confidentiality l.
Skip this Video
Loading SlideShow in 5 Seconds..
Confidentiality PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 17

Confidentiality - PowerPoint PPT Presentation

  • Uploaded on

Confidentiality. Ross Anderson Cambridge University and Foundation for Information Policy Research. The Story so Far …. 1910 – struggle over who owns medical records led to Lloyd George envelope 1992 – IM&T strategy ‘a single electronic health record available to all throughout the NHS’

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Confidentiality' - aradia

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Ross Anderson

Cambridge University and Foundation for Information Policy Research

the story so far
The Story so Far …
  • 1910 – struggle over who owns medical records led to Lloyd George envelope
  • 1992 – IM&T strategy ‘a single electronic health record available to all throughout the NHS’
  • BMA resistance 95–6 once we realised what this meant; ‘Security in Clinical Information Systems’
  • Calman sets up the Caldicott Committee to postpone the issue past the 1997 election
  • Caldicott documents many illegal information flows; HSCA s60 allows SS to legalise them
the story so far 2
The Story so Far (2)
  • ‘Pretexting’ cost Hewlett-Packard chair her job
  • Look back at January 1996 – Anderson RJ, ‘Clinical System Security - Interim Guidelines’ BMJ 312.7023 pp 109-111
  • N Yorks HA pilot – staff trained by Alan Hassey to log info requests, get them signed off, and call back to a number you can check independently
  • We detected 30 false-pretext calls per week!
  • We asked DoH to roll this protocol out nationwide – instead, NYHA were told to stop it!
the story so far 3
The Story so Far (3)
  • ‘Blair moment’ in 2002 – ‘Tony wants’
  • Ray Rogers vision of the big central database is dusted off – NPfIT, CfH,…
  • Government really believes this is working and they now plan to roll out the same architecture to childcare, elder care, …
  • What are the implications for clinical confidentiality?
issues of scale
Issues of Scale
  • You can have functionality, or security, or scale. With good engineering you can have any two of these
  • We can live with the risks of a receptionist having access to the 6000 records in a practice – but if 20,000 receptionists have access to 60,000,000 records?
  • Secondary Uses Service will run unprotected for years – with a pious hope of eventual pseudonymisation
  • Blair philosophy is now that data will be accessible (MISC 31, ‘Information Sharing Vision’)
  • Misuse will be punished – pretexters will be liable for prison, though not careless HA staff (DCA CP 9/06)
helen wilkinson s case
Helen Wilkinson’s case
  • Helen is a practice manager in High Wycombe
  • Wrongly listed as a patient of an alcohol treatment centre
  • She demanded the data be corrected or removed - officials wouldn’t / couldn’t
  • Caroline Flint promised Parliament it had been done
  • It hasn’t – and the story continues…
extending npfit to kids
Extending NPfIT to Kids
  • ‘Every Child Matters’ white paper (2003)
  • Children Act 2004 provided powers
  • Information to be shared between schools, police, social workers, probation, doctors…
  • The ‘SCR’ is ISA – the Information Sharing and Assessment system – which points to all services interested in your child
  • So schoolteachers will know if a child is known to social workers / police
  • IC study by FIPR (due for release real soon …)
systems 1 connexions
Systems (1) – Connexions
  • A pilot scheme for 13-19s with ‘personal advisers’ and a card also giving discounts at HMV (better not buy Black Sabbath :-)
  • Pilot areas each have databases of children with health status, special educational needs, phone number etc
  • Contains sensitive data such as substance abuse, opinions such as risk of offending
  • Consent from parents not sought (‘Gillick’)
systems 2 is
Systems (2) – IS
  • Information Sharing and Assessment Index – like the summary care record
  • Contact details – school, GP, and any interaction with police, social work, probation, specialist service
  • Services can mark a ‘flag of concern’
  • Stigmatization issues (especially contact with some specialist services)
  • Celebs, abuse fugitives may be ‘stop-noted’
  • Blair view: ‘might have saved Climbié’
systems 3 ics
Systems (3) – ICS
  • Integrated Children’s System will be the detailed record for child social work
  • Extends the current child protection registers from ‘child protection’ (50,000 cases in UK) to ‘child welfare’ (3-4m)
  • Very detailed information, from many sources, including facts, opinions and subjective judgments
  • There may also be a separate but similar ‘eCAF’ run by local authorities for kids who’ve been assessed but are not of interest to social work
linked systems
Linked Systems
  • Schools – National Pupil Database, Ofsted
  • Justice – RYOGENS and other systems monitor kids ‘at risk’ of offending (ONSET tries to predict who will offend)
  • Once convicted, a wide range of probation and other systems tell officials everything (or nothing? :-)
  • Health – supposed to supply ‘relevant’ diagnoses e.g. early-onset hyperactivity
social work viewpoint
Social work viewpoint
  • It’s hard enough coping with the 50,000 kids at risk of significant harm
  • Adding the 3–4m kids with some disadvantage will paralyze the system
  • Talking about being ‘proactive’ is easy, but what does it mean on the front line?
  • At present, half the kids who try to kill themselves don’t get any specialist help
  • Left (SWM) – don’t ‘collude with youth justice policies which demonise young people’
  • Right (CPS) – ‘nationalisation of childhood’
balance of benefit and harm
Balance of benefit and harm?
  • Big problem with social care is lack of effective interventions
  • ‘Sure Start’ program tried to implement best ideas from US research – treat the population, not individuals
  • Parenting classes, preschools, …
  • Evaluations thoroughly disappointing
  • ‘When all else fails, build a database’
effects on medical practice
Effects on medical practice?
  • Every time you come across a negative indicator, you’ll have to decide whether to fill out a CAF
  • At present you can do the first page and pass it to social work
  • The online system will make you do it ‘properly’
  • What about privacy – once most customer-facing local government staff have access (plus charity workers and careers advisers, according to today’s Times)?
  • Doctors will be blamed for any leaks (you’ll always have to break the ‘rules’ to do your job)
data protection aspects
Data Protection Aspects
  • You’ll have to wait for the FIPR report!
  • This compares UK practice with European law and with the practice in Germany, France etc
  • Comment by one observer: UK practice is on a collision course with Europe
  • Eventually something will have to give. Will it be Britain’s EU membership, the German constitution, or what?
  • The approach to personal data management that mutated from the IM&T strategy into the ICRS Spec into NPfIT is undergoing metastasis
  • Secondaries are now growing vigorously in child welfare, with more planned for elder care etc
  • If safety and privacy problems can’t be tackled honestly in medicine, what hope have the social workers got?
  • Maybe the best hope is a European law case. For details, wait for the FIPR report