| Professor Peter R Croll PhD, FACS, FBCS CITP, CEng. |
|
BIO:
Professor Peter R Croll PhD, FACS, FBCS CITP, CEng.
Peter Croll is a research leader in Health Informatics with over 30 years’ experience
in ICT serving both industry and academia. At QUT he holds the chair for Software
Engineering in the Faculty of IT where he directs the e-health research group
focusing on risk and trust management of health information systems. He works
closely with CSIRO’s E-Health Research Centre on collaborative projects. This
includes a recent National Fellowship to support their Flagship on Preventative
Health to investigate the privacy and security risks associated with electronic health
data integration. His previous roles have included the directorships of an ICT research
institute and an IT research centre, Head of School of IT and Computer Science and
an academy director. He is currently a Fellow of both the Australian and the British
Computer Societies, a Chartered IT Professional and a Chartered Engineer. Peter
Croll has over 100 refereed publications in books, international journals and
conferences to include a citation in the IMIA 2007 year book. He is currently a
member of the technical committee for the Australian Law Reform Commission’s
review of the Federal Privacy Act, a Board Director of the Health Informatics Society
of Australia (HISA) Ltd. and he chairs the QLD branch of HISA and the national
forums for HIPS and ehPASS that focus on Health Informatics Privacy and Security.
Recently, Peter has established Better Life ICT a consultancy company to provide
ICT expertise for eHealth products and services. |
Title:
Privacy and Security of Health Data - the Risks and Challenges for e-Health. |
Abstract:
The need for confidentiality with patient’s personal data can be traced back over 2000
years to the ‘Hippocratic Oath’, i.e.: “What I may see or hear in the course of the
treatment or even outside of the treatment in regard to the life of men, which on no account
one must spread abroad, I will keep to myself, holding such things shameful to be spoken
about.” Medics encapsulate these values by only permitting discussion about an
individual’s condition to be confined within a practice or department for the primary
purpose of helping the patient concerned. Any secondary use of this information that
could, for example, advance our medical knowledge would not normally identify the
individual concerned (unless they consented to this). The more recent advancement of
digital technology and e-health is providing a revolution in both medical know-how
and healthcare provision. But with this advance the traditional boundaries are being
breached. The concept of confining information in written form to a physical location,
such as a surgery, is gradually disappearing. The remote and high speed access that
today’s digital technology brings presents new challenges and not only with
healthcare providers but for governments, the ICT industries, lawyers and individuals.
The individuals as patients have a right to privacy over any personal and sensitive
health data. They traditionally would talk to a doctor in confidence and assume that
the associated healthcare organisation would be able to adequately protect their
privacy. The knowledge required to keep a contemporary computer system secure is
extensive and often beyond that of the healthcare practitioner with the majority of
personal computers in use not being specifically designed with security in mind.
What makes Health any different? Why not simply regard this as an IT security
problem and leave it to the experts? ‘Security’ is focussed on keeping unauthorised
people out, whereas ‘Privacy’ is ensuring that only those that ‘need to know’ can
access information. Hence, privacy technologies have to operate both within and
outside any secure firewalls that have been established. Within an organisation,
barriers are often in place to prevent unauthorised viewing but these are often only at
the application level. Is this sufficient considering that any privacy violation can have
lifelong consequences? The fact is that the integrity of contemporary computer
systems is more suited to the financial industries where the consequences of revealed
data can be insured against and subsequently compensated for. More research and
development work is needed before we can trust that our IT systems are sufficiently
tuned to the specific requirements of healthcare and the many different people
associated with that care. This presentation is based on Prof Croll’s experiences with
national and international programs that have evaluated the risks and challenges with
the Security and Privacy of Health IT. |
|
|
