This chapter describes the key strengths and limitations of the Dutch health system in terms of establishing an integrated health information system. It examines key legislation and policies, health data infrastructure and health data interoperability for several purposes including direct patient care, measuring health care quality, developing personal health environments, and enabling research infrastructures for the life sciences and the social sciences. Several key strengths and advantages are identified. But the chapter highlights some of the problems brought about by a fragmented, market-based system for smooth exchange of, and access to, health data for various purposes that are in the public interest. The chapter identifies the need for a generic, co‑ordinated policy strategy towards digitalisation that is under the stewardship of the central government and includes a broad array of stakeholder groups in its design and implementation.
Towards an Integrated Health Information System in the Netherlands
3. The strengths and weaknesses of the current Dutch way of managing health and social care data
Abstract
The previous chapter outlined the key characteristics of the Dutch health system and how these influence the management and use of data to achieve policy objectives. It described the main features of an integrated health information system in normative and positive terms. It also explained how developments in health data governance and in interoperable electronic health record systems (EHRs) compare across OECD countries and highlighted related European projects.
This chapter examines the main strengths and shortcomings of current arrangements in the Netherlands regarding the establishment of an integrated health information system including legislation and policies, health information infrastructure and health data interoperability. Separate discussions and initiatives are taking place within the Netherlands about the interoperability of clinical data for direct patient care, for measuring health care quality, developing of personal health environments, and about the creation of research infrastructures for the life sciences and the social sciences. But a national effort toward creating an integrated health information system that could modernise patient experiences, support integrated health care delivery, improve monitoring of public health, support evidence‑based policy making, and encourage innovations in health technologies and advancements in life sciences and social science research is still mostly absent.
The importance of such a system has recently been highlighted in the Dutch media,1 which reported difficulties with transferring COVID‑19 patients between hospitals because their medical information cannot be exchanged electronically. This results in not only delays and inefficiencies – with busy clinicians having to manually transcribe patients’ data from the local electronic record to a CD to send with the patient – but also the risk of subsequent medical errors that manual transcribing of information entails.
Before the elections in the Netherlands in March 2021, the majority of political parties expressed the need for further digitalisation in general and the need to address digitalisation in health care specifically. Following the acceptance of the new law on interoperability of health care data (WEGIZ) in both chambers, follow up plans have been published and discussed in parliament (i.e. letter of the minister of health to parliament of 15 October 2021). The need for a more generic strategy towards digitalisation under the stewardship of government seems to be broadly supported and will likely result in further steps by a new cabinet. At the time of writing, coalition talks between the four parties presently comprising the cabinet are taking place with the intention to reach agreement on programme and composition of a new cabinet.
Several strengths and advantages will enable creating an integrated health information system
Netherlands performed well compared with OECD countries in many aspects of health data maturity, use and governance in the 2019‑20 OECD survey discussed in Chapter 2. In most cases, the data needed to achieve an integrated health information system and fulfil the government’s policy objectives exist. All that is needed are a set of consistent rules to connect actors in the information system together and to enable access to the right data by the right people at the right time.
Expert consultations revealed other strengths. For example, patient engagement and leadership of patient groups toward data interoperability is strong in the Netherlands. Significant progress has been made in developing data exchange standards. The Informatieberaad Zorg (IB) has made good progress in advancing the case for data exchange for better care delivery, although the IB is a voluntary body with no legal status or funding and its membership and focus is limited to primary users and use of health data.
The Dutch Erasmus University MC leads the development of an open science federated network of data providers in Europe called the European Health Data & Evidence Network (EHDEN) that are coding health and health care data to the global Observational Medical Outcomes Partnership (OMOP) common data model (EHDEN, 2021[1]). The CBS provides an example of good practice, but its limited remit prevents it from working actively in the health space. Two Dutch initiatives – ODDISSEI and Health RI – exhibit the right characteristics to promote better data management for secondary purposes.
In addition, the Netherlands has a unique ‘can-do’ culture with a strong tradition of finding solutions to seemingly intractable problems. This has often relied on striking a balance between individual liberty and the need for collective action (it is, after all, a country that manages to not only exist but thrive below sea level).
An example of local innovation in this context is the personal health train – an important technology developed in the Netherlands, which can enable data exchange on a distributed/federated network thus avoiding the need for central aggregation of personal data (Dutch Tech Centre for Life Sciences, 2021[2]). Similarly, the EHDEN project is a federated network that avoids the need for central aggregation of personal data.
Data custodians in the Netherlands adopt different approaches to health data governance and exchange
The Netherlands’ health data landscape is characterised by the highest number of data custodians reported in the OECD. This fragmented structure does not preclude being able to leverage available data to achieve the objectives listed earlier. It does, however, create greater challenges to data sharing and integration than in other countries.
A 2019/20 OECD survey found that most OECD countries have 3 to 5 custodians of the 13 national health and health care datasets considered integral to a national health information system. Custodians of these data are usually national governmental organisations such as health ministries, national statistical offices or health information agencies funded by the government (Oderkirk, 2021[3]).
The Netherlands reported nine separate custodians of key national data sets, with only one custodian being a fully governmental body, the CBS. Most data custodians are either government-funded autonomous foundations or institutes, or private‑sector funded non-profit organisations (Table 3.1).
