Journal of Internet Banking and Commerce ISSN: 1204-5357
ISSN: 1204-5357
+44-175-271-2024By Francis de Clippele, Lawyer in Antwerp, Assistant Lecturer at the University of Antwerp.
Web: www.declippeleadvocaten.com
Email: info@declippeleadvocaten.com
Visit for more related articles at Journal of Internet Banking and Commerce
Health care is one of the most important economic and business areas. The European Union has therefore worked out an e-health care strategy to achieving stronger growth and increased effectiviness of services. The application of information and communications technologies (ICT) that affect the health care sector, is developing fast in Europe. In this respect various countries have launched pilot projects in order to modernize their medical prescription practices. A model of the electronic medical prescription must respect patient's rights and can only be deployed in a system of security in order to protect the confidentiality.
The adoption of electronic medical prescriptions is part of a wider European health policy that aims at rationalizing healthcare and the use of medication by implementing ICT applications and promoting generic medication . Although, according to article 152 of the EC Treaty, and particularly in its paragraph 5, Community action in the field of public health must fully respect the competence of the Member States.
It is expected that the application of information and communications technologies (ICT) can improve access to healthcare and boost the quality and effectiveness of the services offered . It is a European Unions ambition to build a framework on a wide range of European policies and best practices, a European e-Health Area. E-Health plays a clear role in the European Unions eEurope strategy to achieving stronger growth and creating highly qualified jobs in a dynamic, knowledge based economy the vision set out by the Lisbon European Council in March 2000 . The European policy on e-health is also intended to offer an answer to the increasing mobility of patients and health professionals within an internal market . It is believed that e-Healthcare is one aspect of the answer to face major challenges: guaranteeing accessibility, quality and financial viability of a health care service for everyone in an ageing society
The electronic medical prescription is key to achieving the European e-Health policy. The legal acceptance of electronic documents in a secure environment is a prerequisite for electronic medical prescriptions. The requirement for confidentiality and consumer confidence makes health information systems security critical. Furthermore the implementation of new technology must not infringe on patients rights.
The employment of electronic documents implies the legally acceptance of digital data that cannot contain the manuscript signature. Every digital copy is an original and every copy can be modified without its changes being visible. The authenticity and integrity of the electronic documents are therefore of legal concern .
A signature is the expression of approval of the author with the content of a writing to which he consents and accepts the legal consequences . In order to attach legal effect to a signature one has to ascertain its origin. The signature is unique. Indeed the identification of the signature guarantees the non-repudiation of the will of the person behind the signature. The author of the signature must be the one who is committed. The need to identify a person unambiguously is a most important component of the interoperability of health information systems. The eEurope2005 action plan already supports the development of standards for a common approach to patient identifiers and electronic health record architecture.
The development of the electronic transfer of documents requires the legally acceptance of electronic signatures . In consequence of the implementation of the European Directive 1999/93 Belgium law has accepted electronic signatures subject to recent legislation: (1) The law of October 20, 2000 introducing the legal use of information technology and electronic signatures into judicial and extra-judicial procedures, and (2) the law of July 9, 2001 inserting the legal rules on electronic signatures and certification authorities.
An electronic signature shall have legal effect when two conditions have been satisfied, namely the assignment to a natural person and the guarantee of integrity of the private deed. In accordance with the European Directive Article 5.2. Belgian law has introduced the principle of nondiscrimination between the electronic signature and the handwritten signature. In application of the nondiscrimination principle the electronic signature is legally accepted as evidence. This means that a judge may not ignore an electronic signature notwithstanding its procedure. Moreover the Law on electronic signatures has assimilated the effects of the electronic signatures with the effects of the handwritten signatures. Nevertheless only the advanced electronic signature subject to a qualified certificate will be automatically and completely assimilated to the handwritten signature. For other electronic signatures a judge will decide on the legal effect he will attach.
The objective of the legislator was to secure the transfer of electronic data. The insecurity of the virtual assignment of documents is the effect of dematerialization of data and its storage medium . The insecurity is also related to the possibility of easy copying and invisible or untraceable and even nonrepairable interferences . The electronic transfer of data is also characterized by increasing anonymity and the need to protect the privacy.
The confidentiality and protection of patient data is governed by the general European union rules of data protection, as well as by the requirements of ePrivacy legislation regarding communications infrastructure . The requirement for confidentiality calls for high quality security systems. The electronic commerce Directive also applies to the provision of online health services. The Directive contributes to the legal certainty and clarity needed for the provision of online information services, with information and transparency requirements and the liability of intermediary service providers, thus increasing consumer confidence.
The personal life may only be safeguarded by the legal warrant of confidentiality of the electronic data. Confidentiality implies the protection of electronic data against entry or knowledge by any unauthorized third party. The confidentiality of an electronic notice is secured by encryption.
Asymmetrical encryption implies a double security with a private key (known only by its owner) and a public key (made available through a certification authority at disposal of a third party) . Both keys are complementary through an algorithm function, which creates the digital reproduction of the notice. The sender of the electronic notice (the certification holder) signs the notice with his private key and conveys the access code (public key) to a third party by intervention of the certification authority. The electronic signature based on asymmetric encryption (i.e. a digital signature) and provided that the signature is ascertained by a qualified certificate, has automatically an equivalent legal value as the handwritten signature.
