Society Foundations – Armenia, noted that the introduction of the e-Health system may all the more jeopardize the right to confidentiality of personal information. David Amiryan highlighted that, “Taking into account that almost everything in Armenia is implemented in a non-transparent manner and without any discussions with the expert community, these discussions initiated by the organization pursue the goal to raise the concerns related to the introduction of the e-Health system, the problems regarding the protection of personal data in this field, prevent the possible adverse developments and, in the result, assist in gaining some better understanding of the issues which may further grow into legislative initiatives or regulatory norms.”
In her report on “Protection of the patients’ personal data in the medical institutions” Violeta Zopunyan, Director of the Center for Rights Development NGO, presented the findings of the research she had conducted, the problems encountered in practice and related conclusions. First, she noted that the key issues concerning the right to confidentiality of information on patients became very imperative, but were not sufficiently addressed by the field specialists and lawyers. These issues have also remained beyond clear legislative regulation. Moreover, cases connected to violations of the right to confidentiality of information on patients most often occur in “vulnerable” population groups, such as people living with HIV/AIDS, drug users, persons with mental health problems, persons having disabilities and others.
The speaker indicated the gaps existing in the Armenian legislation and also noted that the issues regarding the confidentiality of information on patients’ state of health are comprehensively regulated in international legal practice. In particular, term “medical secret” is not explicitly distinguished in the Armenian legislation, while according to the European Charter of Patients’ Rights, even the fact of applying to any healthcare institution constitutes a secret, not speaking about the information regarding his or her state of health and diagnostic or therapeutic procedures.
According to legal acts regulating the activities of law enforcement agencies, information constituting medical secret may be disclosed only upon the request of the courts, the prosecutor’s office and authorities carrying out inquest and preliminary investigation, as well as other competent entities. However, the legislation fails to explicitly stipulate, in which specific situations and under which circumstances, if any, and to what extent the mentioned agencies may request information about the patient’s personal data.
According to Violeta Zopunyan, breaches of confidentiality of medical information mostly occur in the case of patients with cancer; most of the patients are not aware of their diagnosis and have no idea of what they receive treatment for, while all this information is available to the family and neighbors. According to the law, the patient is the only person who has the right to determine the fate of his or her medical secret. Instead, it is the doctor who actually makes this decision for the patient by communicating this information not to the patient but to other interested persons.
Healthcare institutions, as a rule, have no internal regulations to stipulate the rules of circulation of data on the patient and the requirement of ensuring their confidentiality. According to the survey, the information on the patient is, in general, available to all employees of the healthcare institution. Even nurses have free access to registers and may circulate them in the healthcare institution.
Information concerning the disease of persons receiving treatment also becomes available to other doctors in the hospital, since the diseases and the course of the treatment of all patients are discussed during consultations and visits. Any doctor, nurse, students undergoing educational and practical internship in the healthcare institution and resident medical officers may freely have access to the medical record books.
Violeta Zopunyan also presented recommendations following from the survey with the main focus of making necessary legislative amendments, development and application of internal regulations in healthcare institutions concerning the circulation of patients’ personal data, safeguarding the confidentiality of information relating to the state of health of persons regardless of established individual traditional practices and stereotypes. Particular attention was attached to the fact that a differentiated approach should be used for accessing the personal data of ordinary citizens and high-ranking officials. To some extent information on high-ranking officials should be more publicly open since it is in the public interest.
In a report on the “Process of introducing the e-Health system and protection of patients’ personal data within the integrated health information system” Hovhannes Minasyan, Project Manager in “Governance Infrastructure Implementation Unit” CJSC (EKENG) presented the essence of the common healthcare electronic system, its benefits, implementation phases and achievements. Implementation of the project started in 2011 when a survey was conducted with the participation of foreign experts for deciding upon the feasibility of introducing such a system in Armenia. In 27 September 2013, the Government signed a contract with the winner, Ericsson Nikola Tesla d.d and Masys Apahov LLC joint venture. The project was implemented within the World Bank loan program of USD 2 million.