Dutch health data custodians adopt different approaches to health data governance, including policies around data sharing and access to data for within-country and cross-border statistical and research projects (Table 3.2 and Table 3.3). Further, their adoption of best practices to protect privacy and data security, including ‘privacy-by-design’ varies.
The lack of a Common Data Model for health and related social and socio‑economic data, as well as a common data governance framework for data exchange, dataset linkage and integration, translates into each instance where data need to be integrated across different organisations becoming a separate project requiring a great deal of effort to standardise data elements, develop governance arrangements, seek approval for data sharing and integration and so on. In new data integration projects, the majority of funding and human effort is taken up by these preliminary steps and the analytical and publication steps are a minority of the effort.
Nonetheless, the Netherlands conducts projects on a regular basis that require record linkage across key national health datasets. The key national health datasets investigated by the OECD in 2019‑20 include hospital and mental hospital in-patients, emergency care, primary care, prescription medicines, cancer, diabetes and CVD registries, long-term care, population health survey, patient-experiences survey and mortality data.
With the strong flow of health care data to the Netherlands CBS, the Netherlands is among a minority of OECD countries who regularly link health and health care data to a rich set of contextual data about risk factors, living conditions, socio‑economic status and demographic data. Population registry (demographic) data are linked with hospital inpatient, mental hospital inpatient, primary care, cancer registry, long-term care, mortality and population health survey data. Tax data (income) are linked to hospital inpatient, long-term care and population health survey data. Quality of life questionnaire data are linked to cancer registry data.
However, there are key datasets in the Netherlands that are not regularly linked and that are crucial to understanding health trajectories and outcomes including national data on prescription medicines as well as data within the national cardiovascular disease and diabetes registries and data on patients in emergency health care.
Table 3.1. Custodians of the Netherlands key national health datasets
Key National Health Dataset |
Dataset Custodian |
---|---|
Hospital in-patient data |
Dutch Hospital Data (DHD) + CBS |
Mental hospital In-patient data |
NZa (Nederlandse Zorgauthoriteit) |
Emergency health care data |
Veiligheid NL (Consumer and Safety Institute) |
Primary care data |
Nivel (Nederlands Instituut voor Onderzoek van de Gezondheidszorg) |
Prescription medicines data |
Zorginstituut Nederland (ZiN) |
Cancer registry data |
Netherlands Comprehensive Cancer Organisation (IKNL) |
Diabetes registry data |
DPARD (Dutch Pediatric and Adult Registry of Diabetes) |
Cardio-vascular disease registry |
Nederlande Hart Registratie (Dutch Heart Registration) |
Mortality Data |
CBS (Centraal Bureau voor de Statistiek) |
Formal long-term care data |
Several organisations (CIZ, Het CAK, NZa, ZIN, SVB, Bureau Jeugdzorg, Vektis) |
Patient experiences survey data |
n.a. |
Population health survey data |
CBS (Centraal Bureau voor de Statistiek) |
Population Census/Registry data |
CBS (Centraal Bureau voor de Statistiek) |
Source: OECD 2019‑20 Survey of Health Data Development, Use and Governance. See Oderkirk (2021[3]), “Survey results: National health data infrastructure and governance”, https://doi.org/10.1787/55d24b5d-en.
Table 3.2. Sharing and access to de‑identified data varies by health dataset custodian
Analysts from the following organisations could be approved access to de‑identified data for statistical or research purposes in the public interest
|
Hospital in-patient data |
Mental hospital in-patient data |
Emergency health care data |
Primary care data |
Prescription medicines data |
Cancer registry data |
Diabetes registry data |
Cardio-vascular disease registry data |
Mortality data |
Formal long-term care data |
% of national health care datasets |
---|---|---|---|---|---|---|---|---|---|---|---|
Government ministry or government national data custodian |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
80% |
University or non-profit research institute |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
80% |
Health Care Provider |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
70% |
For-profit business |
No |
No |
No |
No |
Yes |
No |
No |
Yes |
No |
No |
20% |
Foreign university or non-profit research institute |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
No |
60% |
Source: OECD 2019‑20 Survey of Health Data Development, Use and Governance. See Oderkirk (2021[3]), “Survey results: National health data infrastructure and governance”, https://doi.org/10.1787/55d24b5d-en.
