1 / 17

Confidentiality

Confidentiality. Ross Anderson Cambridge University and Foundation for Information Policy Research. The Story so Far …. 1910 – struggle over who owns medical records led to Lloyd George envelope 1992 – IM&T strategy ‘a single electronic health record available to all throughout the NHS’

aradia
Download Presentation

Confidentiality

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Confidentiality Ross Anderson Cambridge University and Foundation for Information Policy Research

  2. The Story so Far … • 1910 – struggle over who owns medical records led to Lloyd George envelope • 1992 – IM&T strategy ‘a single electronic health record available to all throughout the NHS’ • BMA resistance 95–6 once we realised what this meant; ‘Security in Clinical Information Systems’ • Calman sets up the Caldicott Committee to postpone the issue past the 1997 election • Caldicott documents many illegal information flows; HSCA s60 allows SS to legalise them

  3. The Story so Far (2) • ‘Pretexting’ cost Hewlett-Packard chair her job • Look back at January 1996 – Anderson RJ, ‘Clinical System Security - Interim Guidelines’ BMJ 312.7023 pp 109-111 • N Yorks HA pilot – staff trained by Alan Hassey to log info requests, get them signed off, and call back to a number you can check independently • We detected 30 false-pretext calls per week! • We asked DoH to roll this protocol out nationwide – instead, NYHA were told to stop it!

  4. The Story so Far (3) • ‘Blair moment’ in 2002 – ‘Tony wants’ • Ray Rogers vision of the big central database is dusted off – NPfIT, CfH,… • Government really believes this is working and they now plan to roll out the same architecture to childcare, elder care, … • What are the implications for clinical confidentiality?

  5. Issues of Scale • You can have functionality, or security, or scale. With good engineering you can have any two of these • We can live with the risks of a receptionist having access to the 6000 records in a practice – but if 20,000 receptionists have access to 60,000,000 records? • Secondary Uses Service will run unprotected for years – with a pious hope of eventual pseudonymisation • Blair philosophy is now that data will be accessible (MISC 31, ‘Information Sharing Vision’) • Misuse will be punished – pretexters will be liable for prison, though not careless HA staff (DCA CP 9/06)

  6. Helen Wilkinson’s case • Helen is a practice manager in High Wycombe • Wrongly listed as a patient of an alcohol treatment centre • She demanded the data be corrected or removed - officials wouldn’t / couldn’t • Caroline Flint promised Parliament it had been done • It hasn’t – and the story continues…

  7. Extending NPfIT to Kids • ‘Every Child Matters’ white paper (2003) • Children Act 2004 provided powers • Information to be shared between schools, police, social workers, probation, doctors… • The ‘SCR’ is ISA – the Information Sharing and Assessment system – which points to all services interested in your child • So schoolteachers will know if a child is known to social workers / police • IC study by FIPR (due for release real soon …)

  8. Systems (1) – Connexions • A pilot scheme for 13-19s with ‘personal advisers’ and a card also giving discounts at HMV (better not buy Black Sabbath :-) • Pilot areas each have databases of children with health status, special educational needs, phone number etc • Contains sensitive data such as substance abuse, opinions such as risk of offending • Consent from parents not sought (‘Gillick’)

  9. Systems (2) – IS • Information Sharing and Assessment Index – like the summary care record • Contact details – school, GP, and any interaction with police, social work, probation, specialist service • Services can mark a ‘flag of concern’ • Stigmatization issues (especially contact with some specialist services) • Celebs, abuse fugitives may be ‘stop-noted’ • Blair view: ‘might have saved Climbié’

  10. Systems (3) – ICS • Integrated Children’s System will be the detailed record for child social work • Extends the current child protection registers from ‘child protection’ (50,000 cases in UK) to ‘child welfare’ (3-4m) • Very detailed information, from many sources, including facts, opinions and subjective judgments • There may also be a separate but similar ‘eCAF’ run by local authorities for kids who’ve been assessed but are not of interest to social work

  11. Linked Systems • Schools – National Pupil Database, Ofsted • Justice – RYOGENS and other systems monitor kids ‘at risk’ of offending (ONSET tries to predict who will offend) • Once convicted, a wide range of probation and other systems tell officials everything (or nothing? :-) • Health – supposed to supply ‘relevant’ diagnoses e.g. early-onset hyperactivity

  12. Data quality issues…

  13. Social work viewpoint • It’s hard enough coping with the 50,000 kids at risk of significant harm • Adding the 3–4m kids with some disadvantage will paralyze the system • Talking about being ‘proactive’ is easy, but what does it mean on the front line? • At present, half the kids who try to kill themselves don’t get any specialist help • Left (SWM) – don’t ‘collude with youth justice policies which demonise young people’ • Right (CPS) – ‘nationalisation of childhood’

  14. Balance of benefit and harm? • Big problem with social care is lack of effective interventions • ‘Sure Start’ program tried to implement best ideas from US research – treat the population, not individuals • Parenting classes, preschools, … • Evaluations thoroughly disappointing • ‘When all else fails, build a database’

  15. Effects on medical practice? • Every time you come across a negative indicator, you’ll have to decide whether to fill out a CAF • At present you can do the first page and pass it to social work • The online system will make you do it ‘properly’ • What about privacy – once most customer-facing local government staff have access (plus charity workers and careers advisers, according to today’s Times)? • Doctors will be blamed for any leaks (you’ll always have to break the ‘rules’ to do your job)

  16. Data Protection Aspects • You’ll have to wait for the FIPR report! • This compares UK practice with European law and with the practice in Germany, France etc • Comment by one observer: UK practice is on a collision course with Europe • Eventually something will have to give. Will it be Britain’s EU membership, the German constitution, or what?

  17. Conclusions • The approach to personal data management that mutated from the IM&T strategy into the ICRS Spec into NPfIT is undergoing metastasis • Secondaries are now growing vigorously in child welfare, with more planned for elder care etc • If safety and privacy problems can’t be tackled honestly in medicine, what hope have the social workers got? • Maybe the best hope is a European law case. For details, wait for the FIPR report

More Related