On privacy and having a say in what happens to you or your data. Or: If you didn’t object, you must therefore agree

I’ve had multiple medical misdiagnoses in my life, to the point where I can faithfully say I don’t think a doctor EVER made a correct diagnosis. I’ve had ear tubes surgery when I was a kid. The root cause of the problems with my ears, nose and throat was my dairy intolerance, I know now at 35 years old. Having surgery as a very young child is terrifying. Not to mention the fact that I could not count on my parents to soothe or comfort me, the stress in my young body was already extremely high. But I had this surgery at least three times. I think more. It was very, very frightening. And then at some point, my mother placed an additional burden on me. She expressed how scary it was to see my eyes ‘roll away’ as I went under. So, as I had learned to put my needs aside so that my parent would not be upset, next time I went under, I closed my eyes earlier. The doctor thought I was under already, and they started wheeling me off. My heart jumped into my throat, the stress screamed through my body “No, don’t cut me, I’m not asleep yet!”. And then I lost consciousness. Later, when I had to have the surgery again, I protested. I wouldn’t go. I wouldn’t. I was not heard. No conversation about it, ever. My parents didn’t even register that I was upset. I was forced into surgery again.

I had a diagnosis of eczema and was prescribed heavy corticosteroids. The eczema disappeared after I quit eating dairy…

I had a doctor say “gee I don’t know why your fingers turn all white and I don’t know what that is” only for me, myself, to find out it’s called Raynaud syndrome and supplementing with B12 made that disppear entirely.

I nearly died due to another misdiagnosis. I saved my own life.

Medical things are a huge trigger, especially after last year.

Last Saturday, I got an e-mail from volgjezorg.nl, a Dutch website where you can track who has access to your digital medical file. “Volg je zorg” means “Follow your care” in Dutch. I got an e-mail that something changed. My GP has several locations. Their main location was marked as “changed”. At that point in time, I didn’t really understand yet what had happened, but the page I opened said the following:

GP suchandsuch18-04-2020“Excerpt of GP medical file”Permission given

I saw similar entries for my old GP and old apothecaries, but they were old. What happened? First of all, I decided to withdraw permission for all old GP’s and apothecaries.

Then, yesterday, I got another e-mail and a new entry was added.

GP suchandsuch18-04-2020“Excerpt of GP medical file”Permission given
Apothecary whatstheirname23-04-2020“Excerpt of medication use”Permission given

Note that this wasn’t even my apothecary. Since I changed GP’s, I also have a new apothecary, but my new apothecary isn’t even in this list. So, I called my GP and Apothecary whatstheirname to ask for clarification. Who requested excerpts without my permission?? Both ladies on the phone did not know what the reason was. They would ask management to get clarification.

Thankfully, I recognized it was a trigger for me. Medical healthcare stuff is a huge trigger now. I dreaded another three or more nights of lying in bed shaking and crying. But I recognized it nearly immediately! And talked about it extensively with Joep. At that moment, I assumed that someone had looked into my file. Without permission and without reason, because I’m not under any medical care by any specialist at the moment. I was very, very angry. That evening, another friend of mine called and we talked about lots of stuff, including this. He listened to me vent about how I suspected they accessed my medical file and how violated I felt. Thanks, guys, it really helped. I had a good night’s sleep.

This morning, I decided to log in to volgjezorg again. That’s where I found a piece of the puzzle. Yesterday evening the lady from the apothecary (it’s a night apothecary, that one) had asked on the phone for my permission to check my medical file to see if any mutations were done. She told me nobody had made any changes. This morning, volgjezorg had an additional record. It was timestamped at the time of the phonecall: An exchange. That’s where it all became clear to me. You see, the table above, was in a permissions tab. So, nobody had requested any excerpts. The permission to do so had been added. Then, when I phoned the apothecary and she looked in my file, an exchange was added to the log.

That’s when I found an article in a Dutch newspaper, titled Millions of medical files open without permission. What happened? The Dutch government decided to open up all medical files. Wait, what?