Table 3.3. Data protection and security policies and practices vary by dataset custodian
|
Hospital in-patient data |
Mental hospital in-patient data |
Emergency health care data |
Primary care data |
Prescription medicines data |
Cancer registry data |
Diabetes registry data |
Cardio-vascular disease registry data |
Mortality data |
Formal long-term care data |
% of national health care datasets |
---|---|---|---|---|---|---|---|---|---|---|---|
Legislation authorises dataset creation |
Yes |
Yes |
No |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes2 |
80% |
Data Protection officer |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes2 |
Yes |
100% |
Control and tracking of staff data access |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
No |
Yes |
Yes |
60% |
Process to assess risk of data re‑identification |
Yes |
Yes |
No |
Yes |
No |
Yes |
No |
Yes |
Yes |
Yes |
70% |
Treatment of variables posing a reidentification risk |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
No |
Yes |
Yes |
80% |
Public description of the dataset including its legal basis |
Yes |
No |
Yes |
Yes |
Yes |
n.r. |
Yes |
Yes |
Yes |
No |
70% |
Sharing data with external researchers is legally authorised |
Yes |
Yes |
No |
Yes |
Yes |
No |
Yes |
No |
Yes |
Yes |
70% |
Individuals consent or opt-out to data sharing |
No |
Opt-out |
Opt-out |
Opt-out |
Consent |
No |
Opt-out |
No |
Consent/ opt-out |
Consent |
70% |
Procedure to request access to data and approval criteria are public |
Yes |
Yes |
No |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
80% |
Procedure to request a dataset linkage and approval criteria are public |
n.a. |
Yes |
No |
Yes |
No |
Yes |
No |
Yes |
Yes |
Yes |
60% |
Approval body for dataset linkages |
n.a. |
n.r. |
Veiligheid NL (Consumer and Safety Institute) |
GPs and privacy committee |
n.r. |
n.a. |
n.a. |
Board of directors |
Central Bureau of Statistics |
Health care insurers |
50% |
Standard data sharing agreement |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
100% |
Secure remote data access service |
Yes |
Yes |
No |
No |
No |
No |
No |
Yes |
Yes |
No |
40% |
Supervised research data centre |
No |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Yes |
30% |
Source: OECD 2019‑20 Survey of Health Data Development, Use and Governance. See Oderkirk (2021[3]), “Survey results: National health data infrastructure and governance”, https://doi.org/10.1787/55d24b5d-en.
Legislation, regulations and their interpretation can hinder data exchange
In their submission to the 2019‑20 OECD survey, Dutch officials reported that organisations can create datasets and can undertake dataset linkages only if their proposed activities meet the requirements of the EU General Data Protection Regulation (GDPR) and the Medical Treatment Act. The Netherlands’ Data Protection Authority evaluates whether datasets meet GDPR requirements.
However, without national health data governance guidelines for the implementation of the GDPR, officials reported that dataset custodians each have their own interpretation of the GDPR and that some have interpreted the GDPR as indicating that past data exchange arrangements are no longer legally permitted. For example, sharing data between custodians for the purpose of calculating indicators of health care outcomes by health care institution is often considered legally prohibited.
The current approach reduces benefits while increasing risks to data privacy
A fragmented approach to health data management creates (a) missed opportunities to generate improvements in health and other desirable outcomes, and (b) heightened risk of personal health data being compromised. A recent example of a potentially preventable health data privacy breach was due to an absence of stronger security requirements on institutions handling personal health data and resulted in attempts to sell individuals’ COVID‑19 status on the dark web (see Box 3.1).
Box 3.1. COVID‑19 data breach could have been avoided by stronger governance
In February 2021 there were local and international media reports of a large breach of personal health data from the systems of the Gemeentelijke gezondheidsdienst (GGD). The GGD is responsible for COVID‑19 testing and vaccinations. Media reports and experts interviewed by the OECD indicated that there was a lack of safeguards including a lack of staff data access controls, gaps in the tracking of staff data access, inadequate supervision of data protection, inadequate staff training in data protection, and a lack of system-level data protection against the risk of data downloading.
A strong, national data governance framework, with requirements for data custodians to adopt and maintain a privacy-by-design approach to their IT systems and with the controls and safeguards required of data custodians that are set out in the OECD Recommendation on Health Data Governance, may well have limited or avoided the egregious data breach (see Annex B). For example, the OECD Recommendation in Article 12 sets out safeguards to be implemented within health data custodians including lines of accountability, data privacy and security training for all staff members, formal risk management processes, and technological, organisational and physical measures designed to protect privacy and data security.
Source: Loohuis (2021[4]), “Data of Thousands of Dutch Citizens Leaked from Government COVID‑19 Systems”, https://www.computerweekly.com/news/252495983/Data-of-thousands-of-Dutch-citizens-leaked-from-government-Covid-19-systems.
Privacy-protected data uses are supported by the GDPR but need to be implemented
Implementation of the GDPR can include national legislations regarding the collection, exchange, linkage and accessibility of health data and authorisation of data processing by a legal basis that is not limited to patient consent. Implementation guidelines for organisations processing health data are also necessary to avoid divergent interpretations that unnecessarily reduce data exchange and collaboration.
A recent preliminary opinion of European Data Protection Supervisor regarding the creation of a European Health Data Space (EHDS) explains that because the space will be created to enhance access to health data in order to allow for evidence‑based policy decisions and for scientific research within the EU, they do not consider Article 6(1)(a) GDPR (i.e. consent of the data subject), as the most appropriate legal basis (EDPS, 2020[5]). Instead, they refer to Article 6(1)e that authorises health data processing where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; Article 9(2)(i) that allows processing of sensitive data for reasons of public interest and Article 9(2)(j) that authorises processing operations involving health data when the processing is necessary for scientific research purposes. Further, they explain that Article 89 allows member states to develop legislation that provides for derogations from certain rights, subject to safeguards.
GDPR provisions may still provoke some limitations, however, such as the use of data for exploratory purposes including machine learning and AI algorithm development, which require greater volumes of data than principles of data minimisation may support (Oliveira Hashiguchi, Slawomirski and Oderkirk, 2021[6]). Another example is the use of blockchain technologies which can violate rights set out in the GDPR, such as the right to erasure (OECD, 2020[7]). Resolving these issues will require further work at the European level but do not limit the Netherlands from adopting the recommendations set out in this report.
