Thursday, 8 November 2007

Health Information Privacy

IT managers often fail to do their best work in delivering security to the information within the health sector but they certainly do better than the health managers themselves.
A recent audit of the Wellington region's health service revealed patient records being stored in public corridors with no controls on access

The audit [Telarc] underlines that the organisation is bordering on dysfunctional. It records grave failings, such as leaving patient records in public corridors where anybody passing can take a peek,.... Dominion Post 8 Nov 2007
There are plenty of things that can be done technically to meet the required standards of privacy but if the underlying organisation has an irresponsible attitude to security we will see ill-considered technical 'solutions' that compound the problem.

As Blindside comments on one mobile health care device
Let’s see. Wireless transmission of sensitive information–yeah, we’ll get to that right after we take care of those pesky ergonomic and battery life issues. And preventing hacking and malware to ensure that the information is accurate? Hmm. Let’s put that on the list of things to do after we make sure it doesn’t add to the weight of the tablet device
I suspect that the subject of healthcare privacy needs a shake up from top to bottom. A few questions ...
  • Is it clear what the customer (that's us, not the health managers) wants?
  • What 'need' do these 'wants' reflect?
  • Do the legislation and ethical requirements reflect this underlying need?
  • Is there suitable compliance and enforcement of the legislation and ethical requirements?
  • Should we get anaesthetists and paediatric cancer specialists before worrying about privacy and security?
When we have a good answer to those, we may be able to evaluate the technical questions about encrypting data at point of entry; securing information over wifi; ensuring that laptops and tablet devices are not attractive to thieves of information, identity or property (because they certainly will be available to all of those).

No comments: