Monday, March 23, 2009

Database State

Today the Joseph Rowntree Reform Trust published a major report on the Database State. In it Ross Anderson and colleagues chart the rise of public sector databases which impact on everyones lives.

The report arose from the loss by Her Majesty's Revenue and Customs of two discs containing personal information about nearly 50% of the population and a series of high profile fiascos and data loses and challenges over effectiveness, privacy, legality and cost.

The report assesses 46 databases across the major government departments, and finds that:

* A quarter of the public-sector databases reviewed are almost certainly illegal under human rights or data protection law; they should be scrapped or substantially redesigned. More than half have significant problems with privacy or effectiveness and could fall foul of a legal challenge.

* Fewer than 15% of the public databases assessed in this report are effective, proportionate and necessary, with a proper legal basis for any privacy intrusions. Even so, some of them still have operational problems.

* Britain is out of line with other developed countries, where records on sensitive matters like healthcare and social services are held locally. In Britain, data is increasingly centralised, and shared between health and social services, the police, schools, local government and the taxman.

*The benefits claimed for data sharing are often illusory. Sharing can harm the vulnerable, not least by leading to discrimination and stigmatisation.

* The UK public sector spends over £16 billion a year on IT. Over £100 billion in spending is planned for the next five years, and even the Government cannot provide an accurate figure for cost of its ‘Transformational Government’ programme. Yet only about 30% of government IT projects succeed.

The report uses a traffic light system to examine the databases - those achieving a red rating are "almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned". These include three systems specifically relevant to health and social care:

* ContactPoint, which is a national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any ‘sensitive service’ is working with the child;

* the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, wikipedia-style, without proper control or accountability; and the Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;

* the electronic Common Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;

Other databases in the field including the NHS Summary Care Record, which will ‘initially’ hold information such as allergies and current prescriptions, are rated amber which means "a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out".

Out of the 48 databases studied only 6 are given a "green light".

I' still working my way through the whole 63 page report and I'm currently analysing the significance and likely impact of the chapter related to the Department of Health.

The report has already been highlighted by the Guardian in its report entitled "Right to privacy broken by a quarter of UK's public databases, says report". It will be interesting to see what other reaction it receives and, most importantly, whether the direction of travel for government IT is changed at all.

Labels: , , , ,

Saturday, December 06, 2008

Security & web based electronic medical records

Houston Neal has posted an interesting discussion on The Software Advice Blog entitled The Double Standard for Web-Based EMRs . In it he questions why doctors would be happy for all their banking to occur over the Internet, but are unhappy to use similar technologies for their patients records.

He makes some good points and provides an interesting checklist of questions to ask software suppliers, but I feel he doesn't fully address the key point which is that many people would be much more worried about aspects of their health history (classically mental health, gynaecology or sexual health) being in the public domain than their financial details.

Labels: , ,

Tuesday, July 15, 2008

Data Sharing Review

A few days ago a report, entitled the Data Sharing Review by Richard Thomas, the Information Commissioner, and Mark Walport, the director of the Welcome Trust, was delivered to the government which commisioned it.

The review examined issues around the safety and security of personal information and the ways in which public sectors bodies, including the National Health Service (NHS), share data about individuals.

The review's conclusions were that:
  • there is a lack of transparency and accountability in the way organisations deal with personal information
  • there is confusion surrounding the Data Protection Act, particularly the way it interacts with other strands of law
  • greater use could be made of the ability to share personal data safely, particularly in the field of research and statistical analysis
  • the Information Commissioner needs more effective powers, and the resources to allow him to use them properly.
and it came with a series of recommendations aimed at transforming the personal and organisational culture of those who collect, manage and share information. These included:
  • to improve leadership, accountability and training within organisations
  • to ensure all organisations are as transparent and open as possible about how and with whom data are shared, with what authority, for what purposes and with what protections and safeguards
  • to clarify and simplify the legal framework governing data sharing, including provisions to guarantee better and more authoritative guidance for practitioners
  • to develop mechanisms that will enable population-based research and statistical analysis for public benefit, whilst safeguarding the privacy of individuals
  • to help safeguard and protect personal information held in publicly available sources.
A key point for the NHS and other healthcare providers was the support for the assumption of implied consent, explicitly stating that:
"An NHS patient agreeing to a course of treatment should also be taken to have agreed that information given during the course of the treatment might be made available for future medical research projects, so long as robust systems are in place to protect personal information and privacy."
But warns that:
"However, implied consent is not satisfactory without considerable transparency. In the case of the NHS, we strongly encourage it to build on its existing efforts to educate patients by making general and widely advertised statements about how people’s health information might be used in the future."
I would suggest that we are currently a long way from achieving this aim and that the majority of the public have no idea how the information they give to a doctor, nurse or other healthcare professional might be shared.

The report also uses examples from health to look at the shring of clinical information for research processes, and includes a specific recomendation on this:
"Recommendation 17: We recommend that the NHS should develop a system to allow approved researchers to work with healthcare providers to identify potential patients, who may then be approached to take part in clinical studies for which consent is needed. These approved researchers would be bound by the same duty of confidentiality as the clinical team providing care, and face similar penalties in the case of any breach of confidentiality. If legislation is necessary to implement such a scheme, then we would urge Government to bring that legislation forward as quickly as possible."
If legislation is to be proposed then I feel it must always err on the side of patient safety and confidentiality, rather than being driven by the desires of the research community, including pharmaceutical companies, and clarify the "approval process" especially as many of them are not covered by the same professional codes (with sanctions for breaking them) as clinicians.

Action is definitely needed to improve the way in which organisations, such as the NHS, handle sensitive personal data and improve public confidence in these processes.

