e-Health & Security
Reading Symantec's April Internet Risr Report (in the FT) I was struck by the following chart :-
I was surprised that healthcare is in the top three. It brought to mind once again the developments in e-Health in the UK. There has been considerable debate in the media about the security and privacy aspects of such a large all-encompassing system. The BBC reported in January that ministers had said that citizens would have the right to opt-out of the system. Sadly that has now been contradicted by Mr Granger himself, apparently noting that "the new system will be more secure than the paper records system".
The UK Department of Health's patient confidentiality guidelines make it clear that "a duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence". According to the guidelines, the duty of confidence :-
a) is a legal obligation that is derived from case law;
b) is a requirement established with professional codes of conduct; and
c) must be included within NHS employment contracts as a specific requirement linked to disciplinary procedures.
The guidelines then state :-
Patients entrust the NHS or allow it to gather sensitive information relating to their health and other matters as part of their seeking treatment. They do so in confidence and they have the legitimate expectation that staff will respect this trust, or may be unconscious, but this does not diminish the duty of confidence. It is essential, if the legal requirements are to be met and the trust of patients is to be retained, that the NHS provides, and is seen to provide, a confidential service.
The DOH provide "Guidance and policy about protecting the vast quantities of sensitive information handled by the NHS and its partners every day." One would feel more confident if the information it links to - Managing the security of NHS computer systems - wasn't last updated just after September 11, 2001:-
With doctors sounding the alarm bell Citizens are right to have privacy fears,