Privacy and Security in National eHealth Systems

1
Privacy and Security in National e-Health Systems

• Peter R. Croll
• Professor of Software Engineering Information
  Security Institute Faculty of Information
  Technology
• Queensland University of Technology (QUT),
  Brisbane, Australia
• Presentation for IACITS-2007 3rd Indo-Australian
  Conference
• on Information Technology Security, 9th -10th
  July 2007, ISI QUT, Brisbane

2
National e-health agendas Global

• UKs NHS priorities is Choose and book
  whole-of-system appointment scheduling, initial
  costs AU17,000 million.
• Health Insurance Portability and Accountability
  Act (HIPAA) USA some estimates between 3-10
  times cost of YK2. Involves Privacy Rule,
  Security Rule, UPI Rule.
• Canada Health Infoway (EHR 1.1B federal
  government funding)
• i2010 e.g. 1,000 million in digital
  technologies for Europeans to age well

3
National e-health agenda - Australia

• HealthConnect 128 million total, e.g. Broadband
  for Health Program is a 69 million Australian
  Government program to provide broadband Internet
  access to GPs, Aboriginal Community Health
  Services and Community Pharmacies nationwide.
• Electronic Prescribing/Dispensing of Medicines
  effective 1 Mar 2007
• HealthInsite web gateway to quality health
  info.
• Medicare Medical Access Card (1,100 million)
• NEHTA a single healthcare provider identifier
  (53 million) creating a unique health ID number
  system for all Australians (45 million) and
  developing a common clinical language to support
  the electronic exchange of critical data (32
  million)
• NCRIS National Collaborative Research
  Infrastructure Strategy 500 million, population
  health (20 million) e-research (70 million)
• Privacy Law reform (ALRC)

4
NEHTA - National E-Health Transition Authority

• Standards
• Interoperability
• Secure messaging
• Unique Health Identifiers
• Privacy of Sensitive Data
• Shared Electronic Health Record

5
Is there a problem

• ... about specifying e-health standards that are
  not yet tested and proven internationally?
• There is intensive work on this and it's moving
  quickly, so we're confident those international
  regimes will be in place. Web services and
  service-oriented architecture are still evolving,
  but there's enough there to give us confidence
  it's the sensible approach.
• Aus IT, Doing the numbers on e-health, Ian
  Reinecke, CEO, NEHTA

6
Privacy and Related Legislation in Australia
NEHTA states that privacy protection in Australia
is a complex patchwork It is considered
possible to navigate the existing privacy
environment although this is not without some
risk and may require future changes.
7
(No Transcript)
8
The key questions

• i) Are people overreacting to privacy issues?
• ii) Do we need to establish a culture of
  compliance (enforced or encouraged)?
• iii) Does Information Technology significantly
  add to this complexity?
• iv) What role can IT have with compliance?

9
Are people overreacting to privacy issues?

• To understand this what do we mean by Privacy?
• Physical Privacy
• Communication Privacy
• Personal Privacy
• Information Privacy?
• Focus on Information Privacy Security ?
  Privacy
• specifically digital electronic information

WHAT YOU STARING AT?
10
Privacy Health Information
Media release Australian Law Reform
Commission Monday 9 October 2006 Computers,
biometrics and Gen Y Is privacy passé? Do
Australians feel that their privacy is adequately
protected? Is it possible for privacy laws to
keep up with technology such as data matching,
facial recognition and even body odour
measurement? Do younger people care as much about
privacy as their elders?

• More Specifically Health information
  Sensitive Information
• Erroneous financial transactions are reversible
  unwarranted health disclosure is for life!

11
In US one report a week on health privacy /
security concerns
GAO Health care privacy breaches
widespread But the frequency and severity of the
breaches is unclear Linda Rosencrance   Todays
Top Stories    or  Other Privacy Stories  
September 06, 2006 (Computerworld) -- More
than 40 of U.S. Medicare contractors and state
Medicaid agencies have experienced a privacy
breach involving personal health information --
although the frequency or severity of the
breaches remains unclear, according to report
released yesterday by the U.S. Government
Accountability Office (download PDF).

