Do No Harm: Don't give Big Tech access to our medical records
Key MEPs members of the ENVI and LIBE committees
Petition
We want the right to privacy over our medical records. This means having control over our personal health information, who has access to this information and for what purpose.
We demand you to amend the European Health Data Space by:
- Requiring explicit consent from patients regarding sharing of medical records for purposes not directly related to treatment(aka for secondary use)
- Limiting the extensive categories of ‘health data’
- Narrowing the scope of how this information can be used, and who can access it
Why is this important?
The European Commission is proposing to hand them access to our sensitive, private medical records! The new law plans to streamline the sharing of medical records and information. For example, making it easier to share an MRI scan from a holiday injury with your GP at home. But as part of the same law, the EU plans to forfeit our right to privacy and undermine trust with our doctors.
As it reads now, the new law would compel healthcare providers to share sensitive medical records with just about anyone who wants them for “research”. This includes Big Pharma, Big Tech and insurance companies. What's worse is that they won’t need our permission to access our data, or to even inform us that they’re using it.
And that’s where we come in. Instead, we can make it so that this law protects our privacy and our medical records, and still makes healthcare systems across the EU more efficient. Now the European Parliament will have its say. Some MEPs are outspoken on protecting patient’s privacy. Others are on the fence, and they need a push ahead of a key vote in July.
We all want to feel healthy and safe - that's the first step in being able to thrive in our lives and communities. For that, we need to be able to trust our healthcare systems and providers to not just care for us but also protect our private medical information from being exploited. But if the new European health data law is passed in its current form, it'll undermine the very trust that underpins our health care system and allows us to reveal sensitive information to our doctors.
Through the European Health Data Space, the European Commission wants to create a modern, harmonised way to better use our health data, but at what cost? Patients would have no say over the sharing and commercial exploitation of their data and would not even be informed about who receives it. The proposal fails to protect our right to privacy over our medical records and health information, and long-established principle of doctor-patient confidentiality.
What’s the problem?
European data protection law rightly defines medical records as being particularly sensitive and awards it special protection in order to save its confidentiality. [1]
The main issue with the European Health Data Space is that every aspect of our health information can be made available to anyone with a research interest, and used for commercial purposes and therefore for a profit without needing our consent. Your medical records include information about all aspects of your life. From the moment you were born, through childhood, puberty, and every sick leave, mental challenge, and other health issues you ever had.. Handing out our most intimate personal information to everyone from researchers to pharmaceutical corporations to Big Tech makes doctors and other medical and healthcare professionals complicit in a massive breach of patients’ trust. [2]
This would make our most personal and sensitive records vulnerable to Big Pharma, Big Tech and insurance companies, ready to mine and exploit it in the pursuit of turning a profit.
The primary purpose of the European Health Data Space is to modernise and harmonise healthcare systems across the EU. In pursuing this, EU lawmakers shouldn’t take away our right to privacy and control of our medical data.
What can lawmakers do to uphold patient’s privacy?
We’re calling on lawmakers across the EU to amend the European Health Data Space by:
- Requiring explicit consent from patients before any of their health data is being handed out for secondary use
- Limiting the extensive categories of ‘health data’ to what is absolutely necessary for medical public interest research
- Narrowing the purposes for which this information can be used, and who can access it
References:
- European Court of Human Rights in the case of I v Finland, Strasbourg, 17 July 2008. Available at: https://hudoc.echr.coe.int/eng?i=001-87510.
- EDRi Position Paper on European Health Data Space: https://edri.org/wp-content/uploads/2023/03/EHDS-EDRi-position-final.pdf