Transcript Document
Security and Confidentiality Medical Informatics QUB 1997 Issues Sharing information in the health care setting - the dangers Research - Whose data is it anyway? Security / Confidentiality Analysing relative risks Devising a security policy Medical Informatics QUB 1997 Sharing patient data - with whom? DVLA GP Nurses Patient Police Clerks DHSS Medical Informatics Hosp. Doc Social Worker Insurance company Hosp. Admin QUB 1997 Informed consent to data sharing Patient should consent to data sharing Information should be used for specific declared reasons only. Separate permission should be sought for each new use of the information Medical Informatics QUB 1997 Exceptions Notification of certain diseases Notification of births / deaths Adverse drug reactions Non-accidental injuries Fitness to drive Disclosure to lawyers ? Use of records in research Medical Informatics QUB 1997 Information Security Confidentiality • Integrity • can be seen only by those allowed to see it and changed only by those allowed to change it. suitable for purpose. Information has not been corrupted. Availability • the information can be seen and manipulated by authorised people whenever they need to do so. Medical Informatics QUB 1997 Types of threat to security Physical • • Environmental dangers Intrusion by unauthorised people Logical • data is disclosed or altered in error either accidentally or deliberately Medical Informatics QUB 1997 Technology which can lead to confidentiality lapses Computer screens Computer printouts Fax machines and printouts Remote dial-up access Medical Informatics QUB 1997 Risk Assessment and Contingency Planning Physical security Procedural security Personnel security Technical Security Prevent security breaches Detect security breaches Recover from security breaches Medical Informatics QUB 1997 Managing the risk Identify and prioritise critical processes Determine impact of various disasters on activities Identify responsibilities and emergency arrangements Documentation of agreed procedures Education of staff Testing the plans Updating the plans Medical Informatics QUB 1997 Security Risk Assessment Analyse the relative risks to the security and well-being of your data Devise an outline strategy: • to minimise risk • to prevent problems from arising • to resolve problems which arise Consider group view on”whose data” and on the use of patient data in research Medical Informatics QUB 1997