Both a national health data governance framework and guidance on the implementation of the GDPR would help to overcome different legal interpretations that are limiting data sharing in the Netherlands. It is therefore encouraging to hear of discussions about legislation governing secondary uses of health data have begun. Such laws to enable secure access to personal data for research and other purposes with public benefit have been enacted in other jurisdictions and were discussed in Chapter 2.
A further issue raised by experts in the Netherlands are legacy legislations that precede the GDPR and that may create unnecessary obstacles to the exchange and use of health data. In particular, the Medical Treatment Contracts Act (Wgbo) requires doctors to obtain patient consent to share data with third parties. Third parties include quality standards/registers. Under Wgbo, patients are required to provide explicit consent for their records to be included within the Landelijk Schakel Punt (LSP). As a result, the exchange is missing data on non-consenting patients and for patients whose health care provider did not ask them to provide consent. This limits the reliability of the data for direct care or secondary uses.
New framework law is a good start but will need follow-on administrative orders and policies to achieve the desired result
A new framework law (Wegiz) introduced in 2021 aiming to improve health data interoperability takes a cautious and incremental approach, raising concerns among experts interviewed that full health data interoperability would not be achieved. Experts interviewed indicate that the law asks health care professionals to set standards for treatment. The standards are then submitted to the National Quality Register, which has a legal status. When the National Quality Register adopts the standard, it would become a norm that the Inspectorate has the authority to uphold. The ministry would then ‘translate’ these professional standards into technical/informational requirements.
The framework law will likely require additional follow-on administrative orders to authorise the new standards called for by professional groups. Experts interviewed are concerned that the process could be slow and potentially result in conflicting and incomplete sets of standards. To avoid this, follow-on administrative orders could take a more holistic approach, broadening the conditions for agreed data standards for all the purposes in the public interest (direct care and secondary data uses that would benefit the public, including quality monitoring). Follow-on administrative orders must also ensure that standards are not limited to health care data, but also include public health and social care data which are key to an integrated health information system.
A recent letter from Minister De Jonge to parliament (15 October 2021) outlies ways in which implementation of the Wegiz is being expedited.
Further development and implementation of information standards (technical “how”) and quality standards (clinical “what”) is foreseen
The Framework law requires the development and implementation of information standards and complementary quality standards. Evaluating and adopting standards is a complex undertaking. Before recommending standards, it will be necessary to evaluate whether health care providers and organisations could conform to new requirements and the evaluation will necessitate acquiring knowledge about the various IT architectures and software in current use including the different structured terminology standards and uses of free text (unstructured data). Supporting health care providers and organisations to adopt standards will require implementation guidelines that are feasible and specific enough for IT developers to implement within diverse architectures, terminologies, data quality standards and other variations across the Dutch health information system landscape. Since quality registers may not have expertise in IT architectures, software development or existing IT systems, it will be essential to support quality registers with a consortium of partners with health informatics skills.
A useful reference for the scope of this work may be the HL7 Clinical Quality Information Work Group and the related Da Vinci Project (see Box 3.2). These projects of HL7 require a diverse set of partners with skills encompassing the full spectrum of the project, particularly experts in the IT architectures and software who can prepare implementation guidelines and draft software codes for IT developers to follow so that clinical information systems might be adapted to produce the desired data and information.
Box 3.2. HL7 Clinical Quality Information Work Group and Da Vinci Project
The Clinical Quality Information (CQI) Work Group is creating and maintain HL7 standards in support of measuring and reporting on quality in health care including dimensions of safety, effectiveness, patient centredness, timeliness, efficiency and equity. To do this, the Work Group collaborates with other HL7 Work Groups with expertise in data models, content, and expressions that can affect the measurement of quality of care. Communication is frequent with the following Work Groups: Clinical Information Modeling Initiative (CIMI), Fast Healthcare Interoperability Resources (FHIR), Implementable Technology Specifications (ITS), Patient Care (PC), Structured Documents (SD), Orders and Observations (O&O) and Pharmacy (Pharm).
The HL7 Da Vinci project is working to solve data interoperability problems to enable value based care. Da Vinci is a private sector driven initiative of US health care payers, providers and IT software vendors that work together to define business problems, identify the corresponding data exchange requirements and use that information to draft standards in the form of implementation guides and sample software code.
Outputs of the Work Group and Da Vinci include standards specifications and implementation guides that provide detailed guidance for IT developers to follow. Before such work is adopted, there is a process to review and test new specifications and there are levels of approval within HL7 that must be passed.
Source: HL7 (n.d.[8]), “Clinical Quality Information”, https://www.hl7.org/Special/committees/cqi/index.cfm; HL7 (n.d.[9]), “Da Vinci Project”, https://confluence.hl7.org/display/DVP/Da+Vinci+Welcome.
A national Common Data Model would facilitate data exchange for many beneficial purposes
In the near term, the Netherlands could standardise health data to support health care quality measurement and information by mapping/re‑coding data from the diverse array of information systems in the Netherlands to a common data model (CDM). While this may not be feasible for health organisations with the most customised and irregular IT systems, it may be possible for most health care providers and organisations holding health data to have their existing data mapped/re‑coded to a CDM.
