Freedom of information: The extroverted sibling of defensive data protection

Data already circulating in the healthcare system should be used by research and patient information professionals in a more comprehensive and resolute manner; this is the stance taken by the Hamburg-based healthcare expert Prof. Jonas Schreyögg in his guest article on our blog. In a report commissioned by the Bertelsmann Stiftung, the extent to which this is legally permissible – and perhaps even necessary – is taken up by two Regensburg-based law scholars, Thorsten Kingreen and Jürgen Kühling. In their summary, the two authors propose the following course of action: We should begin by ensuring “data transparency” (as stipulated by § 303a-e in Germany’s Social Security Code or SGB V), then facilitate the use of existing comprehensive inpatient data (by ordinance or directive) at the German Institute of Medical Documentation and Information (DIMDI), and then extend (by law) the data volume to include outpatient structural and billing data. This article summarizes the main findings of their expert assessment.

Freedom of information can be seen as the somewhat extroverted sibling of data protection, which takes a more defensive approach. However, both are among the catalogue of fundamental human rights contained in Germany’s Basic Law, and thus they must be considered together. Our right to protect our own data is derived directly from our right to privacy (see Art. 2 Paragraph 1 in Germany’s Grundgesetz or GG) as well as our right to dignity (Art. 1 Paragraph 1 GG). In contrast, the freedom of information is rooted in our fundamental right to freedom of expression (Art. 5 Paragraph 1, Sentence 1, Sub-clause 1, GG) and thus enjoys a “comparable degree of protection” (p. 16).

Any discussion of data protection must also involve an exploration of freedom of information

In other words, any discussion of data protection must also involve an examination of freedom of information. As the report notes, the idea of granting these two legally protected rights the same weight correlates “with developments in the constitution.” The authors argue that the state is evolving from an “arcane tradition of administrative activity closed off to the public towards a form of reactive freedom of information … and into a state of proactive transparency in which the public sector provides information to the public on its own initiative. The act of making information available is facilitated considerably by digital transformation and the various means of dissemination enabled by the internet. In accordance with this, there are strong constitutional arguments for the full disclosure of information deemed relevant to public interests.” (p. 17) This development is still in full swing and far from complete. Indeed, the German state and its parastatal subdivisions are a long way away from achieving a comprehensive culture of transparency.

This has particular consequences for the healthcare sector. As a matter of course, healthcare data – and patient data in particular– are subject to high protection standards. And yet, neither healthcare research nor public reporting aims at actually deciphering the identity of individual patients or insured persons. Monitoring individual forms of treatment over the course of a longer period of time is feasible, but only if we can ensure – using some sort of intelligent pseudonymization system – that none of the information can be traced back to actual individuals. However, the situation is different – at least with respect to public reporting – when it comes to the data of providers and institutions active in the healthcare sector. Transparency with regard to quality – for example, in terms of being able to compare providers – requires that names be named and details given. In this case, anonymous or pseudonymized records would be of no help.

Balancing patients’ right to information against protective interests

The public’s need for information must therefore be balanced against any protective interests held by the service providers involved, such as the protection of trade secrets. However, it’s important to note that the “relationship of these fundamental rights to one another” … cannot be interpreted in such a way that every external use of the data requires a special justification, while the act of denying such a use does not require any such special justification at all. In point of fact, the refusal to permit the external use of data also constitutes an intrusion into a fundamental right, and this intrusion would also require justification.” (p. 22)

In other words, giving equal weight to  data protection and freedom of information means that public data holders   are not permitted to deprive the public of its legitimate interest in the information, at least to the extent that this information does not affect a protected good (e.g., personal data protection or trade secrets). In each case, the act of denying access to this information would have to be justified; also, any objections relating to data protection or the preservation of trade secrets would have to be weighed against the public’s constitutionally protected right to information.

With a view to hospitals, this granting of equal weight has led the group of German public health agencies known as the Federal Joint Committee (G-Ba) to publish a wealth of structural and quality data in the past several years, and also to make this information available in machine-readable form for further examination. The committee did so on the basis of legal requirements drawn from Germany’s Social Security Code (§ 136b SGB V) and associated guidelines, for example in the context of transparency portals. The SGB also contains similar regulations in the field of nursing care, (§ 115 SGB XI) for the implementation of so-called “Pflege-TÜVs,” that is, official inspections of care staff and certifications.

Action is required to improve transparency in the outpatient sector

At the moment, there are no comparable regulations with regard to transparency for outpatient medical care. However, individual physicians’ associations do publish basic information on their websites as well as information about special focuses, designations and services, including the provision of quality-assured services. In light of this, we might tend to think that the question as to whether this data is worthy of protection has been answered. At the same time, however, there exists today no publicly available, usable dataset comparable to the quality reports issued by hospitals containing structural and service information about established physicians.

Seeing as this arcane tradition clashes with the fundamental right to freedom of information, there is an urgent need for swift action by lawmakers in this realm. Indeed, this data is already available and used for purposes that go beyond mere accounting, in part also in implementing morbidity-oriented structural risk adjustments. Using suitable legal regulations as a basis, it would be quite easy to make quality-related structural and service data available for public reporting as well as for research into health services. This report shows that a step in this direction would not only be legal, but also possibly the most sensible choice, considering the constitutional weight held by the freedom of information.

Related documents (in German)

Keep up to date with the latest posts.
Click here to subscribe to our newsletter:

Write a comment