• In Australia the Medical Access Card received 72
  submissions many concerned about privacy

12
Do we need to establish a culture of compliance
(enforced or encouraged)?

• Case studies show a mixed response
• Each organization differs in its approach to
  quality assurance
• State laws differ - as does their interpretation
• The individuals responsible differ in their
  training, knowledge and approach
• A generic analysis would be challenging and
  often inappropriate (based on international
  risk standards)

13
What are the risks of non or partial compliance?

• Risk analysis identified following consequences
• Data not supplied by patients/custodians
• Patients offended take legal action
• Research rejected by HREC (ethics)
• Screening and prevention programs halted
• Loss of reputation and/or income
• Medical knowledge not advanced
• Incorrect treatment

14
UK Council for Science and Technology Personal
Information Risks identified

• loss of confidence and trust in privacy
• unauthorised use of personal data
• exploitation of individual citizens for
  commercial gain
• statistical discrimination (e.g. creating a
  sub-culture of non-participation by individuals)
• technical risks such as database failure or
  incapacitation (e.g. by spam or unmanageable
  volumes of data)
• poor data quality
• cyber-terrorism

15
Undertake a Privacy Impact Assessment?

• A PIA can be a valuable tool to help identify
  what needs to be done to ensure a projects
  compliance with privacy legislation

Key questions to be answered through analysis
phase of the PIA Q1 Does the project comply
with privacy legislation and agency-specific
legislative requirements?
16
Does Information Technology significantly add to
this complexity?

• Consider PIAs identified privacy risks
• Collecting unnecessary or irrelevant personal
  information, or intrusive collection.
• Bulk collection of personal information, some of
  which is unnecessary or irrelevant.
• Individuals unaware of collection or its purpose.
• Covert collection is generally highly privacy
  invasive, and should only occur under prescribed
  circumstances.
• Using personal information for unplanned
  secondary purposes.
• Unnecessary or unplanned data linkage.
• Disclosures not originally planned can lead to
  privacy complaints
• Inaccurate information can cause problems for
  agencies and individuals.
• Unauthorised internal and external access and
  use.
• Retaining personal information unnecessarily.
• Making decisions based on poor quality data.

17
What role can IT have with compliance?

• US corporations today face a large and expanding
  regulatory compliance regime that affects
  corporate governance, one of the most significant
  obligations being the Sarbanes-Oxley Act of 2002.

Leaders4, 80-20 Software Pty Ltd,
http//www.80-20.com/
Questionnaire based risk assessment software has
been commercially developed for principal
executive and financial officers allowing easy
visibility of compliance processes and can
therefore demonstrate a commitment to good
governance
18
P-health Demonstrator

• Certs containing
• Data Source
• Expiry dates
• User details
• Access Control
• Types of usage, e.g. PPA
• Expansion

Digital Certificates
UsersWeb Interface
Reports / Text files
JSP / Java engine
List of Questions
Navigation Rules
Certificate Details / Project Spec
Admin Interface
19
(No Transcript)
20
Based on text files - simple to add to and
maintain

• ---Project Default Project
• Page1
• _at_Text
• Size 40
• Title of Your Research Project
• QH
• _at_Text
• Size 8
• Start Date of Your Project
• 01/01/06
• _at_Text
• Size 8
• End Date of Your Project (2 Years Max.)
• 31/12/07
• _at_Checkbox
• Name States

_at_Radio Does the project have ethical
clearance? Yes lt- No _at_Text Size 11 What is the
approval number? 9999-999-99 _at_Checkbox On
Other item sources Which of the following
sources do you wish to access? Cancer
Registry Perinatal Statistics Collection Pap
Smear Register Breast Screen Registry Hospital
Admitted Patient Data Ambulance Electoral
roll Other
21
Report and Certification
Report can be exported into a standard form to
suit
Digital Signature certificate can include
end dates to terminate access, etc.
22
many stakeholders many viewpoints

• Clinicians
• Managers
• Data Custodians
• Legal / Policy Officers
• IT technicians
• Clients (patients)

23
Static Risks
24
Dynamic Risks
25
Calculated Risks
26
Perceived Risks
27
Questions?