Abstract
In this article, we attempt to step back from the current dispute between the BMA and the government and describe it as a whole. We give a brief account of the origins and development of the BMA security policy and guidelines. We then summarise the feedback so far, and discuss its practical implications (which were the focus of official objections). Experience of pilot projects and systems overseas shows that many of the problems can be solved fairly easily by available technology.
The policy has clarified things significantly, and we now see that the remaining `hard’ problems are unavoidably political. They pit long established patient rights and professional privileges against the NHS’s Information Management and Technology Strategy, which directs healthcare computing investment away from clinical systems to build a series of databases that will make personal health information available centrally to administrators. Our investigation of this has been slowed (though not thwarted) by systematic official obstruction, which suggests that administrators are uncomfortably aware of the ethical problems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
‘Setting the Records Straight — A Study of Hospital Medical Records ’, Audit Commission„ June 1995
‘For Your Information — A Study of Information Management and Systems in the Acute Hospital ’, Audit Commission„ July 1995
“NHS wide networking and patient confidentiality”, RJ Anderson, in British Medical Journal v 310 no 6996 (1 July 1996) pp 5–6
‘NHS Network Security’, RJ Anderson, 30th May 1995
‘Security in Clinical Information Systems’, RJ Anderson, published by the British Medical Association, January 1996; also available from http://www.cl.cam.ac.uk/users/rja14/#Med/users/rja14/#Med
“Clinical system security: interim guidelines”, RJ Anderson, in British Medical Journal y 312 no 7023 (13 Jan 1996) pp 109–111
“Patient Confidentiality - At Risk from NHS Wide Networking”, RJ Anderson, to appear in Proceedings of Healthcare 96, March 96
“A Security Policy Model for Clinical Information Systems”, in Proceedings of the 1996 IEEE Symposium on Security and Privacy pp 30–43
DE Bell, LJ LaPadula, ‘Secure Computer Systems: Mathematical Foundations’, Mitre Corporation report ESD-TR-73–278
‘Chipkarten im Gesundheitswesen’, Bundesamt für Sicherheit in der Informationstechnik, Bundesanzeiger 4 May 1995
Submission from HBO 84 Company, J Baker
B Blobel, this volume
‘Pseudonymous Medical Registries’, E Boe, Norwegian Official Report 1993:22
`Draft guidance for the NHS on the confidentiality, use and disclosure of personal health information’, N Boyd, DoH, 10 August 1994
V Brannigan, personal communication
“Is your health history anyone’s business?” McCall’s Magazine 4/95 p 54, reported by M Bruce on Usenet newsgroup comp.society.privacy, 22 Mar 1995
“Confidentiality of medical records: the patient’s perspective”, D Carman, N Britten, British Journal of General Practice v 45 (September 95) pp 485–488
“Who’s reading your medical records?” Consumer Reports, Oct 94 pp 628–632
“A Comparison of Commercial and Military Computer Security Policies”, D Clark, D Wilson, in Proceedings of the 1987 IEEE Symposium on Security and Privacy pp 184–194
“Dorrell urges refocus over NHS technology”, in Computer Weekly (30/5/96)
Parliamentary question, H Cohen, 3/4/96
‘Security in Clinical Information Systems’, submission from J Crown, President, Faculty of Public Health Medicine, to BMA, 29/2/96
R Cushman, this volume
‘How to Keep a Clinical Confidence’, B Darley, A Griew, K McLoughlin, J Williams, HMSO 1994
NHS Data Manual, Technical Modules Volume 1 and 2, 1996
Submission from the Society of Occupational Medicine, D Dean, 12/4/96
“New Guidance on Computer Security Issued”, DoH press release, 8/12/96
“BMA warns doctors about government guidance on computer security”, BMA press release, 11/12/96
‘Cryptography and Data Security ’, DER Denning, Addison-Wesley 1982
