Health and Medical Care Director Pia Lundbom's decision means that Skåne's patient information ends up with Cerner, the American-owned company from which Region Skåne bought its new medical record system.
Some of the patient data will soon be migrated, ie sent, to Cerner's data hall in Stockholm.
This is so that the system can be tested in a sharp mode before all patient data is transferred later.
A controversial issue
But before the decision on migration, the sensitive question of who gets access to Skåne's patient records needed to be resolved.
This is an issue that has been discussed at meetings within the SDV project for many months.
SDV or Skåne's Digital Care System means that a large number of computer systems in Scanian healthcare will become one.
The start is delayed by one year and only next autumn will the record system be introduced.
Great responsibility rests on Cerner
Pia Lundbom's decision states that: "Cerner AB Sweden is responsible for informing Region Skåne if US authorities request personal data."
On 16 November, Skåne's director of health and medical care, Pia Lundbom, decided that parts of Skåne's patient data would begin to be transferred to the new American medical record system.
Photo: SVT
According to sources to SVT, lawyers and data protection experts in the region have long feared that if the Scanian patient data is exported to Cerner, it could become available to US authorities through the US law Cloud Act.
The law gives US authorities the right to request data from US companies regardless of where the data is located in the world.
In a certificate from Cerner to regional director Alf Jönsson attached to the decision, Cerner states that their wholly owned Swedish subsidiary will not disclose Region Skåne's personal data if there is a request from US authorities under the Cloud Act.
Here, Cerner certifies to regional director Alf Jönsson that they will not disclose any Scanian patient information if US authorities so request.
Photo: SVT
Risk analyzes have shown red
For several months, those responsible for Skåne's Digital Care System, SDV, have tried to find solutions on how to get around the risks and follow the various laws that will protect citizens' integrity.
In internal risk analyzes that have been made, the region's own experts have assessed that the disclosure of the Scanian patient data can have “very serious or catastrophic” consequences.
Risk analysis is withheld
However, there is no attached risk analysis to Pia Lundbom's decision basis, but according to information to SVT, there must be risk analyzes that show serious risks.
Pia Lundbom also confirms to SVT that she has seen such a risk analysis and refers further to the region's IT department.
When SVT asked to take part in the risk analyzes of the region's data protection Kajsa Thelin, she replied that: "To get a complete basis for the decision, I ask you to contact the IT administration".
But when we forward the question to Region Skåne's IT director Jan Svensson, he replies: "Sincerely, I do not know what kind of document you are looking for" and SVT refers further to the region's "function mailbox".
More decisions to wait
When the migration of the Scanian patient records will take place and exactly which patient data will then be transferred is still unclear.
Pia Lundbom's decision covers the first phase of the migration.
Further decisions are expected in the future, as eventually all 1.4 million Scanians' patient data will be transferred to Cerner.
SVT has contacted Cerner for a comment.
Hear the director of health and medical care in the clip reason about the risks that American authorities will have access to the Scanian patient data.