Monday, March 23, 2009

Database State

Today the Joseph Rowntree Reform Trust published a major report on the Database State. In it Ross Anderson and colleagues chart the rise of public sector databases which impact on everyones lives.

The report arose from the loss by Her Majesty's Revenue and Customs of two discs containing personal information about nearly 50% of the population and a series of high profile fiascos and data loses and challenges over effectiveness, privacy, legality and cost.

The report assesses 46 databases across the major government departments, and finds that:

* A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law; they should be scrapped or substantially redesigned. More than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge.

* Fewer than 15% of the public databases assessed in this report are effective, proportionate and necessary, with a proper legal basis for any privacy intrusions. Even so, some of them still have operational problems.

* Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally. In Britain, data is increasingly centralised, and shared between health and social services, the police, schools, local government and the taxman.

*The benefits claimed for data sharing are often illusory. Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation.

* The UK public sector spends over £16 billion a year on IT. Over £100 billion in spending is planned for the next five years, and even the Government cannot provide an accurate figure for cost of its ‘Transformational Government’ programme. Yet only about 30% of government IT projects succeed.

The report uses a traffic light system to examine the databases - those achieving a red rating are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned". These include three systems specifically relevant to health and social care:

* ContactPoint, which is a national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any ‘sensitive service’ is working with the child;

* the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, wikipedia-style, without proper control or accountability; and the Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;

* the electronic Common Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;

Other databases in the field including the NHS Summary Care Record, which will ‘initially’ hold information such as allergies and current prescriptions, are rated amber which means "a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out".

Out of the 48 databases studied only 6 are given a "green light".

I' still working my way through the whole 63 page report and I'm currently analysing the significance and likely impact of the chapter related to the Department of Health.

The report has already been highlighted by the Guardian in its report entitled "Right to privacy broken by a quarter of UK's public databases, says report". It will be interesting to see what other reaction it receives and, most importantly, whether the direction of travel for government IT is changed at all.

Labels: , , , ,

Sunday, July 22, 2007

FreeOnline Arabic Organs Trade system - Privacy Protection and Public Safety

10 days ago , a Friend sent me this site saying it’s the first Arabic application using Rubyonrails , so i added it to my todo list to see it later when i get some time , thinking of it as an armature work and training project as all other Arabic projects , a week ago this friend send me back

”strange you are a doctor , you should be interested “ ,

“ Interested ! About what exactly? “ ,

“ the site for blood donation “

“WHAT ? “

“Online Blood Donation “ …

here come to the monument , i stopped everything i was doing ( Closed all Browser window , Stop Coding , and close my Favorite Music ) and back to this miracle ( the site ) , Miracle to add this kind of project to become a training armature project !!!!!..

I Opened the site : to get simple interface design , and Fascinating Blood Donation Requests …. from the individuals ( Patients and Patient’s Relatives ) who are seeking for blood or people who are donating ….. some people add they want to donate their blood , ( good effort and Generous of Them !!!)…

But here comes the real example of involving the people who are unaware of Medical privacy , Privacy protection and Public safety in those kind of projects … as example Interesting Requests and submission you’ll get in the requests list :

Feel free to See all the Patient's Data online .with no restrictions or privacy by the patients and patient's relatives themselves


The common Arabic Misuse : The Project became something else

  • People ( Patient’s Relatives ) asking of Organs ( Kidneys ) and people who can donate it !!!

  • People saying They want to donate their one of their kidneys … Including Their own Cell phone Numbers and contact details .( My Question is : it’s selling Or donating “ Hard to tell the difference here )


Fascinating , I believe this site for blood donation ( i don’t know How ,but seems some people interested ) AND the hard reality it becomes something about Organs transplantation and Donation On line , ( i don’t wanna to say Trade ).kidney2.jpg


The Law is the Law and Now They have to Go : (Hot Fuzz –2007 movie , quote ‘ Simon Pegg ‘ ) :

The Medical Law included the Privacy Protection for the Patient safety and for the Patient sake …. here i see this site as example with developer doesn’t realize the Privacy Protection as one of the major items of the Medical Practice and Medical Info these day , surly he doesn’t expect it becomes that Far to be that danger for the public safety …

The Patients :

The Patient’s Relatives, are willing to do anything and crossing the red lines starting with paying Money , for what they believe it’s for the patient sake , and that’s why the official Medical systems made for , to Organize and arrange those kind of operation and events.

Awareness of the Privacy Protection , surely will be considered for the public safety , why : using unofficial systems that’s could include Unofficial people , unofficial methods to get what they want .. ( Imagine may be the Organized Crime )

Patient , Patient’s Relatives : Mostly don’t consider seeing the larger View as the System dose … what if the Patients can Do Official adds in the Newspaper asking for Kidneys , Livers , Hearts ??? I believe that’s The real Definition of “ Chaos “…

The Developer :

1-Unaware of the Medical Law , Privacy Control and Public Safety

2-Choose this Dangerous Project to applicate what he Just Learn ,

3-Didn’t read / know / Search about those types of medical projects , all what he knows ( Blood Types )

4-He provides a tool for Patients welling to do anything include paying for what they need to help them crossing the Official Desks , Helping them to not use the official Channels and Publishing / Publicize they Needs On line , Crossing the Official Channels is the real danger .. helping them in that silly way , doesn't solve the problems but it'll made the problem more complicated ..

5-helping the people they need Money or thinking their body as a tool of trade ( kidneys as example )to Contact with those Disparate patients … ( Open Market )

7-This developer , cross the Official Channels himself , Awareness or Complete Ignorance ( no Much Difference ) but this Kind of Project should be belong to the Official Channels and Under the medical law with restricted medical supervision …

Official Channels :

1-No Response yet .

2-The response should be follow by a Privacy/Public protection Move .

3-Respected and Restricted Law for the Medical project and unofficial Channels .

Conclusion :

Law : No Law Yet for Quite an On line events / projects / individual Moves like this !!!( International or Locals )

Developer Awareness : regrading what happened in this Project and how dangerous it’s for the public safety , seems the developers should read more about the points Considered in medical informatics projects , Privacy protection , and medical laws .

Official Desks /Channels and Control :If Those kind stuff controlled Or Mistreated It’ll Transfer it to an Open Market of Under Ground Medical activities and events .. which it’s Hard to be controlled , so Open Market , Organs Trade , and Underground medical activities Could be Controlled by the Mafia ( Why Not!!! ) so it could become WWW , World Wild Web not World Wide Web .

Dr-Hamza E.e Mousa

Labels: , ,