Helsi attack: Who is profitable to destroy digital medicine in Ukraine?
More precisely, it is publicly sent to communal medical institutions official letters of cooperation with Helsi. There were also assumptions that the company stores medical information, and if "they are stolen, no one will be responsible for it. " Such reproaches are not just distorting reality, it is similar to a planned campaign not only against Helsi, but also against digital medicine in our country. Who is profitable to destroy it? We need to think together.
I cannot imagine that the business that is the processing and storage of data has neglected the security of this data. Our context from the first days of existence is to protect user data. Yes, we were attacked by the Russians, regularly performed tests for penetration partners and hackers from the market, but have never been compromised. Continuous improvement and use of current protection technologies allow us to sleep peacefully, as the state provides protection of data on its part.
It is for this purpose that a 2-level model is built, in which the state is responsible for the central level. But let us return to manipulations and facts. First, to connect to the central database of our country is not to send someone e-mail with a request. Any "arrangements" would still have no result-to understand the complexity of the connection, you need to know at least a few of its stages and checks.
Through these inspections, every electronic medical information system (MIS) is underway - today in Ukraine 35. All systems are private, the conditions for all are dictated by the state regulator. But since Helsi has always reacted to current requests and actually assumed the role of ambassador Digitalization of medicine - the company is paying special attention to its publicity. And that is why Helsi often becomes a "lightning rod" of a diabetes medicine.
Any MIS should meet the technical requirements that the administrator defines is Electronic Health. The requirements are approved by the National Health Service of Ukraine (NSAU). There can be no mons. Since Helsi is the same system, it applies the same requirements as other systems. Secondly, the protection of patients with patients is guaranteed by the state, and it establishes a protection regulation for medical information systems.
The central database is a "place" where the data of all patients of Ukraine are located without exception. The state preserves them. The technical documentation for the base is developed and supported by SE "Electronic Health". And to determine whether the specific MIS meets the technical requirements, Electronic Health is testing this system under its own test program. Approves the NSAU program.
That is, no Miss can connect to the central database without passing the test for compliance with the requirements of the state. Therefore, the assumption of an "untested application" is not a hyperbole. This is a planned compromise of all medical information systems that are connected to the central database of the state. To connect Miss to the central database of an electronic health care system (ESOO), the requirements of the state must be met.
They are approved by the order of the National Health Service of Ukraine on July 19, 20122 No. 314. It is also necessary to have a topical certificate of compliance with a comprehensive information protection system. Such a Helsi certificate was registered with the State Service of the State Service of Special Communication and Information Protection of Ukraine on October 07, 2022 under No. 76b.
Separately, the Verkhovna Rada of Ukraine on Human Rights has been informed of the processing of Helsea Ukraine LLC personal data of patients. The Commissioner also reported a responsible person who organizes the company to protect personal data during their processing. So, "unverified application", "unknown application", "no one is responsible" - let's think together who and why starts such IPSO.
Third, to claim individual arrangements of the company with the authorities, knowing about all the tests and checks passed-means working against the Ukrainian authorities first. Hilsi is not an end in itself for destruction. The purpose is to discredit the health care system. The assumption that the central government would invite communal medical facilities to use the Helsi system is even funny.
Because there is a public procurement system in the state, so all MIS purchases are in accordance with this process and are available on open data resources. Today, 35 medical information systems are connected to the central database of ESOs in Ukraine. Previously, there were 40+, but after a full -scale invasion, the number decreased. Most of our cities have other Miss other than Helsi. That is, there are many systems, all private. And among them all Helsi have never been positioned as a state.
From the very beginning of the system, the user could not register without active consent for the processing of personal data - to hide some information from the patient is illegal. Therefore, the patient was marked in a system that agrees to process his data. And at the very beginning of the text, the consent indicates to whom the Helsi system owns. Fourth, any imposition of thoughts about the lack of responsibility if the data of users "disappear" is frankly manipulations.
The rules of the Criminal Code of Ukraine and the Code of Administrative Offenses extend to the activities of Helsea Ukraine LLC in the same way, as they apply to other months. They are surprised to reply Helsi's irresponsibility if doctors make unauthorized techniques. A platform that connects the doctor and the patient cannot be responsible for the actions of doctors - this is provided by law and this is technically impossible.
Any Miss, and Helsi, too, cannot create something in the central database. It cannot be made, because it has neither rights nor technical capacity. Only a medical worker can create a medical recording. This is confirmed in the order of functioning of the electronic health care system, and it is approved by the Cabinet of Ministers of Ukraine. There is another document - the procedure for keeping a register of medical records, records of referrals and recipes in the electronic health care system.
This procedure provides for the following: all records, except for recipe repayment, health workers are entered in the Register and signed with their qualified electronic signature. That is, if you work in some Miss, you cannot create something, sort or delete something. Because you are not a medical professional with a license and an appropriate electronic signature. The system will not miss you. And this is illegal.
If the doctor has introduced incorrect information to the system, electronic MIS as a platform does not be responsible for it because it does not control the doctors. At the same time, Helsi is responsible for providing patients with transparent access to their medical records. That is, the user sees at any moment what information about him was introduced by the doctor. This is the responsibility of the medical platform: not to hide the data, but to display them.
But this is moral responsibility, not legislative - Miss who do not show patients their records, and it is not a violation of the law. The legislation of Ukraine regulates the process of creating, entering and reviewing information in the central database. Miss does not affect these processes. But for their part, patients can challenge the data that the doctor has put in the system.
To do this, there is a HELSI technical support service, for this purpose the function of "complaining about the reception" in the application itself is introduced. Helsi contacts the medical institution to adjust the patient's medical records. Again, only the doctor who has entered the data can be adjusted. This is how the process of receiving and providing medical services. This is how the legislation regulates the work of the medical sphere in Ukraine.