EU Public Consultation on Data Protection

December 2009

Q1 Views of EHFCN on the new challenges for personal data protection, in particular in the light of new technologies and globalization.

General comment:

The aim of the European Healthcare Fraud and Corruption Network is to improve European healthcare systems by reducing losses to fraud and corruption.

Corporate members of EHFCN are governmental or private entities directly involved or with a specific role in countering healthcare fraud and corruption.

EHFCN supports its members in their work to use effective prevention and detection systems and to conduct professional investigations in cases where fraud and corruption committed by patients, healthcare providers, suppliers and staff are suspected.

The prevention, detection and investigation of fraud and corruption in cross border healthcare moreover, require cooperation and a systematic exchange of information - personal sensitive data included - between these national operational entities. The networking of records should make it possible to prevent fraud and corruption in cross border healthcare being committed by the same offenders in different countries of the Union.

Although EHFCN recognizes  the individual right of every EU citizen of having his or her privacy protected at the highest level possible, patient safety and the public interest (correct allocation of healthcare budgets) should allow a restricted and regulated exchange of sensitive (administrative and judicial) personal data between competent authorities of all Member States.

Although EHFCN acknowledges potential abuse and the risk of violation of privacy in new technologies such as the use of internet, e-health (electronic patient dossiers and billing), cyber applications (chip implants, telemedicine) etc., they are considered by EHFCN to be an added value in the fight against fraud and corruption in cross border healthcare.

New technologies facilitate data entry, data matching, data mining and data exchange under the condition however of strict but workable protocols. Another example of a new technology is wireless automation. It has been mentioned that wireless is ideal as it is fairly inexpensive and allows any sensors and devices to be installed at any time rather than just at the beginning of the installation process. Particularly relevant to hospitals and health services are indoor location awareness wireless building automation which allow tracking of patients and also allow tracking of the nearest doctor in emergency situations. But these useful services can also be tampered with which means that this new device can also be a danger.    

Globalization and the consequential increase of patient and healthcare provider mobility (enhanced by freedom of movement and the Internal Market in the EU) is a risk factor for increased fraud and corruption in cross border healthcare.

The EU draft directive 2005/36/EC gives patients and practitioners the right to free movement throughout the Members States. This means that patients are more mobile than ever before. Providers in various Member States are also keen to attract patients across borders and may emphasize the higher quality of treatment outside a patient Member's State. As a result it is now common place for patients to shop around for the best quality most affordable and most readily available treatment. This increases the opportunities to commit fraud.

Variation in privacy regulations and data protection rules results in the fact that patient records and other information cannot be shared between healthcare providers, regulatory bodies, etc. This means that unscrupulous practitioners can cross borders following disciplinary action in order to escape their past and to continue to practice unsafely. Patients who commit fraud can likewise cross borders knowing that information about the fraud they have committed cannot be shared and therefore they can carry out the same activities in another member state.

The increasing mobility of patients and healthcare practitioners from non-EU countries adds to this problem.

Q2. In the view of EHFCN, the current European legal framework does not meet these challenges. There are neither protocols nor common standards of gathering and exchanging (criminal, civil and disciplinary) evidence in matters related to fraud and corruption in cross border healthcare.

Q3. EHFCN situates future action to address these identified challenges on 3 possible levels:

• Bilateral agreements between (competent authorities of) Members States. Recently France and Belgium (CNAMTS and INAMI) have signed an agreement regulating the exchange of personal data in ad hoc cross border cases of suspected fraud and corruption in healthcare.

• The clarification of existing European information channels for exchanging sensitive  personal data related to fraud and corruption in cross border healthcare : Europol, the European Criminal records Information System (ECRIS),SIS II etc. Condition is however that all of the information related to fraud and corruption in cross border healthcare should be clarified through one channel only.

• The establishment of a new agency charged with the task of developing a system of information exchange related to fraud and corruption in cross border healthcare. This agency can also be the competent authority certifying healthcare providers and facilitators offering services in a cross border healthcare setting (medical travel etc.) based on quality standards and accreditation.

EHFCN is in favor of this last solution.