inhit security & confidentiality1 security and confidentiality in health informatics dr jim...

INHIT Security & Confidentiality 1

Security and confidentialityin health informatics

Dr Jim Briggs

[email protected]


Contents

• Definitions of security and confidentiality• Why are they important?• Why are they especially important in the health sector?• Horror stories• The Caldicott Report• Patient identifiable information and consent for its

disclosure• Security issues• Cryptographic services• References


Definition of secure

• Free from fear, care, danger, doubt, etc.

• Not worried, troubled

• Firm, stable

• Safe; in safekeeping

• Reliable, dependable

[Collins Concise English Dictionary]


Definition of confidential

• Told in confidence (the belief that another will keep a secret)

• Entrusted with private or secret matters

[ibid]

Etymology:

Latin con (with) fides (trust)


Why are they important?

• Not all information is public

• The best secret is one you tell to no one

• Desirable qualities of information:– confidentiality

• available to those who are authorised to use it

• unavailable to those who are not

– integrity• safe against unauthorised modification


Why is medical information sensitive?

• Personal

• Often shows weakness or lack

• One of a number of types of information deemed "sensitive personal data" by the Data Protection Act…


Sensitive personal data (DPA 1998)

• the racial or ethnic origin of the data subject

• his political opinions

• his religious beliefs or other beliefs of a similar nature

• whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992)

• his physical or mental health or condition

• his sexual life

• the commission or alleged commission by him of any offence, or

• any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings


Sensitive medical conditions

• AIDS/HIV• Sexually transmitted

diseases• Termination of

pregnancy• Fertility/embryology• Mental health

problems

• Impact on…– personal relationships

– job

– ability to get insurance


Horror stories

• Person told results of tests by their neighbour• Inappropriate calls to family practitioner

committees• Hospital Episode Statistics contain date of birth

and postcode• NHS Tracing Service

– first database to contain up-to-date information on the whereabouts of every man, woman and child in the country


Key questions

• Are these…– ethical?– legal?

• Have patients given their consent?


Caldicott report

• Review commissioned by Chief Medical Officer

• Chaired by Dame Fiona Caldicott• Reported December 1997• Looked at all patient-identifiable

information transferred between NHS and non-NHS bodies

• 16 recommendations


Caldicott recommendations

• Reinforce awareness of confidentiality issues

• Appoint "Caldicott guardians"• NHS number should replace other

identifiers• Establish protocols for authorising access• Design systems that avoid patient-

identifiable data being transmitted


Patient identifiable information

• patient’s name, address, full post code, date of birth;

• pictures, photographs, videos, audio-tapes or other images of patients;

• NHS number and local patient identifiable codes;

• anything else that may be used to identify a patient directly or indirectly. For example, rare diseases, drug treatments or statistical analyses which have very small numbers within a small population may allow individuals to be identified.


Pseudonymisation

• Use a patient number which only the responsible organisation can link to the patient's name

• However, many people are still identifiable from their condition (or combination of conditions), or other factors

• The NHS number is in very widespread use


Anonymisation

• Restrict:– age data to year of birth– address to postcode sector

• This is enough to identify age cohorts and deprivation index, but not enough to identify individuals


Consent

• Explicit or Express Consent– This means articulated patient agreement.– The terms are interchangeable and relate

to a clear and voluntary indication of preference or choice,• usually given orally or in writing • and freely given in circumstances where the

available options and the consequences have been made clear.


Competence to consent

• Gaining consent from:– those with disabilities or other circumstances that

prevent them from becoming informed or communicating their decision

– children• 16+ presumed competent

• younger if have capacity and understanding

• otherwise, parental consent is necessary

– those unable to give it• unconscious


Exceptions that allow disclosure

• Public interest– prevention or detection of serious crime– prevent abuse or serious harm to others

• "notifiable diseases"

• Legally required to disclose– court orders and inquiries


Security issues

Stress: Confidentiality and integrity


Basics of security systems

• What you know– Password-controlled systems

• What you hold– Key-based systems

• Who you are– Biometric systems


Problems of security systems

• Endemic problems:– high turnover of staff– temporary (agency) staff– mobile staff– logging in/out is inconvenient

• Results in:– sharing passwords– leaving systems logged in


Cryptographic services

• Principal security services for electronic transactions:– Confidentiality – to keep information

private– Integrity – to prove that information

has not been manipulated– Authentication – to prove the identity

of an individual or application– Non-repudiation – to ensure that

information cannot be disowned


Types of cryptography

• Symmetric– Same key encrypts and

decrypts

– Relatively fast

• Asymmetric– Key pairs - different

keys for encryption and decryption

– Relatively slow

– One key can be public if the other is kept private

– Can provide digital signatures


Public Key Infrastructure (PKI)

• As well as keys, need:– products to generate, store and manage keys– certification of keys (how do you know a public

key belongs to the person you think it does?)– certification authority(ies)


Application to the NHS

• Need to identify all NHS staff (at least!)– NHS X500 electronic directory service– NHS-wide Payroll and Human

Resources system

• Training and awareness

• Security ethos

• SMTP secure email


UK legislation

• Data Protection Act 1998– replaces 1984 act

• Access to Health Records Act 1990

• Public Records Act 1958

• Human Rights Act 1998

• Health & Social Care Act 2001: Section 60


References 1

• Data Protection Act 1998– http://www.hmso.gov.uk/acts/acts1998/19980029.htm

• NHS Information Authority– Security: http://www.nhsia.nhs.uk/security/– Confidentiality: http://www.nhsia.nhs.uk/confidentiality/

• Department of Health Information Policy Unit– Patient confidentiality: http://www.doh.gov.uk/ipu/confiden/– Information security: http://www.doh.gov.uk/ipu/security/

• Office of the Information Commissioner (formerly Data Protection Registrar)– http://www.informationcommissioner.gov.uk/


References 2

• Report on the Review of Patient-Identifiable Information (Caldicott report)– http://www.doh.gov.uk/ipu/confiden/report/

• Confidentiality: NHS Code of Practice– http://www.doh.gov.uk/ipu/confiden/protect/

• Strategy for cryptographic support services in the NHS– http://www.doh.gov.uk/ipu/security/crypstra.pdf

• My SCLIM notes– http://www.tech.port.ac.uk/staffweb/briggsj/SCLIM/

2001-2002b/schedule.htm


References 3

• Ross Anderson, Cambridge University academic– Home page

http://www.cl.cam.ac.uk/users/rja14/– Security of Medical Information Systems

http://www.cl.cam.ac.uk/users/rja14/#Med

• Bruce Schneier, security technologist– Home page

http://www.schneier.com/– His books

• Beyond Fear: Thinking Sensibly about Security in an Uncertain World (Copernicus, 2003)

• Secrets & Lies: Digital Security in a Networked World (Wiley, 2000)• Applied Cryptography (Wiley, 1996)

– Counterpane Internet Security Inc. (the company he founded)http://www.counterpane.com/

inhit security & confidentiality1 security and confidentiality in health informatics dr jim...

Documents

insurance slide

country slide

data protection act

medical information

fides trust slide

uptodate information

caldicott guardians

data subject