- A visit to any health facility in Ghana exposes how such a space is not a priority of our healthcare. To start with, basic information is obtained from new patients without any explanation given or consent sought, often in a crowded environment and within an earshot of many; ...
In Umberto Eco’s view, “a book is a fragile creature, it suffers the wear of time, it fears rodents, the elements and clumsy hands. So the librarian protects the books not only against mankind but also against nature and devotes his life to this war with the forces of oblivion.”
Ideally, each man will want to be the librarian to their health records with disclosure made on a need to know basis to only those involved in their care and others of their choosing. In many countries, laws are enacted to ensure that health data is carefully protected with serious repercussions for any breaches. In Ghana, the Data Protection Act 2012 (Act 843) is premised on the fundamental rule that all who process personal data must take into consideration the right of that individual to the privacy of his or her communications. However, according to a publication “Patients’ Access to Medical Records: Is It a Privilege or a Substantive Right? (2015)” the authors argue that “there is no legislation regulating patient’s access to information contained in medical records, save the Ghana Health Service’s, Patient Charter.” This for me is a concern and one that needs urgent attention.
Health records are collected for one reason only and that is to ensure those involved in patient care make decisions that are in their best interest. This then puts those who obtain such information in a situation where confidentiality must be kept. Confidentiality ensures that a trusted space is created for patients to speak openly so the best diagnosis can be made and prognosis improved and thus puts a duty of care on professionals. I must emphasise that the professional obligation to patient confidentiality is not just about a failure to divulge information obtained but includes a responsibility to make sure that all records containing patient information are obtained legally, retained appropriately and are kept securely.
A visit to any health facility in Ghana exposes how such a space is not a priority of our healthcare. To start with, basic information is obtained from new patients without any explanation given or consent sought, often in a crowded environment and within an earshot of many; with the assumption that attending the facility indicates consent is implied. Also, the data processor invariably fails to explain to patients their right to access the collected information and how that can be achieved; thus breaching all the provisions of confidentiality and sets the stage for a patient journey froth with disrespect as privacy and understanding, key provisions of the Data Protection Act are thrown out of the window. This primary data is kept often manually and becomes the basis on to which all other data is added with no one in the chain realising that the fundamentals of patient care have been ignored.
Having completed the patient journey the records are retained, another area of concern. By law, “a data controller who records personal data shall not retain the personal data for a period longer than is necessary to achieve the purpose for which the data was collected and processed.” In the context of health, “longer than necessary” in my view needs clarification. However, this is a grey area as the manual backbone of our record keeping does not allow for data around death and relocation to be added to many records so effective archiving can be achieved.
Compounding the issue further is the fact that often these manual records are lost, risking unsolicited disclosure which could be used to blackmail patients. Some may see this view as preposterous but with the level of vitriol that permeates our society, it is a concern I am not prepared to discount. Truth is ones’ health records in the wrong hands can be a lethal weapon with debilitating effect. With our level of treachery, it is not beyond the realms of imagination for peoples health status to become turf ground in our politics and celebrity culture. We must not wait for this to become the norm before we cry wolf with the benefit of hindsight, firefighting a solution.
This is why I believe health data protection must be a priority. We need to begin to move away from being a people who enact laws just for the sake of it and become those who ensure that these laws have teeth. For those of us who work in the health profession, it is important that we make ourselves conversant with the provisions of the Data Protection Law as a minimum and ensure that ensigns responsible for the collecting, processing and storage of patient identifiable data have a clear understanding of their responsibility; that there is no specific legislation regulating patient’s access to information contained in medical records is no excuse. In fact, I would not advocate for one until the current Data Protection Act is made and seen as operational.
We need to be both creative and assertive in dealing with this problem in our health eco-space. We must accept that the manual paper trail similar to a book suffers all the risks Umberto Eco eluded to. It is fragile, suffers wear and tear, can be at the mercy of the weather and in clumsy hands can be turned into a weapon of deception and blackmail. We must be alive to the fact that none of us can be personal librarians to our health record but must not be at risk because we cannot.
As a person who believes that there is considerable money to be made in our country just from a realignment of our lawlessness to lawfulness, I will want to be radical and encourage the government to cut considerably it’s funding for the Data Protection Commission, encouraging them instead to make up any shortfall through fines and set Key Performance Indicators (KPIs) for this to be achieved. It will surprise many how much money they will make just from the health sector and how quickly data protection will become a priority.
This will also encourage many in this sector to go digital and enhance the government’s drive towards healthcare digitalisation. More importantly, it will help to safeguard patient information, enhance confidentiality provisions and create the free space within which patients can trust. While improving health outcomes and medical research in its wake, it could also become a hive of new entrepreneurial thinking where prototypes on how health information should be captured, stored and mined. This will evolve and create a new service industry parallel to health and bring about numerous jobs that do not exist today.
Mr Government, in our country, this Data Protection Act is a mint you cannot ignore; please ruthlessly enforce it and realise that contrary to popular belief, sometimes money grows on trees.