The Belgian Association of Doctors’ Unions (Absym) is concerned about Helena, a platform for exchanging data between doctors and patients. “Endangering patient data is unacceptable“she said on Thursday.
According to the newspaper Le Soir, the security of this platform has serious flaws. Patients can connect and activate it without authentication via eID or Itsme, which poses a risk of data leakage.
Medispring, a cooperative of more than 2,200 doctors, has filed a complaint with the Data Protection Authority (APD). According to this organization, the level of security required for patient access to their records has been lowered specifically for the Helena application: to connect and activate it, all they need is a simple code transmitted by e- email by a doctor (and confirmation by SMS).
►►► Read also : Protection of health data in the Helena app: a complaint lodged with the Data Protection Authority
For Absym, however, safety is a top priority when exchanging health data, “and it cannot be compromised“. The organization insists on compliance with GDPR legislation and medical confidentiality.”A high level of security and the principle of verifiable explicit patient consent are essential in this regard.“, concludes the Association, asking therefore”full clarification“.
The system was temporarily disabled on Tuesday. “Helena will be unavailable for the duration of a global security investigation in order to make all the necessary checks.“, said Wednesday the Federal Pensions Service, INASTI and Sigedis, who affirm that the platform is well secured and monitored in order to avoid any abuse.
–