June 3, 2024
Dr. Zoltán Alexin held a lecture titled “National security risks associated with the imprudent handling of health data” as part of the academic event New Themes and Trends in The Study of Secret Services in the 21st Century, held on the 24th of April.
The lecture warned about the Hungarian healthcare sector lacking robust privacy protection laws, leading to growing access to personal health data stored in the national EHR system by public bodies. This poses significant risks due to the comprehensive nature of the dataset and the lack of understanding of what data anonymity is, as evidenced by recent incidents involving large-scale data transfers without proper safeguards and oversight.
The Hungarian healthcare sector has accumulated a huge amount of data over the past decades, thanks to a particular way of thinking about data protection, according to which any fundamental right can be restricted by legislation, including the right to the protection of personal data and informational self-determination. Today, there is no constitutional limit to health data processing. Administrative public bodies also have increasing access to health data. In this environment, medical confidentiality is eroded and informational self-determination is gradually abolished.
Two major risks can be identified in the existence of large public datasets (NEAK, EESZT, disease registries). One of them is their comprehensiveness, which means that data on each individual person can be found in them and that they contain data on every single healthcare treatment and condition going back years. The other risk is human incompetence. Decision-makers are not familiar with the statistical and mathematical scientific results relating to the anonymity of personal data, so it is easy to point out that a data file is anonymous if it does not contain the name, mother's name, and address. However, the resulting files are anonymous in the rarest cases. They can be easily linked to natural persons with some effort.