Less than an hour later, my GP called me. And explained what had happened.

The nationwide electronic medical file exchange system (Landelijk Schakel Punt or LSP) had updated their database. They did this last Saturday and yesterday. My GP said they had been informed that this would happen, but they hadn’t been told when this would be done. He thought it was a good thing that I was being alert and asking questions. That was nice. He explained some details on how the exchange system works.

  1. Your GP is the ‘source holder’ of your medical file. A summary can be requested via LSP, but only by the emergency GP (huisartsenpost, a midnight and weekend-only service) and nobody else. The huisartsenpost is part of the ER here, so only if you go in with an emergency on weekends, would you encounter this. Your medical file is only visible to ER personnel if you, the patient, have given permission to exchange the data via LSP.
  2. The apothecary is source holder of your medication data. They can offer this data to GP’s, specialists, the ER, etcetera. But also only if you, the patient, have given permission to exchange data via LSP.
  3. The laboratories are the source holder for the lab data. This lab data can be requested by GP’s and specialists. But again, also when you, the patient, have given permission to exchange data via LSP. This third one is a pilot, and you may receive subsequent messages.

Note, that even if you have given permission to exchange data via LSP, you should be informed who, why and when they have accessed your data, every single time. Either you have to be there in person, at the ER or at the specialist, or they have to call you and ask you before they share it or look into it. You can also see it afterwards, on volgjezorg. The tab permissions will show who has received permission from you and exchanges will show who actually looked in your data or shared it.

When the LSP was introduced, patients were asked by their GP’s and apothecaries whether they gave permission to exchange their data. If you filled in the form, your yes or no was procesed. But, if you never filled in this form, or if you changed GP’s or apothecary and didn’t fill in the form for that new healthcare provider, then you are not marked as yes or no. You haven’t made a decision at all. In practice, this defaulted to no. Until last week…

Last week, due to the “Corona crisis”, the government decided that everyone who had not made a decision would be changed to yes. Without informing them. My GP confirmed this to me. Everyone who had not made a decision yet, would be added to the register anyway.

If I hadn’t registered at volgjezorg.nl, I wouldn’t have known. Last Saturday, my GP received permission without my intervention. And yesterday the ER apothecary received permission without my intervention.

Update: The apothecary called me back after I had written this post, saying that I already had given permission and only that the ‘certificate was updated’. They said it doesn’t have anything to do with Corona. But my GP literally said that it was indeed because of Corona. The newspaper article of April 15th writes: “Since Tuesday, the data of about 8 million Dutchies who didn’t make a choice are made accessible through the LSP. GP’s will receive software updates.” I think multiple updates are crossing eachother here. The apothecary I’m talking about is an ER apothecary and doesn’t offer ‘regular’ patient service. I think that is a factor here, although I can’t be entirely sure.

I put it on Facebook in a rather neutral way, so that people can draw their own conclusions and see for themselves how they feel about it. I myself felt very violated. (The feeling has subsided now that I have taken corrective action.)

If the government can add access to my medical file at any time, for any healthcare provider, what am I to do? Even if I say ‘no’ for my current healthcare providers, does this mean that I actually have to add every single healthcare provider in The Netherlands and check ‘no’ for each and every one of them, to have any measure of guarantee that they won’t use my data unduly? And even if I say no today, in theory they have the power to change it back to a yes when they want to. This policy signals: In all cases where you didn’t specify a preference, we will not default to the safest choice anymore. If you didn’t object, you must therefore agree. Also, we can manipulate your permission however the hell we like. WHAT??

You can revert this. Go to volgjezorg.nl and retract permission either for a specific healthcare provider, or for all of them at once. While you’re at it, go to Settings and make sure you are notified of any changes in permissions or if anyone exchanges your data.

0 Replies to “On privacy and having a say in what happens to you or your data. Or: If you didn’t object, you must therefore agree”