At Zorg & ict, Dezi was launched: a uniform method for identification and authentication in healthcare. According to policy advisor Laurens Kielman, Dezi will soon replace a whole "bunch of keys" of different means.
Digital data exchange in healthcare has been talked about for a long time and a lot, but nevertheless, there is still a world to be gained there. So says Laurens Kielman. At the Ministry of Health, Welfare and Sport, he is responsible at the Information Policy Directorate for the introduction of "The Healthcare Identity," or Dezi.
This new uniform method for identification and authentication in healthcare was launched this week. At least, the website Dezi.nl is live and the name and logo have been announced. It will be some time before Dezi is actually widely available.
Administrative hassles
Yet the first discussions about a national, reliable and uniform way of identification and authentication were held as early as 2018. Logical, Kielman believes, because healthcare is not organized in such a digital way. "A lot of data is not exchanged at the moment, because there are simply no possibilities for that. But that could improve the quality of care. You often see that data has to be requested again or retyped into other systems. Cumbersome, not efficient, an administrative hassle. Healthcare professionals spend a lot of time doing that."
According to Kielman, VWS, in cooperation with the healthcare field, is working "very hard" to raise digital data exchange in healthcare to a higher level. To get that off the ground properly, generic functions are needed that are necessary for all data exchange.
Among these prerequisites, consider patient consent, a localization function, and an addressing function. Dezi handles provider identification and authentication, another basic prerequisite. "Dezi proves that you are who you say you are, with the highest level of reliability for every data exchange."
Different user names
Because this is something that is still sometimes lacking. For data exchange in healthcare, the highest level of reliability according to eIDAS should be used. But the practice is different. Every system has its own login method and management of identities and usernames.
"With a bit of bad luck, as a healthcare professional you have to use all kinds of different systems, with different usernames and passwords. Sometimes a second factor is added, via SMS or e-mail or with an extra code. But none of that reaches that high level yet. Health data is sensitive data. That requires the highest level of reliability. We see a huge gap with how things are now in the healthcare field. Only the UZI pass and the UZI server certificate achieve that high level of reliability. So we still have a long way to go."
UZI not user-friendly
The UZI pass may have the highest level of reliability, but it is not user-friendly, Kielman was told from the field. "It is a pass with a physical card reader. At a fixed workplace, it may still work. In an ambulance or in home care where you work with mobile devices, it doesn't."
Details of the healthcare professional are printed on the pass in the certificate. In the event of a change, for example of employer or BIG registration, the pass must be reapplied for and made again.
Unambiguous method
Dezi is supposed to change that. It offers a uniform method for identification and authentication. This makes secure national data exchange possible, also across healthcare organizations and between different systems. Data from the UZI register (soon to be the Dezi register) provide the healthcare identity: who are you, where do you work and what are your qualifications.
That will be combined with the authentication statement from the CIBG. "One means that you can use everywhere, instead of the current situation with a whole 'bunch' of different means that you have to use on all kinds of systems. That's going to be a huge efficiency gain. It will make it cheaper, more user-friendly and easier. In addition, it is more secure and you comply with laws and regulations for securing medical data."
UZI and Dezi side by side
In implementing Dezi, continuity is the starting point, Kielman says. He foresees a "dual period" of a few years, during which UZI and Dezi will coexist. Use of Dezi is not an obligation. "The current UZI means will just keep on doing it. A UZI pass issued in 2025 will be valid for three years. So at least until 2028, UZI means will still be usable."
Kielman does foresee a steady growth of registrations in the Dezi registry with about 100,000 users per year. There are around 300,000 BIG-registered people. In addition, there are caregivers and nurses who are not BIG-registered, but who will want to use Dezi.
User growth can be faster if an entire healthcare chain switches over. Kielman outlines the example of nurse transfer from hospitals to nursing homes, one of five prioritized exchanges under the Wegiz. "Such a chain can decide that within the trust system of this chain you have to log in this way. Then all at once you have an entire healthcare chain of different professionals who are going to use this."
Legislation
But it is not that far yet, because the introduction of Dezi in practice is linked to legislation. For example, the Supplementary Provisions for Processing Personal Data in Healthcare Act (Wabvpz) must be amended. This is part of the Digital Identification and Authentication in Healthcare Act (Wdiaz). This bill is now being prepared for the Council of Ministers.
After the legislative process is completed, it will be the middle of 2025. After that, implementation can begin. Preparations for that have already begun. Only when the law goes into effect can Dezi really be used on a large scale.
European Digital Wallet
Dezi will eventually mesh well with European developments, Kielman expects. "Europe is developing the EDI Wallet. That's the European Digital Wallet on your cell phone that meets the highest security level. You can put different cards in there: driver's license, passport, but also so a digital card of your healthcare identity. That combines usability and security. So I think that's going to be a dominant tool, in private use, but also for healthcare professionals who are on the road a lot or work in different locations and need to log in."