[Feature article: Legislation blocks good health research projects

Direct access to data in medical records for researchers will benefit patients in the future.

[Translate to English:] Det vil gavne dansk sundhedsvidenskabelig forskning, hvis patienter kan give forskere adgang til deres sundhedsoplysninger, mener kronikørerne.
[Translate to English:] Det vil gavne dansk sundhedsvidenskabelig forskning, hvis patienter kan give forskere adgang til deres sundhedsoplysninger, mener kronikørerne.

[Translate to English:] Af Kristjar Skajaa, Helene Nørrelund, Camilla Nyboe og Susanne Kudsk 

Better use ought to be made of health information

According to current health legislation, Danes may not themselves give researchers direct access to their medical records. The legislation thus blocks the way for many research projects which would otherwise benefit patients in the future.

There has been no shortage of negative stories about surveillance. Stories about scandals involving publication of civil registration numbers, identity theft and digital surveillance cause concern for most of us. The debate about who has access to our electronic medical records therefore also appears regularly in the media. Most recently, general practitioners have voiced concern about the confidential doctor’s consultation between patient and doctor, and wished to see access to health information limited. Instead of discussing stricter regulations, perhaps we should instead concentrate on how health information is and, in particular, is not used. With an amendment of the Danish Health Act, we would be able to make even better use of health data for the benefit of the patients – without compromising security.

The security surrounding a person's medical records is already high. Regardless of whether the medical records are located at your general practitioner or at the hospital, they remain a strictly personal document and the contents are known only to the person in question and the doctor who treats the person. When relevant, such as e.g. when the patient is transferred from the general practitioner to the hospital, the patient may give permission to make the information in the medical records available to the recipient doctors. If a patient is not able to give such permission due to e.g. unconsciousness, it is possible to get hold of the information anyway out of consideration for the patient's health and well-being. That’s the way it’s always been. And that's how it should continue to be – in principle. It sounds simple, but it is anything but. And why is that? 

Before the advent of electronic aids, all the information about the individual patient was stored in written, paper medical records at the individual ward. Today, Denmark has chosen to digitise health information. The information is therefore available in electronic form to healthcare professionals when people require hospital treatment. Their work is made considerably easier, of course, when all information is gathered at the same location, which also reduces the risk of information being lost. All doctors can, however, also in principle read all of the medical records. Of course they’re not allowed to. If they do it anyway, it is easy to detect, as each opening of a patient’s medical record is registered. In addition to the information stored in the individual's electronic medical records, there are also Danish registers and databases. Here we gather all the information about diseases and medicines in anonymous form. For example, in the Danish Diabetes Register you can follow the development of the number of people who are annually diagnosed with diabetes and the age groups they belong to.

One thing is the question of how doctors treating patients receive access to the information in the medical records. But how do researchers gain access to information in medical records that can be used for evaluating the effects of new forms of treatment?

To gain access to health information, in Denmark you must obtain permission from the patient in question or from one of the health agencies such as the National Committee on Health Research Ethics or the Danish Health and Medicines Authority. When a person has permission to access health information, the Danish Health Act uses the concepts of collection and disclosure of patient data. Collection is understood as the individual doctor being able to look in the patient’s medical records to find the relevant information. With disclosure, the doctor may not go in and find the information in the medical records, but must instead have the information forwarded from the attending department.

If the purpose for access is research, today the researcher may not collect information in the patient's electronic patient records – not even with permission from a patient and/or health authorities. In practice, this means that when researchers cannot look the information up in the records, they have to ask others to do it for them – i.e. get the information disclosed. In such a case, this is he local hospital department, who look up the relevant information in the medical records and forward it to the researcher. This is in our opinion inappropriate. Both for the individual patient and for research.

Inappropriate legislation

This current practice of getting information disclosed presents researchers with a lot of challenges – academic, time-related, financial and not least ethical. The problem is not getting the actual permission to retrieve the health information. The problem is rather the distinction made by the Act between gathering and disclosure, which in practice means that the researcher cannot get hold of the health information.

Let's look at some specific examples from real life situations.

A researcher who is also a paediatric doctor at a hospital wants to examine whether children born with a serious heart defect demonstrate normal mental development during the first eight years of life. This knowledge will be relevant for different target groups. For families who have children with severe heart defects, for a couple who must decide on a possible abortion if they are expecting a child with this type of heart defect, and for doctors who work with the treatment of these children. The researcher will scan pregnant women who are expecting children with severe heart defects and then follow the children with tests and examinations until they reach school age.

It is clear that other factors than the actual heart defect may have significance for the child's mental development. Has the child been hospitalised many times? Has it suffered frequent infections? Many operations? Under the current legislation, parents cannot give permission for researchers to look up information in the child's electronic medical records so they themselves can find the answers to these questions. Nor can they obtain permission to do this by contacting the National Committee on Health Research Ethics or the Danish Health and Medicines Authority. The only option is for the researcher to contact the departments which the child has been admitted to, so that they can then look in the medical records and forward the relevant information. However, in order to contact the correct departments, the researcher must know where and when the child has been admitted to hospital. Perhaps the parents can remember all admissions, dates, and departments. Perhaps they cannot. Some children may have been hospitalised 50 times in different departments and hospitals, so it would be an unreasonable task to ask the parents to report this. This research project can thus not be carried out under current legislation. We can therefore miss out on valuable knowledge about how these children fare.

