inhit security & confidentiality1 security and confidentiality in health informatics dr jim...
Post on 22-Dec-2015
216 views
TRANSCRIPT
INHIT Security & Confidentiality 1
Security and confidentialityin health informatics
Dr Jim Briggs
INHIT Security & Confidentiality 2
Contents
• Definitions of security and confidentiality• Why are they important?• Why are they especially important in the health sector?• Horror stories• The Caldicott Report• Patient identifiable information and consent for its
disclosure• Security issues• Cryptographic services• References
INHIT Security & Confidentiality 3
Definition of secure
• Free from fear, care, danger, doubt, etc.
• Not worried, troubled
• Firm, stable
• Safe; in safekeeping
• Reliable, dependable
[Collins Concise English Dictionary]
INHIT Security & Confidentiality 4
Definition of confidential
• Told in confidence (the belief that another will keep a secret)
• Entrusted with private or secret matters
[ibid]
Etymology:
Latin con (with) fides (trust)
INHIT Security & Confidentiality 5
Why are they important?
• Not all information is public
• The best secret is one you tell to no one
• Desirable qualities of information:– confidentiality
• available to those who are authorised to use it
• unavailable to those who are not
– integrity• safe against unauthorised modification
INHIT Security & Confidentiality 6
Why is medical information sensitive?
• Personal
• Often shows weakness or lack
• One of a number of types of information deemed "sensitive personal data" by the Data Protection Act…
INHIT Security & Confidentiality 7
Sensitive personal data (DPA 1998)
• the racial or ethnic origin of the data subject
• his political opinions
• his religious beliefs or other beliefs of a similar nature
• whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992)
• his physical or mental health or condition
• his sexual life
• the commission or alleged commission by him of any offence, or
• any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings
INHIT Security & Confidentiality 8
Sensitive medical conditions
• AIDS/HIV• Sexually transmitted
diseases• Termination of
pregnancy• Fertility/embryology• Mental health
problems
• Impact on…– personal relationships
– job
– ability to get insurance
INHIT Security & Confidentiality 9
Horror stories
• Person told results of tests by their neighbour• Inappropriate calls to family practitioner
committees• Hospital Episode Statistics contain date of birth
and postcode• NHS Tracing Service
– first database to contain up-to-date information on the whereabouts of every man, woman and child in the country
INHIT Security & Confidentiality 10
Key questions
• Are these…– ethical?– legal?
• Have patients given their consent?
INHIT Security & Confidentiality 11
Caldicott report
• Review commissioned by Chief Medical Officer
• Chaired by Dame Fiona Caldicott• Reported December 1997• Looked at all patient-identifiable
information transferred between NHS and non-NHS bodies
• 16 recommendations
INHIT Security & Confidentiality 12
Caldicott recommendations
• Reinforce awareness of confidentiality issues
• Appoint "Caldicott guardians"• NHS number should replace other
identifiers• Establish protocols for authorising access• Design systems that avoid patient-
identifiable data being transmitted
INHIT Security & Confidentiality 13
Patient identifiable information
• patient’s name, address, full post code, date of birth;
• pictures, photographs, videos, audio-tapes or other images of patients;
• NHS number and local patient identifiable codes;
• anything else that may be used to identify a patient directly or indirectly. For example, rare diseases, drug treatments or statistical analyses which have very small numbers within a small population may allow individuals to be identified.
INHIT Security & Confidentiality 14
Pseudonymisation
• Use a patient number which only the responsible organisation can link to the patient's name
• However, many people are still identifiable from their condition (or combination of conditions), or other factors
• The NHS number is in very widespread use
INHIT Security & Confidentiality 15
Anonymisation
• Restrict:– age data to year of birth– address to postcode sector
• This is enough to identify age cohorts and deprivation index, but not enough to identify individuals
INHIT Security & Confidentiality 16
Consent
• Explicit or Express Consent– This means articulated patient agreement.– The terms are interchangeable and relate
to a clear and voluntary indication of preference or choice,• usually given orally or in writing • and freely given in circumstances where the
available options and the consequences have been made clear.
