Patient data and security: an overview

The requirement for the confidentiality of personal medical information was clearly understood nearly two and a half millennia ago and has since been embodied in the Hippocratic Oath. More recently, this requirement has been evident from the earliest development of medical informatics. It derives directly from the professional code of ethics of all health professionals and it has provided a basic underpinning for discussions between clinicians and informaticians in their development of all computer based systems holding personal health information. This concern is exemplified by Peterson and Turn [1], Freed [2], Acheson [3], Witts [4] and Curran [5]. Collen [6] sets out this requirement in his book on hospital computer systems. At this stage, computing systems were restricted in number and power and the worries were those of a breach of privacy and the Orwellian concerns about ‘Big Brother’. The available systems were difficult and tedious to use, the software took a great deal of time to develop and the major concern of the technical staff was to develop a system that would work satisfactorily within a practical health care environment. Project control was, and remains, a major issue for the development of complex systems. In reviewing the approach taken when the system at the London Hospital had been developed it was recorded by Barber et al. [7] that the system had been developed such that: “ in terms of confidentiality the computer system should be at least as effective as the previous manual system; “ and that the measures employed to further confidentiality of information should not be so cumbersome as to destroy the advantages of the system.

[1]  B Barber,et al.  The six safety first principles of health information systems: a programme of implementation. Part 1. Safety and security. , 1991, Studies in health technology and informatics.

[2]  Gerrit Bleumer,et al.  AIM (Advanced Informatics in Medicine) Secure Environment for Information Systems in MEDicine SEISMED (A2033) , 1995 .

[3]  B Barber,et al.  Some problems of confidentiality in medical computing. , 1976, Journal of medical ethics.

[4]  A. Patel Secure Environment for Information Systems in Medicine , 1993, Proceedings. The Third International Conference on Image Management and Communication in Patient Care.

[5]  B Barber,et al.  The six safety first principles of health information systems: a programme of implementation. Part 2. The environment, convenience and legal issues. , 1991, Studies in health technology and informatics.

[6]  Gerd Griesser Data Protection in Health Information Systems: Considerations and Guidelines , 1980 .

[7]  Roy N. Freed Legal Aspects of Computer Use in Medicine , 1967 .

[8]  Richard Hackworth,et al.  OECD 'Guidelines for the Security of Information Systems" , 1993, Security and Control of Information Technology in Society.

[9]  W J Curran,et al.  Privacy, confidentiality and other legal considerations in the establishment of a centralized health-data system. , 1969, The New England journal of medicine.

[10]  Gerd Griesser Data protection in health information systems--where do we stand? : proceedings of the IFIP-IMIA WG 4 Working Conference on Data Protection in Health Information Systems, Kiel F.R.G., September 7-10, 1982 , 1983 .

[11]  E D Acheson,et al.  Linkage of medical records. , 1968, British medical bulletin.

[12]  Clifford Stoll,et al.  The Cuckoo's Egg , 1989 .

[13]  H. E. Petersen,et al.  System implications of information privacy , 1899, AFIPS '67 (Spring).