Personal Medical Information de Ross Anderson

Personal Medical Information: Security, Engineering, and Ethics

Ross Anderson

In the last few years, the protection of computerised medical records, and of other personal health information, has become the subject of both technical research and political dispute in a number of countries. In Britain, the issue arose initially as an argument between the British Me dical Association and the Department of Health over whether encryption should be used in a new medical network. In Germany, the focus was the issue to all patients of a smartcard to hold insurance details and facilitate payment; while in the USA, the debate has been whether federal law should preempt state re gulation of computerised medical records, and if so, what technical and legal protection should be afforded the patient. Whatever the origin and evolution of this debate in specific countries, it has become clear that policy and technical matters are closely intertwined. What does 'computer security' mean in the medical context? What are we trying to do? What are the threats that we are trying to forestall? What costs might reasonably be incurred? To what extent is the existing technology - largely developed to meet military and banking requirements - of use? And perhaps hardest of all, what is the right balance between technical and legal controls? As the debate spread, it became clear that there was little serious contact between the people who could state the requirements - clinical professionals, medical ethicists and patients - and the people who could explore how to meet

Citește tot Restrânge

Cuprins

Information and the NHS (For me or for them)?.- Chances, Risks and Side Effects of Chip Cards in Medicine: A Technology Assessment Study from Germany.- Exceptionalism Redux: How Different is Health Care Informatics?.- Clinical Record Systems in Oncology. Experiences and Developments on Cancer Registers in Eastern Germany.- Organisation of General Practice: Implications for IM&T in the NHS.- Practical Protection of Confidentiality in Acute Health Care.- Clinical Systems Security — Implementing the BMA Policy and Guidelines.- User-Oriented Control of Personal Information Security in Communication Systems.- Information Management as Risk Management.- Responsibility Modelling: A New Approach to the Re-alignment and Re-engineering of Health-Care Organisations.- Keeping Confidence in Confidentiality: Linking Ethics, Efficacy, and Opportunity in Health Care Computing.- Electronic Patient Records: Usability vs Security, with Special Reference to Mental Health Records.- Security and Confidentiality Issues Relating to the Electronic Interchange of Clinical Data.- Privacy Oriented Clearing for the German Health-Care System.- Personal Health Data on Optical Memory Cards in Isehara City.- The Perspective of Medical Ethics.- Legal Requirements for Computer Security: An American Perspective.- U.S. Health Information Privacy Policy: Theory and Practice.- Managing Health Data Privacy and Security: A Case Study from New Zealand.- An Update on the BMA Security Policy.- Author Index.