Transcript Document

Security and Confidentiality
Medical Informatics
QUB 1997
Issues
Sharing information in the health care
setting - the dangers
 Research - Whose data is it anyway?
 Security / Confidentiality
 Analysing relative risks
 Devising a security policy

Medical Informatics
QUB 1997
Sharing patient data - with whom?
DVLA
GP
Nurses
Patient
Police
Clerks
DHSS
Medical Informatics
Hosp.
Doc
Social
Worker
Insurance
company
Hosp.
Admin
QUB 1997
Informed consent to data sharing
Patient should consent to data sharing
 Information should be used for specific
declared reasons only.
 Separate permission should be sought
for each new use of the information

Medical Informatics
QUB 1997
Exceptions
Notification of certain diseases
 Notification of births / deaths
 Adverse drug reactions
 Non-accidental injuries
 Fitness to drive
 Disclosure to lawyers
 ? Use of records in research

Medical Informatics
QUB 1997
Information Security

Confidentiality
•

Integrity
•

can be seen only by those allowed to see it and
changed only by those allowed to change it.
suitable for purpose. Information has not been
corrupted.
Availability
•
the information can be seen and manipulated by
authorised people whenever they need to do so.
Medical Informatics
QUB 1997
Types of threat to security

Physical
•
•

Environmental dangers
Intrusion by unauthorised people
Logical
•
data is disclosed or altered in error either
accidentally or deliberately
Medical Informatics
QUB 1997
Technology which can lead to
confidentiality lapses
Computer screens
 Computer printouts
 Fax machines and printouts
 Remote dial-up access

Medical Informatics
QUB 1997
Risk Assessment and Contingency
Planning
Physical security
 Procedural security
 Personnel security
 Technical Security
 Prevent security breaches
 Detect security breaches
 Recover from security breaches

Medical Informatics
QUB 1997
Managing the risk







Identify and prioritise critical processes
Determine impact of various disasters on
activities
Identify responsibilities and emergency
arrangements
Documentation of agreed procedures
Education of staff
Testing the plans
Updating the plans
Medical Informatics
QUB 1997
Security Risk Assessment



Analyse the relative risks to the security and
well-being of your data
Devise an outline strategy:
• to minimise risk
• to prevent problems from arising
• to resolve problems which arise
Consider group view on”whose data” and on
the use of patient data in research
Medical Informatics
QUB 1997