Ethical challenges

Another research project deals with pelvic cancer. Denmark is the only country in the world that has begun to treat forms of pelvic cancer with a more extensive operation instead of radiotherapy. It is naturally very important that results are followed up by surveying how many patients experience relapses after being discharged from the cancer department. The result of the survey helps to determine whether coming patients should also receive this treatment option.

Patients who have finished in the cancer department are no longer under current treatment. The researchers must not therefore even look in the electronic medical records and identify the patients who have experienced relapses. How then are you to find the patients? You can write to everyone who has been treated for pelvic cancer in a cancer department. However, from an ethical point of view this is problematic. It can be a very traumatic experience for surviving relatives to receive post from the public authorities addressed to the deceased person, and neither will you receive a response from patients who have died or are very ill and in hospital. It is, of course, very important to include this group in the research project. If you get permission for disclosure of the information from the National Committee on Health Research Ethics or the Danish Health and Medicines Authority, you still will not know which patients have suffered relapses, which departments they have been admitted to and when the hospitalisation occurred. Yet again you get stuck because it is not possible to identify the patients you want to get information from. Again, it is not possible under current legislation to document that the new treatment is better or just as good as the treatment that was offered previously.

Too few resources

A third example is a research project in which the researchers wish to investigate the outlook for adults with symptomatic congenital heart defects such as ASD (Atrial septal defect). The diagnosis for this disorder covers both the illness they wish to study, but also a completely normal version found in a quarter of humans, which is completely safe. The diagnosis thus covers both ill and healthy people. What do you do when you want to investigate the people who are ill? You can choose to include the 25 per cent of completely healthy people in the survey, but that would naturally affect the result. If you are interested in the disease, it is necessary to ensure that you have the patients and not the "healthy" variant included in the survey. Using the registers you can see where and when the patient was admitted to hospital, so that it is possible to find the department from which you can get the information forwarded. In this case, the problems begin when you need to get information forwarded from the attending department. First of all, there are too few resources for the task. The departments can typically allocate staff to find three or four records. But it can be a big challenge for the large departments to find the time. They do not have the resources to forward information for up to 1,500 patients. In a busy working day, it is not difficult to imagine how external research projects are prioritised when planning the day’s work.

Another challenge is that people who do not have adequate competences to assess which data should be sent often carry out this task. If too little is sent, the relevant information is not included. Or just as often, too much is sent and large sections of the medical records are uncritically printed and sent by post. Here the information in a patient's medical records is not particularly well protected. Many research areas are complex and it is therefore hard to judge – even with a medical background – which information is relevant and which is not. With the current legislation you cannot carry out this project either and therefore do not have the opportunity of obtaining in-depth knowledge about the prognosis for this patient group.

But perhaps you will ask; why don’t we just make use of all of our great registers to carry out research? If all the information is anonymously gathered in a register or database anyway, then it must be both easier and safer for both researcher and patient? The Danish registers are completely unique, very comprehensive and of significant importance in connection with research and quality assurance of the Danish hospital services. But the registers are no better than what you put into them. If you cannot be certain that the information is correct, you will not get accurate results, and the research cannot actually be used to improve treatment. In certain circumstances you might need to check that a specific diagnosis in the medical records is correct and to compare it with the diagnosis found in the register. It may also be necessary to use information from the medical records which is not found in the register. We know that e.g. smoking can have significance for the development of cancer and it is important to include this information in cancer research. So researchers carrying out register-based research may also require access to a patient’s electronic medical records.

All of us expect to receive the best possible treatment if we become ill. Many initiatives are also constantly being implemented to improve treatment. New treatment methods, new medicines and new advanced technology are introduced to optimise diagnosis and treatment. Only by continuously analysing, evaluating and carrying out research can we ensure that the new initiatives actually live up to the intention of improving quality.

Patients must give permission

As can be seen from the examples, the current regulations in the Danish Health Act unfortunately regularly obstruct relevant research and the quality improvement of the health sector. They do this because only staff who are directly involved in the current treatment have permission to obtain information from the patient's electronic medical records. The legislation does not sufficiently take into account research and quality improvement, which also naturally take place in the healthcare system in close collaboration with the actual treatment of the patient.

Why should Danes not be allowed to decide whether they will contribute to research by allowing a researcher direct access to their medical records? In the projects where it has not been possible to obtain permission personally from the patient, the National Committee on Health Research Ethics / Danish Health and Medicines Authority have the opportunity to give the researcher permission to directly look up (collect) and find the information which would otherwise have to be passed on from the attending departments, but only after a specific assessment of the research project. Permission must be given for access to the same information. What ought to be altered is the way in which access is given to the data. Special electronic security procedures can ensure that the researchers only collect precisely the information for which permission has been granted and that the patient will be able to see which information the researcher has retrieved, just as it is possible today for you to see which doctor has looked in your medical records and why. 

It is not surprising that the various examples of abuse of confidential information which we have seen in the media lead to Danes wanting to see enhanced control of health information. Medical records are strictly confidential. And they should continue to be so. But with treatment in an expensive health service, patients rightly expect to receive the best treatment, that the effect of new treatments is studied, and that the advice they receive is based on evidence. If the way in which researchers can access health data is not changed, then the chance of continuing to able to deliver scientifically substantiated treatment and advice will be reduced.



Appeared in i Politiken d. 9. marts 2015.