Why bother about Protecting the Confidentiality - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Why bother about Protecting the Confidentiality

Description:

Why bother about Protecting the Confidentiality & Security of HIV Information? Eddy Beck, Evidence, Monitoring & Policy Department, UNAIDS, Geneva – PowerPoint PPT presentation

Number of Views:138
Avg rating:3.0/5.0
Slides: 38
Provided by: Eddy66
Category:

less

Transcript and Presenter's Notes

Title: Why bother about Protecting the Confidentiality


1
Why bother about Protecting the Confidentiality
Security of HIV Information?
  • Eddy Beck,
  • Evidence, Monitoring Policy Department, UNAIDS,
    Geneva

2
Main objectives of HIV programs services
  • Reduce the number of people being infected with
    HIV
  • Improve the quantity and quality of life of
    people living with HIV

3
(No Transcript)
4
(No Transcript)
5
(No Transcript)
6
Universal Access
  • The current program under which the UN family is
    currently focussing its efforts
  • Followed on from 3 by 5
  • Wider context of the Millenium Development Goals
  • Scaling up prevention, treatment, care and
    support services.
  • National targets set by countries, involving
    professionals, civil servants, politicians and
    members of civil society

7
Criteria of success of any intervention, program
or service
  • Effectiveness the outcome and impact of a
    certain intervention, program or services
  • Efficiency the resources required to achieve an
    certain outcome or impact.
  • Equity who benefit from the intervention,
    program or services?
  • Acceptability how acceptable is the
    intervention, program or service to users and
    providers?

8
In order to optimize service provision,
individual level data provides a very important
source of information
  • to improve services provided for individuals and
    where possible provide integrated seamless
    services.
  • Use individual level information for monitoring,
    evaluation and surveillance

9
(No Transcript)
10
Developing the Third One in countries
  • To assist countries to develop their HIV
    information systems, the international community
    has been assisting countries in developing some
    of the basic building blocks for national HIV
    information systems

11
GLOBAL AGENCIES, DONORS
INDICATOR DATABASES CRIS/HEALTH MAPPER DevINFO/
KIDS etc.
NATIONAL MINISTRIES, SUB-NATIONAL, LOCAL
ADMINISTRATORS
Monitoring
XML
INDICATOR REGISTRY
Evaluation
HL7 / XML
ACADEMICS, NGOs INDUSTRY etc.
XML / HL7
HMIS
HIV DATA WAREHOUSE
OTHER DATA SOURCES eg SOCIAL SECURITY, VITAL
STATISTICS, LABOUR, ECONOMIC STATISTICS CENSUS
DATA, STUDIES, DHS etc
HL7/ PAPER
HEALTH FACILITY
COMMUNITY
12
The amount data being collected and stored is
increasing enormously, affecting peoples lives
in many ways.
  • A story from the field Tanzania

13
(No Transcript)
14
Another story from the field.
  • .United Kingdom

15
Missing discs from HM Revenue Customs Office
  • In November 2007, two computer discs holding the
    personal details of all families in the UK with a
    child under 16 went missing this involved 7.3
    million families 25 million individuals.
  • The Child Benefit data on them included name,
    address, date of birth, National Insurance number
    and, where relevant, bank details of 25 million
    people.

16
Missing discs from HM Revenue Customs Office 2
  • A password protected disc containing a full copy
    of HMRC's entire data in relation to the payment
    of child benefit was sent to the National Audit
    Office, by HMRC's internal post system operated
    by the courier TNT on two separate occasions.
  • Each time, the package was not recorded or
    registered and on these two occasions the data
    failed to reach the addressee in the NAO."

17
Geneva 2006 Workshop
  • A three-day Workshop was held in Geneva,
    Switzerland 15th-17th May 2006,
  • The Workshops aim was to develop draft
    guidelines on protecting the confidentiality and
    security of HIV information, and to produce a
    plan to field test them within countries.
  • It was attended by a multidisciplinary group of
    health professionals, country representatives and
    community members, including people living with
    HIV.
  • It involved plenary sessions and small and large
    group work.

18

GUIDELINES on PROTECTING the CONFIDENTIALITY and
SECURITY of HIV INFORMATION Proceedings from a
Workshop 15-17 May 2006, Geneva, Switzerland

INTERIM GUIDELINES 15 May 2007 http//www.un
aids.org/en/HIV_data/Confidentiality_HIV_informati
on/default.asp
19
  • The purpose of defining information
    confidentiality and security principles is to
    ensure that data are used to serve the
    improvement of health, as well as the reduction
    of harm, for all people, healthy and not healthy.

20
Pursuing this goal involves an ongoing process of
refining the balance between
  • maximizing of benefits benefits that can and
    should come from the wise and fullest use of
    data, and
  • protection from harm harm that can result from
    either malicious or inadvertent inappropriate
    release of individually identifiable data.

21
  • Security against access is not an end in itself
  • Legitimate access to essential data must also be
    secured.
  • Appropriate policy, procedures, and technical
    methods must be balanced to secure both
    individual and public protections.

22
Interrelated Concepts related to Data Protection
  • Privacy , which is both a legal and an ethical
    concept. The legal concept refers to the legal
    protection that has been accorded to an
    individual to control both access to and use of
    personal information and provides the overall
    framework within which both confidentiality and
    security are implemented.
  • Confidentiality, which relates to the right of
    individuals to protection of their data.
  • Security which is a collection of technical
    approaches that address issues covering physical,
    electronic, and procedural aspects of protecting
    information.