It will be interesting to see how any new legislation, including the implementation of EU directives, improve practice and achieve some of the laudable aims set out in the review.

Labels: ,

Thursday, January 10, 2008

28 questions in the Data Sharing Review

In October 2007 the UKs Prime Minister has asked Dr Mark Walport, Director of the Wellcome Trust, and Richard Thomas, the information commissioner, to conduct a review of the framework for the use of information in the private and public sector.

There have just published, on the Justice Ministry web site the 28 questions they wish to gain public and expert views on.

The terms of reference are to:
* consider whether there should be any changes to the way the Data Protection Act 1998 operates in the UK and the options for implementing any such changes
* provide recommendations on the powers and sanctions available to the regulator and courts in the legislation governing data sharing and data protection
* provide recommendations on how data-sharing policy should be developed in a way that ensures proper transparency, scrutiny and accountability

I think this is an important area for public debate and development and shouldn't just be a knee jerk reaction to recent high profile data losses. I would encourage everyone with an interest to participate.

Labels: , ,

Thursday, September 13, 2007

Major reports on NHS & NPfIT

Todays publication of the House of Commons Health Committee into Electronic Patient Records along with yesterdays Report Our Future Health Secured? A review of NHS funding and performance for the King's Fund means I have lots of reading to do - which is getting in the way of preparing a major document for my DPhil.

I've not got all the details from the Health Select Committee report yet but have spotted a couple of conlusions which I think point out some of the problems they have identified in the NHS's National Programme for IT and Connecting for Health approach:

NPfIT is characterised by a centralised management structure and large-scale procurement from private suppliers. This approach aims to offer improved value for money and to address the previously patchy adoption of IT systems across the health service. The Department defended the progress made by NPfIT to date, arguing that the programme is on course to succeed. However, serious doubts have been raised, from sources including the Public Accounts Committee, about how much has been achieved and about the likely completion date. In particular, progress on the development of the NCRS has been questioned.

The input of end-users is vital in planning, design and implementation.

As EPR systems make more personal health data accessible to more people, breaches of security and confidentiality must be regarded as serious matters.

The arrangements for the SCR will be strengthened when "sealed envelopes" are made available to protect sensitive information and when patients can access their record via the HealthSpace website... Connecting for Health must ensure that both "sealed envelopes" and HealthSpace are introduced as soon as possible, particularly so that their effectiveness can be assessed during the independent evaluation of the early adopter programme.

The sharing of unique smartcards between users is unacceptable and undermines the operational security of DCR systems. However, we sympathise with the A&E staff who shared smartcards when faced with waits of a minute or more to access their new PAS software. Unless unacceptably lengthy log-on times are addressed, security breaches are inevitable.

I'm sure there will be more to follow and that this report will generate wider interest - but if others have comments please add them.

Labels: , , , ,

Friday, August 24, 2007

Medinfo Day 5

The final day of the conference started with plenaries presenting the state of ehealth development in 3 different countries. Sarah Cramer (Cancer Care, Canada) described the developments in her country with an emphasis on Ontario. She talked about a risk averse political system that introduced change driven by concerns about access and waiting times. They set out from a very low IT base an established a unique patient identifier as the first step towards enhanced information sharing. She listed the key sucess factors and outlined future implementation plans.

Ian Reinecke (CEO National E-Health Transition Authority, Australia) described the reasons for a national approach to support interoperability, infrastructure and good governance related to privacy and confidentiality. He described the work programs being undertaken, including the adoption of SNOMED CT, and how the ehealth agenda was needed for clinical process reform.

The third presentation provided a similar overview of developments in New Zealand.
Francois-Andre Allaert
After coffee I attended a couple of papers relating to secure data transmission. The first, by Francois-Andre Allaert set out proposals in France for a unique health identifier, interopable at a European level. He highlighted issues of data protection and confidentiality and listed the key faetures as being: content free, longevity, permanence, unambiguous and unique, public and irreversible. He described the one way "Hash Coding" of the social security number, name and date of birth to enable secure tranmission of non identifiable data for epidemiological research. This session produced the longest Question and answer session I've seen at the whole conference with issues around the hash algorithm and different formats being interspersed with social issues around immigrants, name changes due to marriage etc.
Michael Spritzer
The second paper was by Michael Spritzer from Germany who talked about a DICOM supported teleradiology system and the approaches taken to separating the content (xray and CT images) from patient identification information which is only recombined within the secure web browser of authorised users.

Ken RubinThe final closing ceremonies opened with a presentation by Ken Rubin (Chief Healthcare architect - EDS) who was given the unenviable task of summarising lessons from the conference. He admitted this was beyond his abilities and carried on to give his prepared presentation outlining "What is a sustainable system and what does it mean for healthcare".

Jan van BemmelNancy Lorenzi presented the IMIA Award of Excellence to Jan van Bemmel who gave his presentation reflections on curiosity in which he covered the history of astronomy and knowledge, using quotes from Einstein to explore the meaning of science and research with several nods to religion.

The ceremony included lots of "Thanks to..." comments and Charles Saffrin presented the awards for best paper, poster etc with sponsorship from Pen Computing.

Nancy then handed over the presidency to Reinhold Haux who described the IMIA-WHO communique signed this week and the IMIA strategic aims for the next 3 years of his presidency (including a ?planned? slip replacing humility with humidity - which got a laugh after a wet week in Brisbane). He also gave a plug for MIE2008 in Goteburg.

Medinfo2010 teamThe final actions were to "handover the gavel" to the team who will be running Medinfo 2010, in cape town. There was then a short opportunity to say farewell from the convention centre to friends and colleagues new and old, before people started departing to get various flights all over the world.

I hope to post a final piece with my reflections on Medinfo but it may not be until I get back to the UK.

Labels: , , ,