Your SlideShare is downloading. ×
Health Data Privacy and Security in the NZDF
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Health Data Privacy and Security in the NZDF

523
views

Published on

Karl Cole …

Karl Cole
ProCare
(Formerly doctor in the NZ Army)

Published in: Health & Medicine

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
523
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. NZDF Health Information system It would be easy if it wasn’t for security
  • 2. Overview Military medicine 101 East Timor lessons learnt Post game analysis,. Audit general report DMIS Security Strategy
  • 3. Military medicine To Serve, team players, motivated to be “fit to deploy” Patient records have same protection as civilians, except in extreme case. – Confidentiality cornerstone. similar to a rural civilian medical centre. Doctor as Officer, works for Organisation also. Health and wellness focus, more integration with HR, other aspects org.
  • 4. If you are lucky….
  • 5. Military populations - deployment D/BI Disease was major cause of death. 7 Mil Med works!! 6 5 – Minimizing impact of illness on deployed force 4 – Major advances in last 3 0.05 50 years 2 1 JFHQ level planning 0 Wellness and force M ex ican W ar C iv il W ar S p an ish -A m erican W ar WW1 WW2 K o rean V ietn am protection focus – Health threat assessment – Education plan • Bugs are still there…..
  • 6. DMIS Command and Control systems
  • 7. East Timor, the year is 2001 What was the records system like?
  • 8. Most innovative Records
  • 9. Security, what security?
  • 10. Past and Present Disjointed databases Paper record mainly – Focused on occupational grading – Loose leaf, enclosed Chronologically – Multi problem was a problem….. Recall and follow up. – Geographical, reminders difficult. Looking back past last medical board,….
  • 11. Audit Report Auditor – Generals report • Difficulty in determining numbers meeting vaccine requirements, access to JEV.. • Incomplete medical records • Labour intensive • Inadequate health surveillance systems and linking risk factor to clinical outcomes RECOMMENDED – Joint electronic medical information system – That meets individual care as well as organisational and operational wider planning requirements.
  • 12. The future…… some ideas Improved medical records access, DMIS, health planning Improved tracking of individual health. Population Health surveillance/KPI from clinical databases. – Geo coding – Bio strain measurer. Cohort studies, should each deployment be a virtual cohort study? linked via NHI, when leave service – Cohort follow up. (US have a “2000 cohort” 100 000 military following since 2000)
  • 13. STOP! Greater availability, access, integration National Tri service Workshop Privacy Privacy Privacy
  • 14. Security vulnerabilities Concerns for patients privacy – Cornerstone doctor patient relationship – non authorised access • Intra as well as inter organisation threat. Concerns for Organisation, Force protection – could be used by enemy • Attack individual • Attack system
  • 15. Just how safe were we?
  • 16. Individual privacy Threats that the new system brings Paranoia Much more vulnerable to unauthorised access from within – Not everybody expects their health data to be open access Somewhat more vulnerable to other unauthorised access
  • 17. Force protection, military specific vulnerabilities Pre deployment – What part of the record is medical <> organisational Intra deployment – Add complexity, soldier proof ? – Source of attack, • info could get from medical record for interrogation ?? Locations when where etc – Over reliance on telemed, communications Post deployment – No major
  • 18. Existing standards HIPAA HDC guidelines MPS Directorate of Defence medicine • Unique military demands • Staff, Community/patients, deployment, POW How to balance availability of records with privacy
  • 19. User requirement Privacy became important part of the User requirement – (note the requirement to be actively looking for misuse, not good enough to wait for compliant) ?? Like banking!! • Physical • Technical - restrictive. • Technical - active looking • Policy – No 3rd party testing!!
  • 20. Security Physical – Bases, screens, windows, – Security checked Technical – restrictive – Password, network security, alert when access notes outside Health care providers area – manage relationship database, single source of the truth, shared data layer, etc.
  • 21. Security Technical – proactive query to system for suspicious behaviour – Look for misuse, can not be complaint driven. – Late night access. – Overly high access to notes – Same surname access – Notes opened when Doctor not in country…
  • 22. Security - Policy All health workers can see all records, but with warning when looking outside your unit/area. Operational planning elements from each health record extracted to SDL, one source No sealed envelope Education – We are watching you. Security Officer in each medical treatment centre In course training Brig DGMS can see all…..
  • 23. Care Plan Analysis Example Example Gets a snap shot of overall status of cohort Patient groups allow focus on a Service/Unit/etc (4.4) Now adding “Group Plans”, allowing review (5.1) • Plan A AND B; or Plan A OR B
  • 24. Conclusion Have we got the balance right?