"Many people are worried that the wrong person might see their records because it could either be embarrassing or hurt them in other ways," says Fia Ewald, who works on information security at the Swedish Civil Contingencies Agency.
For example, she relates that a person might not want others to know that they have been beaten by their husband, or have a sexually transmitted disease or even mental problems. "This is why there is a need to guarantee the individual's privacy. We are not there today."
With recent IT technology and the demand for accessible information amongst healthcare providers, there is too much information coming in and that data lies in almost 200 different systems. According to the Patient Data Act, which became effective close to five years ago, a patient has the right to know who will have access to their medical journal.
Patients should also be able to deny access to other parties, but this is not working today, says Fia Ewald. And that's why there is a need for a national strategy, a new action plan with clear guidelines that all health care providers can agree on.
"We need to find some type of strict agreement," she says. "Exactly how we should go about that is not clear at this stage. With the current legislation we have today, it seems easy to get around the rules. If the Patient Data Act isn't being followed, then we need to make some sort of agreement where everyone is on board."
According to Data Inspectorate, in 2011, no Swedish counties could fulfill the Patient Act entirely. None of them could safeguard the patient's information or allow them to deny access to the outside. Since then, the counties are required to give a full report as to how their systems work today.
Fia Ewald says that a clearer shared body which should include the Civil Contingencies Agency, The Data Inspectorate and National Board of Health and Welfare is needed. "This would strengthen the requirements on IT subcontractors and they would also get a better picture of what needs to be done."