Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Flying Planes, Surgery and Privacy (external version)

2,914 views

Published on

Published in: Technology, Business
  • Be the first to comment

Flying Planes, Surgery and Privacy (external version)

  1. 1. Flying planes, surgery and privacy Ian Oliver Tomi Kulmala Security, Privacy and Continuity Team 9 April 2013
  2. 2. 30 October 1935 On 30 October 1935, Army Air Corps test-pilot Major Ployer Peter Hill and Boeing employee Les Tower took the Model 299 on a second evaluation flight; however, the crew forgot to disengage the airplane's "gust lock." Having taken off, the aircraft entered a steep climb, stalled, nosed over and crashed, killing Hill and Tower (other observers survived with injuries).
  3. 3. Solution • No additional pilot training • Creation of checks for – Startup – Taxi (1) – Take-off – Climb – Cruise – Descent – Approach – Landing – Taxi (2) – Shutdown – Exceptional circumstances • Single Engine Failure • Icing conditions • Fire • Etc...
  4. 4. Application to Privacy Audits We developed: • Epics, Use cases for Privacy • ”Checklists” • Software Development Process Integration • Audit Procedures – Non functional areas: privacy, secuity, performance, buisiness continuity and the result was...
  5. 5. Application to Privacy Audits Failure
  6. 6. Application to Privacy Audits Failure Maybe an extreme overstatement but: • Complex to apply • Tied to a specific software development processe • Waterfall vs Agile almost irrelevant • Hard to map to variations • Time consuming • Required an expert to audit • Required too much formality, documentation and time from the development teams • Prone to missing details due to overall complexity • Hard to apply incrementally
  7. 7. Why didn’t that work? • Despite highly trained personel – Cessna Single Engine Failure • FLY THE AIRCRAFT – Air France AF447 • To much adherence to process – Processes tell everyone the order of what to do – Difficulty in handling exceptions and experts – Aviation Checklists are status checks used to ensure due dilligence in preparation for the next and future phases of flight. • Checklist replaced responsibility and expertise – For both the auditor and develoment teams • Tick-box oriented – Ask questions, Accept answers, TICK! – Limited understanding and context of naswers • Limited time-scale – One-off review
  8. 8. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK
  9. 9. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK 1. Wash Hands • Soap with water or alcohol 2. Wear Sterile Clothing • Mask, gloves, gown, hair covering • Cover patient with sterile drape • Minimise access hole 3. Clean Patient’s Skin • Chlorhexidine 4. Avoid Veins in arm and leg • Greater infection risk 5. Check line for infection • Minimum once per day • Remove when not needed
  10. 10. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK 1. Wash Hands • Soap with water or alcohol 2. Wear Sterile Clothing • Mask, gloves, gown, hair covering • Cover patient with sterile drape • Minimise access hole 3. Clean Patient’s Skin • Chlorhexidine 4. Avoid Veins in arm and leg • Greater infection risk 5. Check line for infection • Minimum once per day • Remove when not needed • 10 day infection rate went from 11% to 0% in one month • 2 infections in 2000 patients in 15 months
  11. 11. Preventing Central Line Infections • Peter Provonost, John Hopkins University Hospital, UK 1. Wash Hands • Soap with water or alcohol 2. Wear Sterile Clothing • Mask, gloves, gown, hair covering • Cover patient with sterile drape • Minimise access hole 3. Clean Patient’s Skin • Chlorhexidine 4. Avoid Veins in arm and leg • Greater infection risk 5. Check line for infection • Minimum once per day • Remove when not needed • 10 day infection rate went from 11% to 0% in one month • 2 infections in 2000 patients in 15 months • Devolved responsibility: ALL given power to stop procedure in case of non-compliance, eg: nurses cross-check doctors • No impact on process • Tool improvements: • dedicated packs for central line equipment including sterile clothing, drapes, soaps etc • Placement of equipment next to each patent (readiness)
  12. 12. Checklists in Surgery • Atul Gawande et al. • Simplicity • Two kinds: – DO-CONFIRM – READ-DO • Independent of process – No tick-boxes – Emphasis on communication – Emphasis on shared and devolved responsibility • Devolved responsibility • Integrates other checklists and procedures – Eg: anaethesia machine checkout
  13. 13. Surgery and Privacy? • Most audits have some form of initial self-diagnosis of varying quality – We have/have not PII? – Here’s are some links to an ”architecture” – ”Our database schema is MySQL 5” • Triage • Diagnosis and Operation Planning • Operating on the privacy patient – Diagnoses change, different parts operated upon • Closing the wound, cleaning-up and release to intensive care • Following-up with the privacy patient – diagnosis, – Drugs – prognosis • What Has Privacy Got To Do With Surgery? – Surgey and Privacy operate in ”long timescale”, agile environments – ( http://ijosblog.blogspot.fi/2013/03/what-has-surgery-got-to-do-with.html )
  14. 14. Privacy Audit Checklist Inspired by the WHO Surgical Safety Checklist
  15. 15. Implementation and not a Process
  16. 16. Process Integration R&D Team Checklist (before review) R&D Team Checklist (post-review) Audit Team Checklist (sign-in) Audit Team Checklist (time-out) Audit Team Checklist (sign-out) Project development & processes (time) System under auditReview Lead Legal Expert Additional members Architecture Expert Reivew Lead IS NEVER reponsible for running the checklist! ”SurgicalTeam”
  17. 17. Process Integration R&D Team Checklist (before review) R&D Team Checklist (post-review) Audit Team Checklist (sign-in) Audit Team Checklist (time-out) Audit Team Checklist (sign-out) Project development & processes (time)
  18. 18. System Rampdown Another example is ramping down a system • Customer interaction • Complex interaction of stakeholders • Complex legal requirements • Complex data handling requirements • 3rd parties often involved for data destruction • Etc...
  19. 19. Experiences • It works! – Takes time to ramp up and customised but much faster than detailed previously – Accepted by auditors and development teams • Exposing holes in our externalisation of knowledge • Exposes holes in our knowledge of what privacy is (and demonstrates our naivety) – On The Naivety of Privacy ( http://ijosblog.blogspot.fi/2013/01/on-naivety-of-privacy.html ) • Customer Checklists are of the READ-DO type with short timescales – Vital Signs – Pre diagnosis – Structured follow-up • Audit Team Checklist is a DO-CONFIRM type with longer time-scales • Tooling weaknesses – Data extraction, documentation, auditing tools, formal reporting, ontologies, classification systems – What is ”information”? • Localisation for particular contexts (by design!) • Implemention by mentoring, not teaching • Single person teams – Discipline improvement in this situation. – Avoid introducing yourself to the team however... • Quality improvement – Due dilligence, coverage, depth, speed of review • Confusion can happen with the process-obsessed, tick-box mentality
  20. 20. More Information • Ian Oliver: Ian.oliver@here.com • Twitter: @i_j_oliver • Blog: http://ijosblog.blogspot.fi/

×