Why bother about Protecting the Confidentiality

1
Why bother about Protecting the Confidentiality
Security of HIV Information?

• Eddy Beck,
• Evidence, Monitoring Policy Department, UNAIDS,
  Geneva

2
Main objectives of HIV programs services

• Reduce the number of people being infected with
  HIV
• Improve the quantity and quality of life of
  people living with HIV

3
(No Transcript)
4
(No Transcript)
5
(No Transcript)
6
Universal Access

• The current program under which the UN family is
  currently focussing its efforts
• Followed on from 3 by 5
• Wider context of the Millenium Development Goals
• Scaling up prevention, treatment, care and
  support services.
• National targets set by countries, involving
  professionals, civil servants, politicians and
  members of civil society

7
Criteria of success of any intervention, program
or service

• Effectiveness the outcome and impact of a
  certain intervention, program or services
• Efficiency the resources required to achieve an
  certain outcome or impact.
• Equity who benefit from the intervention,
  program or services?
• Acceptability how acceptable is the
  intervention, program or service to users and
  providers?

8
In order to optimize service provision,
individual level data provides a very important
source of information

• to improve services provided for individuals and
  where possible provide integrated seamless
  services.
• Use individual level information for monitoring,
  evaluation and surveillance

9
(No Transcript)
10
Developing the Third One in countries

• To assist countries to develop their HIV
  information systems, the international community
  has been assisting countries in developing some
  of the basic building blocks for national HIV
  information systems

11
GLOBAL AGENCIES, DONORS
INDICATOR DATABASES CRIS/HEALTH MAPPER DevINFO/
KIDS etc.
NATIONAL MINISTRIES, SUB-NATIONAL, LOCAL
ADMINISTRATORS
Monitoring
XML
INDICATOR REGISTRY
Evaluation
HL7 / XML
ACADEMICS, NGOs INDUSTRY etc.
XML / HL7
HMIS
HIV DATA WAREHOUSE
OTHER DATA SOURCES eg SOCIAL SECURITY, VITAL
STATISTICS, LABOUR, ECONOMIC STATISTICS CENSUS
DATA, STUDIES, DHS etc
HL7/ PAPER
HEALTH FACILITY
COMMUNITY
12
The amount data being collected and stored is
increasing enormously, affecting peoples lives
in many ways.

• A story from the field Tanzania

13
(No Transcript)
14
Another story from the field.

• .United Kingdom

15
Missing discs from HM Revenue Customs Office

• In November 2007, two computer discs holding the
  personal details of all families in the UK with a
  child under 16 went missing this involved 7.3
  million families 25 million individuals.
• The Child Benefit data on them included name,
  address, date of birth, National Insurance number
  and, where relevant, bank details of 25 million
  people.

16
Missing discs from HM Revenue Customs Office 2

• A password protected disc containing a full copy
  of HMRC's entire data in relation to the payment
  of child benefit was sent to the National Audit
  Office, by HMRC's internal post system operated
  by the courier TNT on two separate occasions.
• Each time, the package was not recorded or
  registered and on these two occasions the data
  failed to reach the addressee in the NAO."

17
Geneva 2006 Workshop

• A three-day Workshop was held in Geneva,
  Switzerland 15th-17th May 2006,
• The Workshops aim was to develop draft
  guidelines on protecting the confidentiality and
  security of HIV information, and to produce a
  plan to field test them within countries.
• It was attended by a multidisciplinary group of
  health professionals, country representatives and
  community members, including people living with
  HIV.
• It involved plenary sessions and small and large
  group work.

18

GUIDELINES on PROTECTING the CONFIDENTIALITY and
SECURITY of HIV INFORMATION Proceedings from a
Workshop 15-17 May 2006, Geneva, Switzerland

INTERIM GUIDELINES 15 May 2007 http//www.un
aids.org/en/HIV_data/Confidentiality_HIV_informati
on/default.asp
19

• The purpose of defining information
  confidentiality and security principles is to
  ensure that data are used to serve the
  improvement of health, as well as the reduction
  of harm, for all people, healthy and not healthy.

20
Pursuing this goal involves an ongoing process of
refining the balance between

• maximizing of benefits benefits that can and
  should come from the wise and fullest use of
  data, and
• protection from harm harm that can result from
  either malicious or inadvertent inappropriate
  release of individually identifiable data.

21

• Security against access is not an end in itself
• Legitimate access to essential data must also be
  secured.
• Appropriate policy, procedures, and technical
  methods must be balanced to secure both
  individual and public protections.

22
Interrelated Concepts related to Data Protection

• Privacy , which is both a legal and an ethical
  concept. The legal concept refers to the legal
  protection that has been accorded to an
  individual to control both access to and use of
  personal information and provides the overall
  framework within which both confidentiality and
  security are implemented.
• Confidentiality, which relates to the right of
  individuals to protection of their data.
• Security which is a collection of technical
  approaches that address issues covering physical,
  electronic, and procedural aspects of protecting
  information.

