This page contains a brief explanation of some aspects of the security analysis of the Dutch National Electronic Patient Record System (EPD). As often, the devil is in the details. This page is not intended as a complete summary of the results; please refer to the paper or to the letter to the senate for that.
Essentially, there are very good reasons that patients confide only with their physician under patient-doctor confidentiality, and do not provide broader access to their information in general - and through the EPD specifically.