MoH ensures privacy, security and confidentiality of eHealth records
Signing of the patient-doctor contract with the chosen primary care professional requires entry of the patient’s personal data in the eHealth system (electronic health record system). The MoH guarantees that personal data provided by both patients and doctors is securely stored and protected.
The eHealth system transferred to the MoH
On February 5, 2018, the Acting Minister of Health Ulana Suprun signed documents related to the free transfer of intellectual property rights to the eHealth system from the the All-Ukrainian Network of PLWH and Agriteam to the Ministry of Health of Ukraine. The development of the minimum viable product (MVP) of the National Healthcare System was coordinated by the eHealth Project Office, which was created by the Transparency International Ukraine and All-Ukrainian Network of PLWH.
The Ministry of Health and the newly established eHealth state-owned enterprise (created in December 2017) will proceed with further eHealth development and implementation and continue the successful work of the Project Office. Funding will be provided by several international donors: governments of the USA, Canada, Great Britain, the Global Fund, the World Bank, the EU, and others.
The patient-doctor contract includes Agreement to personal data processing
Patient personal data will be collected only upon prior written consent and Agreement to personal data processing will be part of the patient-doctor contract, which was approved by the "Procedure for choosing a primary care provider". Therefore, by signing this contract, patients agree to personal data processing in the eHealth system.
In the near future, the eHealth system will only process the so-called "non-sensitive" personal data - passport details, individual taxpayer number, and registered residence address. Most citizents of Ukraine provide this type of personal data on a regular basis for many common purposes: at the bank, social service office, pension or subsidy registration office, etc.
Currently, the central component of this system contains no medical or other "non-sensitive" data.
The protected data center
The eHealth central database is located in a secure data center with comprehensive information security system in Kyiv, Ukraine. The Data Center fully conforms to the international (ISO 27001:2013 Certificate No.IND 17.0398/U) and Ukrainian standards (Compliance Certificate No.14162 dated July 22, 2016, issued by the State Service for Special Communications and Information Protection of Ukraine).
Cyber security experts from several independent companies, including one from the Big Four (the world's largest audit and consulting companies), took active role in the eHealth development.
The system operates in a test mode
The eHealth system has been operating in a test mode since September 2017, when it became technically possible to register a healthcare facility, doctor, and patient details in the system. The eHealth Project Office supported by donors has developed the functionality that the Ministry of Health needs to implement the healthcare reform. The proposed solution complied with the declared characteristics and the eHealth MVP is recommended for unlimited commissioning. Several team members will continue to support eHealth until the final transfer of knowledge to the teams of the Ministry of Health and a newly created state-owned enterprise.