‘A Strategy for Security of the Electronic Patient Record’, A Griew, R Currell, IHI, University of Wales, Aberystwyth, 14/3/95
‘Good Medical Practice’, General Medical Council
‘Confidentiality’, General Medical Council
“Privacy and Security of Personal Information in a New Health Care System”, LO Gostin, J Turek-Brezina, M Powers et al., in Journal of the American Medical Association y 20 (24/11/93) pp 2487–2493
“Contract minimum dataset includes confidential data”, in British Medical Journal v 312 (20/1/96) p 185
(HISS presentation to BMA IT Committee,24/4/96)
A Hassey, M Wellsthis volume
“HIV code prompts debate on privacy”, P Hagan, in Hospital Doctor (29/2/96) pp 16
Parliamentary reply, J Horam, 16/4/96
‘Information Technology Security Evaluation Criteria’, EU document COM(90) 314 (6/91)
“GMSC and RCGP guidelines for the extraction and use of data from general practitioner computer systems by organisations external to the practice”, Appendix III in ‘Committee on Standards of Data Extraction from General Practice Guidelines’ Joint Computer Group of the GMSC and the RCGP, 1988
“Nurse Jailed for Hacking into Computerised Prescription System”, in British Journal of Healthcare Computing and Information Management y 1 (94) p 7
S Jenkins, this volume
U Kohl, this volume
“Your Secrets for Sale”, N Luck, J Burns, The Daily Express, 16/2/94 pp 32–33
Private conversation with Peter Landrock
“ ‘Soundex’ codes of surnames provide confidentiality and accuracy in a national HIV database”, JY Mortimer, JA Salathiel, Communicable Disease Report v 5 no 12 (10 Nov 1995) pp R183–R186
Senior IMG official, letter to BMA, 22/6/95
Senior IMG official, letter to BMA, 7/9/95
Senior IMG official, talk on Radio Northampton, 11.10, 12/6/96
‘Information Systems Security: Top level policy for the NHS’, IMG document 2009 (b)
‘NWN Threats and Vulnerabilities’, 5 April 1995, IMG document NWNS/T1.22
‘NHS-wide networking: data security policy’, IMG document NWNS/T3.3
‘NHS wide networking security architecture’, 3 April 1995, IMG document NWNS/T1.21
Security Guide for IMPfT Specialists’, 3 April 1995, IMG document NWNS/T5.11
‘NHS/CCTA Internet Security Report’version 1.3
‘NHS IS Reference Manual’, December 1995
‘A Members’ Guide to the Intended Goals and Purposes of the IM&T Strategy’ R Neame, 3/3/96
R Neame, this volume
“GP Practice computer security survey”, RA Pitchford, S Kay, Journal of Informatics in Primary Care (September 95) pp 6–12
letter from DR Price to BMA, 28/5/96
M Rigbythis volume
Presentation to IEEE Symposium on Security and Privacy 96, T Rindfleisch, 7/5/96
R Roberts et al, this volume
“For Sale: your secret medical records for £150”, L Rogers, D Leppard, Sunday Times 26/11/95 pp 1–2
Senior NHS Executive official, letter to BMA, 20/12/94
Senior NHS Executive official, letter to BMA, 15/2/95
Senior NHS Executive official, letter to BMA, 13/12/96
Senior NHS Executive official, letter to BMA, 12/2/96
‘Applied Cryptography ’, B Schneier, second edition, Wiley 1995
Response on behalf of Conference Information Group, Prof. M Severs
GJ Simmons, personal communication, 1996
‘Medical Ethics Today - Its Practice and Philosophy ’, A Sommerville, BMA 1993
“The Active Badge Location System”, R Want, A Hopper, V Falcao, J Gibbons, in ACM Transactions on Information Systems y 10 no 1 (January 1992) pp 91–102
Submission on behalf of the ABPI, F Wells
Senior NHS medical officer, letter to BMA, 15/8/95
Senior NHS medical officer, letter to BMA, 17/11/95
The use of encryption and related services with the NHSnet’, prepared by Zergo Ltd for NHS Executive; document NHSE IMG E5254
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Anderson, R. (1997). An Update on the BMA Security Policy. In: Anderson, R. (eds) Personal Medical Information. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-59023-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-59023-8_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63244-3
Online ISBN: 978-3-642-59023-8
eBook Packages: Springer Book Archive