Flying Planes, Surgery and Privacy (external version)

2,821 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,821
On SlideShare
0
From Embeds
0
Number of Embeds
1,917
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Flying Planes, Surgery and Privacy (external version)

  1. 1. Flying planes, surgery and privacy Ian Oliver Tomi Kulmala Security, Privacy and Continuity Team 9 April 2013
  2. 2. 30 October 1935 On 30 October 1935, Army Air Corps test-pilot Major Ployer Peter Hill and Boeing employee Les Tower took the Model 299 on a second evaluation flight; however, the crew forgot to disengage the airplane's "gust lock." Having taken off, the aircraft entered a steep climb, stalled, nosed over and crashed, killing Hill and Tower (other observers survived with injuries).
  3. 3. Solution • No additional pilot training • Creation of checks for – Startup – Taxi (1) – Take-off – Climb – Cruise – Descent – Approach – Landing – Taxi (2) – Shutdown – Exceptional circumstances • Single Engine Failure • Icing conditions • Fire • Etc...
  4. 4. Application to Privacy Audits We developed: • Epics, Use cases for Privacy • ”Checklists” • Software Development Process Integration • Audit Procedures – Non functional areas: privacy, secuity, performance, buisiness continuity and the result was...
  5. 5. Application to Privacy Audits Failure
  6. 6. Application to Privacy Audits Failure Maybe an extreme overstatement but: • Complex to apply • Tied to a specific software development processe • Waterfall vs Agile almost irrelevant • Hard to map to variations • Time consuming • Required an expert to audit • Required too much formality, documentation and time from the development teams • Prone to missing details due to overall complexity • Hard to apply incrementally
  7. 7. Why didn’t that work? • Despite highly trained personel – Cessna Single Engine Failure • FLY THE AIRCRAFT – Air France AF447 • To much adherence to process – Processes tell everyone the order of what to do – Difficulty in handling exceptions and experts – Aviation Checklists are status checks used to ensure due dilligence in preparation for the next and future phases of flight. • Checklist replaced responsibility and expertise – For both the auditor and develoment teams • Tick-box oriented – Ask questions, Accept answers, TICK! – Limited understanding and context of naswers • Limited time-scale – One-off review
  8. 8. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK
  9. 9. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK 1. Wash Hands • Soap with water or alcohol 2. Wear Sterile Clothing • Mask, gloves, gown, hair covering • Cover patient with sterile drape • Minimise access hole 3. Clean Patient’s Skin • Chlorhexidine 4. Avoid Veins in arm and leg • Greater infection risk 5. Check line for infection • Minimum once per day • Remove when not needed
  10. 10. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK 1. Wash Hands • Soap with water or alcohol 2. Wear Sterile Clothing • Mask, gloves, gown, hair covering • Cover patient with sterile drape • Minimise access hole 3. Clean Patient’s Skin • Chlorhexidine 4. Avoid Veins in arm and leg • Greater infection risk 5. Check line for infection • Minimum once per day • Remove when not needed • 10 day infection rate went from 11% to 0% in one month • 2 infections in 2000 patients in 15 months
  11. 11. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK 1. Wash Hands • Soap with water or alcohol 2. Wear Sterile Clothing • Mask, gloves, gown, hair covering • Cover patient with sterile drape • Minimise access hole 3. Clean Patient’s Skin • Chlorhexidine 4. Avoid Veins in arm and leg • Greater infection risk 5. Check line for infection • Minimum once per day • Remove when not needed • 10 day infection rate went from 11% to 0% in one month • 2 infections in 2000 patients in 15 months • Devolved responsibility: ALL given power to stop procedure in case of non-compliance, eg: nurses cross-check doctors • No impact on process • Tool improvements: • dedicated packs for central line equipment including sterile clothing, drapes, soaps etc • Placement of equipment next to each patent (readiness)
  12. 12. Checklists in Surgery • Atul Gawande et al. • Simplicity • Two kinds: – DO-CONFIRM – READ-DO • Independent of process – No tick-boxes – Emphasis on communication – Emphasis on shared and devolved responsibility • Devolved responsibility • Integrates other checklists and procedures – Eg: anaethesia machine checkout
  13. 13. Surgery and Privacy? • Most audits have some form of initial self-diagnosis of varying quality – We have/have not PII? – Here’s are some links to an ”architecture” – ”Our database schema is MySQL 5” • Triage • Diagnosis and Operation Planning • Operating on the privacy patient – Diagnoses change, different parts operated upon • Closing the wound, cleaning-up and release to intensive care • Following-up with the privacy patient – diagnosis, – Drugs – prognosis • What Has Privacy Got To Do With Surgery? – Surgey and Privacy operate in ”long timescale”, agile environments – ( http://ijosblog.blogspot.fi/2013/03/what-has-surgery-got-to-do-with.html )
  14. 14. Privacy Audit Checklist Inspired by the WHO Surgical Safety Checklist
  15. 15. Implementation and not a Process
  16. 16. Process Integration R&D Team Checklist (before review) R&D Team Checklist (post-review) Audit Team Checklist (sign-in) Audit Team Checklist (time-out) Audit Team Checklist (sign-out) Project development & processes (time) System under auditReview Lead Legal Expert Additional members Architecture Expert Reivew Lead IS NEVER reponsible for running the checklist! ”SurgicalTeam”
  17. 17. Process Integration R&D Team Checklist (before review) R&D Team Checklist (post-review) Audit Team Checklist (sign-in) Audit Team Checklist (time-out) Audit Team Checklist (sign-out) Project development & processes (time)
  18. 18. System Rampdown Another example is ramping down a system • Customer interaction • Complex interaction of stakeholders • Complex legal requirements • Complex data handling requirements • 3rd parties often involved for data destruction • Etc...
  19. 19. Experiences • It works! – Takes time to ramp up and customised but much faster than detailed previously – Accepted by auditors and development teams • Exposing holes in our externalisation of knowledge • Exposes holes in our knowledge of what privacy is (and demonstrates our naivety) – On The Naivety of Privacy ( http://ijosblog.blogspot.fi/2013/01/on-naivety-of-privacy.html ) • Customer Checklists are of the READ-DO type with short timescales – Vital Signs – Pre diagnosis – Structured follow-up • Audit Team Checklist is a DO-CONFIRM type with longer time-scales • Tooling weaknesses – Data extraction, documentation, auditing tools, formal reporting, ontologies, classification systems – What is ”information”? • Localisation for particular contexts (by design!) • Implemention by mentoring, not teaching • Single person teams – Discipline improvement in this situation. – Avoid introducing yourself to the team however... • Quality improvement – Due dilligence, coverage, depth, speed of review • Confusion can happen with the process-obsessed, tick-box mentality
  20. 20. More Information • Ian Oliver: Ian.oliver@here.com • Twitter: @i_j_oliver • Blog: http://ijosblog.blogspot.fi/

×