Security and confidentiality in health informatics

1
Security and confidentialityin health informatics

• Dr Jim Briggs
• jim.briggs_at_port.ac.uk

2
Contents

• Definitions of security and confidentiality
• Why are they important?
• Why are they especially important in the health
  sector?
• Horror stories
• The Caldicott Report
• Patient identifiable information and consent for
  its disclosure
• Security issues
• Cryptographic services
• References

3
Definition of secure

• Free from fear, care, danger, doubt, etc.
• Not worried, troubled
• Firm, stable
• Safe in safekeeping
• Reliable, dependable
• Collins Concise English Dictionary

4
Definition of confidential

• Told in confidence (the belief that another will
  keep a secret)
• Entrusted with private or secret matters
• ibid
• Etymology
• Latin con (with) fides (trust)

5
Why are they important?

• Not all information is public
• The best secret is one you tell to no one
• Desirable qualities of information
• confidentiality
• available to those who are authorised to use it
• unavailable to those who are not
• integrity
• safe against unauthorised modification

6
Why is medical information sensitive?

• Personal
• Often shows weakness or lack
• One of a number of types of information deemed
  "sensitive personal data" by the Data Protection
  Act

7
Sensitive personal data (DPA 1998)

• the racial or ethnic origin of the data subject
• his political opinions
• his religious beliefs or other beliefs of a
  similar nature
• whether he is a member of a trade union (within
  the meaning of the Trade Union and Labour
  Relations (Consolidation) Act 1992) 
• his physical or mental health or condition
• his sexual life 
• the commission or alleged commission by him of
  any offence, or
• any proceedings for any offence committed or
  alleged to have been committed by him, the
  disposal of such proceedings or the sentence of
  any court in such proceedings

8
Sensitive medical conditions

• AIDS/HIV
• Sexually transmitted diseases
• Termination of pregnancy
• Fertility/embryology
• Mental health problems

• Impact on
• personal relationships
• job
• ability to get insurance

9
Horror stories

• Person told results of tests by their neighbour
• Inappropriate calls to family practitioner
  committees
• Hospital Episode Statistics contain date of birth
  and postcode
• NHS Tracing Service
• first database to contain up-to-date information
  on the whereabouts of every man, woman and child
  in the country

10
Key questions

• Are these
• ethical?
• legal?
• Have patients given their consent?

11
Caldicott report

• Review commissioned by Chief Medical Officer
• Chaired by Dame Fiona Caldicott
• Reported December 1997
• Looked at all patient-identifiable information
  transferred between NHS and non-NHS bodies
• 16 recommendations

12
Caldicott recommendations

• Reinforce awareness of confidentiality issues
• Appoint "Caldicott guardians"
• NHS number should replace other identifiers
• Establish protocols for authorising access
• Design systems that avoid patient-identifiable
  data being transmitted

13
Patient identifiable information

• patients name, address, full post code, date of
  birth
• pictures, photographs, videos, audio-tapes or
  other images of patients
• NHS number and local patient identifiable codes
• anything else that may be used to identify a
  patient directly or indirectly. For example, rare
  diseases, drug treatments or statistical analyses
  which have very small numbers within a small
  population may allow individuals to be identified.

14
Pseudonymisation

• Use a patient number which only the responsible
  organisation can link to the patient's name
• However, many people are still identifiable from
  their condition (or combination of conditions),
  or other factors
• The NHS number is in very widespread use

15
Anonymisation

• Restrict
• age data to year of birth
• address to postcode sector
• This is enough to identify age cohorts and
  deprivation index, but not enough to identify
  individuals

16
Consent

• Explicit or Express Consent
• This means articulated patient agreement.
• The terms are interchangeable and relate to a
  clear and voluntary indication of preference or
  choice,
• usually given orally or in writing
• and freely given in circumstances where the
  available options and the consequences have been
  made clear.

17
Competence to consent

• Gaining consent from
• those with disabilities or other circumstances
  that prevent them from becoming informed or
  communicating their decision
• children
• 16 presumed competent
• younger if have capacity and understanding
• otherwise, parental consent is necessary
• those unable to give it
• unconscious

18
Exceptions that allow disclosure

• Public interest
• prevention or detection of serious crime
• prevent abuse or serious harm to others
• "notifiable diseases"
• Legally required to disclose
• court orders and inquiries

19
Security issues

• Stress Confidentiality and integrity

20
Basics of security systems

• What you know
• Password-controlled systems
• What you hold
• Key-based systems
• Who you are
• Biometric systems

21
Problems of security systems

• Endemic problems
• high turnover of staff
• temporary (agency) staff
• mobile staff
• logging in/out is inconvenient
• Results in
• sharing passwords
• leaving systems logged in

22
Cryptographic services

• Principal security services for electronic
  transactions
• Confidentiality to keep information private
• Integrity to prove that information has not
  been manipulated
• Authentication to prove the identity of an
  individual or application
• Non-repudiation to ensure that information
  cannot be disowned

23
Types of cryptography

• Symmetric
• Same key encrypts and decrypts
• Relatively fast

• Asymmetric
• Key pairs - different keys for encryption and
  decryption
• Relatively slow
• One key can be public if the other is kept
  private
• Can provide digital signatures

24
Public Key Infrastructure (PKI)

• As well as keys, need
• products to generate, store and manage keys
• certification of keys (how do you know a public
  key belongs to the person you think it does?)
• certification authority(ies)

25
Application to the NHS

• Need to identify all NHS staff (at least!)
• NHS X500 electronic directory service
• NHS-wide Payroll and Human Resources system
• Training and awareness
• Security ethos
• SMTP secure email

26
UK legislation

• Data Protection Act 1998
• replaces 1984 act
• Access to Health Records Act 1990
• Public Records Act 1958
• Human Rights Act 1998
• Health Social Care Act 2001 Section 60

27
References 1

• Data Protection Act 1998
• http//www.hmso.gov.uk/acts/acts1998/19980029.htm
• NHS Information Authority
• Security http//www.nhsia.nhs.uk/security/
• Confidentiality http//www.nhsia.nhs.uk/confident
  iality/
• Department of Health Information Policy Unit
• Patient confidentiality http//www.doh.gov.uk/ipu
  /confiden/
• Information security http//www.doh.gov.uk/ipu/se
  curity/
• Office of the Information Commissioner (formerly
  Data Protection Registrar)
• http//www.informationcommissioner.gov.uk/

28
References 2

• Report on the Review of Patient-Identifiable
  Information (Caldicott report)
• http//www.doh.gov.uk/ipu/confiden/report/
• Confidentiality NHS Code of Practice
• http//www.doh.gov.uk/ipu/confiden/protect/
• Strategy for cryptographic support services in
  the NHS
• http//www.doh.gov.uk/ipu/security/crypstra.pdf
• My SCLIM notes
• http//www.tech.port.ac.uk/staffweb/briggsj/SCLIM/
  2001-2002b/schedule.htm

29
References 3

• Ross Anderson, Cambridge University academic
• Home pagehttp//www.cl.cam.ac.uk/users/rja14/
• Security of Medical Information
  Systemshttp//www.cl.cam.ac.uk/users/rja14/Med
• Bruce Schneier, security technologist
• Home pagehttp//www.schneier.com/
• His books
• Beyond Fear Thinking Sensibly about Security in
  an Uncertain World (Copernicus, 2003)
• Secrets Lies Digital Security in a Networked
  World (Wiley, 2000)
• Applied Cryptography (Wiley, 1996)
• Counterpane Internet Security Inc. (the company
  he founded)http//www.counterpane.com/