Erasmus University MC leads the development of an open science federated network of data providers in Europe called the European Health Data & Evidence Network (EHDEN) that are coding health and health care data to the global Observational Medical Outcomes Partnership (OMOP) common data model (EHDEN, 2021[1]). There are six data partners in this project within the Netherlands who have coded their data to OMOP CDM including the Erasmus Integrated Primary Care Information (IPCI) database which is based on data from primary care electronic medical records. The IPCI data is from a Netherlands’ network of over 600 General Practitioners whose electronic medical record systems involve a variety of different software vendors. Recently, the electronic medical records of Erasmus MC have also been coded to OMOP CDM so the hospital could participate in international COVID‑19 research.
Other data coded to OMOP CDM include the National Intensive Care Evaluation (NICE) quality registry that is based on intensive care data extracted from electronic health records of hospitals, the Foundation for the Provision of Information for Care and Research (STIZON) which includes data on prescription medications data from pharmacy records and electronic patient records within hospitals and GPs; the Netherland’s data of the European Society for Blood and Marrow Transplantation (EBMT) and the Netherlands Integral Cancer Centre (IKNL) and data from the electronic patient records of the University of Amsterdam MC. An expert interviewed for this study reported that the Health RI initiative in the Netherlands is exploring the use of the OMOP CDM to facilitate clinical data analysis.
Through EHDEN’s funding, the coding of participating organisation’s data to the OMOP CDM is financially supported up to 100K Euros per organisation. The cost of mapping data is particularly high among organisations whose data don’t already conform to global clinical terminology standards, such as SNOMED-CT, so the funding requirements for mapping data to the OMOP CDM in the Netherlands could be significant.
Throughout Europe there are partners in the EHDEN federated network in 20 countries including public sector and private sector partners. EHDEN is funded by the European Union and EFPIA and is affiliated with the global OHDSI project and part of the same federated network. The OHDSI project and its OMOP CDM have been implemented in 74 countries and have over 2 700 collaborating partners. While used for a wide range of health and health care research, a recent example is the ability of this network to respond to the COVID‑19 pandemic. There are over 200 COVID‑19 research papers in Google Scholar that refer to the OMOP CDM, with dozens of citations for multi-country studies involving the Netherlands’ EHDEN partners.
Participation in the OMOP CDM is growing within the OECD. To support COVID‑19 research, the Korean Government recently funded coding the health insurance claims records for the full population which are held by HIRA (Health Insurance Review and Assessment Agency), as well as COVID‑19 case data from the disease control agency (KCDA) and other data to the OMOP CDM for research undertaken through OHDSI regarding COVID‑19 patient treatments and outcomes. The Korean Government is also funding hospitals to recode their data to OMOP CDM. In France, the Health Data Hub is working to code its data holdings on the population of France to the OMOP to support COVID‑19 research. Other countries reporting to the OECD in 2021 that they were coding electronic clinical records to the OMOP common data model included Australia and Israel.
The Centraal Bureau voor de Statistiek (CBS) exemplifies good practice, but its remit is limited
Interviews with experts conducted as part of this review identified the CBS as a model for the appropriate implementation of GDPR requirements and a privacy-by-design approach to data development, linkage, sharing and accessibility that is secure and privacy-protective. Several health care data custodians indicated that they are sharing their data with the CBS and that they benefit from the CBS’ secure remote data access facility when their data are shared with external researchers.
Experts from CBS have indicated that they welcome expanding their data holdings of health and health care data and have ambitious plans for providing secure data access within the ODISSEI initiative which includes advanced technical infrastructure and computing power for complex data analysis and software development. Indeed, experts report that CBS is becoming the main provider of secure remote data access services in the Netherlands for both health and social-economic data.
However, CBS experts also report that their authorising legislation makes it difficult for them to receive health datasets from other organisations because they are, by law, required to create national statistics from any dataset they accept. Under these arrangements, CBS cannot become a hub for secure health data linkage and access for research purposes.
Further, CBS is not funded to provide data linkage and access to data. It employs a cost-recovery model that experts interviewed indicate is expensive. The ODISSEI initiative, for example, has funding from universities through scientific grants that help to offset the costs of data access for research. Health-RI is funded through government grants (See below).
The approach to electronic health and medical records is un-co‑ordinated
A well designed, longitudinal (interoperable) electronic health record (eHR) system can greatly enhance care quality – especially co‑ordination and integration – as well as supply valuable information for research, innovation and public health. For example, an individual with multiple health problems can manage their health much better if they have access to their own medical information, and if all their health care providers – GPs, specialists, hospitals, emergency rooms, pharmacists, dieticians and physiotherapists – also have access to the same information. Patient Internet Portals to their own current medical records from multiple health care providers exist now in most OECD countries as discussed in Chapter 2.
Moreover, data can be extracted from the eHR system for quality monitoring, clinical registries and health statistics which is common practice among many OECD countries now. The data within the eHR system can be linked to other datasets to, for example, develop machine learning algorithms to predict the mortality risk in sub-strata of patients thereby improving the safety and effectiveness of care in close to real-time. Such risk stratification models are being developed in Israel and Spain.
