Mary Wrote (in response to a suggestion of mine)
>, [log in to unmask]
> writes
>
> >Rather than encrypt the patient data, why not just encrypt the
> >patient identity? I appreciate that as you have steadily more data
> >about a given patient, you have a steadily increasing probability of
> >identifyint the patient, but if all the more obvious aspects such as
> >name, address, NHS number (!!!), home phone number and the like were
> >encrypted, the resulting system would make it quite difficult to
> >identify whose records you were actually looking at.
>
> What about data trawling - and matching databases - * electronically* ?
> Suppose you have a relatively uncommon condition?
> date of birth and postcode will identify you - if you have *ever* had
> time offf work for this...and the information is in the DHSS database..
> Seems to m this would give the worst of all poosible worlds - all the
> information needed to decide whether it's worth the effort of
> identifying the individual ... and precious little protection!
Please read the bit below: there must be a strong system in place
which ensures that only those with suitable authorisation can access
the data.
>
> >This would be
> >over and above the need to have got past whatever form of log on
> >process you need to go through before gaining access to any records.
>
> um .. data trawling and the "consultation" on Access to the NHS Tracing
> Service and Caldicott Guardians?
> We can impose a process in General Practices. if there was the will, it
> *might* be possible in some trusts.
I don't know what the proportion is, but I would guess that a VERY
substantial fraction of the records that exist are in General
Practice systems. Now a typical GP set up has two imporatant
properties
1 it is housed in a relatively compact location (or possibly
spread over two or more locations, each of which is realtively
compact). It is therefore possible to make each location physically
secure.
2 the staff of the practice (at all grades) know one another by
sight, and almost certainly by name.
It is then possible (with training!) to ensure that strangers who are
wandering about parts of the building(s) which have restricted access
get challenged. I know from experience that it is actually quite
difficult to get staff to do this, but it can be done. Provided that
access to unencrypted data can only take place from edvices located
in the building, and that any data going off-site is encrypted with
the public key of the intended recipient, it will be quite difficult
to carry out trawling of the kind Mary describes.
Note that this implies some form of firewall between the Practice
internal network and the rest of the world; but the protected system
(ie the system holding the patient records plus its local network is
small). I am not advocating an NHSNet style firewall round half the
Universe.
Mike Wells
> Would *you* be confident if *your* records were involved?
> Don't trust "process" - we work in a caring (and trusting)
> organisation...
> Mary
If by caring and trusting you mean the kind of thing I was
describing, then the answer is 'Yes'. It would after all be a big
improvement on the sloppy control that is applied to paper records in
at least some areas.
Mike Wells
***************************************************
* M. Wells *
* 9 Hall Close *
* Bramhope *
* Leeds LS16 9JQ *
***************************************************
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|