• Like
  • Save
Health Data Privacy and Security in the NZDF
Upcoming SlideShare
Loading in...5
×
 

Health Data Privacy and Security in the NZDF

on

  • 793 views

Karl Cole

Karl Cole
ProCare
(Formerly doctor in the NZ Army)

Statistics

Views

Total Views
793
Views on SlideShare
793
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Health Data Privacy and Security in the NZDF Health Data Privacy and Security in the NZDF Presentation Transcript

    • NZDF Health Information system It would be easy if it wasn’t for security
    • Overview Military medicine 101 East Timor lessons learnt Post game analysis,. Audit general report DMIS Security Strategy
    • Military medicine To Serve, team players, motivated to be “fit to deploy” Patient records have same protection as civilians, except in extreme case. – Confidentiality cornerstone. similar to a rural civilian medical centre. Doctor as Officer, works for Organisation also. Health and wellness focus, more integration with HR, other aspects org.
    • If you are lucky….
    • Military populations - deployment D/BI Disease was major cause of death. 7 Mil Med works!! 6 5 – Minimizing impact of illness on deployed force 4 – Major advances in last 3 0.05 50 years 2 1 JFHQ level planning 0 Wellness and force M ex ican W ar C iv il W ar S p an ish -A m erican W ar WW1 WW2 K o rean V ietn am protection focus – Health threat assessment – Education plan • Bugs are still there…..
    • DMIS Command and Control systems
    • East Timor, the year is 2001 What was the records system like?
    • Most innovative Records
    • Security, what security?
    • Past and Present Disjointed databases Paper record mainly – Focused on occupational grading – Loose leaf, enclosed Chronologically – Multi problem was a problem….. Recall and follow up. – Geographical, reminders difficult. Looking back past last medical board,….
    • Audit Report Auditor – Generals report • Difficulty in determining numbers meeting vaccine requirements, access to JEV.. • Incomplete medical records • Labour intensive • Inadequate health surveillance systems and linking risk factor to clinical outcomes RECOMMENDED – Joint electronic medical information system – That meets individual care as well as organisational and operational wider planning requirements.
    • The future…… some ideas Improved medical records access, DMIS, health planning Improved tracking of individual health. Population Health surveillance/KPI from clinical databases. – Geo coding – Bio strain measurer. Cohort studies, should each deployment be a virtual cohort study? linked via NHI, when leave service – Cohort follow up. (US have a “2000 cohort” 100 000 military following since 2000)
    • STOP! Greater availability, access, integration National Tri service Workshop Privacy Privacy Privacy
    • Security vulnerabilities Concerns for patients privacy – Cornerstone doctor patient relationship – non authorised access • Intra as well as inter organisation threat. Concerns for Organisation, Force protection – could be used by enemy • Attack individual • Attack system
    • Just how safe were we?
    • Individual privacy Threats that the new system brings Paranoia Much more vulnerable to unauthorised access from within – Not everybody expects their health data to be open access Somewhat more vulnerable to other unauthorised access
    • Force protection, military specific vulnerabilities Pre deployment – What part of the record is medical <> organisational Intra deployment – Add complexity, soldier proof ? – Source of attack, • info could get from medical record for interrogation ?? Locations when where etc – Over reliance on telemed, communications Post deployment – No major
    • Existing standards HIPAA HDC guidelines MPS Directorate of Defence medicine • Unique military demands • Staff, Community/patients, deployment, POW How to balance availability of records with privacy
    • User requirement Privacy became important part of the User requirement – (note the requirement to be actively looking for misuse, not good enough to wait for compliant) ?? Like banking!! • Physical • Technical - restrictive. • Technical - active looking • Policy – No 3rd party testing!!
    • Security Physical – Bases, screens, windows, – Security checked Technical – restrictive – Password, network security, alert when access notes outside Health care providers area – manage relationship database, single source of the truth, shared data layer, etc.
    • Security Technical – proactive query to system for suspicious behaviour – Look for misuse, can not be complaint driven. – Late night access. – Overly high access to notes – Same surname access – Notes opened when Doctor not in country…
    • Security - Policy All health workers can see all records, but with warning when looking outside your unit/area. Operational planning elements from each health record extracted to SDL, one source No sealed envelope Education – We are watching you. Security Officer in each medical treatment centre In course training Brig DGMS can see all…..
    • Care Plan Analysis Example Example Gets a snap shot of overall status of cohort Patient groups allow focus on a Service/Unit/etc (4.4) Now adding “Group Plans”, allowing review (5.1) • Plan A AND B; or Plan A OR B
    • Conclusion Have we got the balance right?