The electronic signature based on cryptography complies with the legal necessity of identification and assignment. These two conditions are also applicable to handwritten signatures . The electronic signature is therefore a sealed combination of figures and letters sent in attachment to an electronic notice and which can only be opened by means of the public key. In application of the Belgian legislation, the public key is secured by the certificate sent with the message and ascertained or authenticated from a certification authority. The legal acceptance of the electronic signature is based on the European Directive 1993/93 on electronic signatures .
Under Belgian law the certificate is defined under article 2, 3 of the Law of July 9, 2001 as an electronic confirmation of the data of the signature and the identification tool of the natural or corporate person committed. The certificate is an electronic file for authentication sent together with the electronically signed notice. The qualified certificate is an electronic file that fulfills the legal requirements and that is issued by a certifier.
The electronic signature is therefore a necessary tool for the electronic medical prescription. By means of an electronic qualified signature, the medical doctor may electronically send a secure and certified medical prescription (indirectly) to the pharmacist. By means of the electronic signature the patient may also correspond individually and safely with the online pharmacist.
Following article 9bis of the Belgian Law of July 14, 1994 on the insurance for medical treatment and allowances (M.O. 27 August 1994, hereafter GVU ), as modified by article 75 of the Law of February 22, 1998, medical data may be stored electronically and shared by healthcare services. The electronic reporting and communication of data is not further defined. The law has adopted a technological neutrality: photographical, optical, electronic, magnetic or any other technique is covered by the law. Healthcare services that offer medical interventions covered by the social security allowance shall provide the patient (article 32 GVA) with a certificate of the intervention (Article 34 GVU) and a prescription for medication (Article 53 GVU). The certificate or the prescription shall bear the signature of the health care service. The prescription will moreover contain a unique sequence number and identification number of the prescriber (Article 73bis GVU, ROyal Decree April 11, 1999 ).
The electronic medical prescription is legally only acceptable when it is technically secured and technology-neutral to be useable for independent medical doctors and pharmacists. A model has been proposed based on standard protocols (TCP/IP, Internet), which can be used independently of the computer platform. The electronic medical prescription shall be linked to the electronic medical report of the general practitioner.
A system by which the electronic medical prescription is sent directly to the pharmacist is legally not acceptable. A direct communication with the pharmacist would infringe the freedom of the patient to choose his pharmacist. The medical doctor therefore will send the electronic medical prescription to a central server from which the pharmacist chosen by the patient may collect the prescription. One should carefully watch the privacy when deploying a system through a central server. Such a system may legally only be enforced when the medical doctor , the pharmacist and the patient have a unique, non transferable identity code which is sufficiently secured. The model for the electronic medical prescription shall be adapted to the Belgian social security system deploying a central server(s) in combination with logfiles that are linked to the SIS-card and the electronic medical report . The electronic medical prescription will also contain an ID-number created by the software of the medical doctor and securely sent to the server. The ID-number can be the RIZIV-number of the medical doctor added with date of issuance. In this manner, with an ID-number of the medical doctor, an ID-number of the pharmacist, an ID-number of the patient and an ID-number of the prescription, the system is enough individual and controllable, so that the security of the electronic communication and the administration thereof, the system of the electronic medical prescription is legally reliable and acceptable.
In order to avoid any abuse, one prescription should contain one medication only. The relation between electronic medical prescriptions, is however recommended for a medical doctor to indicate the combination of medications prescribed. All pharmaceutical products will be sent through a coding system (CNK). The magisterial preparations will be inserted in a (free) format on the electronic medical prescription.
An electronic medical prescription should be considered as a particular form of communication or exchange between health care services. The communication is performed online within a closed circuit with every prescription containing one medication and in attachment after encryption the ID numbers of the health care services and the patient sent to a central server. The electronic medical prescription will be necessary for the online sale of pharmaceutical products subject to prescription.
An electronic medical prescription is therefore a non-addressed notice because at the moment of sending the consignee pharmacist-, is still unknown. The patient is entitled to a free choice of his pharmacist. The power of decision of the patient is not only related to the choice of the pharmacist but also to or not to contact a pharmacist for the presentation of the prescription.
For this purpose the electronic medical prescription is sent to a third administrator. It is preferable that the (central) server, intervening as trusted third party, automatically send a (solely technical) receipt message to the sender. One can also think at the option of the patient of a receipt message from the consignee, pharmacist. The latter receipt message is distinct from the solely technical receipt message because it also informs on the outcome or use of the prescription.
The automatic technical receipt message may be used as the start of the limited life of the electronic medical prescription. It is preferable that after a certain period, defined by law, the electronic prescription will be invalid. The patient should be informed of the invalidity. The patient then should have the choice whether the sender, medical doctor, shall be informed of the fact that the prescription was not used and therefore annulled.
E-health, the application of information and communications technologies (ICT) that affect the health care sector, is developing fast in Europe. In this respect, the European Commissions e-Health Action plan, adopted on 30 April 2004, covers a wide range of issues and applications from electronic prescriptions and computerized health records. A model of the electronic medical prescription must respect patients rights and can only be deployed in a system of security in order to protect the confidentiality.
Copyright © 2024 Research and Reviews, All Rights Reserved