A longitudinal eHR system does not mean a single, centralised electronic medical record (eMR). It can equally comprise a distributed network of eMRs belonging to hospitals, specialists’ rooms, GPs and pharmacies if the technical and operational infrastructure exists for data to be standardised and exchanged between them, and where people can access all their own health information in one place. The lack of eMR interoperability means that patients and the public are missing out on better care and more knowledge to improve care co‑ordination and integration, public health, and research and innovation.
The Netherlands is lagging other countries in eMR interoperability
The situation in the Netherlands is not as advanced as in many other OECD countries regarding interoperability of medical data as was discussed in Chapter 2. While notable initiatives such as MedMij and LSP are trying to address this, the lack of co‑ordination and steering is evident.
Experts interviewed described that most health care organisations have engaged software vendors to develop bespoke eHR platforms to specifications that suit their requirements and priorities. In most cases, and in the absence of an overarching national data strategy and governance framework, little attention has been paid to exchanging data. Experts described that many providers are locked into agreements with their vendors, who either limit or charge large sums to retrofit interoperability and exchange capability into their systems.
Stakeholder interviews suggest that patients often need to bring paper records of their health information to different practitioners, and that general practitioners are unable to share important data such as COVID‑19 vaccination status with public health officials. Recent media reports describe patients transferred between hospitals needing to carry a CD containing their medical information because the hospitals’ eMRs cannot exchange data.2
Collaboration and data exchange are limited for other reasons
An integrated health information system means that all types of health care, public health and social care data can flow to where they are needed and are fit for use upon arrival. In the context of the Dutch health system, this means enabling secure data exchange across the numerous silos and requiring strict technical and semantic interoperability standards.
Timely and secure data exchange opens entirely new possibilities in biomedical science as well as health service design and delivery. For example, the capacity to link various clinical, administrative and social datasets to study the safety and effectiveness of COVID‑19 vaccines in various population sub-groups in real time. Results can alert providers and policy makers to potential risks and opportunities, as well as contribute to global efforts to control the pandemic. Such studies have recently been conducted in Israel and Scotland.
In another example, New Zealand has been able to generate ‘virtual’ registries by harvesting data from a range of sources, saving time and resources. Virtual registries and statistical databases based on data extracted from EHR systems for national health monitoring were reported in 2021 in 12 countries (see Chapter 2).
Despite many stakeholders’ best efforts over the past decade, experts interviewed described how strong collaboration and smooth exchange of data are largely lacking in the Netherlands. This can be attributed to several legal and policy barriers discussed in this section.
Rules to protect competition inhibit collaboration and data exchange
The managed competition model forms the basis of a large part of the Dutch health system. This requires, by definition, a strong regulatory framework. However, some regulations and policies are in direct opposition to promoting data integration. For example, to protect the functioning of the health care market, collaboration between providers is monitored by the Netherlands Authority for consumers and markets (acm.nl). Experts described that, under this authority, collaboration among health care providers is generally prohibited except under certain conditions.
The tension between supporting market competition and fostering smooth, secure data exchange and, more broadly, collaboration among providers, needs to be explicitly acknowledged and addressed.
Agreements lack requirements for data interoperability that cannot be overcome by voluntary data exchange initiatives
Experts interviewed explained that multiple institutes are funded by the government to collect data on aspects of health or parts of the health care system. However, funding is not contingent upon collaboration among them and data interoperability among them is not required.
Similarly, ‘hoofdlijnakkoorden’ (outline agreements) between the government and specific sectors such as medical specialists, include agreements on finances and quality but not on data interoperability. As a result, sectors continue to operate in silos.
Experts also explained that standards developed by either Nictiz or MedMij are voluntary and participation in a data exchange is voluntary.
Further, experts described that while the government provides financial incentives to physicians and hospitals to become MedMij certified; certification does not include verification that the data within MedMiJ are interoperable, nor verification that the user experience for patients would meet reasonable expectations. For example, verification of how well health information is integrated and presented to the patient is not included.
Data coverage gaps are evident
Two private data exchanges exist: LSP for exchange among providers and MedMij for exchange between providers and patients. Experts interviewed explained that the LSP is a centralised architecture and the MedMij is developed through open Application Programming Interfaces. A decision is needed to develop a harmonised approach, which would allow for exchange among all stakeholders and avoid unnecessary duplication. Both exchanges are non-binding and therefore they are incomplete, which limits their usefulness for direct care and secondary uses and compromises patient safety.
Experts explained that under current policy, MedMij is conditional upon a patient having a PGO (personal data environment). Patients without a PGO will be missing from MedMij. Also, patients who see providers that are not MedMij certified will be missing part of their health records. For health care providers, MedMij will be an incomplete information source, missing patients and providing incomplete information for patients.
Further, experts also indicated that Personal data environments (PGO) are evolving for sub-sets of patients rather than toward an integrated PGO that provides a complete source of information. The consequence will be that many patients may never have a complete picture of their health and health care within a single PGO. This problem will likely be most evident for patients with multi-morbidity or complex health and social care needs.
The Landelijk Schakel Punt (LSP) is funded by health insurers. Costs to participate are borne by health care providers and legislation requiring consent (see above) limits its usefulness because some patients are inevitably missing and there are missing data for included patients.
