"While we appreciate the fact that an insured citizen has the option to close the record on a voluntary basis, there are still many questions that remain unanswered"
This is a quote from a press statement from the Chaos Computer Club Lëtzebuerg (CCCL) on the subject of electronic medical records. It is planned that every inhabitant who is insured in Luxembourg will receive such a record.
According to the CCCL, a database like the one currently planned was susceptible to misuse and a danger to privacy once the wrong people gained access to it.
In this context the association also mentions the "Médico-Leak Affär" from 2012, which involved one person easily gaining access to medical data from athletes, which was stored on a similar database.
While the CCCL appreciates that the state seems to have learned from its past mistakes and is now for instance using two-factor authentication, the mere existence of similar databases is still a point of concern for the association. Especially, if the data were to be stored centrally.
Another point of criticism is that so far, the government has not issued any official explanation as to where and how the data will actually be stored. An obscure "health safe" reference is mentioned in an FAQ on Esanté.lu, but no further details are provided.
In any case, a security audit is not available to the public at the moment.