The key objectives of introducing the e-Health system in Armenia include improvement of the quality of healthcare services, optimization of processes, reliability of patients’ data storage, cost-effectiveness, collection of statistics and accessibility of information. Hovhannes Minasyan informed that the common healthcare electronic system will be used to fully replace the current paper-based system. A separate entity-operator is planned to be created to carry out the operation of the system. Old data about the patient will not be input into the system; patients’ medical record history will begin upon inputting the current electronic data regarding the state of health. A common electronic medical record will be opened for each patient, which will be available to the appropriate specialist irrespective of place and time. The entering into the system will be possible by an ID card; the patient will enter own personal page by his or her ID card and will allow the doctor to access the page. The doctor will use his or her ID card to enter into the system. Only in exceptional cases it will be possible to access the system without the patient’s consent.
After completion of the technical work on development of the software, in October 2015, the system was piloted in five medical institutions operating in Yerevan and in marzes. These institutions included “Heratsi” and “Muratsan” Hospital Complexes, Medical Center of Goris, Outpatient Clinic No 1 in Vanadzor, Ambulance Station of Balahovit, Abovyan Medical Center and “Ingo Armenia” insurance company.
More than 60 healthcare professionals were trained to use the software appropriately. During this pilot phase, more than 100 patients were provided with services in an online mode.
After the successful testing it was decided to introduce the system throughout the territory of the country. It is expected to make a phased transition to the electronic healthcare system within a period extending from 1 to 1,5 years. During the first phase each medical institution will need to input their data into the business register, including data on the medical staff, assets and equipment of the medical institution. The second phase implies management of the patient enrollment process, and the third phase implies introduction of electronic medical records.
According to Hovhannes Minasyan, currently discussions are held between the RA Government, Ministry of Health and EKENG to decide upon the strategy, the timetable and the funds needed for the implementation of the system.
The necessary prerequisites for fully implementing the system include attracting of funds and bringing the current legislative framework in line with the contemporary requirements.
One of the most important issues identified during the “round table” discussion was the issue of creating guarantees for the confidentiality of personal data of citizens having applied to healthcare institutions and accessibility of these data for other government agencies as long as there are no relevant legal regulations, norms and standards, the existence of which will enable ensuring the confidentiality of patients’ data.
During the discussion, Gevorg Hayrapetyan, Head of Administrative Proceedings Unit of the Personal Data Protection Agency of the RA Ministry of Justice, informed that circulars were sent to the RA Ministry of Health, Yerevan Municipality and marz administration offices for them to notify medical institutions under their jurisdiction to comply with the requirements of the RA Laws “On protection of personal data”, “Medical aid and services provided to population” and other legal acts. As to communication by the patient of his or her personal data to others, Gevorg Hayrapetyan noted that pursuant to the Law “On protection of personal data” a contract entered into by the citizen and the medical institution is also considered as consent to use personal data.
Participants of the “round table” discussion raised a number of other issues related to the introduction of the e-Health system, particularly as regards technical implementation of the project given that many of the medical staff lack computer skills. Besides, the discussion also covered some issues related to professional training of healthcare professionals, non-availability of internet connection in medical institutions located in remote marzes, security protection of the e-system based on Internet connection, potential difficulties in the use of the system by patients (taking into account patients’ age and specific conditions of health), as well as raising awareness of the population.
Notably, the discussion was not attended by the representatives of the decision-making authority in this sector, i.e. the RA Ministry of Health, and in particular Deputy Minister Sergey Khachatryan, who should have delivered a report according to prior agreement. Moreover, Armen Karapetyan, Head of Staff of the Ministry had confirmed the participation of three representatives of the Ministry, including the Deputy Minister, in a letter sent to the CPFE. However, none of them was present, and Khachatryan did not even consider it necessary to notify about his absence in advance. This behavior fails to fit into the rules and standards of neither human nor business ethics and quite obviously portrays the given government authority. It is only to be hoped that in the future, when there is a new opportunity for cooperation, the Ministry of Health will behave in a more civilized manner and show willingness to communicate with the representatives of the civil society.