Kyiv: In the context of general reformism in Ukraine in different industries, we are trying to inherit the best from the countries that are leaders in the world. Medo form is no exception. Reading the reform program, the order of actions for which it will be implemented, you can see yourself thinking that those posts in the social networks of our opinion leaders about "victory" are true, because if such projects come to Ukraine, it will indicate development in our state.
Nevertheless, as always, there are many “but” points to the imperfection of medical reform in Ukraine, a vivid example of which is E-Health, an integral part of this project, the main goal of which is to transfer medical institutions of our country to electronic mode and conduct partial rejection of paper forms and other forms, the filling of formation, which takes a significant amount of time from doctors, distracting them from their main work.
When you register with E-Health, sign a declaration with a doctor or something else - you provide the medical institution with its own data, which later becomes an electronic patient record, where, in addition to your basic data, the entire medical history, tests, etc. are saved. Immediately, a number of questions arise: "Where will this data be stored? Who will protect them? Or will someone not be able to use them for their own purposes?".
I decided to sort out this issue and realized that everything was far from perfect. When a medical institution buys an IIA (Medical Information System), that is, the very basis on which all the informatization of a medical institution rests, must be sure that these developers, from whom they directly buy, are able to provide the necessary level of protection of the medical data of patients established by law. By law, it is the medical institution that is the manager of the medical data and is responsible for their integrity and safe storage. The law requires that all medical institutions operating in the information field, and have access to electronic data of patients have certificates KSZI. KSZI is a complex that includes a certified MIS, which is a certified server,
But, as it turned out, only a few representatives of the MIS market have certificates of the KSZI, and what do the others think? Who gave them the right to save data without having any certificates and permits provided by law?
How is this dangerous?
First of all, everyone has the right to their own intimate life, and any data on illnesses and other secret moments should be distributed only when the person himself wants it. When a medical institution creates an electronic database of the patient or something else, without having guarantees of protection of this data, it substitutes the patient and himself, because no one knows how it will be used and what hands it will fall. Frankly, this is a gross violation of Article 32 of the Constitution of Ukraine, which guarantees the safety of a citizen’s own life.
Who neglects the law?
Having studied the site of the State Service for Special Communications and Information Protection, it is easier to talk about who does not neglect the law. All the MISI that is cloudy, do not build any data centres or KSZI and it's scary because in general it is not known where the data is stored.
Why there was such a problem?
Considering the love of our people to do everything at the last moment, I was not surprised, but the Ministry of Health really set up a large part of the medical institutions of Ukraine, having conducted minimal tests among IIAs and pointing out that it is necessary to choose an IIA from an accredited list to be able to receive funds from NSZU, and most of them, as it turned out later, simply do not have the right to save patient's data.
Then it turned out that 95% of all medical institutions connected to the NSZU were not certified by the CSIS, and they cannot, because the IIA systems do not have certificates of conformity.
Then strange things happened. The central component of the system, which is now owned by the State Enterprise “Electronic Health”, receives the CIPS and becomes a protected and certified storage place for medical data. But KSZI is a complex, which in fact is not.
What will happen next?
According to the law of Ukraine, in order not to lose the KSZI certificate, the central component must close access to its base to all medical institutions without KSZI, and it does not matter whether there is certification in the IIA system or not. But this will not make it possible for medical institutions to report to the NSZU and receive legal payments. And the collapse of the system will occur, and the whole reform will end there.
The Ministry of Health understands this, therefore they close their eyes to this and drop the charges and transfer them to the shoulders of the chief doctors, responsible persons of the medical institution, etc. because they actually choose non-certified IIA systems and give them the medical data of patients.
What should be done?
In order to save the situation and not let the opponents of the reform have reason to criticize it or even stop it in some way, it is necessary to remove the responsibility of the main doctors before choosing an IIA, close non-certified medical systems (give them a month to receive a certificate), access the central component, and ZOZnam that they already use to give an alternative. ZOZs must build a system and get the CRRP, as the only legitimate opportunity to store and work with medical data. After all, in order to finish the reform, you need to do everything according to the law, so that the next government will not have the opportunity to wrap the whole reform as illegal.
Fedor M., especially for FNI