The e-medical record is similar to China’s social credit system, a psychotherapist warns. Digital doppelgangers with constructed identities would emerge.
With the electronic patient file (ePA), not only the right to informational self-determination threatens to be lost. Rather, there is a risk of losing control over one’s own identity through the almost arbitrary construction of digital doppelgangers. The Tübingen psychoanalyst Reinhard Plassmann painted this dystopian scenario on Saturday at the 10th Congress of the Free Medical Association (FA) in Berlin. The association is committed to medical independence and has long criticized the commercialization of medicine under the primacy of returns.
ePA and “automatic data snooping”
Plassmann explained his warning that even if a student goes to a university for psychotherapeutic advice, he leaves behind a data trail that runs through his entire life. The “monstrous project” of the ePA would now add automatic digital “forms of data snooping”. The “gigantic bundle of extremely personal and medical information” invites you to comb through it with artificial intelligence (AI) and create personal profiles: “That means being able to take control of the citizen’s identity.”
Systems for determining identity not only describe key personality traits but also define them explained the specialist in neurology and psychiatry. Even with an ID card, in which data such as name, date of birth, physical characteristics, and biometric information such as photo and fingerprint and in the future probably also DNA information are stored, a digital double is created in the system. This is processed and assessed, for example, used to decide who will be allowed through a border.
The algorithm creates arbitrary identities
Reinhard Plassman Image: Stefan Krempl
Plassmann explained that the use of such invariable information alone could have massive repercussions, for example, if a name is misspelled or the place of birth is confusing. Victims could be arrested, treated as “nobody,” or even landed in Guantanamo. If, for example, membership of a political party, the number of offenses committed, or economic status were recorded in the ID card or other identity systems, a government could link these parameters and construct itself variably who and what someone is.
According to the researcher, this now means that an algorithm puts together pieces of information according to its own interests and thus creates almost any identity. If undesirable social characteristics accumulate, those affected could then be exposed to certain negative consequences. The ePA has exactly such properties, but so does China’s social credit system based on information collected in real-time: Anyone who distributes ten wrong likes here has already lost their 1000 starting points.
Data errors with “catastrophic consequences”
According to this reading, the ePA enables “toxic electronic access to the identity of the person”, Plassmann complained. From birth to death, “all medical data migrated into a gigantic, swelling sentence”. The careful ordering, systematization, and entry of the reports, expert opinions, and anamnesis that are actually required are not feasible at all. If a psychosomatic discharge report by “Felix Meier” ends up in the file of a namesake, the burden of correction lies solely with the latter. In no time at all, such a document migrates to other systems such as the doctor’s practice software or the public prosecutor’s and employer’s databases.
“Unavoidable data errors have catastrophic consequences in medicine,” the scientist pointed out. Citizens are unable to exercise the final, finely granulated control over the ePA stock that was promised to them, given the amount of work involved and the subject matter, which is difficult for laypersons to understand. Instead of an opt-out, he is likely to be urged to give a general consent to the storage and use of content. The circle of authorized users is then very large, ranging up to a clinic employee who could find out about psychotherapeutic treatments that have taken place.
In fact, the ePA will be “public”, stated Plassmann. This is comparable to the “horrible idea” of a securities account in which third parties “can initiate transactions at my expense”. Even when entering search terms manually, the risk of misinterpretation of the results is high. However, it explodes when automatic query algorithms are used: any images of a person can be created that become independent and cannot be recaptured.
The practitioner dismissed the fact that the whole thing had a medical benefit as a “fairy tale”. It is unthinkable to identify a specific X-ray image that is needed for a comparison in this mountain of data. At best, chance finds would be possible. “The madness is so obvious, why are they doing it?” asked Plassmann. Apparently, legions of lobbyists from the pharmaceutical and IT industries are “active from morning to night” in order to keep politics in step.
Digitization has become an end in itself
Andreas Meissner, spokesman for the Alliance for Data Protection and Confidentiality, referred to standard justifications that “international competition is repeatedly invoked”. Google and Amazon would otherwise tap the health data, it said. But what does it say about governments if they are unable to rein in US big corporations? It can also be heard that Estonia is ahead. There, however, there had already been a data leak in the ID card, which also enabled access to the patient file.
Digitization has become an end in itself, a religion, complained Meißner. He estimates that up to six billion euros have flowed into the local telematics infrastructure (TI) and the ePA so far. Life expectancy will not improve as a result. On the other hand, general practitioner positions could no longer be filled, medicines could not be produced due to missing components, and patient sovereignty would be lost. In addition, there are already centers for rare diseases: These are not easier to find in big data at the research data center or in the planned EU health data room. For the Munich psychiatrist, it is therefore clear: “We are solving the wrong problems.”
Vulnerabilities and security gaps have been known for a long time
This was confirmed by Martin Tschirsich and Andre Zilch. For around five years, the two of them, together with other experts from the environment of the Chaos Computer Club (CCC), have repeatedly uncovered glaring weaknesses and security gaps – for example in the ePA test balloon Vivy, corona apps and vaccination certificates, practice software, the doctor’s appointment booking software Doctolib, a digital doctor’s calendar or with VideoIdent systems. In the healthcare system, qualified signatures are often used unnecessarily – as with the electronic certificate of incapacity for work (eAU), Tschirsich gave an example. On the other hand, due to the effort involved, nobody dares to tackle the core issue, the proof of the identity of participants and thus the preservation of the integrity of the procedures.
Martin Tschirsich Image: Stefan Krempl
The “small technical problem ” that Federal Minister of Health Karl Lauterbach (SPD) conceded with the e-prescription is a larger one and has been known in principle for a long time, reported Tschirsich. For example, every pharmacist could have called up all open prescriptions on a central server without end-to-end encryption, without having the electronic health card (eGK) of a submitter or patient. It is also unclear whether the eGK is treated as a means of authorization at all: At present, only the associated PIN letter is delivered securely.
Difficulties in assigning an authorized person
As early as 2019, security researchers had complained that there was no identification at all for pharmacy and practice ID cards. To this day, a phone call is enough to have such a document sent to the address of a pharmacy that you quickly set up yourself, said Tschirsich. A review should only take place at the beginning of the second quarter of 2023: “We leave the hard nuts aside.”
“The organizational processes are so flawed,” added Zilch. Every attacker starts at this weakest point, which you don’t need any technical knowledge from cybercriminals to exploit. All authorization cards for the TI are still not issued in a way “to ensure that only the authorized person receives them”. Similar assignment difficulties would have brought down the organ donation card from Swisstransplant and the corona vaccination certificate in Switzerland.
The pharmaceutical industry with access to patient data
Only state data protection officers saved the doctors from a complete loss of confidentiality and the right to informational self-determination, summed up Silke Lüder from the FA. The association is very critical of the central storage of patient data, especially since the pharmaceutical industry should now have access to it. Lauterbach helped initiate this back in 2002. The employer call-off procedure for eAUs from January is also likely to lead to chaos: millions of companies would then have to contact health insurance companies and check how long an employee has been on sick leave.
As a next step, a cloud will be created “to sell patient data” that hackers can use,” Christian Messer, chairman of the MEDI Berlin Brandenburg doctors’ association, criticized the Minister of Health’s recent statements. It is necessary to exchange data electronically. However, decentralized systems such as the internal medical digital information in Baden-Württemberg functioned excellently.