23
(No Transcript)
24
Technical Issues Covered

• Technical Guidelines
• Types of data (identifiable, anonymized,
  psuedo-anonymized)
• Organization and procedures
• Collection of personally identifiable data
• Storage of confidential data
• Use of data
• Dissemination of information
• Disposal of information

25
Response to the Interim Confidentiality and
Security Guidelines

• Has been very positive
• Both from middle- and lower-income countries
• Also from high-income countries

26
Developments since the 2006 Workshop

• Interim Guidelines published on the 15th May 2007
  and available on the UNAIDS web-site
• Country Questionnaire was developed based on the
  Guidelines.
• Country assessment tool is in the process of
  being developed MACRO
• Country workshops started Botswana
• Workshop was recently held on developing Unique
  Health Service Identifiers

27
Country Questionnaires

• Questionnaire was developed based on the Interim
  Guidelines.
• Two versions were developed one for countries
  which claimed that they had already developed
  such guidelines and a second for countries which
  had not.
• Content of the questionnaires were the same but
  questions were phrased differently
• Both questionnaires were piloted, revised and
  translated into French, Spanish, Portuguese and
  Russian

28
Country Questionnaires

• Questionnaires were sent to 80 UNAIDS country
  offices, covering 98 countries, with the request
  to engage country PEPFAR staff, country
  professionals or other relevant local informants.
• 78 completed questionnaires were returned
• 21 from countries claimed to have developed
  guidelines (G-countries) and 57 which had not
  developed them (NG-countries).

29
Country Questionnaires

• covered three broad areas
• existence of privacy laws in the country
• Existence of HIV information system
• Technical aspects
• For the analyses, the 54 questions were
  aggregated under 6 broad areas, which enabled an
  aggregate standardized country score to be
  calculated
• Information infrastructure
• Country policies
• Data collection
• Data storage
• Data access
• Data transfer

30
Results

• No significant associations were found between
  country scores and
• HIV prevalence,
• GNP per capita
• OECD country classification
• PEPFAR country
• Significant associations were observed between
  scores and being a G- or NG-country

31
Categories Median score (IQR) range N78 (p-values based on Mann-Whitney U test) Median score (IQR) range N78 (p-values based on Mann-Whitney U test) Median score (IQR) range N78 (p-values based on Mann-Whitney U test) Median score (IQR) range N78 (p-values based on Mann-Whitney U test)
overall A Guidelines N21 B No Guidelines N57 p-value
Information infrastructure Privacy law Consent for data collection HIV policy framework ME framework categories 69.6 (52.5 to 91.7) 10 to 100 82.5 (65.0 to 95.8) 52.5 to 100 65.0 (44.2 to 86.7) 10 to 100 0.010
Country Policies Existence of CS policy Development process Policy dissemination Sectoral coverage of policy Existence of site manager for policy Breach management Aspect coverage of policy Governance 80 (72.5 to 100) 0 to 100 75.7 (63.7 to 92.1) 20 to 100 83.0 (75.6 to 100.0) 0 to 100 0.027
Data Collection Collection types Collection method 59.6 (41.8 to 69.7) 0 to 93.8 49.5 (26.4 to 59.6) 0 to 87.5 61.1 (47.1 to 71.2) 0 to 93.7 0.028
Data Storage Storage System availability 69.8 (44.5 to 80.5) 0 to 97.7 13.6 (0.0 to 60.7) 0 to 73.4 73.5 (64.3 to 82.8) 0.0 to 97.7 lt0.001
Data Access Access data preparation for dissemination Access staff preparation Access internal users Access external users 65.9 (33.6 to 75.5) 2.5 to 89.1 26.6 (17.0 to 49.7) 2.5 to 74.7 71.3 (59.2 to 78.1) 2.5 to 89.1 lt0.001
Data Transfer Data transfer 64.3 (21.4 to 71.4) 0 to 100 0 (0 to 28.6) 0 to 78.6 64.3 (50.0 to 78.6) 0 to 100 lt0.001
32
Conclusions

• Comparison between G- and NG-countries to some
  extent reflected reality versus wish-list
• None of the G-countries did have guidelines to
  the extent as described in the Interim
  Guidelines.
• The adaptation, adoption and implementation of
  the Interim Guidelines will require resources,
  which may be problematic in some low-resource
  situations.
• The Interim Guidelines are based on an
  human-rights approach, which may - not yet - be
  operative in all countries

33
Unique Health Service Identifier Workshop

• Held in Montreux 24th-26th February 2008
• Grounded on the Interim Guidelines and a large
  number of the attendees of the 2006 Workshop
  attended and the format used was very similar
• Main outcome that participants agreed for the
  need for countries to develop unique health
  service identifiers, leaving the way open for
  including other services social, labour,
  educational services at a later stage.
• Should be separate from a national ID number

34
Next steps

• Publish the country findings in more detail
• Publish the proceedings of the Unique Health
  Service Identifier Workshop
• Need a follow up meeting to focus on the
  technical aspects of country health service
  identifiers
• Work with select number of pilot countries to
  facilitate the adaptation, adoption and
  implementation of the Confidentiality Security
  and Health Service Identifier Guidelines
• Needs to be integrated with the development of
  the country health information system

35
(No Transcript)
36
Finally

• . the greatest threats to information
  systems are generally not from outside attack,
  but rather from issues inherent in the system
  design and implementation.
• These threats fall into two categories
  non-availability of data due to system failure
  and user errors.

37
Thank you