Costs of interoperability are high and exacerbated by information blocking
The Dutch Government plans to invest in integrated care through the ‘right care at the right place’ initiative. Integrated care requires data interoperability among health and social care providers. In addition to legal barriers to the exchange of data that were discussed earlier, there are resource and technical constraints to health data exchange that will limit reaching the goal of integrated care.
Experts interviewed explained that a large vendor of electronic health record system software in the Netherlands, which provides eHR software to both hospitals and primary care offices, has an IT architecture that limits data exchange and locks health care providers out of accessing their own data.
Experts interviewed indicate that hospitals and medical offices are unable to access their own data and must go through the software vendor to enable data exchange or to enable views of their data (business intelligence tools). This creates a financial disincentive for health care providers to exchange data, as they face financial charges to do so. Further, when financial incentives may be provided by the government to encourage data exchange, the rewards are taken up by the fees of the software provider.
Health care providers experiencing this information blocking are also limited in their ability to adopt new devices, apps and decision-support tools that are set up for a modern IT architecture. At the same time, the Dutch technology sector is limited from creating devices, apps and tools that could be sold in both domestic and international markets.
The situation is likely to continue without legislation, certification and financial incentives to prevent information blocking by software vendors and to encourage software vendors to provide modern IT architectures that support data exchange and analytical uses of data that are in the public interest. This can, in fact, create a level playing field for competition and the market to thrive while advancing public policy objectives.
An updated reimbursement model would create better incentives to collaborate
The current health care remuneration model encourages more activity and service volume. In addition to laws explicitly forbidding collaboration (see previous sections), funding based on fee‑for-service further disincentivises collaboration and integration of care across sectors and settings because the provider is rewarded simply for their input item in the broader care cycle. Not only can this result in sub-optimal patient experiences and health outcomes, but it is also often more expensive.
Experts interviewed explained that there are calls to change the funding model to encourage co‑ordination and value across entire cycles of care, as opposed to paying for processes and inputs. Bundled payments for an entire care pathway from initial diagnosis to an agreed endpoint can potentially address this problem. Several initiatives using bundled payments have emerged in the Netherlands over the past few years, but this model is not yet the norm.
Because care integration also relies on sharing information about patients and processes, financially rewarding joined-up care and outcomes will de facto also encourage the sharing of information about patients’ health and their care. Funding reforms are therefore an integral part of creating an environment where data linkage and exchange makes financial sense. The business case will strengthen if collaboration is rewarded.
Experts interviewed also raised concern about incentives. In the absence of financial incentives for data interoperability, the benefits of data interoperability and integration mainly accrue to government, researchers and health insurers; while the costs of improving the interoperability of health information systems are mainly borne by health care providers. Government leadership and legislative and policy tools are needed to create the right environment for information exchange and collaboration.
The Netherlands risks being left behind on research and innovation
Many countries are gearing up to use data, including health data, as the fuel to power research and innovation. The Netherlands risks being left behind in this regard unless current deficiencies in data governance, interoperability and exchange are addressed. A recent Open Data Institute report put the Netherlands in the ‘limited vision’ category for advancing the secondary use of health data when compared with other EU countries (Boyd M, 2021[10]).
There are worrying signs. As a result of the various issues with data access and interoperability outlined in the previous sections, interview subjects reported that researchers and AI developers in the Netherlands are frequently working with patient clinical data from other countries, such as the United States and China. Emerging EU requirements for a Health Data Space (see Chapter 2) should be seen as an opportunity to capitalise on secure use of health data for secondary purposes.
Dutch initiatives – Health-RI & ODISSEI – and EU EHDEN exhibit the right approach
While there are many health data custodians in the Netherlands, three research infrastructures have emerged whose aims and purpose align with those envisaged for Health Data Spaces.
Hospitals in the Netherlands have provided start-up funding to create the Health Research Infrastructure initiative (Health-RI) which aims to “establish an interconnected data infrastructure for Dutch personalised medicine and health research” (Dutch Tech Centre for Life Sciences, 2021[2]). Experts interviewed indicate that Health-RI would like to access data within hospital and GP electronic health record systems for approved research projects in real time.
Health-RI intends to use the personal health train concept to protect privacy and data security. With the personal health train, analytics and other software code (research questions) travel to the data only research results (answers) flow back to the researcher. This the Netherlands innovation is a new privacy-enhancing technology that embodies ‘privacy-by-design’. Health-RI recently received a funding boost of EUR 69 million from the Dutch Government National Growth Fund (Health-RI, 2021[11]). Ongoing funding for the initiative may be considered to cement its role in the Dutch health data ecosystem.
ODISSEI (Open Data Infrastructure for Social Science and Economic Innovations) provides researchers with access to the data holdings of the CBS, including the micro-data in-flowing to CBS from Dutch Hospitals, GPs, health insurers and research institutes as well as health survey data and information on the health care industry (ODISSEI, 2021[12]).
Experts interviewed explained that ODISSEI follows ‘privacy-by-design’ practices to offer secure data linkage services and secure access to data, as well as an advanced computing and analytic capacity. Funding for ODISSEI is through scientific grants that subsidise the costs of data linkages, infrastructure and secure access to data enabling CBS to provide services to ODISSEI members at a lower cost.
