Hi, Paul : Absolutely agree that this issue SHOULD have been sorted out
by now , but it hasn't, although progress has been made.Mostly as the
result of some groups and individuals' continuing effort, attention to
detail , terrier-like tenacity and willingness to be unloved by powerful
government professional and business organisations. The BMA,
GMSC,JCG,Royal Colleges etcetc. and many individuals have all contributed
to that progress BUT....
There is also covert opposition from various power groups, often
through procrastination while data bases of identifiable data are being
built.
Ross Anderson through developing the Blue Book for the BMA (security of
clinical info.) focussed the international data security community as
well as us medics.on the problems that must be solved. And are soluble .
His role as adviser to the BMA on data security means that in recent
years the profession has had direct access to the high level of
technical competence in data security which is mandatory if we are to OK
any system that has the potential to destroy medical privacy
The problems will NOT be effectively solved by any number of talking
shops without that level of technical input! For the profession at ANY
level to use ANY system where the risks to medical privacy have not been
identified, quantified,& (hopefully) addressed or at the very least
shared with the patient MUST BE UNETHICAL.
It's a long continuing struggle, and the problems are constantly
changing. It's doctors' duty to protect the confidentiality of our
patients' information that remains the same.
The core of concern (and not just for docs but for that group which at
some stage includes all of us-ie. patients) is the transmission of
IDENTIFIABLE health data which can be accessed without the patient's
consent or knowledge,and may be used in ways that have nothing to do with
their health care.
There ARE techniques that allow info.to be de-identified , but specific,
so that only the treating team can identify the actual patient. The
accounts dept doesn't need to! Nor the DOH or PPA or the local DPH etc
etc....
Not many of us could run the technical side of a CSSD Dept -but we can
easily the define the standards that we expect when we use a pack of
sterile instruments or dressings.If those standards are not met, and we
know it then we are clearly negligent if we use them and knowingly put
the patient at risk.( Surgical outcomes depend on good sterilisation
methodology,rigorously applied in CSSD, just as much as the skill of the
surgeon)
Data security takes at least as much effort to achieve, and achieve on
every occasion.
In principle, use of IT in patient care seems to me to follow the same
principles- we know the standard we want, we Know how to access the
levels of technical expertise to design and validate safe systems for
patient data.We must ensure that our professional reps. and our
professional organisations access those necessary skills. And that we do .
Those skills are not in the toolkit of the most diligent clinician or DOH
civil servant.
...We just have to keep our eye on tne ball of medical privacy ALL the
time...
It ain't easy.
Rant mode off,as Declan would say.....Fleur Fisher.
Regards to macclesfield, Paul.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|