INHIT Security & Confidentiality 17
Competence to consent
• Gaining consent from:– those with disabilities or other circumstances that
prevent them from becoming informed or communicating their decision
– children• 16+ presumed competent
• younger if have capacity and understanding
• otherwise, parental consent is necessary
– those unable to give it• unconscious
INHIT Security & Confidentiality 18
Exceptions that allow disclosure
• Public interest– prevention or detection of serious crime– prevent abuse or serious harm to others
• "notifiable diseases"
• Legally required to disclose– court orders and inquiries
INHIT Security & Confidentiality 20
Basics of security systems
• What you know– Password-controlled systems
• What you hold– Key-based systems
• Who you are– Biometric systems
INHIT Security & Confidentiality 21
Problems of security systems
• Endemic problems:– high turnover of staff– temporary (agency) staff– mobile staff– logging in/out is inconvenient
• Results in:– sharing passwords– leaving systems logged in
INHIT Security & Confidentiality 22
Cryptographic services
• Principal security services for electronic transactions:– Confidentiality – to keep information
private– Integrity – to prove that information
has not been manipulated– Authentication – to prove the identity
of an individual or application– Non-repudiation – to ensure that
information cannot be disowned
INHIT Security & Confidentiality 23
Types of cryptography
• Symmetric– Same key encrypts and
decrypts
– Relatively fast
• Asymmetric– Key pairs - different
keys for encryption and decryption
– Relatively slow
– One key can be public if the other is kept private
– Can provide digital signatures
INHIT Security & Confidentiality 24
Public Key Infrastructure (PKI)
• As well as keys, need:– products to generate, store and manage keys– certification of keys (how do you know a public
key belongs to the person you think it does?)– certification authority(ies)
INHIT Security & Confidentiality 25
Application to the NHS
• Need to identify all NHS staff (at least!)– NHS X500 electronic directory service– NHS-wide Payroll and Human
Resources system
• Training and awareness
• Security ethos
• SMTP secure email
INHIT Security & Confidentiality 26
UK legislation
• Data Protection Act 1998– replaces 1984 act
• Access to Health Records Act 1990
• Public Records Act 1958
• Human Rights Act 1998
• Health & Social Care Act 2001: Section 60
INHIT Security & Confidentiality 27
References 1
• Data Protection Act 1998– http://www.hmso.gov.uk/acts/acts1998/19980029.htm
• NHS Information Authority– Security: http://www.nhsia.nhs.uk/security/– Confidentiality: http://www.nhsia.nhs.uk/confidentiality/
• Department of Health Information Policy Unit– Patient confidentiality: http://www.doh.gov.uk/ipu/confiden/– Information security: http://www.doh.gov.uk/ipu/security/
• Office of the Information Commissioner (formerly Data Protection Registrar)– http://www.informationcommissioner.gov.uk/
INHIT Security & Confidentiality 28
References 2
• Report on the Review of Patient-Identifiable Information (Caldicott report)– http://www.doh.gov.uk/ipu/confiden/report/
• Confidentiality: NHS Code of Practice– http://www.doh.gov.uk/ipu/confiden/protect/
• Strategy for cryptographic support services in the NHS– http://www.doh.gov.uk/ipu/security/crypstra.pdf
• My SCLIM notes– http://www.tech.port.ac.uk/staffweb/briggsj/SCLIM/
2001-2002b/schedule.htm
INHIT Security & Confidentiality 29
References 3
• Ross Anderson, Cambridge University academic– Home page
http://www.cl.cam.ac.uk/users/rja14/– Security of Medical Information Systems
http://www.cl.cam.ac.uk/users/rja14/#Med
• Bruce Schneier, security technologist– Home page
http://www.schneier.com/– His books
• Beyond Fear: Thinking Sensibly about Security in an Uncertain World (Copernicus, 2003)
• Secrets & Lies: Digital Security in a Networked World (Wiley, 2000)• Applied Cryptography (Wiley, 1996)
– Counterpane Internet Security Inc. (the company he founded)http://www.counterpane.com/