13.7.5. Personal data protection and health information

Throughout this report one can see the need to have comparable information on health and health-related behaviour of the population, diseases and health systems at European level, in order to enable solid evidence-based decision making. It is necessary to collect data on equity, health among population groups such as children, elderly and ethnic minorities, morbidity and chronic diseases, use of cross-border health services, and patient safety. In order to satisfy these needs, feasible health information systems based on individual level data are required.

Data protection issues are the main dilemma with regard to using person identifiable health data in public health monitoring. Health data require a high level of protection due to their sensitive nature. On the other hand, the public interest of health monitoring at population level can be regarded as overriding the privacy interests of the individual. Data Protection legislation should reflect this delicate balance between the rights of the individual and the needs of the society. In a European context, the EU Directive on Data Protection (Directive 95/46/EC) is of major importance in this regard (EU, 1995).

Article 8 of the Directive on the processing of sensitive data (e.g. health data) states that such processing is in general prohibited. Subsequently, some exemptions to this prohibition are formulated. In the context of public health monitoring, the first relevant exemption is explicit consent from the data subject (paragraph 2(a)). The second exemption is given in paragraph 3: processing of person identifiable health data is allowed where this processing is required for the purpose of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health care services. Thirdly, paragraph 4 states that subject to the provision of suitable safeguards, Member States may, for reasons of substantial public interest, lay down additional exemptions either by national law or by decision of the supervisory authority.

All EU Member States have transposed Directive 95/46/EC . Nevertheless, the Network of Competent Authorities (NCA; one of the implementing structures of the EU Public Health Programme) became aware of problems in the field of public health monitoring due to data protection legislation, implying that a harmonised situation had not been reached as yet in this area. The NCA therefore in 2005 established a Work Group on Data Protection, which was to study the extent and nature of the problem, and to develop a statement on the appropriate implementation of the Directive in the context of public health monitoring.

The Work Group carried out an explorative survey among public health researchers, data protection experts and the national Data Protection Offices. This exercise resulted in a (non-exhaustive) overview of problems encountered in public health monitoring, and of differences between the different national data protection systems with regard to processing person identifiable health data for public health purposes. Major problems identified in the field were the inability to link different databases at subject level, and the obligation to obtain informed consent from each data subject for the collection of registered data. For what concerns data protection systems, most Member States have more or less copied Article 8 as described above, though there are national Data Protection Acts which have no provisions similar to paragraphs 3 and/or 4. Despite this seemingly successful transposition, the survey made clear that the actual possibilities for the use of person identifiable health data for public health purposes differ to great extents, implying that there is a lot of confusion on how to interpret the Directive and the national laws. The Work Group believes that the current situation does not allow to have a suitable health Information system at European level as described above. The inability to link different databases at subject level poses a threat to data quality, as double counting of events cannot be prevented, and also as people who have died or emigrated cannot be identified. Moreover, enabling linkage will help governments to develop efficient and adequate policies through a better identification of risk groups. Recent technical developments, connecting different sources at subject level via encrypted communication, are very promising, as they allow for the safe reutilisation of existing databases. As these new technologies were not foreseen at the time the Directive was written, the Work Group urges the European Commission to assess whether the existing legal framework can accommodate the current technical situation.

Most importantly, however, there needs to be guidance on the interpretation of the Directive, i.e. the (im)possibilities for public health monitoring following from the Directive need to made clear. Obviously there is the possibility to obtain explicit informed consent from the data subjects. However, in a public health context this is very costly and infeasible. It has indeed been shown that opt-in systems seriously complicate the operation of registries relying on clinician notification or access to medical records . More important from an evidence base-point of view, such an approach will, through selection bias, seriously jeopardise the validity of data which are supposed to be at population level .

Paragraph 3 of Article 8 might provide a legal basis for data processing for public health monitoring without explicit consent from all data subjects. However, the Article 29 Working Party, an independent EU Advisory Body on Data Protection and Privacy, believes that ‘preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services’ only refers to individual patient care. Thus, only paragraph 4 can be used as the basis for public health monitoring . If this interpretation were to be officially adopted, the Directive in itself could never result in a harmonized public health field, as it will be up to the Member States to decide whether and how they want to allow for data processing for public health purposes. Given this consequence, the Work Group does not favour such an interpretation of paragraph 3. Moreover, they feel that the interpretation of the Article 29 Working Party is illogical, as the analyses of population based data are a necessity for the development of adequate prevention and management of health care services at individual level..

In any case, clearness is needed and hence the European Commission is strongly encouraged, in consultation with Member States and other relevant stakeholders, to come to a recommendation on the interpretation of the paragraphs of Article 8 of the Directive relevant for public health monitoring. After all, the Commission is bound by The Treaty (Articles 3p and 152) to contribute to the attainment of a high level of health protection, to improve health, to prevent disease, and to obviate sources of danger to health. Without proper public health monitoring systems at national, and subsequently at European level, these goals will never be reached.