23
(No Transcript)
24
Technical Issues Covered
  • Technical Guidelines
  • Types of data (identifiable, anonymized,
    psuedo-anonymized)
  • Organization and procedures
  • Collection of personally identifiable data
  • Storage of confidential data
  • Use of data
  • Dissemination of information
  • Disposal of information

25
Response to the Interim Confidentiality and
Security Guidelines
  • Has been very positive
  • Both from middle- and lower-income countries
  • Also from high-income countries

26
Developments since the 2006 Workshop
  • Interim Guidelines published on the 15th May 2007
    and available on the UNAIDS web-site
  • Country Questionnaire was developed based on the
    Guidelines.
  • Country assessment tool is in the process of
    being developed MACRO
  • Country workshops started Botswana
  • Workshop was recently held on developing Unique
    Health Service Identifiers

27
Country Questionnaires
  • Questionnaire was developed based on the Interim
    Guidelines.
  • Two versions were developed one for countries
    which claimed that they had already developed
    such guidelines and a second for countries which
    had not.
  • Content of the questionnaires were the same but
    questions were phrased differently
  • Both questionnaires were piloted, revised and
    translated into French, Spanish, Portuguese and
    Russian

28
Country Questionnaires
  • Questionnaires were sent to 80 UNAIDS country
    offices, covering 98 countries, with the request
    to engage country PEPFAR staff, country
    professionals or other relevant local informants.
  • 78 completed questionnaires were returned
  • 21 from countries claimed to have developed
    guidelines (G-countries) and 57 which had not
    developed them (NG-countries).

29
Country Questionnaires
  • covered three broad areas
  • existence of privacy laws in the country
  • Existence of HIV information system
  • Technical aspects
  • For the analyses, the 54 questions were
    aggregated under 6 broad areas, which enabled an
    aggregate standardized country score to be
    calculated
  • Information infrastructure
  • Country policies
  • Data collection
  • Data storage
  • Data access
  • Data transfer

30
Results
  • No significant associations were found between
    country scores and
  • HIV prevalence,
  • GNP per capita
  • OECD country classification
  • PEPFAR country
  • Significant associations were observed between
    scores and being a G- or NG-country

31
Categories Median score (IQR) range N78 (p-values based on Mann-Whitney U test) Median score (IQR) range N78 (p-values based on Mann-Whitney U test) Median score (IQR) range N78 (p-values based on Mann-Whitney U test) Median score (IQR) range N78 (p-values based on Mann-Whitney U test)
overall A Guidelines N21 B No Guidelines N57 p-value
Information infrastructure Privacy law Consent for data collection HIV policy framework ME framework categories 69.6 (52.5 to 91.7) 10 to 100 82.5 (65.0 to 95.8) 52.5 to 100 65.0 (44.2 to 86.7) 10 to 100 0.010
Country Policies Existence of CS policy Development process Policy dissemination Sectoral coverage of policy Existence of site manager for policy Breach management Aspect coverage of policy Governance 80 (72.5 to 100) 0 to 100 75.7 (63.7 to 92.1) 20 to 100 83.0 (75.6 to 100.0) 0 to 100 0.027
Data Collection Collection types Collection method 59.6 (41.8 to 69.7) 0 to 93.8 49.5 (26.4 to 59.6) 0 to 87.5 61.1 (47.1 to 71.2) 0 to 93.7 0.028
Data Storage Storage System availability 69.8 (44.5 to 80.5) 0 to 97.7 13.6 (0.0 to 60.7) 0 to 73.4 73.5 (64.3 to 82.8) 0.0 to 97.7 lt0.001
Data Access Access data preparation for dissemination Access staff preparation Access internal users Access external users 65.9 (33.6 to 75.5) 2.5 to 89.1 26.6 (17.0 to 49.7) 2.5 to 74.7 71.3 (59.2 to 78.1) 2.5 to 89.1 lt0.001
Data Transfer Data transfer 64.3 (21.4 to 71.4) 0 to 100 0 (0 to 28.6) 0 to 78.6 64.3 (50.0 to 78.6) 0 to 100 lt0.001
32
Conclusions
  • Comparison between G- and NG-countries to some
    extent reflected reality versus wish-list
  • None of the G-countries did have guidelines to
    the extent as described in the Interim
    Guidelines.
  • The adaptation, adoption and implementation of
    the Interim Guidelines will require resources,
    which may be problematic in some low-resource
    situations.
  • The Interim Guidelines are based on an
    human-rights approach, which may - not yet - be
    operative in all countries

33
Unique Health Service Identifier Workshop
  • Held in Montreux 24th-26th February 2008
  • Grounded on the Interim Guidelines and a large
    number of the attendees of the 2006 Workshop
    attended and the format used was very similar
  • Main outcome that participants agreed for the
    need for countries to develop unique health
    service identifiers, leaving the way open for
    including other services social, labour,
    educational services at a later stage.
  • Should be separate from a national ID number

34
Next steps
  • Publish the country findings in more detail
  • Publish the proceedings of the Unique Health
    Service Identifier Workshop
  • Need a follow up meeting to focus on the
    technical aspects of country health service
    identifiers
  • Work with select number of pilot countries to
    facilitate the adaptation, adoption and
    implementation of the Confidentiality Security
    and Health Service Identifier Guidelines
  • Needs to be integrated with the development of
    the country health information system

35
(No Transcript)
36
Finally
  • . the greatest threats to information
    systems are generally not from outside attack,
    but rather from issues inherent in the system
    design and implementation.
  • These threats fall into two categories
    non-availability of data due to system failure
    and user errors.

37
Thank you
Write a Comment
User Comments (0)
About PowerShow.com