ODISSEI’s membership includes social data research centres and, more recently, medical research centres have joined as observers. Experts interviewed explained that medical research centres are attracted to the model ODISSEI provides, where ODISSEI sets the research strategy and the CBS provides data curation, linkage and secure remote data access. Further, there is interest in the research community to bring the social sciences and the life sciences closer together because of their overlapping research objectives and data needs.
Health research projects, particularly those in the public health domain where the influences of environment, health behaviours and socio‑economic factors are important, take place within ODISSEI. For example, recent projects include a study examining genome‑wide associations with health care costs and an analysis of how behaviours and inequalities spread through social networks. There are, however, important research centres and health data that are outside of ODISSEI. Experts interviewed explained, for example, that it has not been possible to link the social networking model developed within ODISSEI to the COVID‑19 case data collected by the Rijksinstituut voor Volksgezondheid en Milieu (RIVM). If such exchanges were more feasible, then it would be possible to leverage the investment in the social networking model to predict how and where the pandemic may be spreading, and which population groups are at highest risk. This information could guide public policy decisions.
ODISSEI reports a shortfall in governmental funding for national cohort surveys that follow individuals over a long period of time. Longitudinal data from cohorts provides unique information about how the trajectory of individuals’ health, behaviours and environments influence their future health outcomes and health care use. Such data is not available from clinical or administrative data sources.
As the strategy for an integrated health information system is developed, it will be important to consider how the Health RI project and the ODISSEI project can be connected with one another and with all the key data that are needed for the Netherlands to reach its public policy goals.
The Netherlands participation in the EU EHDEN project (introduced earlier and led by Erasmus MC) is a further exhibition of best practices. Through EHDEN, participating organisations re‑code their health and clinical data to the OMOP Common Data Model. Participating organisations are part of a federated network with a privacy-by-design approach. The data within the network always remain in the custody of the organisations holding them and therefore remain under the legal and policy frameworks of the data holding organisations. Researchers can view the specifications for the common data model and may query the data using a tool provided (ATLAS) or may submit customised statistical or software code. Researchers cannot access or even visualise the underlying microdata held by the participating organisations and therefore privacy and data security risks are greatly reduced which is how EHDEN and the affiliated OHDSI project can develop multi-country health research in a timely way. A further accelerator of the timeliness of research within the EHDEN federated network is from the open science method of sharing code through GitHub, supporting interoperability of data analytics as well as of data. For example, standardised analytics codes in the R statistical language for commonly used statistical methods/applications are shared and individual researchers contribute and re‑use codes.
As was discussed earlier, the OMOP CDM is a tool the Netherlands can use to overcome health data interoperability problems in the near term. This tool would work very well within the ODISSEI and Health RI projects, particularly to ensure that a personal health train approach could work in practice as it is already applied for distributed analytics within the EHDEN and OHDSI federated networks.
References
[10] Boyd M, Z. (2021), Secondary Use of Health Data in Europe, Open Data Institute, http://theodi.org/wp-content/uploads/2021/09/Secondary-use-of-Health-Data-In-Europe-ODI-Roche-Report-2021-5.pdf.
[2] Dutch Tech Centre for Life Sciences (2021), Health-RI, https://www.dtls.nl/large-scale-research-infrastructures/health-ri/.
[5] EDPS (2020), Preliminary Opinion 8/2020 on the European Health Data Space., https://edps.europa.eu/sites/default/files/publication/20-11-17_preliminary_opinion_health_data_space_en.pdf.
[1] EHDEN (2021), European Health Data and Evidence Network, https://www.ehden.eu/.
[11] Health-RI (2021), Dutch Government has pledged 69 million euros investment to Health-RI, https://www.health-ri.nl/news/dutch-government-has-pledged-69-million-euros-investment-health-ri.
[8] HL7 (n.d.), Clinical Quality Information, Health Level Seven International, https://www.hl7.org/Special/committees/cqi/index.cfm.
[9] HL7 (n.d.), Da Vinci Project, Health Level Seven International, https://confluence.hl7.org/display/DVP/Da+Vinci+Welcome.
[4] Loohuis, K. (2021), Data of Thousands of Dutch Citizens Leaked from Government Covid-19 Systems, https://www.computerweekly.com/news/252495983/Data-of-thousands-of-Dutch-citizens-leaked-from-government-Covid-19-systems.
[3] Oderkirk, J. (2021), “Survey results: National health data infrastructure and governance”, OECD Health Working Papers, No. 127, OECD Publishing, Paris, https://doi.org/10.1787/55d24b5d-en.
[12] ODISSEI (2021), Open Data Infrastructure for Social Science and Economic Innovations, https://odissei-data.nl/en/.
[7] OECD (2020), “Opportunities and Challenges of Blockchain Technologies in Health Care”, OECD Blockchain Policy Series, OECD, Paris, https://www.oecd.org/finance/Opportunities-and-Challenges-of-Blockchain-Technologies-in-Health-Care.pdf.
[6] Oliveira Hashiguchi, T., L. Slawomirski and J. Oderkirk (2021), “Laying the foundations for artificial intelligence in health”, OECD Health Working Papers, No. 128, OECD Publishing, Paris, https://dx.doi.org/10.1787/3f62817d-en.