1 / 11

The safety and privacy effects of NHS IT

The safety and privacy effects of NHS IT. Ross Anderson Cambridge University and Foundation for Information Policy Research. The Story so Far …. 1910 – struggle over who owns medical records led to Lloyd George envelope

marcus
Download Presentation

The safety and privacy effects of NHS IT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The safety and privacy effects of NHS IT Ross Anderson Cambridge University and Foundation for Information Policy Research

  2. The Story so Far … • 1910 – struggle over who owns medical records led to Lloyd George envelope • 1992 – IM&T strategy ‘a single electronic health record available to all throughout the NHS’ • BMA resistance 95–6 once we realised what this meant; ‘Security in Clinical Information Systems’ • Calman sets up the Caldicott Committee to postpone the issue past the 1997 election • Caldicott documents many illegal information flows; HSCA s60 allows SS to legalise them

  3. The Story so Far (2) • ‘Pretexting’ cost Hewlett-Packard chair her job • Look back at January 1996 – Anderson RJ, ‘Clinical System Security - Interim Guidelines’ BMJ 312.7023 pp 109-111 • N Yorks HA pilot – staff trained by Alan Hassey to log info requests, get them signed off, and call back to a number you can check independently • We detected 30 false-pretext calls per week! • We asked DoH to roll this protocol out nationwide – instead, NYHA were told to stop it!

  4. The Story so Far (3) • ‘Blair moment’ in 2002 – ‘Tony wants’ • The 1990s vision of the big central database is dusted off – NPfIT, CfH,… • Government really believes this is working and they now plan to roll out the same architecture to childcare, elder care, … • What are the implications for clinical safety and privacy?

  5. Issues of Scale • You can have functionality, or security, or scale. With good engineering you can have any two of these • We can live with the risks of a receptionist having access to the 6000 records in a practice – but if 20,000 receptionists have access to 60,000,000 records? • Secondary Uses Service will run unprotected for years – with a pious hope of eventual pseudonymisation • Blair philosophy is now that data will be accessible (MISC 31, ‘Information Sharing Vision’) • Misuse will be punished – pretexters will be liable for prison, though not careless HA staff (DCA CP 9/06)

  6. Centralisation and Safety • First hospital to be ‘rolled out’ was the Nuffield Orthopaedic NHS Trust in Oxford • Old system – X-ray goes from radiology to theatre as a physical object • New system – it’s an electronic object sitting on a remote server • Power failure at server – no operations • Since then, a comms failure in NW • The Internet is now a safety-critical system!

  7. Helen Wilkinson’s case • Helen is a practice manager in High Wycombe • Wrongly listed as a patient of an alcohol treatment centre • She demanded the data be corrected or removed - officials wouldn’t / couldn’t • Caroline Flint promised Parliament it had been done • It hasn’t – and the story continues…

  8. Extending NPfIT to Kids • ‘Every Child Matters’ white paper (2003) • Children Act 2004 provided powers • Information to be shared between schools, police, social workers, probation, doctors… • The ‘SCR’ is ISA – the Information Sharing and Assessment system – which points to all services interested in your child • So schoolteachers will know if a child is known to social workers / police • IC study by FIPR (due for release real soon …)

  9. Data quality issues…

  10. Political Aspects • UK law and practice are increasingly at odds with European law and with the practice in Germany, France etc • Comment by one observer: UK is on a collision course with Europe • Eventually something will have to give. Will it be Britain’s EU membership, the German constitution, or what?

  11. Conclusions • The approach to personal data management that mutated from the IM&T strategy into the ICRS Spec into NPfIT is undergoing metastasis • Secondaries are now growing vigorously in child welfare, with more planned for elder care etc • If safety and privacy problems can’t be tackled honestly in medicine, what hope have the social workers got? • Maybe the best hope is a European law case

More Related