1 / 13

Safety and Privacy of Clinical Information

Safety and Privacy of Clinical Information. (see FIPR evidence by Ross Anderson, Ian Brown. Fleur Fisher & Douwe Korff on www.fipr.org ). The Story so Far …. 1910 – struggle over who owns medical records led to Lloyd George envelope

benita
Download Presentation

Safety and Privacy of Clinical Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Safety and Privacy of Clinical Information (see FIPR evidence by Ross Anderson, Ian Brown. Fleur Fisher & Douwe Korff on www.fipr.org)

  2. The Story so Far … • 1910 – struggle over who owns medical records led to Lloyd George envelope • 1994 – IM&T goal ‘a single electronic health record available to all throughout the NHS’ • Doctors wanted data flows between clinicians; officials from clinicians to the centre • BMA resistance 95–6 led to Caldicott Committee study of privacy, which in 1997 documented many illegal information flows to the centre • HSCA in 2000 allowed ministers to legalise them

  3. The Story so Far (2) • ‘Pretexting’ cost Hewlett-Packard chair her job • See my 1996 paper ‘Clinical System Security - Interim Guidelines’ BMJ 312.7023 pp 109–111 • Our 1996 pilot – staff trained to log information requests, get them signed off, and call back to a number you can check independently • We detected 30 false-pretext calls per week! • BMA asked DoH to roll this protocol out nationwide – instead, pilot site told to stop it!

  4. The Story so Far (3) • Wirral experience of useful sharing between clinicians, which led to Burns strategy (1998) • ‘Blair moment’ in 2002 – but the 1992 vision of the big central database was dusted off instead – a central spine plus five regional server farms • Government believes this is working and plans to roll out the same architecture to childcare, elder care, … • What about safety and privacy?

  5. Issues of Safety • The ‘Detailed Care Record’ will migrate from GP surgery / hospital server to LSP server farms • X-rays, test results being done first • Experience at the Nuffield – server down for a day, so couldn’t operate • How long can a hospital go without test results and X-rays until risk increases?

  6. Privacy and Scale • ‘You can have functionality, or security, or scale. With good engineering you can have any two of these’ • We live with the risks of a receptionist having access to the 6000 records in a practice – but if 20,000 receptionists have access to 50,000,000 records? • Blair ‘Information Sharing Vision’ • Pretexters will soon be liable for prison, though not careless HA staff (DCA CP 9/06)

  7. Privacy and Research • Detailed Care Records – the material moved from GP surgeries and hospitals to regional servers – will be harvested for research • This ‘Secondary Uses Service’ will eventually use ‘pseudonymous’ data • Inference security literature shows this won’t stop most patients being re-identified • No opt-out: researchers are strident! • But what about religious objections to using data to develop better morning-after pills?

  8. Helen Wilkinson’s case • Helen – a practice manager in High Wycombe – was wrongly listed as a patient of an alcohol treatment centre • She demanded the data be corrected or removed – officials wouldn’t / couldn’t • Caroline Flint told Parliament it had been done • It hadn’t! Eventually it was, but… • Helen now can’t get NHS treatment. Officials resist the idea of allowing real pseudonyms (unless you’re in the armed forces etc)

  9. BMA ARM – at 2.41pm today • This meeting believes that patient information and data uploaded into the proposed NHS clinical care record is not secure and confidential • That the BMA should advise all its members not to co-operate with the proposed centralised storage of all medical records as this seriously endangers patient confidentiality • That any potential restriction of access to services for patients who refuse permission for their data to be placed on the spine is to be deplored.

  10. Extending NPfIT to Kids • ‘Every Child Matters’ white paper (2003) followed by Children Act 2004 • Information to be shared between schools, police, social workers, probation, doctors… • The new ‘ContactPoint’ system points to all services interested in your child • So schoolteachers will know if a child is known to social workers / police • IC study by FIPR – unsafe and in some respects contrary to EU law

  11. Legal Aspects • FIPR report compares UK practice with EU law and with the practice in Germany, France etc • Arguments that you need consent or specific legislation apply to adults’ health data too – see evidence by Douwe Korff to Health Committee • UK practice is on a collision course with Europe • What will break – Britain’s EU membership, the German constitution, or what?

  12. Conclusions • The English NHS strategy was that all data are centralised and made available for research, management etc • This is unsafe and illegal. As it breaks European law, the illegality can’t be fixed easily • It’s becoming clear that the centralised approach doesn’t work – now putting in ‘legacy’ systems • But NPfIT displaced much worthwhile clinical IT • Critical message for IT community: doctors and officials never agreed what the system should do

  13. Research Questions • Why are public-sector IT projects so dire? • 30% of private-sector projects fail; 30% of public-sector projects succeed (DWP) • NHS experience: systems bought by doctors work, systems bought by civil servants don’t • Deeper questions: compare economics of dependability with public choice, agency etc • See my ‘Economics of security’ paper and webpages

More Related