In the initial opinion I gave to the Medical Association following the meetings on the 12th October, and in the interviews I gave to the media, I went out of my way to give DeCODE the benefit of the doubt. Rather than simply dismissing the proposals as unacceptable (which in their current form they are), I considered it better to give DeCODE the opportunity to step back and consider whether they can produce a system that would respect the ethical constraints and still be a viable business asset. Despite the abusive tone of their press release [7] I feel that this is still an appropriate response.
I understand that DeCODE decided to delay the detailed design of the database until after the bill was passed. In my view, this is unacceptable. It is unclear that a database can be built that is simultaneously ethical and useful for the purposes DeCODE claim to have in mind. If the bill is passed, and it turns out that an ethical useful database is impossible, then a likely outcome is an unethical but useful database. Even if an ethical useful database is possible, parliamentary endorsement of DeCODE's current plans might embolden its management to cut corners in order to save money.
I therefore recommend that the Icelandic Medical Association insist that DeCODE produce a functional specification of the database, and a security specification, which are sufficiently detailed for an independent evaluation to be carried out. This will mean, at the very least, specifying which data items will be be stored, what the restrictions on processing will be, and how they will be enforced.
I also recommend that the Icelandic Medical Association insist that the custodian of the health data should be a body which they consider to be trustworthy. This might mean vesting control in the Chief Medical Officer or the Data Protection Commissioner; or it might mean keeping health records distributed in the health centres and hospitals and having a mechanism allowing queries to be sent to them. The latter kind of system is used in the UK and it is most helpful in maintaining medical confidence: doctors can observe what sort of queries are being made and can always unplug the modem if they believe that the system is being abused.
In the absence of a functional specification, a security specification and a trustworthy custodian, my recommendation is that the Medical Association oppose the current bill and, should it be passed, advise members not to cooperate with the resulting data collection exercise. This need not rule out the possibility of supporting an amended proposal which satisfies an independent evaluation.